Docs

Enforcement Model

This page explains execution behavior and safety boundaries. It describes system design, not legal guarantees.

Guard Chain (High Level)

  1. Validate request shape and apply rate limit controls.
  2. Confirm the target site exists and is active.
  3. Enforce origin checks before processing.
  4. Require DPA acceptance for service-provider enforcement posture.
  5. Apply circuit-breaker safety before any signal write.

Runtime Boundary Diagram

Public requests pass through ordered guards. Customer data flows through user JWT + RLS after auth bootstrap.

Public RequestBrowser or Servergpc-signal Guard Chain1. Rate limit2. Resource exists3. Origin lock4. Active + DPA5. Circuit checkRecord + CountersOnly after guard passcustomer-apiService role authBusiness DataUser JWT + RLS

Dual-Client and RLS Boundary

In `customer-api`, service role credentials are used only to verify user identity. Business data operations run through the user JWT path with RLS enforcement.

Learning Posture (Gated)

  • Autonomous apply remains disabled by default.
  • Regression checks are required before approval paths.
  • Operational rollout uses staged dry-run/canary controls.

Proof Mode: Response Contract Examples

Static, anonymized examples of common response families and what each indicates.

HTTP 400

Request is malformed or missing required inputs (for example, missing domain).

{
  "error": "Missing domain parameter"
}

HTTP 403

Request failed a compliance or origin gate and was blocked.

{
  "error": "compliance_halt",
  "message": "DPA_NOT_ACCEPTED"
}

HTTP 404

Target resource does not exist for the given domain or route.

{
  "error": "Resource not found"
}

HTTP 429

Rate limit gate rejected the request for abuse protection.

{
  "error": "Rate limit exceeded",
  "code": "rate_limited",
  "retry_after": 60
}

HTTP 503

Circuit breaker temporarily paused processing for safety and recovery.

{
  "error": "Service temporarily paused for this resource",
  "code": "circuit_open",
  "retry_after": 60
}