arcanon
Scanner CLI

Scan Payload Format

Reference for the scan upload payload accepted by Arcanon Hub.

Overview

The scanner uploads a JSON payload to POST /api/v1/scans/upload. This page documents the payload format for developers building custom scanners or integrations.

Payload structure

{
  "version": "1",
  "repo_name": "acme-api",
  "repo_url": "https://github.com/acme/acme-api",
  "branch": "main",
  "commit_sha": "a1b2c3d4e5f6",
  "findings": [
    {
      "service_name": "api-gateway",
      "service_type": "service",
      "language": "Python",
      "version": "2.1.0",
      "endpoints": [
        {
          "method": "GET",
          "path": "/api/v1/health",
          "kind": "rest"
        }
      ],
      "connections": [
        {
          "target_service": "user-service",
          "protocol": "rest",
          "target_endpoint": "/api/v1/users",
          "pattern_id": "internal-rpc-client-v1" // Optional
        }
      ],
      "schemas": [
        {
          "connection_target": "user-service",
          "role": "request",
          "fields": [
            { "name": "user_id", "type": "string", "required": true }
          ]
        }
      ]
    }
  ]
}

Field reference

Top-level

FieldTypeRequiredDescription
versionstringyesPayload version — currently "1"
repo_namestringyesRepository name (e.g., acme-api)
repo_urlstringnoRepository URL for linking
branchstringnoGit branch name
commit_shastringnoGit commit SHA
findingsarrayyesArray of service findings

Finding

FieldTypeRequiredDescription
service_namestringyesName of the detected service
service_typestringnoservice, database, cache, broker, external
languagestringnoPrimary language
versionstringnoService version
endpointsarraynoExposed endpoints
connectionsarraynoOutbound connections to other services
schemasarraynoRequest/response schemas for connections

Connection Object

FieldTypeDescription
target_servicestringName of the destination service
protocolstringe.g., rest, grpc, kafka, redis
target_endpointstring(Optional) The specific path or method called
pattern_idstring(Optional) The ID of the pattern that detected this connection

Versioning policy

Payload versions are additive only. New fields may be added without bumping the version. Removed fields get a 6-month deprecation window. The hub accepts multiple payload versions simultaneously.

Sanitization

Service names are sanitized at ingest — HTML tags, script content, null bytes, and control characters are stripped to prevent XSS in the multi-tenant dashboard.

Size limits

Maximum payload size: 5 MB. Payloads exceeding this limit receive a 413 Payload Too Large response.

Scanner CLI

Scan your codebase to map services, endpoints, and connections.

Skills

Add Arcanon skills to your AI assistant (Gemini CLI, Cursor, Claude Code).

On this page

OverviewPayload structureField referenceTop-levelFindingConnection ObjectVersioning policySanitizationSize limits