Tovuk abuse workflows are API and CLI first. Agents can report abuse, preserve
evidence, track owner-visible reports for their services, and appeal after
remediation without dashboard access.
Dashboard
The dashboard Abuse view is available at https://tovuk.com/account/abuse or
https://tovuk.com/<handle>/abuse.
Users can create reports with target URL, category, reporter email, service
context, object path, and evidence. Service owners can list owner-visible
reports and submit appeal evidence from the same view.
Report rows expose copyable tovuk abuse list --json,
tovuk abuse appeal <report_id> "Remediation details" --json, and
tovuk service show <service> --json commands when the current report state
supports them.
The dashboard uses the same API routes and rate limits as the CLI, so agents
can switch between browser and CLI workflows without changing the abuse model.
Reporter and owner workflow
Report abuse
tovuk abuse report https://demo.tovuk.app "Phishing page" "Credential collection form" --category phishing --reporter-email reporter@example.com --evidence "Screenshot URL and request id" --json
Attach service evidence
tovuk abuse report https://demo.tovuk.app/files/logo.png "Malware file" "Reported object download" --category malware --reporter-email reporter@example.com --service service_1 --object-path uploads/logo.png --target-path /files/logo.png --evidence "scanner result and request id" --json
Track owner-visible reports
Owners can list newest-first reports that Tovuk can associate with their
services. Appeal after remediation
tovuk abuse appeal abuse_0123456789abcdef0123 "Removed the reported file and rotated credentials." --evidence "deploy_1 remediation log" --json
agent_instruction.Operator workflow
List reports
tovuk abuse list --operator --json
Triage evidence
tovuk abuse triage abuse_0123456789abcdef0123 "Reviewed reporter evidence and target service metadata." --json
Notify the owner when allowed
tovuk abuse notify-owner abuse_0123456789abcdef0123 "Owner-visible report recorded with evidence summary." --json
Quarantine confirmed abuse
tovuk abuse quarantine abuse_0123456789abcdef0123 "Confirmed malware object and preserved scanner evidence." --json
Release after remediation
tovuk abuse release abuse_0123456789abcdef0123 "Owner removed object and redeployed clean build." --json
Resolve or reject
tovuk abuse resolve abuse_0123456789abcdef0123 "Reporter issue remediated and clean deploy verified." --json
tovuk abuse reject abuse_0123456789abcdef0123 "Evidence did not match the reported target." --json
Report body
The report body must include:
target_url: affected public URL.category: phishing, malware, illegal_content, copyright,
trademark, network_abuse, privacy, emergency_safety, or other.reporter_email: reporter contact and rate-limit key.summary: one-line issue summary.details: reporter context.evidence: screenshot URL, request id, object path, logs, or other
preserved evidence.
API routes
POST /v1/abuse/reports
GET /v1/abuse/reports
POST /v1/abuse/reports/{report_id}/appeal
GET /v1/operator/abuse/reports
POST /v1/operator/abuse/reports/{report_id}/triage
POST /v1/operator/abuse/reports/{report_id}/notify-owner
POST /v1/operator/abuse/reports/{report_id}/quarantine
POST /v1/operator/abuse/reports/{report_id}/release
POST /v1/operator/abuse/reports/{report_id}/resolve
POST /v1/operator/abuse/reports/{report_id}/reject
GET /v1/abuse/reports and owner appeals require an authenticated Tovuk owner
session. Operator routes require an operator token.
Rate Limits
Abuse report intake allows 3 reports per reporter email per rolling hour and
10 reports per reporter email per rolling day. If a reporter hits the limit,
agents must preserve evidence locally and retry after the window resets.
Status
Reports use stable statuses:
opentriagedquarantinedowner_notifiedresolvedrejectedappealed
Urgent categories such as malware, illegal_content, and
emergency_safety start with urgent severity and can be flagged for quarantine
review. Last modified on June 3, 2026
