Local API Contract Fixture
Endpoint-shaped contracts without a public server, deploy, or external write path.
The Single Idea
The runtime now has local request/response contracts for assess, curriculum, sandbox, and submit. The local handlers require authenticated scoped context, declared rate limits, privacy-safe errors, synthetic fixture data, and disabled external writes before any future HTTP layer can reuse the shapes.
01
Routes
| Method | Route | Request | Response | Scope | Rate |
|---|---|---|---|---|---|
| POST | /assess | AssessRequest | AssessResponse | assess:write | 60/60s |
| POST | /curriculum | CurriculumRequest | CurriculumResponse | curriculum:read | 90/60s |
| GET | /workflow/{id}/sandbox | WorkflowSandboxRequest | WorkflowSandboxResponse | sandbox:read | 90/60s |
| POST | /submit | SubmitPracticeRequest | SubmitPracticeResponse | practice:write | 30/60s |
02
Fixture Evidence
Truevalid
e25fdff7a3db8453
scenario
Truesubmit
Truesecurity
Assess decision
f8fe57b08cf9a0bc
produced sandbox payload f9ba0184df416758
and submit result f1646352424ed8fb.
03
Contract Boundary
The handlers intentionally run as local functions first. A future HTTP layer should preserve these schemas and implement the same auth, tenant, rate-limit, privacy, and external-write policies at the network edge before public exposure.
| Boundary | Value |
|---|---|
| Auth required | True |
| Tenant scoped | True |
| Rate limited | True |
| Privacy safe | True |
| Real user data allowed | False |
| External writes allowed | False |
Where to start
Use this fixture as the compatibility contract before adding any public endpoint.
Use this fixture as the compatibility contract before adding any public endpoint.