Public API
Read-only REST access to the live ledger. No auth beyond the publishable key; row-level security limits visibility to verified facts. Same data the tool uses, callable from anywhere.
Base URL + key
The ledger runs on Supabase, which auto-generates a PostgREST API. The publishable key is safe to embed in clients — RLS policies are the actual authorization layer.
BASE = https://gtljxjjmacbokpjsfyql.supabase.co/rest/v1
KEY = sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6Send the key as apikey + Authorization: Bearer … on every request.
What anonymous clients can read
- calculations — every published calculation (id, name, jurisdiction, schemas).
- rules — only rows where
statusisactiveorsuperseded. - facts — only rows where
statusisactive,superseded,stale, ordrift_detected. Pre-verification (proposed) and retracted facts are not visible to anon. - sources — non-retired source URLs with publisher and authority tier.
- rule_facts — the rule→fact junction with role labels.
Examples
List all calculations
curl -s "https://gtljxjjmacbokpjsfyql.supabase.co/rest/v1/calculations?select=id,name,jurisdiction" \
-H "apikey: sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6" \
-H "Authorization: Bearer sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6"Fetch a specific calculation
curl -s "https://gtljxjjmacbokpjsfyql.supabase.co/rest/v1/calculations?id=eq.calc_il_state_withholding_owed&select=*" \
-H "apikey: sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6" \
-H "Authorization: Bearer sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6"Walk a lineage chain (calc → rule → facts → sources)
# Get the rule's facts via the rule_facts junction — joins are server-side
curl -s "https://gtljxjjmacbokpjsfyql.supabase.co/rest/v1/rule_facts?rule_id=eq.rule_il_state_withholding_optional_2026&select=fact_id,role,facts(id,claim_summary,source_quote,source_id,sources(url,publisher))" \
-H "apikey: sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6" \
-H "Authorization: Bearer sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6"PostgREST resource embedding does the joins server-side. One request returns the full lineage.
List facts by jurisdiction
curl -s "https://gtljxjjmacbokpjsfyql.supabase.co/rest/v1/facts?jurisdiction=eq.state:IL&select=id,claim_summary,status,verified_at" \
-H "apikey: sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6" \
-H "Authorization: Bearer sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6"Verifying a fact yourself
Every fact carries source_quote (the verbatim text on the page at verification time) and source_hash_at_verify (a SHA-256 of the page bytes). To verify a fact independently:
FACT_URL=$(curl -s "https://gtljxjjmacbokpjsfyql.supabase.co/rest/v1/facts?id=eq.fact_idor_2026_il_flat_income_tax_rate&select=sources(url)" \
-H "apikey: sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6" -H "Authorization: Bearer sb_publishable_aFHhciBm6e8Z2W_7TCvl9g_wfWCiqr6" | jq -r '.[0].sources.url')
curl -s "$FACT_URL" | sha256sumCompare the result against source_hash_at_verify. If it matches, the page hasn't moved since verification. If it doesn't, the corresponding fact would already be marked drift_detected by the nightly drift cron.
Rate limiting
Standard Supabase fair-use applies. Heavy programmatic use should self-throttle to a few requests per second. If you need bulk access, get in touch.
MCP server (planned)
An MCP server wrapping these endpoints as agent-callable tools is in design. Tools under consideration:
compliance_ledger.list_calculations(jurisdiction?)compliance_ledger.get_lineage(calculation_id)compliance_ledger.verify_fact(fact_id)— re-fetches the source and compares against the stored hash, returning a fresh integrity result.compliance_ledger.search_facts(query, jurisdiction?, status?)compliance_ledger.resolve_zone(payer_kind, payee_kind, jurisdiction, taxpayer_attrs, gross_per_period)— the same call the tool makes; returns lines + citations.
If you'd like to be a design partner on the MCP shape, get in touch via kelmen.space.