A crawler-readable map of Rilev's API families, the trust boundary around each, and the difference between app surfaces, organizational surfaces, and integration surfaces.
Session, assessment, tracking, and health surfacesThese surfaces serve browser sessions and user workflows. The security posture centers on authenticated sessions, request-origin checks for state changes, and ownership checks for sensitive data-plane access.
Professional and enterprise workflow surfacesThese surfaces resolve accounts from authenticated identity rather than trusting arbitrary client-supplied account IDs. They add workflow and management capabilities above the base application.
AI action, machine-client, and provider callback surfacesPublic does not mean unguarded. These surfaces are intended for machine clients, OAuth flows, or provider callbacks and rely on the matching authentication or verification model.
Crawler-facing docs and portable MarkdownThis guide explains the shape of the API estate without exposing implementation detail that belongs only in internal route-level docs.
App surfaces exist to support the product experience. Integration surfaces exist to support external clients under explicit trust models. That distinction matters for both security reviews and crawler comprehension.
Rilev documents domains, guarantees, and platform responsibilities first. Deeper endpoint-by-endpoint references can be published later on dedicated docs platforms without losing this canonical overview.