Kukulkan API Runtime Replacement

Milestone 12 adds the first 0x0-owned Kukulkan API runtime package. The source

surface in apps/kukulkan/packages/kukulkan_api_runtime/src/lib.0x0 defines the

runtime boundary used by the production API process, while the release

entrypoint in apps/kukulkan/packages/kukulkan_api_runtime/release/bin/ is the

resource-bounded local process used by the acceptance probes.

Runtime Contract

The API runtime covers:

• config loading for bind, TLS, backlog, tenant, workspace, dependency profile,

single-job defaults, and timeout budgets;

• boot diagnostics with managed PID, ready, and log files;
• /healthz, /readyz, /api/v1, auth/session, compliance, onboarding,

geospatial, dashboard, and history routes;

• OIDC fail-closed behavior, local valid probe, session envelopes, role checks,

tenant/workspace membership checks, and idempotency-key enforcement;

• database-shaped metrics, compliance mutation, geospatial sync, audit rows,

fallback behavior, and dependency seed output;

• start, stop, force-stop, HTTP readiness, restart continuity, and Docker

dependency seed probes.

Gates

Run focused checks while changing a subarea:

make kukulkan-api-boot-check
make kukulkan-api-routes-check
make kukulkan-api-auth-check
make kukulkan-api-db-check
make kukulkan-api-runtime-check

The parent gate is:

make kukulkan-api-full-check

The runtime gate starts a single loopback process, writes temporary PID/log/ready

files, and tears the process down before returning.