Technical Reference
Complete technical documentation for engineers working on or integrating with ThreatWeaver. Start with the section most relevant to your task.
Quick Navigationβ
| Document | What you'll find |
|---|---|
| API Reference | All REST endpoints, request/response schemas, auth headers |
| Environment Variables | Every process.env.* the backend reads, with defaults and descriptions |
| Auth Deep Dive | JWT structure, middleware chain, multi-tenant auth, SSO/SAML |
| Database Schema | Entity relationships, table definitions, tenant isolation model |
| Module Architecture | Per-module middleware stacks, entities, services, external integrations |
| Request Flows | End-to-end flows for scanning, dashboard load, Tenable sync |
| Webhook & Events | Inbound/outbound webhook schemas, SSE streams, retry logic |
| Permission Matrix | RBAC matrix β which roles can call which endpoints |
| TypeScript Docs | How to generate TypeDoc locally from source |
| Architecture Diagrams | System and component-level diagrams |
| Dependency Graphs | Module and package dependency maps |
| Performance Tuning | DB indexing, query optimization, scan throughput, caching |
| Postman Collection | Download the Postman collection for API testing |
| Deployment Models | Dedicated, SaaS, and hybrid deployment architectures |
| Error Codes | HTTP error codes, error shapes, and resolution steps |
| Glossary | Security and ThreatWeaver-specific terminology |
Where to startβ
Setting up locally? β Environment Variables then Auth Deep Dive
Building a new feature? β Module Architecture then Database Schema
Integrating via API? β API Reference or the interactive Swagger UI
Debugging an error? β Error Codes then Request Flows
Performance issues? β Performance Tuning