Governance Evidence

Submit and query governance evidence records (audit attestations, control proofs). The endpoint streams the raw evidence blob to the caller after access checking against the parent solution.

All endpoints require authentication via X-API-Key header and the appropriate scope.

Evidence File Object

{
  "_id": "evf_abc123",
  "solutionId": "sol_xyz",
  "fileName": "audit-report-2025-q1.pdf",
  "contentType": "application/pdf",
  "size": 524288,
  "uploadedBy": "user_456",
  "createdAt": "2025-02-01T14:22:00Z"
}

`GET` /api/v1/governance/evidence/:id

Stream a governance evidence file blob. The response sets Content-Type, Content-Length, and an RFC 5987 / RFC 6266 Content-Disposition header (ASCII fallback plus percent-encoded filename*). The caller must have read access to the owning solution.

Scope: governance:read

Path Parameters

Parameter	Type	Required	Description
`id`	string	Yes	Evidence file id

Response 200 OK

Binary stream of the evidence file. Response headers:

Content-Type: the file's recorded content type (default application/octet-stream)
Content-Length: file size in bytes
Content-Disposition: attachment; filename="..."; filename*=UTF-8''...
X-Content-Type-Options: nosniff

Error Responses

400 — File id required
401 — Authentication required
403 — No access to this evidence
404 — Evidence not found / parent solution missing

Evidence File Object​

GET /api/v1/governance/evidence/:id​

Evidence File Object

`GET` /api/v1/governance/evidence/:id