UAPI Core Contracts v0
Core UAPI contract index and invariants for the multi-agent build wave.
Promotion Metadata
- Source feedback id:
86 - Source feedback ids:
86 - Promotion request id:
20 - Feedback category:
beneficial - Feedback source:
ai-lane - Feedback created at:
2026-06-22T16:36:03.269900+00:00 - Target slug:
[REDACTED:high-entropy] - Review state:
review - Reviewer note: AI lane auto-promoted redacted feedback into internal catalog context.
Source Feedback Body
Feedback 86
- Product:
uapi - Category:
beneficial - Related slug:
[REDACTED:high-entropy] - Source:
ai-lane - Created at:
2026-06-22T16:36:03.269900+00:00
title: UAPI Core Contracts v0 project: uapi kind: runbook state: draft tags: [docs, runbook, uapi, contracts]
UAPI Core Contracts v0
Purpose: stable contract names for the first UAPI build wave. This is a schema baseline, not final implementation.
Global invariants: - Every externally visible operation produces audit evidence. - Secrets never appear in logs, prompts, diaries, ResultPacket, or RunRecord. - Friendly route names are contracts; raw hosts remain private implementation detail. - Feedback intake is not source-of-truth until Explorer context fetch returns 200. - Facts, assumptions, benchmarks, and policy decisions are separate fields.
Core records: - UnifiedIdentityPrincipal: subject id, subject type, organization/project, role, scopes, auth method, trust tier. - LoginSession: principal, issued time, expiry, device binding, assurance level, revocation state. - ServiceToken: service principal, scopes, route limits, expiry, rotation lineage, last-used audit. - DeviceIdentity: device class, attestation, capabilities, owner, allowed routes, lifecycle state. - ServiceEndpoint: friendly name, service class, capability tags, health, policy bundle, owner. - JobBrief: operator intent, constraints, data class, requested output, allowed tools, approval mode. - EventEnvelope: event type, actor, target, correlation id, timestamp, redaction state. - GateRecord: gate type, required approver, decision, evidence, expiry, rollback note. - PlacementDecision: selected route, rejected routes, capability facts, benchmark basis, policy reason. - RunRecord: job id, route, adapter, inputs hash, gates, events, outputs, cost/time, audit ids. - ResultPacket: summary, artifacts, evidence, caveats, follow-up, no-secret confirmation. - EmbeddingJob: source, model, chunk policy, route, retention, Cortex handoff boundary. - PolicyBundle: allowed tools, data classes, routes, redaction, rate limits, deny rules. - ProviderAdapter: route type, auth mode, health check, input/output contract, fallback behavior. - StorageCapacity: verified storage facts, serving mode, policy, retention, performance notes.
First tests: wrong-role denial, unknown route rejection, missing gate rejection, PlacementDecision evidence required, no-secret log scan.