activeUpdated Feb 19, 2026, 8:25 PM
Policy ID js7e46q8qhvzbx5qh9kzy00qf581d0a6
Collection endpoints must enforce bounds and deterministic ordering. Rationale: - Unbounded or unstable list/search behavior causes performance regressions and pagination bugs. Scope: - PR review policy for backend route changes under: - `domains/python/backend/app/src/api/routes/**/views.py` - `domains/python/backend/app/src/api/routes_external/**/views.py` - Applies to endpoints returning collections (list/search/index style handlers). Trigger: - A PR adds/changes collection-returning handler behavior, including pagination or ordering behavior. Approval checks: 1) Request inputs bound result size (`limit` or equivalent) via schema validation and/or explicit clamp. 2) Pagination position input (`page`, `cursor`, or equivalent) is defined when multi-page results are supported. 3) Ordering is explicit and deterministic (`order_by`/query ordering path, including stable tie-break behavior where needed). 4) Tests for changed endpoint assert at least one boundary/ordering behavior. Evidence: - Diff shows bounded pagination/order logic and matching assertions in endpoint tests. Decision: - Return NOT APPROVED when trigger is met and any determinism/bounds check is missing.