Introduce a new API key authentication mechanism to support service-to-service communication (e.g., Airflow, CI/CD) without browser-based JWT login. - Add `APIKey` model and `APIKeyPrincipal` dependency for RBAC. - Implement `require_api_key_or_jwt` dependency with environment scoping. - Add admin CRUD endpoints for API key lifecycle management. - Add API key management UI in System Settings. - Update maintenance API to support explicit `environment_id` and API key auth. - Add i18n support for API keys and connection settings. - Include Python and Bash usage examples in the `examples/` directory. - Update technical specifications and documentation.
2.4 KiB
2.4 KiB
description
| description |
|---|
| Maintain semantic integrity by reindexing, auditing, and reviewing the ss-tools repository through AXIOM MCP tools. |
User Input
$ARGUMENTS
You MUST consider the user input before proceeding (if not empty).
Goal
Ensure the repository adheres to the active GRACE semantic protocol using AXIOM MCP as the primary execution engine: reindex, measure semantic health, audit contracts, audit decision-memory continuity, and optionally route contract-safe fixes.
Operating Constraints
- ROLE: Orchestrator — coordinate semantic maintenance at the workflow level.
- MCP-FIRST — use AXIOM task-shaped tools for discovery, context, audit, impact analysis, and safe mutation planning.
- STRICT ADHERENCE — follow the local semantic authorities:
MANDATORY USE
skill({name="semantics-core"}),skill({name="semantics-contracts"}),skill({name="semantics-python"}),skill({name="semantics-svelte"}),skill({name="molecular-cot-logging"})- relevant
docs/adr/*
- relevant
- NON-DESTRUCTIVE — do not remove business logic; only add or correct semantic markup unless the user requested implementation changes.
- NO PSEUDO-CONTRACTS — do not mechanically inject fake semantic boilerplate.
- ID NAMING — use short domain-driven IDs, never full file paths or import paths as the semantic primary key.
- DECISION-MEMORY CONTINUITY — audit ADRs, preventive task guardrails, and local
@RATIONALE/@REJECTEDas a single chain. - LANGUAGE-AWARE — Python uses
# #region/# #endregion; Svelte HTML uses<!-- #region -->/<!-- #endregion -->; Svelte script uses// #region/// #endregion.
Execution Steps
- Reindex the semantic workspace.
- Measure workspace semantic health.
- Audit top issues:
- broken anchors or malformed regions
- missing complexity-required metadata
- unresolved relations
- isolated critical contracts
- missing ADR continuity
- restored rejected paths
- retained workaround logic lacking local decision-memory tags
- Build remediation context for the top failing contracts.
- If
$ARGUMENTScontainsfixorapply, route to an implementation/curation agent instead of applying naive text edits. - Re-run audit and report PASS/FAIL.
Output
Return:
- health metrics
- PASS/FAIL status
- top issues
- decision-memory summary
- action taken or handoff initiated