Public API Index

Every public claim on this site maps to a live endpoint. This page is the menu. Working code or it does not exist. Internal control-mapping and self-assessment artifacts are gated; access is available to authenticated federal evaluators on request via /evaluate#rfi. For the published standards and doctrine each claim aligns to, see /standards.

Legend. LIVE always-on, public. CACHED uses a cached corpus when the upstream feed is paid or rate-limited; corpus date returned in payload. GATED 403 without an evaluator token; x-evaluator-access: <token> or Authorization: Bearer <token>.

Live geospatial & hazard feeds

Method	Path	Description
GET	/api/dual-use/fires LIVE	NASA FIRMS active-fire detections (VIIRS / MODIS). Always live.
GET	/api/dual-use/earthquakes LIVE	USGS recent seismic events. Always live.
GET	/api/dual-use/weather-alerts LIVE	NOAA NWS active CAP alerts. Always live.
GET	/api/dual-use/space-weather LIVE	NOAA SWPC geomagnetic / solar conditions.

Vendor identity & capability

Method	Path	Description
GET	/api/capability-brief LIVE	Canonical machine-readable capability statement: UEI, CAGE, NAICS, SDVOSB-pending status, vehicles, authorities not held.
GET	/api/fema/manifest LIVE	FEMA-facing manifest: integration surfaces, IPAWS posture, COG-ID status (honest).
GET	/api/crada/jws-template LIVE	Joint Work Statement template under 15 USC 3710a (CRADA).
GET	/api/crada/target-labs LIVE	Federal lab Technology Transfer office contact pattern (no agency-shopping).

Platform health & system map

Method	Path	Description
GET	/api/health LIVE	Liveness check. Returns build, uptime, module count.
GET	/api/system-map LIVE	Module catalog with stage (live / cached / stub) per surface.
GET	/sitemap.xml LIVE	Public sitemap. Internal pages are not listed.

Internal control-mapping — evaluator-gated

These endpoints return 403 without a token. They are not for the open web. They are available to authenticated federal evaluators on request. Submit an RFI at /evaluate#rfi and a token is issued by reply within one business day.

Method	Path	Description
GET	/api/ai-security/compliance/cmmc-l2 GATED	CMMC L2 internal control-mapping (self-assessment, not certified).
GET	/api/ai-security/compliance/fedramp GATED	FedRAMP control-intent mapping (no ATO claimed).
GET	/api/ai-security/cmmc/l2-assessment GATED	L2 self-assessment evidence catalog.
GET	/api/ai-security/fedramp/ssp-evidence GATED	SSP-shaped evidence pointers (internal).
GET	/api/cmmc/evidence-collection GATED	Hash-chained evidence collection log.
GET	/api/compliance/evidence/export GATED	Evidence bundle export (NDA-on-request).

30-second smoke test

curl -s https://secureassure.app/api/health | jq .
curl -s "https://secureassure.app/api/dual-use/earthquakes?limit=5" | jq '.features | length'
curl -s "https://secureassure.app/api/dual-use/weather-alerts?limit=5" | jq '.alerts | length // .features | length'
curl -s https://secureassure.app/api/capability-brief | jq '.identity, .vehicles, .authoritiesNotHeld'

# Gated endpoint without token returns 403
curl -i https://secureassure.app/api/ai-security/compliance/cmmc-l2

# With evaluator token
curl -s -H "x-evaluator-access: $TOKEN" \
  https://secureassure.app/api/ai-security/compliance/cmmc-l2 | jq .

Honesty signals embedded in every response. The capability-brief endpoint enumerates the authorities ISS LLC does not hold (FedRAMP, IL-5, FIPS, CAC, SIPRNET, ATO, CMMC-L2 cert) so a contracting officer can verify in one curl. The FEMA manifest reports IPAWS COG-ID as not-issued until a sponsoring AO issues one. Self-assessment compliance artifacts are gated; the public surface only points at them.

BRIEF CHEATSHEET

TF DAGGER · ONE FIGHT · 9 STEPS

UNCLASSIFIED // FOR OFFICIAL USE ONLY

Greg Funk Teams brief · 29 APR 2026 1000 EDT · ISS LLC / Dr. Terry Flood / CAGE 9VKK3

OPENING (30 sec)

"One fight, one screen. TF DAGGER, hostile UAS swarm bearing 270, 22km. PTDS-1 has it. ALPHA-1 through 8 are airborne, BRAVO-6 is C-RAM, CHARLIE-1 is on shore, LOG-1 is the tail. I'm going to walk you the kill chain end to end — sensor to shooter to BDA — in nine steps."

THE 9 STEPS · CLICK EACH

1. DETECT — Swarm C2

"PTDS-1 picks up 4 hostile UAS. ALPHA-1..8 receive cue at H+0."

2. CLASSIFY — CRAM Dashboard

"BRAVO-6 confirms hostile UAS, declares THREATCON RED at H+1."

3. FUSE — DoD Common Op Picture

"All four domains on one screen. Land/air/sea/cyber. No swivel-chair."

4. EXTEND — Maritime Domain

"CHARLIE-1 sees the surface threat. AIS + radar + visual cross-cue."

5. PRIORITIZE — Commander Dashboard

"Critical/High/Med/Low live counts. Commander sees the queue."

6. ASSESS — DIME-PMESII

"Operational Environment overlay. Diplomatic / Info / Mil / Econ options."

7. LOCATE — Peer Geolocation

"GPS-denied. Multi-node TDOA. Covariance ellipse on the map."

8. DECIDE — Intel Fusion

"AI never authors lethal numbers. Human-in-loop for every kinetic call."

9. ACT + BDA — Brief Runbook (full script)

"LOG-1 closes the loop. BDA back to PTDS-1. One fight, one screen."

SLIDE QUICK-JUMP · DEFENSE BRIEFING DECK

Echelon Break — Strategic / Op / Tactical / Edge

Navy / USMC — EABO, Stand-In Force, POSEIDON

Army — ADOC complement, BCT-down, ATAK

Air Force — ABMS, ACE, AOC-edge node

Space Force — SDA, LEO-PNT, Spectrum/EW

Firestorm Labs — xCell + Tempest + Swarm C2

Link 16 / J-Series / COMSEC posture (plain English)

This Week · What's Done / In Flight / On Deck

Single source of truth post-Greg-Funk brief. POC targets (Jaded Thunder Visceral, Booz Allen, EUD) tracked here, not as sales slides.

IF ASKED: LINK 16 / COMSEC — PLAIN ENGLISH

If you only remember one line:
"We don’t transmit on Link 16, and we don’t hold the secret keys. We read a translated unclassified copy that the unit’s government-owned translator box hands us."

If pressed for more:
• Link 16 is the military’s classified group-chat for jets, ships, ground — you need an encrypted radio (MIDS) and the day’s secret keys to talk on it. We have neither. We don’t need either.
• The unit’s person who safeguards those keys (the COMSEC custodian) keeps that job. We change nothing about their security setup.
• The unit also has a government-owned translator box that copies Link 16 messages to the unclassified side. We read from that box. We never write back into the secret side.
• What we add: we mix those tracks with our 9,500+ aircraft and 12,000+ ship feeds onto one map and give the commander a clean picture with a decision queue.
• If the translator goes dark we keep running on commercial feeds and clearly label the Link 16 picture as stale. No silent failures.

Why it matters to them: "Days to stand up, not 18 months. No new accreditation. No new keys. No new custodian. Their security chain is unchanged."

HARD RULES — SAY THESE

• "No FedRAMP, no IL-5, no CAC, no SIPRNET, no FIPS, no ATO — this is unclas commercial."
• "AI never authors ballistic numbers. Lethal calls are human-in-loop."
• "468 docs in the RAG corpus. No live web fetch."
• "SDVOSB-pending, CAGE 9VKK3."

CLOSING (15 sec)

"That's the kill chain. One screen, nine steps, every domain. Lattice gives you a map; we give you the fight. Cost? A fraction of a prime program. Standards? Open. Schedule? Today. Let me know what you want to drill into."

Press ESC or click X to close · Drawer is overlay-only, won't navigate away

ATLAS AI Assistant

Ask me anything about SHIELD/ATLAS

ATLAS AI

I'm your ATLAS AI mission partner (Anthropic Claude, grounded on the internal 468-doc RAG corpus — no live web fetch). Tell me who you are and what you're working on — I'll show you exactly how this platform serves your mission. I know every module, every sensor, every integration in the corpus.

Whether you're SOF in the Middle East, CBP on the border, FEMA during a hurricane, or evaluating this platform for acquisition — same AI, same depth. Plain English works.

Public API Index

Live geospatial & hazard feeds

Vendor identity & capability

Platform health & system map

Internal control-mapping — evaluator-gated

30-second smoke test

What This Page Is

What To Do First

Need Help?

Use My Location?