# GovOPlaN Access **Repository type:** module (platform). `govoplan-access` is the platform module for GovOPlaN identity, authentication, sessions, API keys, RBAC, groups, users, and access administration. The repository contains the extracted access seed implementation under `src/govoplan_access/backend`. Session, API-key, and password helper services, interactive auth routes, and administration routers are owned here. Access still exports `govoplan_access.auth` for compatibility, but sibling modules should import the core `govoplan_core.auth` facade so auth can become a provider-neutral capability. Modules must not import the backend dependency module directly. Access-side admin service helpers remain here for users, groups, roles, system accounts, sessions, API keys, tenant access enforcement, admin/audit lookup capabilities, tenant owner provisioning, and governance-template materialization into access-owned groups and roles. Governance-template metadata CRUD lives in `govoplan-admin`. The transitional administration WebUI route shell and access-owned panels live under `webui/src` as `@govoplan/access-webui`. Generic system administration panels are contributed by `@govoplan/admin-webui` through core's `admin.sections` UI capability. Live access ORM models are defined here with `access_*` table names. Access stores current scope identifiers in `tenant_id` columns but does not hard-depend on the tenancy module package. Tenancy-specific tenant administration and tenant resolver behavior live in `govoplan-tenancy`; governance templates in `govoplan-admin`, audit logs in `govoplan-audit`, and system settings in `govoplan-core`. The current access boundary is documented in: - `/mnt/DATA/git/govoplan-core/docs/ACCESS_RBAC_MODEL.md` - `/mnt/DATA/git/govoplan-core/docs/MODULE_ARCHITECTURE.md` - `docs/ACCESS_MODULE_BOUNDARY.md` - `docs/IDENTITY_ACCOUNT_FUNCTION_MODEL.md` - `docs/OPENDESK_IDENTITY_BOUNDARY.md` ## Initial Ownership This module will own: - accounts and login identity - authentication routes and session lifecycle - API keys - legacy administration route contribution during the transition - tenant-local users - identity-to-account projection for explainable access decisions - organization-bound functions and function assignments - explicit delegation and acting-in-place facts - groups and memberships - roles and role assignments - principal resolution - permission evaluation - access administration backend routes - access administration WebUI route contributions - compatibility FastAPI auth dependency API at `govoplan_access.auth` - provider-facing auth facade consumed by sibling modules at `govoplan_core.auth` - access administration, tenant provisioning, and governance materializer capabilities - access-owned migrations The governance-template routes under `/admin/system/governance-templates` are contributed by `govoplan-admin`; access must not register those routes. `govoplan-access` treats `govoplan-tenancy` as optional. Access can run in the single-scope compatibility mode used by the core/access baseline, and tenancy adds tenant administration plus tenant resolver behavior when installed. ## Principal Context The stable principal DTO is `govoplan_core.core.access.PrincipalRef`. Access resolves sessions, API keys, and future service accounts into that DTO and serializes it as `principal` in auth API responses. Feature modules should use that DTO, primitive IDs, or the core `govoplan_core.auth` dependency facade instead of importing access ORM models or backend dependency internals. The detailed module boundary and serialization fields are documented in [docs/ACCESS_MODULE_BOUNDARY.md](docs/ACCESS_MODULE_BOUNDARY.md). ## WebUI Package The repository root and `webui/` directory both expose the package `@govoplan/access-webui`. The package contributes the `/admin` route and admin nav item through core's module WebUI contract. The route shell consumes module-owned `admin.sections` contributions from installed platform modules and continues to render access-owned tenant/user/group/role panels locally. Core supplies shared admin components, route rendering, and icon resolution. The kernel remains responsible for module discovery, route aggregation, database/session lifecycle, migration orchestration, capability registry, and stable contracts. ## Gitea Workflow This repository uses the shared GovOPlaN Gitea issue workflow. Issue templates are installed under `.gitea/`, and the shared label taxonomy is copied to `docs/gitea-labels.json`. From the core checkout, labels can be synced once a local `GITEA_TOKEN` is available: ```bash cd /mnt/DATA/git/govoplan-core /mnt/DATA/git/govoplan/tools/gitea/gitea-sync-labels.py --root /mnt/DATA/git/govoplan-access --apply ``` ## Development Install From the core checkout: ```bash cd /mnt/DATA/git/govoplan-core ./.venv/bin/python -m pip install -e ../govoplan-access ```