Enterprise Toolkit — Magic Runtime

Assessments & Surveys

POST /api/v1/bonus/assessments

A configurable survey and assessment engine. Use it for security audits, maturity assessments, intake questionnaires, compliance checks, or any structured data collection. Each submission stores the respondent, their answers as JSON, an optional numeric score, a label (e.g. "Advanced", "Developing"), and per-dimension breakdowns. Submissions are persisted to the database and retrievable via API. No API key required — this is a public intake form so external users can submit without authentication.

Assessment Title

Respondent Name

Answers (JSON)

Decision Register

GET/POST /api/v1/bonus/decisions

A structured decision register with a full status workflow: proposed → in_review → approved / deferred / rejected → closed. Every decision records a title, category (investment, hiring, partner, policy, technical, GTM, capability), rationale, impact assessment, owner, and approver. Status transitions are tracked in the governance audit trail automatically. Use it for architecture decisions (ADRs), investment approvals, hiring requests, or any decision that needs a paper trail.

Decision Title

Status

Rationale

Snapshot Freeze

GET/POST /api/v1/bonus/snapshots

Freeze the state of any data as an immutable, timestamped JSON snapshot — like a "save game" for your system. Once created, a snapshot cannot be modified. Use it for board packet freezes, quarterly report captures, audit checkpoints, configuration baselines, or pre-deployment state captures. Each snapshot records a type, label, the full JSON blob, who created it, when it was finalized, and the entity count.

Snapshot Label

Data (JSON)

Cross-References

GET/POST /api/v1/bonus/xrefs

A generic entity-to-entity linking system. Connect any object to any other object with a typed relationship: related, blocks, supports, implements, or depends_on. Use it to build knowledge graphs, map dependencies between initiatives, link decisions to the strategies they support, or track which controllers implement which contracts. Each link records source type/key, target type/key, relationship, and optional notes.

Source Entity

Target Entity

Relationship

CSV Export

GET /api/v1/bonus/export/{table}

Export any database table as a downloadable CSV file for reporting, compliance, or analysis in Excel/Google Sheets. Supported tables: leads (contact submissions), usage (page views), governance_events (audit trail), assessments (survey results), decisions (decision register), and executions (controller run history). Each export is timestamped and limited to 10,000 rows.

Table

Upload Tokens

POST /api/v1/uploads/tokens

Secure, time-limited file upload links for document exchange. An admin creates a token with constraints (max files, max file size, allowed extensions, expiration), then shares the upload URL with a client or partner. The recipient can upload files without needing an account or API key — the token itself grants scoped access. Use it for NDA collection, contract signatures, RFP responses, or any secure file intake. Tokens auto-expire and governance events are logged for every creation and revocation.

Creating tokens requires an API key. The generated upload URL can be shared with anyone — they upload files directly without authentication. Tokens track upload count and auto-complete when the file limit is reached.

POST /api/v1/bonus/upload-tokens
Content-Type: application/json
X-API-Key: your-key

{
  "allowed_types": ["application/pdf", "image/png"],
  "max_size_mb": 10,
  "expires_in": 3600
}

Response:
{
  "token": "eyJhbG...",
  "expires_at": "2026-03-15T13:00:00Z",
  "upload_url": "/api/v1/upload"
}

Context Bar & Flash Messages

GET /api/v1/bonus/context-bar · GET/POST /api/v1/bonus/flash

Context Bar: An executive dashboard widget that aggregates key system metrics in one call — overdue governance reviews, active decisions, open leads, active upload tokens, today's page views, and recent audit events. Mount it as a sticky bar on any page for at-a-glance operational awareness.

Flash Messages: One-time notifications that survive page redirects. Queue a message (success, warning, error, info) and the next page load retrieves and clears it. Use for form submission confirmations, deployment alerts, or any cross-page notification that should display once and disappear.

New Flash Message

Level

Review Alerts

GET /api/v1/bonus/reviews/overdue

Track which governance records are overdue for review and which are coming due within 7 days. Every governed entity (controller, config, security policy) has a review cadence (30, 60, 90, 180, or 365 days). When a review is completed, the next due date advances automatically. Use it for compliance cadences, content freshness checks, security re-certifications, or any periodic review that needs a deadline and an owner. Overdue items are flagged with days overdue for prioritization.