{
  "schema_version": "2026-05-28",
  "api_name": "AI Agent Blind-Spot Review M2M Contract",
  "public_brand": "Agent Rebuild Audit",
  "public_base_url": "https://agentrebuildaudit.com/",
  "status": "api_backtest",
  "purpose": "Machine-to-machine intake contract for agent platforms, orchestration tools, and AI operations systems that can submit structured workflows, traces, and route artifacts.",
  "positioning": {
    "primary_channel": "B2B machine-to-machine",
    "secondary_channel": "human submitted artifact review",
    "proof_channel": "public or anonymized backtest teardown library",
    "autonomy_model": "assistant_filter_not_autonomous_factory",
    "human_review_policy": "Agent Output Red-Team may be drafted by agents and spot-checked. Corrected Action Plan and Agentic SLAM Audit require human verification before delivery."
  },
  "resilience_policy": "./autonomy-resilience-policy.json",
  "strategy_decision": "./strategy-decision.json",
  "proof_library_contract": "./proof-library-contract.json",
  "adapter_policy": "./adapter-policy.json",
  "local_gateway": "../../src/m2m_api_gate.py",
  "smoke_test": "../../src/smoke_m2m_api_gate.py",
  "storage": {
    "type": "sqlite",
    "default_path": "../api_reviews/reviews.sqlite3",
    "environment_override": "BLINDSPOT_DB_PATH"
  },
  "authentication": {
    "scheme": "api_key",
    "header": "X-API-Key",
    "token_storage": "SHA-256 token hashes in SQLite tokens table",
    "backtest_token_source": "BLINDSPOT_API_TOKEN environment variable",
    "review_endpoints_require_auth": true
  },
  "rate_limit": {
    "scope": "token_or_client_ip",
    "max_requests": 5,
    "window_seconds": 60,
    "applies_to": "review endpoints"
  },
  "endpoints": [
    {
      "method": "GET",
      "path": "/health",
      "local_artifact": "./health.json",
      "description": "Return service status, mode, and capacity hints."
    },
    {
      "method": "GET",
      "path": "/schema/intake",
      "local_artifact": "./intake-validator.json",
      "description": "Return typed intake fields and routing rules."
    },
    {
      "method": "POST",
      "path": "/reviews",
      "auth_required": true,
      "description": "Submit a structured agent artifact for blind-spot review.",
      "request_schema": {
        "objective": "string",
        "artifact_type": "agent_generated_plan | agent_workflow | execution_trace | market_route | architecture_sketch | multi_agent_role_setup",
        "agent_plan_or_workflow": "string | object",
        "constraints": "string[]",
        "time_limit": "string",
        "budget_or_capital_limit": "string",
        "target_buyer_or_user": "string",
        "payment_or_delivery_route": "verified_live | named_unverified | assumed | not_chosen",
        "account_or_access_requirements": "string[]",
        "approval_requirements": "string[]",
        "evidence_available": "string[]",
        "coordination_scope": "single_agent | two_to_five_agents | six_or_more_agents | unclear",
        "route_continuity": "string[]",
        "requested_tier": "agent_output_red_team | corrected_action_plan | agentic_slam_audit"
      },
      "response_schema": {
        "review_id": "string",
        "status": "accepted | partial_review | rejected | queued",
        "routed_tier": "string",
        "verdict": "pass | downgrade | rework | stop | pending_human_verification",
        "failure_map": "object",
        "next_allowed_action": "string",
        "do_not_do": "string[]",
        "human_verification_required": "boolean"
      }
    },
    {
      "method": "GET",
      "path": "/reviews/{review_id}",
      "auth_required": true,
      "description": "Return review status or completed diagnostic failure map."
    }
  ],
  "review_modes": [
    {
      "tier": "agent_output_red_team",
      "mode": "agent_draft_with_spot_check",
      "human_verification_required": false,
      "exception": "Human verification is required when regulated-advice risk, confidential-data risk, or harmful-execution risk is detected."
    },
    {
      "tier": "corrected_action_plan",
      "mode": "agent_draft_human_verified",
      "human_verification_required": true
    },
    {
      "tier": "agentic_slam_audit",
      "mode": "human_verified_architecture_audit",
      "human_verification_required": true
    }
  ],
  "billing_model": {
    "backtest_open": "No automatic billing. Public or anonymized candidates may be accepted for proof-library validation.",
    "api_backtest_open": "No automatic billing. Controlled typed JSON requests may be used to validate endpoint behavior and routing responses.",
    "m2m_paid": "Future account-balance or invoice model. External payment, KYC, taxes, and account ownership remain outside autonomous agent control.",
    "agent_boundary": "Agents may prepare quotes, draft invoices, and route requests, but may not create bank accounts, pass KYC, file taxes, or represent legal/financial authority."
  },
  "quality_controls": [
    "typed intake validation before review",
    "human verification for EUR 250+ outputs",
    "sentinel route for moving-gate, semantic-dissipation, and liability-void signals",
    "compliant adapter policy for official connector maintenance",
    "proof-library publication gates for public teardown examples",
    "route risk framed as execution-chain continuity only",
    "failure-map differentiators to avoid generic downgrade loops",
    "public proof samples used for calibration",
    "capacity-aware routing"
  ],
  "do_not_accept": [
    "requests requiring legal, financial, medical, or security advice",
    "requests requiring confidential unsanitized data",
    "requests demanding guaranteed outcomes",
    "requests asking for harmful, deceptive, or offensive execution"
  ]
}