API contract overview

Scope

koto7 exposes a GraphQL-native contract for operational and compliance workflows.

Invariants

• Schema-first development is mandatory.
• Mutations map to domain commands.
• Direct persistence writes from resolvers are rejected.
• N+1 query patterns must be mitigated via DataLoader strategy.

Failure Modes

• Resolver logic bypassing command layer validations.
• Breaking schema changes without version transition strategy.
• Ambiguous command semantics from overloaded mutations.

Out of Scope

• Customer-specific schema extensions.
• Private resolver implementation details.
• Auth provider-specific integration paths.