Files
ss-tools/.opencode/command/speckit.semantics.md
busya 320f82ab95 feat(auth): implement API key authentication and management
Introduce a new API key authentication mechanism to support service-to-service
communication (e.g., Airflow, CI/CD) without browser-based JWT login.

- Add `APIKey` model and `APIKeyPrincipal` dependency for RBAC.
- Implement `require_api_key_or_jwt` dependency with environment scoping.
- Add admin CRUD endpoints for API key lifecycle management.
- Add API key management UI in System Settings.
- Update maintenance API to support explicit `environment_id` and API key auth.
- Add i18n support for API keys and connection settings.
- Include Python and Bash usage examples in the `examples/` directory.
- Update technical specifications and documentation.
2026-05-25 11:35:27 +03:00

58 lines
2.4 KiB
Markdown

---
description: Maintain semantic integrity by reindexing, auditing, and reviewing the ss-tools repository through AXIOM MCP tools.
---
## User Input
```text
$ARGUMENTS
```
You **MUST** consider the user input before proceeding (if not empty).
## Goal
Ensure the repository adheres to the active GRACE semantic protocol using AXIOM MCP as the primary execution engine: reindex, measure semantic health, audit contracts, audit decision-memory continuity, and optionally route contract-safe fixes.
## Operating Constraints
1. **ROLE: Orchestrator** — coordinate semantic maintenance at the workflow level.
2. **MCP-FIRST** — use AXIOM task-shaped tools for discovery, context, audit, impact analysis, and safe mutation planning.
3. **STRICT ADHERENCE** — follow the local semantic authorities:
MANDATORY USE `skill({name="semantics-core"})`,
`skill({name="semantics-contracts"})`,
`skill({name="semantics-python"})`,
`skill({name="semantics-svelte"})`,
`skill({name="molecular-cot-logging"})`
- relevant `docs/adr/*`
4. **NON-DESTRUCTIVE** — do not remove business logic; only add or correct semantic markup unless the user requested implementation changes.
5. **NO PSEUDO-CONTRACTS** — do not mechanically inject fake semantic boilerplate.
6. **ID NAMING** — use short domain-driven IDs, never full file paths or import paths as the semantic primary key.
7. **DECISION-MEMORY CONTINUITY** — audit ADRs, preventive task guardrails, and local `@RATIONALE` / `@REJECTED` as a single chain.
8. **LANGUAGE-AWARE** — Python uses `# #region` / `# #endregion`; Svelte HTML uses `<!-- #region -->` / `<!-- #endregion -->`; Svelte script uses `// #region` / `// #endregion`.
## Execution Steps
1. Reindex the semantic workspace.
2. Measure workspace semantic health.
3. Audit top issues:
- broken anchors or malformed regions
- missing complexity-required metadata
- unresolved relations
- isolated critical contracts
- missing ADR continuity
- restored rejected paths
- retained workaround logic lacking local decision-memory tags
4. Build remediation context for the top failing contracts.
5. If `$ARGUMENTS` contains `fix` or `apply`, route to an implementation/curation agent instead of applying naive text edits.
6. Re-run audit and report PASS/FAIL.
## Output
Return:
- health metrics
- PASS/FAIL status
- top issues
- decision-memory summary
- action taken or handoff initiated