Start a validated draft
POST/api/v1/assessments/drafts/:draft_id/start
Finalize a validated draft and spawn its workflow agent.
Only drafts in ready state can be started. The admission flag is
checked before any status flip or credit spend. On success the
workflow agent is spawned via the internal RPC with the assessment id as its
project id.
- Scope required:
assessments:create+ manager-or-above role. - Rate-limit tier: assessment_create (100/hour/user).
- Code-audit hours and cost are auto-derived during validation and persisted on the draft; the request body is empty.
- Returns 400 if the assessment is in
validating/rejected/draft.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.