Scrubby

REST API

HTTP endpoints under /v1 for managing repositories, indexing, analysis, account, and teams.

Most users never touch the REST API directly — the MCP tools and the GitHub App wrap it. But the underlying HTTP surface is stable and documented here for advanced workflows: scripting, custom integrations, CI checks.

All endpoints are versioned under /v1 on the Scrubby API host. Production is https://scrubby.ai/v1; staging is https://staging.scrubby.ai/v1.

Authentication

Every /v1 endpoint requires a Bearer token:

Authorization: Bearer <token>

Tokens are obtained through GitHub OAuth on first sign-in. For programmatic access, generate a personal access token from your Account page.

Repositories

The repositories endpoints are the meat of the public API. They power both the MCP tools and the dashboard.

List repositories

GET /v1/repositories

Returns repositories the authenticated user has access to.

Create / register a repository

POST /v1/repositories

Used during signup or when adding a new repo from the dashboard. The MCP scrubby_index tool calls this implicitly when given a new repo_path.

Show / delete a repository

GET /v1/repositories/:id
DELETE /v1/repositories/:id

Index a repository

POST /v1/repositories/:id/index_repo

Triggers a fresh index. Pass incremental=true for an incremental refresh.

GET /v1/repositories/:id/index/status

Returns the current index state (queued, indexing, ready, failed) and the head SHA of the last successful index.

Index from GitHub install

POST /v1/repositories/github_index

Convenience endpoint that combines repo creation and indexing for a GitHub-installed repo, given an owner/repo path.

Analyze a single file

POST /v1/repositories/:id/analyze

Per-file analysis. The MCP scrubby_review tool wraps this.

Analyze a PR / changeset

POST /v1/repositories/:id/analyze_pr
POST /v1/repositories/:id/review_changeset

Changeset-level analysis. The GitHub App calls analyze_pr from the webhook handler; the MCP scrubby_review_changeset tool calls review_changeset for the local-dev variant.

Review context

POST /v1/repositories/:id/review_context

Returns the structured review context (domain, segment, conventions, history) for a file path. The MCP scrubby_review tool’s response shape comes from here.

Report findings

POST /v1/repositories/:id/report_findings

Submit findings for Hebbian learning. See scrubby_report_findings.

Read endpoints

GET /v1/repositories/:id/domains
GET /v1/repositories/:id/segments
GET /v1/repositories/:id/network
GET /v1/repositories/:id/history
GET /v1/repositories/:id/dashboard
GET /v1/repositories/:id/global_context

These mirror the MCP scrubby_get_* tools and return the same data shapes.

Account

GET    /v1/account/status            # plan, status, usage caps
GET    /v1/account/usage             # current-period usage details
GET    /v1/account/plans             # available plans + Stripe price detail
POST   /v1/account/checkout          # start a Stripe Checkout session
POST   /v1/account/billing-portal    # open the Stripe billing portal
POST   /v1/account/switch-plan       # change to a different plan
POST   /v1/account/cancel            # cancel at period end
POST   /v1/account/reactivate        # undo a pending cancellation
GET    /v1/account/audit-preferences
PATCH  /v1/account/audit-preferences

These power the dashboard’s Account page and the billing flow. Most of them require team-admin role for org-scoped subscriptions.

Audit Results

GET    /v1/audit-results            # recent audits + fleet-wide convention summary

The legacy path GET /v1/account/audit-results is preserved as a deprecated alias and will be removed in /v2. New integrations should use /v1/audit-results.

Teams

GET    /v1/teams/:org_id/members
POST   /v1/teams/:org_id/invite
DELETE /v1/teams/:org_id/members/:id
PATCH  /v1/teams/:org_id/members/:id/role
POST   /v1/teams/:org_id/seats

Team-admin-only. See Inviting Teammates for the user-facing flow.

Auth

POST /v1/auth/github   # GitHub OAuth (server-side flow)
GET  /v1/auth/validate # verify a token
DELETE /v1/auth/signout

AI proxy

POST /v1/ai/chat

A chat-completion proxy used internally by the dashboard. Not part of the public, supported surface — documented here for completeness, not for external consumption.

Errors

For the full error code list and response shapes, see Error Codes & Response Shapes.

Last updated

© Scrubby
Join the beta