OpenAPI first
OpenAPI 3.1 and JSON Schema 2020-12 under the canonical repository contracts directory define the /v1 wire surface.
- Public behavior changes contract-first.
- Clients share a common conformance suite.
- Unknown or oversized input fails before engine work.
Loopback first, authenticated when remote
The server binds loopback by default. Remote exposure requires deliberate configuration, authentication, TLS termination, and process supervision owned by the operator.
- Built-in TLS is not claimed.
- Request and response ceilings are enforced.
- Errors use stable codes and bounded messages.
Successful reads include proofs
The /v1 get and query responses always carry proof material. A client cannot accidentally opt into an unverified remote read.
- Rust, TypeScript, and Python clients model the same response.
- Remote CLI and MCP use the same public contract.
- Proof versions are explicit.
POST /v1/query HTTP/1.1
Authorization: Bearer <token>
Content-Type: application/json
{"filter":{"field":"group","equals":"edge"},"limit":25}Equivalent clients, not parallel products
The Rust client is bounded and asynchronous. The TypeScript and Python clients are dependency-free. The remote CLI and MCP adapter preserve the same contract.
- No client may invent a weaker success shape.
- Timeout and size policy stays caller-visible.
- Version negotiation fails explicitly.
Framework adapters remain optional
PliegoRS, Astro, Next, and Vite integrations consume public clients only. A host project must continue to build and run when Hyphae is absent.
- No internal core imports.
- No framework enters the engine workspace.
- Capability detection is explicit.