Quickstart
Mayil is a web app, not a CLI. Paste a URL into the free-audit form on the homepage — no signup, no card — and get a scored, prioritized report back in seconds. Under the hood, that form calls the same POST /api/audit endpoint you can call directly.
POST /api/audit{ "url": "https://example.com/some-page" }
{"auditId": "b3f1…","audit": {"url": "https://example.com/some-page","status": "complete","scoreVersion": "v2","score": {"overall": 72,"grade": "C","categories": [ { "category": "answerFormat", "score": 61 }, … ],"groups": [ { "id": "eeat", "kind": "construct", "score": 68, "weight": 5 }, … ],"capped": null},"findings": [ { "checkId": "h1-present", "status": "pass", "score": 1, "weight": 3, … } ],"recommendations": [ { "checkId": "direct-answer", "scoreImpact": 4, … } ]}}
That shape is the real Audit object the engine returns — score, per-check findings, and ranked recommendations, all in one response. There is no separate install step and no command-line tool.
Scoring model
Every audit produces a single 0–100 overall score with a letter grade. Each atomic check contributes a pass / warn / fail finding weighted by severity, blended into either one of the seven display categories below or one of six cross-cutting constructs:
YMYL is conditional: it only takes over as a check's scoring parent when the page covers a health, financial, legal, or safety topic, and it escalates that check's weight when it does.
Checks that don't apply to a given page — or that error out, or can't be determined — carry weight 0 and are excluded from the score denominator entirely. They never silently drag a page down.
A failed critical check — for example, blocking AI crawlers outright in robots.txt — caps the overall score at a fixed ceiling (e.g. 20), no matter how strong every other signal is. That gate only ever lowers a high score; it never raises a low one.
The 7 dimensions
Every check belongs to exactly one of seven display categories. 130+ atomic checks ship today, each a small, evidence-backed unit — a status, a score contribution, and a snippet of what was actually found on the page.
Full methodology, the pipeline diagram, and all six cross-cutting constructs (E-E-A-T, JTBD, YMYL, AI Access, Machine Readability, Citeworthiness) in more depth: How it works →
Partner API
There is no public REST API with arbitrary endpoints. What exists is a stable, versioned JSON export — toPartnerApi(audit) — that reshapes an Audit into a flatter payload intended for partners piping results into their own dashboards:
{"apiVersion": "1","scoreVersion": "v2","url": "https://example.com/some-page","auditedAt": "2026-07-07T00:00:00.000Z","status": "complete","score": { "overall": 72, "grade": "C", "capped": null, "groups": [ … ] },"findings": [ { "checkId": "h1-present", "status": "pass", "score": 1,"scoringParent": { "kind": "category", "id": "contentStructure" },"facets": [], "severity": "high", "evidence": { "count": 1 }, "lifecycle": "active" } ],"recommendations": [ { "checkId": "direct-answer", "title": "…", "scoreImpact": 4, … } ]}
For the paid-tier, full-site brand-authority audit, the async job is polled at GET /api/site-audit/:jobId, which returns one of:
{ "status": "pending" }{ "status": "complete", "audit": { /* SiteAudit */ } }{ "status": "failed", "error": "…" }
That route is ownership-guarded: a job tied to a signed-in organization is only visible to that organization; anonymous jobs remain publicly readable by their link. There is no self-serve API-key system today — partner access is arranged directly.