Designing timed assessments for shared hosting constraints

Shared hosting changes the design assumptions. The server must remain authoritative for attempt start times, expiry, grading, and pass/fail state, but the implementation should stay within normal request-response flows.

That means database timestamps, periodic autosave, and server-side submission logic rather than background job dependence.

The current schema and backend foundation now support that model without changing the shared-hosting deployment strategy.