-
Notifications
You must be signed in to change notification settings - Fork 0
Client HTTP API Reference
Hugo edited this page Mar 15, 2026
·
1 revision
CoreTrace provides HTTP server mode via --ipc serve.
Start server:
cd /Users/hugopayet/Desktop/CLaude/coretrace/build
./ctrace --ipc serve --serve-host 127.0.0.1 --serve-port 8080 --shutdown-token mytoken --shutdown-timeout-ms 5000Endpoints:
POST /apiPOST /shutdown-
OPTIONS /apiandOPTIONS /shutdown(CORS preflight)
Top-level request fields:
-
proto(string, optional, default response uses provided value orcoretrace-1.0) -
id(number, optional) -
type(not validated by handler) -
method(string) - onlyrun_analysisis supported -
params(object)
If method is unknown, response is status=error with error.code=UnknownMethod.
verbosesarif_formatstatic_analysisdynamic_analysisinclude_compdb_depsasync
report_fileoutput_filetool_configcompile_commandsanalysis_profilesmtsmt_backendsmt_secondary_backendsmt_moderesource_modelescape_modelbuffer_modelipc_pathipc
inputentry_pointsinvokesmt_rules
- Wrong JSON types produce
status=error,error.code=InvalidParams. -
ipcaccepted values arestandardIO,socket,serve(also accepts aliasesservandserver). - For API requests, if
ipc=serve, internal run configuration is normalized tostandardIOfor tool execution.
When params.tool_config is provided:
- File is loaded and merged into request config.
- Explicit request string/list fields applied later can override loaded values.
If loading fails, response is InvalidParams with message Failed to load tool_config: ....
status=ok, with result containing:
-
files(number of processed files) -
static_analysis(bool) -
dynamic_analysis(bool) -
invoked_tools(array) -
sarif_format(bool) -
report_file(string) -
tool_config(string) -
include_compdb_deps(bool) -
resource_model,escape_model,buffer_model(strings) -
analysis_profile(string) -
smt,smt_backend,smt_secondary_backend,smt_mode(strings) -
smt_rules(array) -
outputs(object keyed by tool)
outputs[tool] is an array of entries:
-
stream:stdoutorstderr -
message: string, or parsed JSON object/array if the captured text is valid JSON
-
InvalidRequest: invalid JSON body or request parse exception -
UnknownMethod: unsupportedmethod -
InvalidParams: param type/validation failure, bad IPC type, or badtool_config -
NoAnalysisSelected: none ofstatic_analysis,dynamic_analysis,invokeselected -
MissingInput: no resolved input files -
ServerShuttingDown: server is closing and rejects new/apiwork
Auth headers:
Authorization: Bearer <token>- or
X-Admin-Token: <token>
Behavior:
- If token missing/invalid ->
403,error.code=Unauthorized - If shutdown already in progress ->
202,status=accepted - If accepted ->
202, server stops accepting new requests and waits for in-flight requests untilshutdown-timeout-ms(or indefinitely when0)
curl -X POST http://127.0.0.1:8080/api \
-H "Content-Type: application/json" \
-d '{
"proto": "coretrace-1.0",
"id": 1,
"type": "request",
"method": "run_analysis",
"params": {
"input": ["../tests/buffer_overflow.cc"],
"entry_points": ["main"],
"static_analysis": true,
"dynamic_analysis": false,
"invoke": ["ctrace_stack_analyzer"],
"sarif_format": false,
"async": false,
"verbose": true
}
}'async=true enables internal parallel tool scheduling; it does not create a background job API.
curl -X POST http://127.0.0.1:8080/api \
-H "Content-Type: application/json" \
-d '{
"proto": "coretrace-1.0",
"id": 2,
"type": "request",
"method": "run_analysis",
"params": {
"input": "../tests/buffer_overflow.cc,../tests/null_pointer.c",
"static_analysis": true,
"invoke": ["flawfinder", "tscancode"],
"async": true,
"verbose": false
}
}'curl -i -X POST http://127.0.0.1:8080/shutdown \
-H "Authorization: Bearer mytoken"