API Reference

genesis-kernel-v5 is an EU AI Act compliant scientific discovery motor. You build the application. We provide the infrastructure — LLM-driven gap analysis, SHA-256 audit chains, and mandatory human oversight (Art. 14).

Base URL: https://genesis-engine.tech | Version: 5.0.0

Pipeline v5 — 5 Phases

Every discovery request passes through 5 phases in sequence. The pipeline is LLM-driven — no deterministic exhaustion. Each phase is registered in the SHA-256 AuditChain with actor_type for legal traceability (Art. 12).

Phase 1 ExplorationAgent LLM identifies gaps in domain approaches (temp 0.3 — maximum objectivity)
Phase 2 AiActPolicy pre BL-001 blacklist + prompt injection detection (3 layers)
Phase 3 ProposalAgent LLM proposes new primitive + 8 novelty checks + cosine similarity vs KB (temp 0.8)
Phase 4 FalsificationAgent Adversarial LLM tries to destroy proposal — min 3 attempts + near_miss (temp 0.3)
Phase 4b AiActPolicy full UC-001 Art.12 · UC-002 Art.13 · UC-003 Art.14 · UC-004 Art.15 · BL-001
Phase 5 HumanGate Art.14 — architecturally incontournable. Human approves or rejects.

Possible session statuses: PROCESSING → AWAITING_HUMAN → PROMOTED or INDETERMINATE. Also: FRONTIER_NOT_REACHED · POLICY_BLOCKED · FALSIFICATION_REJECTED · DOMAIN_MISMATCH_WARNING.

STATUS DA SESSÃO	SIGNIFICADO	reviews: []?	PRÓXIMO PASSO
AWAITING_HUMAN	Proposta sobreviveu à falsificação. Aguarda decisão humana.	NÃO — review disponível	POST /reviews/:id/decide
INDETERMINATE	Proposta rejeitada automaticamente pelo FalsificationAgent ou novelty insuficiente.	SIM — reviews: [] é correcto	Analisar near_miss + VAAR BLOCKED. Resubmeter problema revisto.
PROMOTED	Aprovado pelo revisor humano. Primitiva na Knowledge Base.	N/A — concluído	GET /kb para ver primitiva promovida.
FRONTIER_NOT_REACHED	Gaps insuficientes. ExplorationAgent resolveu todas as abordagens.	SIM — sem proposta gerada	Submeter problema mais difícil ou com mais abordagens.
POLICY_BLOCKED	Conteúdo bloqueado pela AiActPolicy (blacklist ou regras EU AI Act).	SIM — bloqueado por política	Rever conteúdo da proposta. Verificar predicate_blacklist do domínio.

Authentication

All developer API endpoints require an API key sent as a header. You receive your API key when your account is approved.

# Include in every request
x-api-key: uk_live_your_api_key_here

# Or as Bearer token
Authorization: Bearer uk_live_your_api_key_here

Your API key is associated with your developer account. Each instance you create bills against your account. Keep your key secure — it has full access to all your instances.

Error Codes

Code	Meaning
400	Bad request — missing or invalid parameters
401	Unauthorized — invalid or missing API key
403	Forbidden — instance does not belong to your account
404	Not found — instance, session, or review does not exist
409	Conflict — client_ref already has an active instance
500	Server error — contact support

Instances

An instance is the billing unit. One instance = one client = one active payment. The same domain logic can be used across multiple instances, but each must be paid separately.

POST /api/v1/instances DEV AUTH

Create a new instance for a client. Billing starts immediately.

REQUEST BODY

Field	Type	Required	Description
name	string	required	Human name for this instance (your client's name)
client_ref	string	required	Your internal reference for this client. Unique per developer. Immutable after creation.
llm_provider	string	required	`anthropic` `openai` `ollama`
llm_model	string	required	Model name e.g. `claude-sonnet-4-6` `gpt-4o` `llama3.2`
llm_api_key	string	optional	Your client's LLM API key. Not required for Ollama.
llm_base_url	string	optional	Custom base URL for OpenAI-compatible APIs
webhook_url	string	optional	URL to call when a discovery job completes

# Create an instance for a legal firm client
curl -X POST https://genesis-engine.tech/api/v1/instances \
  -H "x-api-key: uk_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Escritorio Mendes & Associados",
    "client_ref": "mendes_2026",
    "llm_provider": "anthropic",
    "llm_model": "claude-sonnet-4-6",
    "llm_api_key": "sk-ant-...",
    "webhook_url": "https://yourapp.com/webhooks/kernel"
  }'

# Response
{
  "instance": {
    "instance_id": "inst_a3f9b2c1",
    "name": "Escritorio Mendes & Associados",
    "client_ref": "mendes_2026",
    "active": true,
    "created_at": "2026-04-12T17:00:00Z"
  },
  "message": "Instance created. Billing starts now."
}

GET /api/v1/instances DEV AUTH

List all your instances — both active and inactive.

DELETE /api/v1/instances/:instance_id DEV AUTH

Deactivate an instance. Billing stops immediately. The instance data (sessions, KB, AuditChain) is preserved permanently for audit purposes.

PUT /api/v1/instances/:instance_id/llm DEV AUTH

Update the LLM configuration for an instance. Useful when a client switches providers. The ProposalAgent and FalsificationAgent can use different providers — configure via PROPOSAL_ADAPTER and FALSIFICATION_ADAPTER environment variables.

Field	Type	Required	Description
provider	string	required	`anthropic` `openai` `ollama`
model	string	required	Model name
api_key	string	optional	New API key
base_url	string	optional	Custom base URL

Domains

The motor starts completely clean. You define the domain rules — approaches, authority sources, frontier thresholds, and delegation protocol. Each instance has its own isolated domain configuration. The ExplorationAgent analyses all approaches and identifies gaps.

POST /api/v1/instances/:id/domains DEV AUTH

Configure a domain for an instance. human_reviewer_required must be true — enforced by EU AI Act Art. 14 and architecturally incontournable. Minimum 3 approaches with minimum 3 variations each.

# Domain configuration structure
{
  "domain_id": "oncology_brca",
  "name": "Oncology — Breast Cancer Research",
  "approaches": [
    {
      "id": "genomic_analysis",
      "name": "Genomic Analysis",
      "description": "TCGA database analysis of BRCA mutations",
      "variations": ["brca1_panel", "brca2_panel", "her2_panel", "er_pr_panel"]
    }
  ],
  "frontier_threshold": 2,
  "frontier_threshold_justification": "2 approach-level gaps indicate genuine frontier in BRCA research",
  "authority_sources": ["TCGA", "cBioPortal", "PubMed"],
  "risk_level": "high",
  "human_reviewer_required": true,
  "predicate_blacklist": [],
  "delegation_protocol": [
    { "level": 1, "role": "oncologist", "conditions": ["Available and active"] },
    { "level": 2, "role": "committee", "conditions": ["Oncologist unavailable > 48h"], "quorum": 3 }
  ]
}

GET /api/v1/instances/:id/domains DEV AUTH

List all configured domains for an instance.

Discovery

The core operation. The ExplorationAgent (Phase 1) identifies gaps in domain approaches via LLM. If the frontier is reached, the full 5-phase pipeline runs asynchronously. You receive a job_id immediately and poll or receive a webhook when complete.

POST /api/v1/instances/:id/discover DEV AUTH

REQUEST BODY

Field	Type	Required	Description
domain_id	string	required	Must match a configured domain for this instance
problem	string	required	The problem statement to investigate
context	string	optional	Additional context for the discovery cycle
force_domain	boolean	optional	Pass `true` to confirm a domain mismatch warning and proceed anyway
user_id	string	optional	Identifier of the end user — logged in AuditChain as `actor_type: "user"` (Art. 12)

# Response — returns immediately with job_id
{
  "session_id": "GE-A3F9B2D0",
  "instance_id": "inst_a3f9b2c1",
  "status": "PROCESSING",
  "domain_match_score": 0.74,
  "message": "ExplorationAgent running. Pipeline queued.",
  "job_id": "job_abc123",
  "poll_url": "/api/v1/jobs/job_abc123"
}

# If domain coherence score is below 12% — returns warning, no session created
{
  "session_id": null,
  "status": "DOMAIN_MISMATCH_WARNING",
  "domain_match_score": 0.03,
  "requires_confirmation": true,
  "warning": "Coherence score: 3%. Problem may not match domain.",
  "message": "Send with force_domain: true to proceed anyway."
}

GET /api/v1/jobs/:job_id DEV AUTH

Poll a discovery job. Lifecycle: queued → processing → completed or failed. Poll every 3–5 seconds. When completed, check job.falsification.recommendation — not all completed jobs produce a review.

# ── SCENARIO 1 — falsification.recommendation: ADVANCE or REVISE
#    Proposal survived → goes to HumanGate → review created
{
  "job": {
    "status": "completed",
    "falsification": {
      "recommendation": "REVISE",       // ADVANCE | REVISE → HumanGate
      "verification_score": 0.72
    }
  }
}
# → GET /reviews returns: { "reviews": [{ "review_id": "rev_xyz", ... }] }
# → Session: AWAITING_HUMAN → Next: POST /reviews/:id/decide

# ── SCENARIO 2 — falsification.recommendation: REJECT (automatic rejection)
#    ⚠️  reviews: [] is CORRECT and EXPECTED — not a bug
#    FalsificationAgent destroyed the proposal before HumanGate
{
  "job": {
    "status": "completed",              // completed ≠ approved
    "falsification": {
      "recommendation": "REJECT",       // ← proposal did not pass
      "verification_score": 0.15,      // below threshold
      "near_miss": {
        "closest_rejection_reason": "...", // decisive argument
        "rejection_threshold_delta": 0.15  // how far below threshold
      }
    }
  }
}
# → GET /reviews returns: { "reviews": [] }  ← CORRECT
# → Session: INDETERMINATE
# → AuditChain complete (Art.12 compliant)
# → Diagnose: read near_miss + proposal.vaar_annotations[level=BLOCKED]

# ── DIAGNOSIS when recommendation: REJECT
#    Use these fields to understand what to fix:

# 1. falsification.near_miss.closest_rejection_reason
#    → The argument that most influenced the REJECT decision

# 2. falsification.near_miss.rejection_threshold_delta
#    → Close to 0 = marginal decision; far from 0 = clear rejection

# 3. proposal.vaar_annotations filtered by level: BLOCKED
#    → Claims the system could not sustain epistemically
#    → Fix these before resubmitting

# 4. falsification.weaknesses_found
#    → Full list of weaknesses — one per falsification attempt

# ── SCENARIO 3 — Webhook when job completes with AWAITING_HUMAN
{
  "job_id": "job_abc123",
  "session_id": "GE-A3F9B2D0",
  "instance_id": "inst_a3f9b2c1",
  "status": "AWAITING_HUMAN",
  "review_id": "rev_xyz789",
  "delegation_level": 1,
  "near_miss": {
    "closest_rejection_reason": "Definition contains potential circular reasoning",
    "rejection_threshold_delta": 0.22,
    "conditions_for_rejection": ["If circular reasoning confirmed → REJECT"]
  }
}

Sessions

GET /api/v1/instances/:id/sessions DEV AUTH

List all sessions for an instance. Returns the 50 most recent by default.

GET /api/v1/instances/:id/sessions/:session_id DEV AUTH

Get full session detail including the complete SHA-256 event chain for audit purposes.

GET /api/v1/instances/:id/sessions/:session_id/export DEV AUTH

Export a session in different formats for compliance documentation.

Query Param	Value	Description
format	json	Full JSON with SHA-256 chain (default)
format	html	Human-readable HTML report with AI Act compliance summary
format	csv	CSV for spreadsheet analysis

GET /api/v1/instances/:id/sessions/:session_id/ai-card DEV AUTH

Export the AI Card for a session — a standardised compliance document for AI supervisory authority inspectors. Shows compliance status per article (Art. 12, 13, 14, 15), the AuditChain tip hash, and the human decision with digital signature.

# AI Card response
{
  "ai_card": {
    "session_id": "GE-A3F9B2D0",
    "domain": "oncology_brca",
    "audit_chain_tip": "c9d0e1f2a3b4...",
    "chain_verified": true,
    "domain_match_score": 0.74,
    "articles_covered": {
      "art12": { "status": "COMPLIANT", "events": 9, "chain_valid": true },
      "art13": { "status": "COMPLIANT", "vaar_annotations": 3 },
      "art14": { "status": "COMPLIANT", "reviewer": "dr.silva@..." },
      "art15": { "status": "COMPLIANT", "falsification_attempts": 3, "near_miss_delta": 0.22 }
    },
    "genesis_kernel_version": "5.0.0"
  }
}

Human Gate (Art. 14)

When the motor produces a proposal that passes all automated checks, it enters the Human Gate. A qualified human reviewer must approve or reject before any result enters the Knowledge Base. This is architecturally enforced — it cannot be bypassed. The reviewer receives the proposal, the falsification result, and the near_miss — the argument that most nearly caused automatic rejection.

⚠️ Quando GET /reviews retorna reviews: []

        reviews: [] é correcto e esperado quando falsification.recommendation === "REJECT".

        O FalsificationAgent rejeitou a proposta automaticamente antes de chegar ao HumanGate.

        A sessão fica com status INDETERMINATE e toda a cadeia de auditoria está registada (Art.12 compliant).

        Diagnóstico rápido: lê job.falsification.near_miss.closest_rejection_reason
        e job.proposal.vaar_annotations com level: "BLOCKED" — estes dois campos identificam
        exactamente onde a proposta falhou ao nível epistémico e o que corrigir antes de resubmeter.

GET /api/v1/instances/:id/reviews DEV AUTH

List all pending reviews awaiting human decision for an instance.

POST /api/v1/instances/:id/reviews/:review_id/decide DEV AUTH

Field	Type	Required	Description
reviewer_id	string	required	Identifier of the human reviewer — logged in AuditChain as `actor_type: "user"`
reviewer_role	string	optional	Role of the reviewer e.g. oncologist, lawyer, engineer
decision	string	required	`APPROVED` or `REJECTED`
reasoning	string	required	Minimum 30 characters. The reviewer's documented reasoning (Art. 14 requirement).

# APPROVED → primitive enters Knowledge Base, AuditChain sealed
{ "success": true, "primitive_id": "prim_abc", "hash": "sha256..." }

# REJECTED → session marked INDETERMINATE, AuditChain records rejection
{ "success": false, "message": "Rejected. Session marked INDETERMINATE." }

Knowledge Base

The Knowledge Base stores promoted primitives — concepts that passed the full 5-phase pipeline and the Human Gate. Each instance has its own isolated KB. The ProposalAgent uses the KB to verify genuine novelty via cosine similarity (Decision 5).

GET /api/v1/instances/:id/kb DEV AUTH

List all active primitives. Supports ?q=search_term for search and ?include_deprecated=true to include deprecated entries.

POST /api/v1/instances/:id/kb/:primitive_id/deprecate DEV AUTH

Deprecate a primitive. The entry remains in the audit trail permanently — it cannot be deleted, only deprecated. The AuditChain records the deprecation event.

Field	Type	Required	Description
reason	string	required	Reason for deprecation (logged in AuditChain)
approved_by	string	required	Who approved the deprecation
successor_id	string	optional	ID of the primitive that supersedes this one

Audit Chain (Art. 12)

The AuditChain is a blockchain-linear immutable ledger of all pipeline events. Every event has a SHA-256 hash of the previous event — retroactive tampering is mathematically detectable. Each event includes actor_type (system, user, operator) for legal responsibility traceability. These endpoints require admin authentication.

GET /api/audit ADMIN AUTH

Statistics of the AuditChain — total events, breakdown by event type and actor type, chain validity status.

{
  "audit": {
    "total_events": 47,
    "by_type": {
      "SESSION_CREATED": 5,
      "EXPLORATION_COMPLETED": 5,
      "HUMAN_DECISION_RECORDED": 3
    },
    "by_actor": { "system": 38, "user": 9, "operator": 0 },
    "articles_covered": [12, 13, 14, 15],
    "chain_valid": true
  }
}

GET /api/audit/verify ADMIN AUTH

Re-compute all SHA-256 hashes in the AuditChain and verify the prev_hash sequence. If any event was tampered with retroactively, this returns valid: false with the ID of the corrupted event. Use this endpoint in the official audit checklist (AUDIT-GK-001).

# Chain intact
{ "verification": { "valid": true, "chain_length": 47 } }

# Tampering detected
{
  "verification": {
    "valid": false,
    "chain_length": 47,
    "broken_at": "a3f2b1c4d5e6f7a8",
    "reason": "hash mismatch at a3f2b1c4d5e6f7a8 (tamper detected)"
  }
}