Docs Development
This repository is the public SpaceMedia docs site. It should only describe external organization and user workflows.Local validation
Run these checks before shipping changes:Public API audit rules
| Rule | Required behavior |
|---|---|
| Organization scoped | Examples must resolve organization context from authentication, not cross-organization request parameters. |
| Role scoped | Each endpoint description must state whether it is for end users, organization admins, or users with a specific permission. |
| No system routes | Do not publish platform-only organization directories, system add-on administration, provider balances, wallet adjustments, approval/rejection routes, or internal downloads. |
| Code-derived examples | Request bodies must match validators and response bodies must match resources or controller envelopes. |
| Safe demo data | Use deterministic fake IDs, emails, URLs, and payment intents. Never copy real customer data or secrets. |
OpenAPI maintenance
The OpenAPI file keeps the interactive playground enabled, but examples must not prefill secrets. Use placeholders forAuthorization, X-Api-Key, and X-Api-Secret.
When a controller supports extra parameters only for SpaceMedia system users, omit those parameters from the public spec.