Developers & agents

The machine-readable side of Regis.

Regis publishes a discoverable API surface: an OpenAPI description, an RFC 9727 API catalog, public health probes, and an MCP server card. This page tells you plainly which parts work today and which are still being built, because an agent that follows a link into a 404 does not come back.

/openapi.jsonLive

OpenAPI description

The API described honestly: the health endpoints are public; the document and analysis endpoints exist but authenticate with a browser session cookie today, so they work from the app, not from standalone scripts. The spec says so rather than pretending otherwise.

/.well-known/api-catalogLive

API catalog (RFC 9727)

A linkset pointing to the API description, this documentation page, and the health probe, in the standard place automated clients look for it.

/api/healthLive

Health probe

Public liveness check. Its sibling, /api/health/billing, reports which env-gated features the running deployment has enabled, as booleans only.

/.well-known/mcp/server-card.jsonIn development

MCP server card

The discovery card is published, and it tells the truth: no MCP transport endpoint is live yet. When it ships it will expose document upload and gap analysis as tools behind API-token authentication. The card gains a transport block the day that endpoint exists, not before.

How the analysis flow works

A document goes in as a PDF or pasted text. The server extracts the text locally, truncates it to a bounded window, and runs a gap analysis against the in-scope UK requirement library (SM&CR, Consumer Duty and FCA Conduct, UK AML, UK GDPR, FCA Systems, and Operational Resilience). What comes back is structured JSON: risk-rated findings with rule citations, strengths, priority actions, and a coverage matrix over every in-scope requirement. Findings stay draft until a human reviewer signs them off, and that review trail is part of the record.

Today that flow runs inside the app with a signed-in session. Token-based API access and the MCP endpoint are the next layer, and the shape you see in the OpenAPI description is the shape they will keep.

Want in early?

If you are building agents or internal tooling for compliance teams and want API-token access or the MCP server when they land, say hello. Early integrators get a direct line while the surface is still shaping.

Request early access

Analysis outputs are structured risk information for review by qualified professionals, not legal opinions or advice. Endpoints and schemas may change while marked in development; anything published on this page as live is kept truthful to the deployed system.