Backend & API
The FastAPI surface and its conventions: endpoint definitions and routing, a single error-envelope shape, auth / session validation, pagination, the WebSocket event vocabulary, and telemetry / logging. Localhost-only security posture (session token + loopback registration + origin checks) carried forward from legacy chattr.
Backend & API contract
The FastAPI surface and its conventions: endpoint definitions and routing, a single error-envelope shape, auth / session validation, pagination, the WebSocket event vocabulary, and telemetry / logging. Localhost-only security posture (session token + loopback registration + origin checks) carried forward from legacy chattr.
The rule
Enforced by
contract tests / OpenAPI diff + ast-grep — derived from these rules
- Endpoint rule (pending) — routes follow the agreed router/path layout.
- Error-envelope rule (pending) — all error responses match one shape.
Open items (confirm to lock)
- Endpoint definitions: router layout + path conventions — define and lock.
- Error envelope: the single error response shape — define and lock.
- Auth / session: how the server validates the session token — define and lock.
- WebSocket event vocabulary (agents, agent_renamed, status, clear, etc.) — define and lock.
- Localhost security posture (session token, loopback-only registration, origin checks, no shell=True) — confirm and lock.
- Telemetry & logging conventions — define and lock.
Platform Contracts
The registry of every enforced platform rule. Source of truth lives in governance/; this view is generated.
Multi-agent coordination
How agents and humans coordinate in a room: behavioral roles, an authoritative ground-truth ledger, a real gate-runner instead of self-reported checks, a shared step-state board, message discipline, and turn-taking. Targets the real friction — duplicated effort and self-reported truth — not output quality.