API and integration contracts

The API story is built for future integrations while keeping the current product honest: contracts, mock adapters and local validation before production credentials.

PostgreSQL production path

Prisma schema, migrations, Docker Compose and SQLite dev/test separation are documented.

Scoped API keys

API key scopes deny unsafe mutation and webhook replay without explicit permission.

OpenAPI inventory

209 validated routes cover operations, finance, workers, privacy, mobile sync and SaaS lifecycle.