> ## Documentation Index > Fetch the complete documentation index at: https://docs.devhelm.io/llms.txt > Use this file to discover all available pages before exploring further. # Fetch a policy snapshot by its content hash > Hash is SHA-256 over canonical policy JSON, hex-encoded. Access is gated: caller's org must have evaluated against this hash at least once. ## OpenAPI ````yaml /openapi/monitoring-api.json get /api/v1/forensics/policy-snapshots/{hashHex} openapi: 3.0.1 info: title: DevHelm API description: >- DevHelm monitoring and incident management API. Create and manage uptime monitors, incidents, alert channels, notification policies, and more. version: '1.0' contact: name: DevHelm url: https://devhelm.io email: support@devhelm.io servers: - url: https://api.devhelm.io description: Production security: - BearerAuth: [] tags: - name: Alert Channels description: Alert channel CRUD and connectivity testing - name: Alert Deliveries description: 'Delivery audit trail: inspect per-attempt details for alert deliveries' - name: API Auth description: Identity and quota info for API key authentication - name: API Keys description: Organization API key management - name: Audit Log description: Organization audit trail - name: Check Results description: Query raw check results, uptime statistics, and summary data - name: Dashboard description: Overview dashboard aggregates - name: Deploy Lock description: Mutex for CLI deploy operations - name: Environments description: Variable namespace management for monitors - name: Forensics description: >- Detection engine event-sourced history (policy snapshots, rule evaluations, state transitions) - name: Heartbeat description: Public ping endpoint for heartbeat monitors - name: Incident Policies description: Manage trigger, confirmation, and recovery rules for monitors - name: Incidents description: Incident management and lifecycle - name: Integrations description: Static catalog of supported alert channel integrations - name: Invites description: Organization invite management - name: Maintenance Windows description: Schedule alert-suppression windows for monitors - name: Members description: Organization member management - name: Monitor Alert Channels description: Manage alert channel mappings for a monitor - name: Monitor Assertions description: Manage assertions for a monitor - name: Monitor Auth description: Manage authentication configuration for a monitor - name: Monitors description: Monitor CRUD and lifecycle management - name: Notification Dispatches description: >- Dispatch debugging API: inspect which policies matched an incident and track delivery status - name: Notification Policies description: Org-level notification routing policies with JSONB match rules - name: Notifications description: In-app notification center - name: Organizations description: Organization management - name: Resource Groups description: Resource group CRUD and member management - name: Secrets description: Organization environment secret management - name: Service Subscriptions description: Manage which services an organization tracks - name: Status Data description: Public service status catalog, components, uptime, and incident history - name: Status Pages description: Status page management - name: Tags description: Org-scoped tag management for monitors - name: Vault description: Organization vault management (admin-only) - name: Webhooks description: Webhook endpoint management, event catalog, and delivery history - name: Workspaces description: Workspace management within an organization paths: /api/v1/forensics/policy-snapshots/{hashHex}: get: tags: - Forensics summary: Fetch a policy snapshot by its content hash description: >- Hash is SHA-256 over canonical policy JSON, hex-encoded. Access is gated: caller's org must have evaluated against this hash at least once. operationId: getPolicySnapshot parameters: - name: hashHex in: path required: true schema: type: string responses: '200': description: OK content: '*/*': schema: $ref: '#/components/schemas/SingleValueResponsePolicySnapshotDto' '400': description: Bad request — the payload failed validation content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized — missing or invalid credentials content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden — the actor lacks permission for this resource content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Not found — the requested resource does not exist content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '409': description: Conflict — the request collides with current resource state content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error — see the message field for details content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '502': description: Bad gateway — an upstream provider returned an error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '503': description: Service unavailable — try again shortly content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' components: schemas: SingleValueResponsePolicySnapshotDto: required: - data type: object properties: data: $ref: '#/components/schemas/PolicySnapshotDto' ErrorResponse: required: - code - message - status - timestamp type: object properties: status: type: integer description: HTTP status code (mirrors the response status line) format: int32 example: 404 code: type: string description: >- Coarse machine-readable error category (e.g. NOT_FOUND, RATE_LIMITED); stable per status example: NOT_FOUND message: type: string description: Human-readable error message; safe to surface to end users example: Monitor not found timestamp: type: integer description: Server time when the error was produced (epoch milliseconds) format: int64 example: 1737302400000 requestId: type: string description: >- Opaque per-request id; same value as the X-Request-Id response header. Use in support tickets. nullable: true example: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a errors: type: array description: >- Structured per-field rejections; populated for validation errors, null otherwise nullable: true items: nullable: true allOf: - $ref: '#/components/schemas/ErrorEntry' description: Uniform error envelope returned for every non-2xx response example: status: 404 code: NOT_FOUND message: Monitor not found timestamp: 1737302400000 requestId: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a PolicySnapshotDto: required: - engineVersion - firstSeenAt - hashHex - lastSeenAt - policy type: object properties: hashHex: minLength: 1 type: string description: Hex-encoded SHA-256 of the canonical policy JSON policy: type: object additionalProperties: type: object description: Canonical policy document (snake_case, sorted keys) description: Canonical policy document (snake_case, sorted keys) engineVersion: minLength: 1 type: string description: Detection engine version that observed this policy firstSeenAt: type: string description: First time the detection engine evaluated against this policy bytes format: date-time lastSeenAt: type: string description: Most recent time the engine evaluated against this policy bytes format: date-time description: >- Policy snapshot used during this check (all evaluations of a single check are against one policy) nullable: true ErrorEntry: required: - code - message type: object properties: code: minLength: 1 type: string description: >- Stable machine-readable code; see ValidationErrorCode for the registry example: MONITOR_HEARTBEAT_GRACE_EXCEEDS_INTERVAL field: type: string description: >- JSON-pointer-like path to the offending field, or null for request-wide errors nullable: true example: config.gracePeriod message: minLength: 1 type: string description: Human-readable message; safe to surface to end users description: One structured validation rejection securitySchemes: BearerAuth: type: http description: API key (dh_live_...) or Auth0 JWT token scheme: bearer bearerFormat: JWT ````