This document covers the Workbench-facing API surface. All endpoints are under /api.
When SCNU_ACCESS_CODE is set, all /api/* routes require the access cookie except:
GET /api/healthPOST /api/public/precheck/docxPOST /api/public/precheck/textPOST /api/public/exports/docxPOST /api/public/export-jobs/docxGET /api/public/export-jobs/{id}POST /api/public/export-jobs/{id}/cancelPOST /api/public/export-jobs/{id}/retryGET /api/public/exports/{id}/downloadGET /api/public/exports/{id}/reportGET /api/access-code/statusPOST /api/access-code/verify
Multipart fields:
file:.docx, max 20 MBprivacy_accepted: must betrueturnstile_token: required in production
Returns PrecheckResponse with export_token and expires_at.
JSON request:
{
"text": "已有论文正文",
"privacy_accepted": true,
"turnstile_token": "..."
}Text input is limited to 80,000 characters. The endpoint is for existing thesis text precheck only.
JSON request:
{
"thesis": {},
"export_token": "..."
}Returns a retained export with download_url, report_url, and expires_at. Public exports are kept for 30 minutes.
This synchronous endpoint is retained for compatibility. The public UI uses the Job endpoints below.
JSON request:
{
"thesis": {},
"export_token": "..."
}Creates a background export job and returns:
{
"job_id": "job_...",
"export_id": "pub_...",
"status": "running",
"progress": 5,
"message": "导出任务已创建。",
"download_url": null,
"report_url": null,
"expires_at": "2026-04-21T12:30:00",
"error_code": null
}Job status values:
runningdonefailedcanceled
Returns the latest persisted job status. When status=done, download_url and report_url are available.
Requests cancellation and returns the persisted job status. Cancellation is cooperative: if the export has already completed, the completed state is returned.
Retries a failed or canceled job with the original request payload while the original export_token remains valid.
Returns:
{
"required": true,
"verified": false
}Request:
{
"access_code": "..."
}On success, the backend sets an HttpOnly cookie and returns verified=true.
Creates an SCNU undergraduate project. The server defaults are:
school=scnudegree_level=undergraduatetemplate_profile=scnu-undergraduaterule_set_id=scnu-undergraduate-2025privacy_mode=local_onlyremote_provider_allowed=false
Request fields:
titledepartmentmajoradvisorstudent_namestudent_idwriting_stage:topic,proposal,draft,revision,final_checkprivacy_mode:local_only,remote_allowedremote_provider_allowed
Updates project metadata and privacy settings. If privacy_mode=local_only, the server forces remote_provider_allowed=false.
Returns Provider metadata only. API keys are never included.
Returns saved Provider configs with:
providermodelbase_urlallow_localhas_api_keyverification_statusverification_message
Raw API keys are never returned.
Stores a Provider config and seals api_key server-side.
Remote Providers reject private, loopback, link-local, reserved, and multicast base_url targets. Ollama can use local loopback/private addresses only when allow_local=true; link-local, reserved, and multicast targets remain blocked.
Runs metadata verification only. It does not call a remote LLM and does not send论文正文.
- Remote Providers require a model and saved API key.
- Ollama may perform a short local
/api/tagsprobe when a base URL is configured.
Soft-deletes the Provider config.
POST /api/projects/{id}/filesGET /api/projects/{id}/filesPOST /api/projects/{id}/parse-jobsGET /api/jobs/{id}GET /api/jobs/{id}/eventsGET /api/jobs/{id}/events/streamGET /api/projects/{id}/versionsGET /api/projects/{id}/issuesGET /api/projects/{id}/proposalsPOST /api/proposals/{id}/acceptPOST /api/proposals/{id}/rejectPOST /api/proposals/{id}/stashPOST /api/projects/{id}/exportsGET /api/projects/{id}/exportsGET /api/exports/{id}/download