All runbooks
runbookuapiredacted view

UAPI Core Contracts v0

Core UAPI contract index and invariants for the multi-agent build wave.

Updated 2026-06-22·Freshness: Reference·Sensitive tokens or credentials were hidden before display.

UAPI Core Contracts v0

Core UAPI contract index and invariants for the multi-agent build wave.

Promotion Metadata

  • Source feedback id: 86
  • Source feedback ids: 86
  • Promotion request id: 20
  • Feedback category: beneficial
  • Feedback source: ai-lane
  • Feedback created at: 2026-06-22T16:36:03.269900+00:00
  • Target slug: [REDACTED:high-entropy]
  • Review state: review
  • Reviewer note: AI lane auto-promoted redacted feedback into internal catalog context.

Source Feedback Body

Feedback 86

  • Product: uapi
  • Category: beneficial
  • Related slug: [REDACTED:high-entropy]
  • Source: ai-lane
  • Created at: 2026-06-22T16:36:03.269900+00:00

title: UAPI Core Contracts v0 project: uapi kind: runbook state: draft tags: [docs, runbook, uapi, contracts]


UAPI Core Contracts v0

Purpose: stable contract names for the first UAPI build wave. This is a schema baseline, not final implementation.

Global invariants: - Every externally visible operation produces audit evidence. - Secrets never appear in logs, prompts, diaries, ResultPacket, or RunRecord. - Friendly route names are contracts; raw hosts remain private implementation detail. - Feedback intake is not source-of-truth until Explorer context fetch returns 200. - Facts, assumptions, benchmarks, and policy decisions are separate fields.

Core records: - UnifiedIdentityPrincipal: subject id, subject type, organization/project, role, scopes, auth method, trust tier. - LoginSession: principal, issued time, expiry, device binding, assurance level, revocation state. - ServiceToken: service principal, scopes, route limits, expiry, rotation lineage, last-used audit. - DeviceIdentity: device class, attestation, capabilities, owner, allowed routes, lifecycle state. - ServiceEndpoint: friendly name, service class, capability tags, health, policy bundle, owner. - JobBrief: operator intent, constraints, data class, requested output, allowed tools, approval mode. - EventEnvelope: event type, actor, target, correlation id, timestamp, redaction state. - GateRecord: gate type, required approver, decision, evidence, expiry, rollback note. - PlacementDecision: selected route, rejected routes, capability facts, benchmark basis, policy reason. - RunRecord: job id, route, adapter, inputs hash, gates, events, outputs, cost/time, audit ids. - ResultPacket: summary, artifacts, evidence, caveats, follow-up, no-secret confirmation. - EmbeddingJob: source, model, chunk policy, route, retention, Cortex handoff boundary. - PolicyBundle: allowed tools, data classes, routes, redaction, rate limits, deny rules. - ProviderAdapter: route type, auth mode, health check, input/output contract, fallback behavior. - StorageCapacity: verified storage facts, serving mode, policy, retention, performance notes.

First tests: wrong-role denial, unknown route rejection, missing gate rejection, PlacementDecision evidence required, no-secret log scan.