Guides

Examples and Deployment

Getting Started

Package build metrics

Request Lifecycle

Architecture

Architecture Docs

Adapter Contracts (T15 Foundation)

API Contract Surface (T06)

DSAR Auth Model

Backend Runtime Core (`dsarInstance`)

Contracts and Versioning

Error Code Architecture

Monorepo Packages and Conventions

Policy Pack Specification

Policy Versioning and Upgrades

Tenant-Safe Persistence (T07)

Workspace Validation

Integrations

Inbound

Outbound

Outbound Resend (`@dsar/outbound-resend`)

Storage

Storage Filesystem Adapter Integration

Storage S3 Adapter Integration

Storage Vercel Blob Adapter Integration

Rate Limit

Redis Integration

Upstash Integration

Auth

Unkey Integration

Reference

API

Core Request API

Retention Policy API

Verification API

Developer

SDK and Runtime Modes

TSDoc Authoring Standard

Persistence

Storage

Filesystem Storage

Vercel Blob Storage

Testing

Acceptance And Parity Readiness

Errors

DSAR-BE-1001: AUTH_ACTOR_CONTEXT_MISSING

DSAR-BE-1002: AUTH_APPROVER_ROLE_FORBIDDEN

DSAR-BE-1003: AUTH_REQUEST_ACCESS_FORBIDDEN

DSAR-BE-1101: REQUEST_BODY_INVALID_JSON

DSAR-BE-1102: REQUEST_ROUTE_PARAM_MISSING

DSAR-BE-1103: REQUEST_BASE_PATH_INVALID

DSAR-BE-1199: REQUEST_VALIDATION_FAILED

DSAR-BE-1200: REQUEST_RATE_LIMITED

DSAR-BE-1201: REQUEST_ROUTE_NOT_FOUND

DSAR-BE-1202: POLICY_ACTIVATION_NOT_FOUND

DSAR-BE-1203: POLICY_UPGRADE_PROPOSAL_NOT_FOUND

DSAR-BE-1204: DELIVERY_ARTIFACT_NOT_FOUND

DSAR-BE-1205: DELIVERY_TOKEN_INVALID

DSAR-BE-1206: MANIFEST_ARTIFACT_UPLOAD_FAILED

DSAR-BE-1207: MANIFEST_ARTIFACT_DOWNLOAD_FAILED

DSAR-BE-1208: MANIFEST_ARTIFACT_REPLACE_FAILED

DSAR-BE-1209: FULFILMENT_MANIFEST_NOT_APPROVED

DSAR-BE-1210: FULFILMENT_NO_ARTIFACTS

DSAR-BE-1301: POLICY_JURISDICTION_UNMAPPED

DSAR-BE-1302: POLICY_ENFORCEMENT_REFUSAL_BLOCKED

DSAR-BE-1303: POLICY_UPGRADE_APPROVAL_REQUIRED

DSAR-BE-1304: RETENTION_CLASS_INVALID

DSAR-BE-1401: LIFECYCLE_TRANSITION_DISALLOWED

DSAR-BE-1402: LIFECYCLE_STATUS_UNKNOWN

DSAR-BE-1403: LIFECYCLE_RATIONALE_MISSING

DSAR-BE-1410: PERSISTENCE_TENANT_SCOPE_MISSING

DSAR-BE-1411: PERSISTENCE_ENTITY_NOT_FOUND

DSAR-BE-1412: PERSISTENCE_OPERATION_UNSUPPORTED

DSAR-BE-1413: PERSISTENCE_INVALID_RECORD

DSAR-BE-1414: PERSISTENCE_SQL_ERROR

DSAR-BE-1500: INTERNAL_RUNTIME_ERROR

DSAR-BE-1599: INTERNAL_UNCATALOGED_ERROR

DSAR-CLI-1500: CLI_RUNTIME_ERROR

DSAR-CLI-1599: CLI_UNCATALOGED_ERROR

DSAR-CORE-1500: CORE_RUNTIME_ERROR

DSAR-CORE-1599: CORE_UNCATALOGED_ERROR

DSAR-FS-1001: STORAGE_FILESYSTEM_RETRY_EXHAUSTED

DSAR-FS-1500: STORAGE_FILESYSTEM_RUNTIME_ERROR

DSAR-FS-1599: STORAGE_FILESYSTEM_UNCATALOGED_ERROR

DSAR-GRD-1500: GUARDS_RUNTIME_ERROR

DSAR-GRD-1599: GUARDS_UNCATALOGED_ERROR

DSAR-IN-1001: INBOUND_RESEND_CONTENT_FETCH_FAILED

DSAR-IN-1500: INBOUND_RESEND_RUNTIME_ERROR

DSAR-IN-1599: INBOUND_RESEND_UNCATALOGED_ERROR

DSAR-OUT-1001: OUTBOUND_RESEND_CONFIG_INVALID

DSAR-OUT-1500: OUTBOUND_RESEND_RUNTIME_ERROR

DSAR-OUT-1599: OUTBOUND_RESEND_UNCATALOGED_ERROR

DSAR-PE-1500: POLICY_ENGINE_RUNTIME_ERROR

DSAR-PE-1599: POLICY_ENGINE_UNCATALOGED_ERROR

DSAR-PG-1500: PERSISTENCE_PG_RUNTIME_ERROR

DSAR-PG-1599: PERSISTENCE_PG_UNCATALOGED_ERROR

DSAR-PP-1001: POLICY_PACKS_CHECKSUM_FAILED

DSAR-PP-1500: POLICY_PACKS_RUNTIME_ERROR

DSAR-PP-1599: POLICY_PACKS_UNCATALOGED_ERROR

DSAR-PS-1001: PERSISTENCE_TENANT_SCOPE_MISSING

DSAR-PS-1002: PERSISTENCE_ENTITY_NOT_FOUND

DSAR-PS-1003: PERSISTENCE_OPERATION_UNSUPPORTED

DSAR-PS-1004: PERSISTENCE_INVALID_RECORD

DSAR-PS-1500: PERSISTENCE_RUNTIME_ERROR

DSAR-PS-1599: PERSISTENCE_UNCATALOGED_ERROR

DSAR-S3-1500: STORAGE_S3_RUNTIME_ERROR

DSAR-S3-1599: STORAGE_S3_UNCATALOGED_ERROR

DSAR-SCH-1500: SCHEMA_RUNTIME_ERROR

DSAR-SCH-1599: SCHEMA_UNCATALOGED_ERROR

DSAR-SDK-1101: SDK_NETWORK_ERROR

DSAR-SDK-1102: SDK_TIMEOUT

DSAR-SDK-1201: SDK_HTTP_ERROR

DSAR-SDK-1301: SDK_INVALID_ENVELOPE

DSAR-SDK-1500: SDK_RETRY_FAILED

DSAR-SDK-1599: SDK_UNCATALOGED_ERROR

DSAR-SQL-1500: PERSISTENCE_SQLITE_RUNTIME_ERROR

DSAR-SQL-1599: PERSISTENCE_SQLITE_UNCATALOGED_ERROR

DSAR-VB-1001: STORAGE_VERCEL_BLOB_FETCH_FAILED

DSAR-VB-1002: STORAGE_VERCEL_BLOB_RETRY_EXHAUSTED

DSAR-VB-1500: STORAGE_VERCEL_BLOB_RUNTIME_ERROR

DSAR-VB-1599: STORAGE_VERCEL_BLOB_UNCATALOGED_ERROR

Architecture

API Contract Surface (T06)

Alpha

DSAR is currently in alpha. APIs, package surfaces, configuration, and documentation may change as the project evolves.

This document defines the backend API contract source-of-truth and how OpenAPI/docs are produced.

Source of truth

Contract source: packages/backend/src/http-api/api.ts
Contract model: @effect/platform HttpApi
Schema source: @dsar/schema Effect schemas reused in endpoint payload/success shapes

Generated surfaces

Machine-readable spec: GET /spec.json
Interactive docs: GET /docs

Both endpoints are basePath-aware through dsarInstance({ basePath }).

Examples:

root mount:
- /spec.json
- /docs
basePath: "/api/v1":
- /api/v1/spec.json
- /api/v1/docs

Security declaration model

OpenAPI security scheme name: BearerAuth
Scheme type: http bearer
Protected operations declare bearer security via OpenAPI overrides.
Public operations (/init, /status) explicitly set empty security requirements.

Drift guard strategy

packages/backend/test/openapi.test.ts validates:
- spec endpoint returns OpenAPI 3.1.0 JSON
- required capability-upgrade paths exist
- bearer security scheme exists
- docs endpoint includes basePath-aware spec URL
- snapshot for spec stability (toMatchSnapshot)

This keeps SDK generation inputs and developer docs aligned with route contracts.

On this page

Overview Source of truth Generated surfaces Security declaration model Drift guard strategy

Scale your cookie banners with Inth

Deliver Global consent storage, with zero ops.

Adapter Contracts (T15 Foundation)

DSAR Auth Model

DSAR

Privacy request automation: handle data subject access requests with confidence.

Docs

Getting started
Request lifecycle

Reference

API
Developer

Project

GitHub