API, Schemas, and Starter Files
Everything you need to integrate incidents, automate products, and manage Playbooks, RIFs, Mission Folders, and Net Assessments — all grounded in TEW doctrine.
API overview
REST-style JSON over HTTPS (optional mTLS). All endpoints require SSO tokens and pass RBAC/ABAC checks.
Base URL
https://<your-domain>/api/v1/
Auth
OIDC bearer token + optional mTLS (client cert). Short TTL; refresh required.
Content-Type
application/json (UTF-8). All responses are JSON.
Core endpoints
Create incidents, move states, manage artifacts, and generate products.
Incidents
POST /incidents
{
"title": "Stadium smoke reports",
"source_cluster_id": "CL-2025-0412",
"priority": "High",
"initial_state": "Alert",
"tags": ["stadium","smoke","911-calls"]
}
200 OK
{
"incident_id": "INC-2025-0214",
"state": "Alert",
"created_at": "2025-08-28T12:01:15Z"
}
POST /incidents/{id}/transition
{
"to_state": "Warning",
"reason": "Multiple corroborated calls, OSINT photos, smoke visible",
"notify": true
}
200 OK
{
"incident_id": "INC-2025-0214",
"state": "Warning",
"notified": ["IC","UC","EOC"]
}
RIF / Target Folders
GET /rif/{jurisdiction}/{site_uid}
POST /rif/{jurisdiction}/{site_uid} # create/update (JSON body mirrors rif.schema.json)
Example response:
{
"rif_id": "RIF-LAX-T4-0001",
"site_name": "LAX – Terminal 4",
"jurisdiction": "Los Angeles County",
"status": "active",
"linked_playbooks": ["chemical","lvb","radiological_nuclear"],
"fields": {
"site_plans": ["site_plans/overview.pdf"],
"terrain": ["terrain/oakoc.md"],
"plume_models": {"interior": ["models/plume/int_floor2.json"]},
"vulnerability_map": ["vulnerability_map/vuln.geojson"]
},
"info_gaps": ["No current HVAC zoning drawings"]
}
Mission Folders
GET /mission_folders/{incident_id}
POST /mission_folders/{incident_id} # upsert (body ~ mission_folder.schema.json)
Example snippet:
{
"incident_id": "INC-2025-0214",
"period": "OP1 2025-08-28T12:00Z–18:00Z",
"ic_uc": ["LASD-IC","LAFD-UC"],
"commander_end_state": "Secure terminal, resume ops ≤ 6h",
"intel_annex": {"sitreps_dir": "intelligence_annex/sitreps/"},
"rif_links": ["../../rif_target_folders/los_angeles/lax_t4"],
"coas": {"opfor": "coas/opfor_coas.md","friendly": "coas/friendly_coas.md"}
}
Net Assessments
POST /net_assessments
{
"incident_id": "INC-2025-0214",
"scope_magnitude": "Terminal-level, potential spillover",
"threat_envelope": "LV-IED / CBRN unknown",
"consequence_forecast": "Ops degradation ≥ 6h",
"inputs": ["RIF LAX-T4","Playbook: chemical"],
"rams": ["Random canine patrols","Unpredictable badge checks"]
}
200 OK
{ "net_assessment_id": "NA-2025-0098", "status": "draft" }
Products
POST /products/{type}/draft # type: advisory|warning|iap|sitrep
{
"incident_id": "INC-2025-0214",
"audience": "IC",
"redaction_level": "Secret",
"include_sections": ["situation","actions","resources"]
}
POST /products/{id}/approve
{ "reason": "IC sign-off", "distribution": ["UCS","ICP","EOC","JRIC"] }
Intelligence Requirements (IRM)
POST /irm/requirements
{
"id": "IR-2025-0031",
"originator": "County PH",
"gap_statement": "Need unclassified assessment of X-linked outbreak near CI/KR sites.",
"priority": "High",
"related_incidents": ["INC-2025-0214"],
"routing": ["FusionCenter","DHS-IA"],
"due_date": "2025-09-05",
"deliverable_level": "Unclassified",
"refresh_cadence_days": 14
}
Data schemas
JSON schema snippets for core artifacts. See the starter kit for full files.
rif.schema.json
required: ["rif_id","site_name","jurisdiction","fields"]
properties:
rif_id: string
site_name: string
jurisdiction: string
status: enum(active|draft|archived)
linked_playbooks: string[]
fields:
site_plans: string[]
terrain: string[]
plume_models: object
blast_models: string[]
vulnerability_map: string[]
support_sites_map: string[]
info_gaps: string[]
mission_folder.schema.json
required: ["incident_id","period","ic_uc","attachments","coas"] properties: incident_id: string period: string ic_uc: string[] commander_end_state: string intel_annex: object rif_links: string[] attachments: object coas: object dissemination: string[]
net_assessment.schema.json
required: ["incident_id","scope_magnitude","consequence_forecast"] properties: scope_magnitude: string threat_envelope: string consequence_forecast: string resources_profile_ref: string rams: string[] inputs: string[]
Repository structure
Standard project layout for doctrine artifacts and ops data.
tew/ ├─ docs/ # Doctrine refs, SOPs, training ├─ playbooks/ # Threat-class playbooks ├─ rif_target_folders/ # RIF/Target Folders by jurisdiction/site ├─ mission_folders/ # Incident-specific packages ├─ net_assessments/ # Decision support artifacts ├─ irm/ # Intelligence Requirements ├─ products/ # Advisories, Warnings, IAPs, SITREPs ├─ modules/ # cuas/, port_maritime/, cyber/ └─ shared/ ├─ taxonomies/ # RAND tactics/targets, etc. └─ schemas/ # rif.schema.json, mission_folder.schema.json, net_assessment.schema.json
Downloads
Starter kit: folder skeletons, JSON schemas, and sample data.
TEW Starter Kit
Includes playbooks/, rif_target_folders/, mission_folders/, net_assessments/, and shared/schemas/.
Versioning & changelog
Keep artifacts and APIs predictable and auditable.
Semantic versions
Pin versions in YAML/JSON (version: 1.3.0) and include in product manifests. Use Git tags for releases.
Changelog
Maintain CHANGELOG.md with breaking changes, new endpoints/fields, and deprecations.
Deprecations
Mark old endpoints as deprecated and provide a sunset date; keep read-only until sunset passes.
Need deeper integration?
Ask for the full OpenAPI spec, SDK stubs, and sample data packs.