Docs

How to scan a codebase, download agent-instructions.md, and wire erabot into CI.

Quickstart: scan via API

Every scan goes through the same REST endpoint. Replace {your_api_key} with a key minted from your dashboard.

# Submit a paste scan
curl -X POST https://api.erabot.ai/api/scans/submit \
  -H "Authorization: Bearer {your_api_key}" \
  -F "source=paste" \
  -F "code=$(cat my_llm_code.py)"

# Poll for completion
curl https://api.erabot.ai/api/scans/{job_id} \
  -H "Authorization: Bearer {your_api_key}"

# Download agent-instructions.md once status=complete
curl https://api.erabot.ai/api/scans/{job_id}/agent-instructions.md \
  -H "Authorization: Bearer {your_api_key}" \
  -o agent-instructions.md

# Apply with Claude Code
claude-code apply ./agent-instructions.md

Full API reference

The canonical, always-in-sync API reference is generated from our OpenAPI spec. Every endpoint, every field, every response code.

Runtime scan (Helicone)

Paste a Helicone API key and erabot projects savings from your real production traffic — no code upload, no tree-sitter, no round-trip through the scan queue. Returns a completed scan synchronously (~5–10s depending on your log volume).

curl -X POST https://api.erabot.ai/api/scans/helicone \
  -H "Authorization: Bearer {your_api_key}" \
  -F "helicone_api_key=sk-helicone-xxxxxxxx" \
  -F "window_days=30"

Response is the same ScanResultResponse shape as a code scan, with input_source="helicone". Findings come pre-populated; no polling required.

Runtime scan (Langfuse)

Same pattern for Langfuse. Accepts a public/secret key pair (HTTP Basic) and an optional host for self-hosted deployments.

curl -X POST https://api.erabot.ai/api/scans/langfuse \
  -H "Authorization: Bearer {your_api_key}" \
  -F "langfuse_public_key=pk-lf-xxxxxxxx" \
  -F "langfuse_secret_key=sk-lf-xxxxxxxx" \
  -F "langfuse_host=https://cloud.langfuse.com" \
  -F "window_days=30"

SDK

Python SDK is in the repo under sdk/erabot.py. Decorator, context-manager, and manual-log patterns are all supported.

from erabot import track, log

@track(model="gpt-4")
def summarize(text: str) -> str:
    response = openai.chat.completions.create(...)
    return response.choices[0].message.content

# Or manually:
log(model="gpt-4", prompt_tokens=120, completion_tokens=80)

Trust & data handling

We redact secrets + PII before any LLM call. We do not train on your code. See /security for the full data-handling policy, encryption details, and SOC 2 roadmap.

Found an error or a missing topic? Open an issue at github.com/erabot-ai/erabot-cli.