Files
ss-tools/backend/src/scripts/create_admin.py
busya 8e8a3c3235 feat: attention-optimized semantic protocol v2.7
Core changes:
- Add @defgroup/@ingroup to 1791 C2+ contracts (555 files) for HCA 128× pre-training DSA grouping
- Add §0.1 Pre-Training Frequency matrix to semantics-core
- Add §VIII Attention Architecture rules (ATTN_1-4) with MLA/CSA/HCA/DSA mechanics
- Add @defgroup/@ingroup to canonical syntax (§II) and all contract examples

Agent prompts (5 files):
- Add ZERO-STATE RATIONALE with MLA/CSA/HCA/DSA compression mechanics
- Add pre-training note: @RATIONALE/@REJECTED are in-context learned tags
- svelte-coder: add missing #region contract, fix Svelte rule violations
- python-coder/fullstack-coder: honor function contracts from speckit plan
- qa-tester: add attention compliance audit (P3 ATTN_1-4 checks)

Skills (6 files):
- Translate all axiom_config descriptions to English
- Fix doc_dirs to index .opencode/ and .specify/
- Deduplicate 5× complexity_rules → single global_tags catalog
- Reduce semantics-svelte 591→485 lines (remove duplicate code blocks)
- Fix semantics-testing: 'Short IDs' → 'Short hierarchical IDs'
- Fix all examples: flat IDs → hierarchical Domain.Name format
- Fix Svelte examples: replace raw Tailwind + <button> with semantic tokens + /ui

Speckit workflow (commands + templates):
- speckit.plan: add Function-Level Contracts for C3+ with @PRE/@POST/@TEST_EDGE
- speckit.plan: add Attention Compliance Gate (ATTN_1-4 before contract generation)
- speckit.tasks: add function contract inlining format (constraints in task description)
- speckit.specify: load semantics-core for spec density rules
- spec-template: add #region contract, @SEMANTICS grouping, hierarchical IDs
- ux-reference-template: add #region wrapper
- plan-template: add attention gate, @defgroup/@ingroup guidance
- tasks-template: add attention audit + rebuild + orphan check tasks
- constitution.md: translate to English, add Principle VIII (attention-optimized contracts)

Reference modules rewritten (hierarchical IDs + full contracts):
- Auth.Jwt: 6 child contracts with @RATIONALE/@REJECTED/@TEST_EDGE
- Api.Auth: 5 endpoints with @TEST_EDGE + molecular CoT markers
- Migration.Model: @defgroup Migration with 18 @ACTION + 6 @INVARIANT

Scripts:
- add_defgroup_ingroup.py: zero-risk additive @ingroup migration (1791 insertions)
- migrate_hierarchical.py: flat→hierarchical ID dry-run analysis (792 contracts)
- merge_prompts.py: merge all prompts/skills/commands into one review file

Config:
- axiom_config.yaml: 749→395 lines (-47%), English, doc_dirs include prompts
- Fix test_datasets.py import collision (rename → test_datasets_routes.py)
- Fix test_preview.py: SupersetClient→get_superset_client, AsyncMock, logger f-string
2026-06-08 16:30:59 +03:00

99 lines
3.3 KiB
Python

# #region CreateAdminScript [C:5] [TYPE Module] [SEMANTICS admin, search, user, cli]
# @defgroup Module Module group.
#
# @BRIEF CLI tool for creating the initial admin user.
# @LAYER Infrastructure
# @RELATION CALLS -> [AuthSecurityModule]
# @RELATION CALLS -> [DatabaseModule]
# @RELATION CALLS -> [AuthModels]
#
# @INVARIANT Admin user must have the "Admin" role.
# @SIDE_EFFECT Writes admin user to database
# @DATA_CONTRACT CLIArgs -> AdminUser
import argparse
from pathlib import Path
import sys
# Add src to path
sys.path.append(str(Path(__file__).parent.parent.parent))
from src.core.auth.security import get_password_hash
from src.core.cot_logger import seed_trace_id
from src.core.database import AuthSessionLocal, init_db
from src.core.logger import belief_scope, logger
from src.models.auth import Role, User
# #region create_admin [TYPE Function]
# @ingroup Module
# @BRIEF Creates an admin user and necessary roles/permissions.
# @PRE username and password provided via CLI.
# @POST Admin user exists in auth.db.
#
def create_admin(username, password, email=None):
seed_trace_id()
with belief_scope("create_admin"):
db = AuthSessionLocal()
try:
normalized_email = (
email.strip() if isinstance(email, str) and email.strip() else None
)
# 1. Ensure Admin role exists
admin_role = db.query(Role).filter(Role.name == "Admin").first()
if not admin_role:
logger.info("Creating Admin role...")
admin_role = Role(name="Admin", description="System Administrator")
db.add(admin_role)
db.commit()
db.refresh(admin_role)
# 2. Check if user already exists
existing_user = db.query(User).filter(User.username == username).first()
if existing_user:
logger.warning(f"User {username} already exists.")
return "exists"
# 3. Create Admin user
logger.info(f"Creating admin user: {username}")
new_user = User(
username=username,
email=normalized_email,
password_hash=get_password_hash(password),
auth_source="LOCAL",
is_active=True,
)
new_user.roles.append(admin_role)
db.add(new_user)
db.commit()
logger.info(f"Admin user {username} created successfully.")
return "created"
except Exception as e:
logger.error(f"Failed to create admin user: {e}")
db.rollback()
raise
finally:
db.close()
# #endregion create_admin
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Create initial admin user")
parser.add_argument("--username", required=True, help="Admin username")
parser.add_argument("--password", required=True, help="Admin password")
parser.add_argument("--email", required=False, help="Admin email")
args = parser.parse_args()
try:
# Ensure DB is initialized before creating admin
init_db()
create_admin(args.username, args.password, args.email)
sys.exit(0)
except Exception:
sys.exit(1)
# #endregion CreateAdminScript