Technical Foundation
These specs summarize implementation-backed capabilities without turning the public docs into an internal source-code dump.
On this page
Security and access
Auth, RBAC, audit, rate limits, CSRF, webhook signatures, data redaction, upload allowlists, Turnstile, and account controls.
- Request protection
- Identity and permissions
- Data protection
Billing and finance
Provider-aware catalog setup, checkout, portal access, local ledgers, usage records, credits, entitlements, exports, and webhook idempotency.
- Flexible monetization
- Provisioning
- Reliable synchronization
Content and delivery
Structured authoring, scheduled publishing, queued messaging, retry handling, and provider delivery receipts.
- Structured content engine
- Publishing automation
- Queued message delivery
Platform and operations
Automated checks, authenticated background work, retention routines, regional defaults, and explicit module boundaries.
- Automated quality gates
- Operational jobs
- Adaptable foundation
Spec qualification rules
- Keep customer-facing docs outcome-oriented, but link each claim to the module that proves it.
- Mention provider limits when support differs, such as Stripe-only prepaid credits and invoice export.
- Use reliability language precisely: idempotent, claimed, retried, rate-limited, or guarded instead of absolute guarantees.
- Do not claim built-in product-specific usage enforcement; the adopting app writes its own usage events.