Files
ss-tools/.opencode/command/speckit.semantics.md
busya 320f82ab95 feat(auth): implement API key authentication and management
Introduce a new API key authentication mechanism to support service-to-service
communication (e.g., Airflow, CI/CD) without browser-based JWT login.

- Add `APIKey` model and `APIKeyPrincipal` dependency for RBAC.
- Implement `require_api_key_or_jwt` dependency with environment scoping.
- Add admin CRUD endpoints for API key lifecycle management.
- Add API key management UI in System Settings.
- Update maintenance API to support explicit `environment_id` and API key auth.
- Add i18n support for API keys and connection settings.
- Include Python and Bash usage examples in the `examples/` directory.
- Update technical specifications and documentation.
2026-05-25 11:35:27 +03:00

2.4 KiB

description
description
Maintain semantic integrity by reindexing, auditing, and reviewing the ss-tools repository through AXIOM MCP tools.

User Input

$ARGUMENTS

You MUST consider the user input before proceeding (if not empty).

Goal

Ensure the repository adheres to the active GRACE semantic protocol using AXIOM MCP as the primary execution engine: reindex, measure semantic health, audit contracts, audit decision-memory continuity, and optionally route contract-safe fixes.

Operating Constraints

  1. ROLE: Orchestrator — coordinate semantic maintenance at the workflow level.
  2. MCP-FIRST — use AXIOM task-shaped tools for discovery, context, audit, impact analysis, and safe mutation planning.
  3. STRICT ADHERENCE — follow the local semantic authorities: MANDATORY USE skill({name="semantics-core"}), skill({name="semantics-contracts"}), skill({name="semantics-python"}), skill({name="semantics-svelte"}), skill({name="molecular-cot-logging"})
    • relevant docs/adr/*
  4. NON-DESTRUCTIVE — do not remove business logic; only add or correct semantic markup unless the user requested implementation changes.
  5. NO PSEUDO-CONTRACTS — do not mechanically inject fake semantic boilerplate.
  6. ID NAMING — use short domain-driven IDs, never full file paths or import paths as the semantic primary key.
  7. DECISION-MEMORY CONTINUITY — audit ADRs, preventive task guardrails, and local @RATIONALE / @REJECTED as a single chain.
  8. LANGUAGE-AWARE — Python uses # #region / # #endregion; Svelte HTML uses <!-- #region --> / <!-- #endregion -->; Svelte script uses // #region / // #endregion.

Execution Steps

  1. Reindex the semantic workspace.
  2. Measure workspace semantic health.
  3. Audit top issues:
    • broken anchors or malformed regions
    • missing complexity-required metadata
    • unresolved relations
    • isolated critical contracts
    • missing ADR continuity
    • restored rejected paths
    • retained workaround logic lacking local decision-memory tags
  4. Build remediation context for the top failing contracts.
  5. If $ARGUMENTS contains fix or apply, route to an implementation/curation agent instead of applying naive text edits.
  6. Re-run audit and report PASS/FAIL.

Output

Return:

  • health metrics
  • PASS/FAIL status
  • top issues
  • decision-memory summary
  • action taken or handoff initiated