Upload a source code archive
POST/api/v1/files/upload-archive
Upload a source code archive for a draft assessment.
Streams the archive to object storage in 1 MB chunks, computes a SHA-256 digest, and
records the archive in the assessment's uploaded_archives list.
Supports .tar.gz, .tgz, .tar.bz2, .tar.xz, .zip, and .7z.
- Scope required:
source:upload_zip. - Rate limit: 30 uploads per hour per user (
file_uploadtier). - 400 when path traversal / invalid filename / empty body is detected.
- 403 if the caller is not the draft's creator.
- 409 if an archive already exists (only one archive per assessment).
- 413 when body exceeds
max_upload_size_mb.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 413
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Upload exceeds max archive size
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.