Developers
API Boundary
Public Contract
The public contract is intentionally narrow: template metadata, safe demo runs, diagnostics submission, contact lead submission, and the backend webhook that keeps provider jobs in sync.
Server-Only State
Provider credentials, admin sessions, provider collection identifiers, and protected operational state remain server-only. The public content layer can link to actions that use those contracts, but it never exposes the underlying secrets or open-ended controls.
Why the Boundary Matters
As the site grows into a content platform, the boundary matters more, not less. Broader content should increase traffic and decision support without widening the unsafe parts of the product surface.