# Contracts and interfaces

Contracts are the authoritative specs for cross module interfaces. They
define data models, API expectations, and integration rules.

Why contracts exist
- Keep module boundaries stable across teams.
- Unblock sprint work by publishing versioned specs.
- Preserve determinism and offline compatibility.

Core contract areas
- Advisory key canonicalization
- Risk scoring jobs and profiles
- Mirror bundle and sealed mode
- VEX Lens and verification policy
- Policy studio and authority effective write
- Export bundle and findings ledger RLS
- API governance baseline
- Scanner surface and analyzer bootstrap
- RichGraph v1 reachability schema

Lifecycle
- Draft, published, deprecated, retired.
- Breaking changes require a new version and migration notes.

Related references
- docs/contracts/README.md
- docs/contracts/*.md
- docs/adr/*
- docs/specs/*
- docs2/contracts/scanner-core.md