> ## Documentation Index
> Fetch the complete documentation index at: https://docs.krait.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Inventory

> Automatically discover and track your entire API surface directly from source code

## Overview

Krait's API Inventory is the foundation of the platform, working the moment you connect a repository. Instead of relying on traffic, Swagger files, or manual documentation, Krait derives your entire API surface **directly from your source code**. This makes the inventory a living reflection of your application, always one commit away from reality.

<Frame>
  <img src="https://mintcdn.com/krait/9ioPUQVgYHbGs9dJ/deep-scan/images/api-inventory.png?fit=max&auto=format&n=9ioPUQVgYHbGs9dJ&q=85&s=06e35eeaaa56a8f02c8e4c5168f5b41b" alt="API Inventory showing discovered routes and endpoint details" className="mx-auto" style={{ width:"100%" }} width="1962" height="1628" data-path="deep-scan/images/api-inventory.png" />
</Frame>

## How it works

When a scan begins, Krait reads your controllers, routers, middleware chains, validation layers, and underlying service functions. Supported frameworks provide a predictable structure that Krait interprets to reconstruct both the externally visible routes and the internal execution paths they rely on.

### Supported frameworks

<CardGroup cols={4}>
  <Card title="FastAPI" icon="python" />

  <Card title="Spring" icon="java" />

  <Card title="ASP.NET" icon="microsoft" />

  <Card title="Laravel" icon="php" />

  <Card title="Express" icon="node-js" />

  <Card title="Flask" icon="python" />

  <Card title="Django" icon="python" />
</CardGroup>

### Supported languages

<CardGroup cols={4}>
  <Card title="Java" icon="java" />

  <Card title="Python" icon="python" />

  <Card title="PHP" icon="php" />

  <Card title="Python-pyright" icon="python" />

  <Card title="JavaScript" icon="js" />

  <Card title="TypeScript" icon="code" />

  <Card title="C#" icon="microsoft" />
</CardGroup>

## What you get

The result is a complete, code-derived map of your API. Every endpoint is annotated with:

* HTTP method
* Route pattern
* Handler function
* Middleware chain
* Return types
* Potential status codes
* Relevant data structures

Nothing is guessed. Nothing relies on runtime conditions. The API surface you see is the API surface your application actually exposes.

## Change tracking

Krait's inventory system tracks evolution over time. When a route changes, Krait automatically highlights it:

<AccordionGroup>
  <Accordion title="Route updated" icon="pen">
    Applied when the signature shifts, middleware is added, or handler logic changes
  </Accordion>

  <Accordion title="New endpoint" icon="plus">
    Newly added endpoints receive a "new" tag until reviewed
  </Accordion>
</AccordionGroup>

This streamlines change-aware security reviews and ensures teams never miss an endpoint that quietly altered its behavior.

## Benefits

The inventory becomes the backbone for risk analysis, architecture understanding, and downstream DeepScan. By grounding security in real code structure instead of approximations, Krait eliminates the blind spots that plague traditional scanners.
