{"version":"1.1","license":"CC-BY 4.0","products":{"domain":{"endpoint":"/v1/domain/{domain}","sources":["PhishTank","OpenPhish","URLhaus","WHOIS public","live SSL probe"],"signals":["age <30d (+30)","no SSL (+25)","suspicious TLD (+15)","typosquat (+20)","phishing list match (=100)"],"limits":"WHOIS rate-limited; SSL probe optional"},"email":{"endpoint":"/v1/email/{email}","sources":["disposable list (~5k domains, GitHub)","DNS MX live","syntax + role-based heuristics"],"signals":["disposable (-95)","no MX (-90)","phishing domain match (-85)","role-based (-20)","invalid syntax (-100)"],"limits":"no SMTP probe (rate-limited by providers); reputation check requires commercial datafeed (planned)"},"oss":{"endpoint":"/v1/oss/{ecosystem}/{package}","sources":["npm registry","PyPI","GitHub API","OSV.dev CVE feed"],"signals":["CVE critical (+100)","CVE high (+40)","typosquat (+30)","single maintainer (+15)","<1y old (+10)","inactive 1y+ (+15)"],"limits":"GitHub rate-limited unauthenticated; recommended GITHUB_TOKEN for high volume"},"saas":{"endpoint":"/v1/saas/score","sources":["GitHub activity","StatusPage.io (if exists)","HackerNews via Algolia API","WHOIS"],"signals":["GitHub commits/stars (30 pts)","uptime history (25 pts)","HN mentions (15 pts)","domain age (15 pts)","stability (15 pts)"],"limits":"StatusPage often absent; HN signal noisy for non-technical SaaS"},"wallet":{"endpoint":"/v1/screen/{address}","sources":["OFAC SDN (US Treasury, daily refresh)","watchlist DB (public incidents + client-added)"],"signals":["OFAC match (=100)","watchlist hit (+50)","watchlist interaction (+25)","wallet <7d old (+10)"],"limits":"Solana only; sanctions screening is binary (match/no match), not a probabilistic score; wallet age depends on first observation"},"trust":{"endpoint":"/v1/trust/check","sources":"aggregator of 5 above","signals":"max risk over enabled signals; verdict mapped to BLOCK/REVIEW/MONITOR/CLEAR","limits":"no new data, only orchestration"}},"verdicts":{"CLEAR":"<20","MONITOR":"20-49","REVIEW":"50-79","BLOCK":"≥80"},"audit":"every API call hash-chained in audit log; export via /v1/audit/export","infrastructure":"single-region EU VPS (Hetzner Helsinki); ~180ms p50 from EU; daily backups"}