{"ok":true,"meta":{"generatedAt":"2026-06-30T13:16:11.339Z"},"data":{"version":"tzv3-quality-v1","endpoint":"/api/quality/policy","testRunner":"vitest","testCommand":"npm test","configured":true,"loadSmoke":{"version":"tzv3-load-smoke-v1","endpoint":"/api/quality/load-policy","script":"scripts/tzv3-load-smoke.mjs","command":"npm run load:smoke","configured":true,"defaultBaseUrl":"http://127.0.0.1:3000","routeMix":["/","/profiles/sofia","/schedule-preview?site=site-next&lang=en","/club","/api/club/handoff-policy","/api/club/audit-policy","/api/frontend/stack","/api/frontend/brand","/api/admin/security-audit-policy","/api/tzv3/status","/api/health","/api/profiles?limit=4","/api/search?q=vip%20english","/api/match?q=vip%20available%20english","/api/schedule/availability?profile=sofia","/api/schedule/link-audit-policy","/api/schedule/provider-handoff-policy","/api/schedule/provider-import-payload","/api/schedule/provider-reconciliation","/api/search/bulk-payload","/api/status","/api/webhooks/telegram/setup-policy","/api/legal/retention-policy","/api/legal/contact-policy","/api/legal/audit-policy","/api/database/bootstrap-policy","/api/database/audit-policy","/api/database/seed-payload","/api/pwa/push/audit-policy","/api/infrastructure/ci-policy","/api/infrastructure/deployment/policy","/api/infrastructure/launch-checklist","/api/infrastructure/owner-inputs","/api/infrastructure/secret-rotation","/api/infrastructure/source-control","/api/infrastructure/public-origin-policy","/api/infrastructure/production-evidence","/api/infrastructure/cloudflare/policy","/api/media/public-url-policy","/api/reviews/policy","/api/reviews/audit-policy","/api/seo/technical-audit/policy","/api/seo/pages","/api/performance/budget","/api/quality/policy","/api/growth/safe-policy","/api/status/stream"],"defaults":{"requests":50,"concurrency":6,"timeoutMs":5000},"thresholds":{"p95Ms":1800,"maxErrorRate":0,"sseSnapshotRequired":true},"environmentOverrides":["TZV3_BASE_URL","TZV3_LOAD_REQUESTS","TZV3_LOAD_CONCURRENCY","TZV3_LOAD_TIMEOUT_MS","TZV3_LOAD_P95_MS","TZV3_LOAD_MAX_ERROR_RATE"],"mutationPolicy":"Read-only GET load smoke. No admin writes, booking writes, Telegram writes, or behavioral-factor automation.","productionBoundary":["Run against the deployed domain before launch.","Use provider-side load testing only after hosting, WAF, and rate-limit windows are approved.","This smoke proves route availability under light parallel load, not full capacity planning."]},"coverageAreas":["catalog filter URL sanitization and serialization","Smart Match intent parsing and ranking","VIP Club verification schema and no-write production audit policy","VIP Club external receiver handoff without creating verification tickets","ready-made schedule connector paths and external API mode","profile-aware schedule CTA/link audit into the ready-made schedule iframe","profile-mapped schedule provider handoff drafts for the ready-made schedule tenant","copy-ready schedule provider import payload for the external site=artesc tenant","read-only schedule provider reconciliation between import payload and public site=artesc tenant","Admin session signing and tamper rejection","safe growth policy guardrails for high-risk niches","real review intake and admin moderation workflow","real reviews no-write audit for moderated Review/AggregateRating JSON-LD","legal data retention, contact, takedown, and browser-only storage boundaries","legal no-write production audit for pages, contact inbox, and retention records","database bootstrap migrations, seed import, and production switch evidence","no-write database seed payload export matching the manifest hash used by POST /api/admin/seed","admin security no-write audit for HttpOnly session policy and anonymous rejection boundaries","GitHub Actions CI workflow contract for no-write TZV3 quality gates on main and pull requests","owner-input packet for production launch data without secret value output","secret rotation handoff without secret value output or repo-stored credentials","source-control guard for the owner-supplied GitHub website repository parkourcafe/artesc","Telegram-native setWebhook handoff without bot-token storage or Telegram API writes","database-backed public catalog API serialization with static-seed fallback","database-backed programmatic SEO URL inventory with real-content filters","production-safe media public URL handoff for CDN/schedule consumers","public origin policy for canonical domain, route URL proofs, schedule link, media CDN, and Vercel link guard","production evidence manifest for no-write launch proof collection across every blocking stage","ready-made schedule tenant provider-count audit for site=artesc","copy-ready Elastic bulk payload for the profile search index before search audit","PWA push provider no-write audit for VAPID, provider forwarding, and unsubscribe evidence","technical SEO audit for sitemap, robots, canonical, JSON-LD, and noindex headers","exact ARTESC.SHOP brand palette, premium typography, and owner-supplied premium-website motion guard","light parallel load smoke over public routes, APIs, and SSE snapshot"],"releaseChecks":["npm run env:check","npm run brand:audit","npm run typecheck","npm test","npm run lint","npm run build","npm run preflight","npm run ci:audit","npm run admin:audit","npm run club:handoff","npm run club:audit","npm run legal:audit","npm run media:public-urls","npm run origin:audit","npm run evidence:audit","npm run pwa-push:audit","npm run reviews:audit","npm run schedule:provider-handoff","npm run schedule:provider-import-payload","npm run schedule:provider-reconciliation","npm run schedule:links:audit","npm run schedule:audit","npm run search:bulk-payload","npm run secrets:rotation","npm run source:audit","npm run telegram:handoff","npm run telegram:audit","npm audit --omit=dev","npm run cloudflare:audit","npm run database:seed-payload","npm run database:audit","npm run readiness","npm run seo:audit","npm run load:smoke"]}}