chore: add GRACE semantic contracts across agent + backend + build scripts
- Add @RELATION/@RATIONALE/@REJECTED headers to agent modules - Add GRACE contracts to backend services, models, schemas - Update build.sh with single-image build commands (build:backend|frontend|agent) - Update docker entrypoint: openssl rsa → openssl pkey (alg-agnostic) - Add @RATIONALE to backend core modules (cot_logger, config_manager, ssl)
This commit is contained in:
@@ -12,6 +12,13 @@
|
||||
# @POST User identity verified and session tokens issued according to role scopes.
|
||||
# @SIDE_EFFECT Writes last login timestamps and JIT-provisions external users.
|
||||
# @DATA_CONTRACT [Credentials | ADFSClaims] -> [UserEntity | SessionToken]
|
||||
# @RATIONALE Thin service layer between API routes and AuthRepository — encapsulates credential
|
||||
# verification (password hashing), ADFS JIT provisioning, and session creation into
|
||||
# a single orchestration class. This keeps route handlers free of auth business logic.
|
||||
# @REJECTED Putting credential verification logic directly in API route handlers was rejected —
|
||||
# it would be duplicated across local login, ADFS callback, and API-key auth paths.
|
||||
# Authentication was kept separate from authorization (permission checks in middleware)
|
||||
# to allow independent testing of each concern.
|
||||
|
||||
from datetime import UTC, datetime
|
||||
from typing import Any
|
||||
|
||||
Reference in New Issue
Block a user