[Task] Access extraction Stage 4: Move Auth Routes And Dependencies #44

Closed
opened 2026-07-06 11:33:16 +02:00 by zemion · 1 comment
Owner

Imported from the GovOPlaN access extraction plan.

  • Source: /mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md
  • Line: 250
  • Section: Stage 4: Move Auth Routes And Dependencies

Plan excerpt:

### Stage 4: Move Auth Routes And Dependencies

Move authentication, sessions, API keys, and principal dependencies.

Tasks:

- Move `/api/v1/auth/*` implementation to access.
- Move session/API-key services to access.
- Keep core route compatibility only if required by clients.
- Replace feature-module imports of core auth dependencies with stable kernel
  contracts or access-provided capabilities.
- Add tests for login, session refresh, tenant selection, API-key auth, and
  missing access capability failures.

Acceptance criteria:

- Auth behavior works through the access module.
- Feature modules do not import access internals.
- Core can explain startup failure clearly if auth-required routes are enabled
  without the access capability.

<!-- codex-backlog-fingerprint:cbbbdbe0097f550e3da667b8 --> Imported from the GovOPlaN access extraction plan. - Source: `/mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md` - Line: `250` - Section: `Stage 4: Move Auth Routes And Dependencies` Plan excerpt: ```markdown ### Stage 4: Move Auth Routes And Dependencies Move authentication, sessions, API keys, and principal dependencies. Tasks: - Move `/api/v1/auth/*` implementation to access. - Move session/API-key services to access. - Keep core route compatibility only if required by clients. - Replace feature-module imports of core auth dependencies with stable kernel contracts or access-provided capabilities. - Add tests for login, session refresh, tenant selection, API-key auth, and missing access capability failures. Acceptance criteria: - Auth behavior works through the access module. - Feature modules do not import access internals. - Core can explain startup failure clearly if auth-required routes are enabled without the access capability. ```
zemion added this to the Access Extraction milestone 2026-07-06 12:52:27 +02:00
Author
Owner

Codex status: done.

Completed evidence:

  • /api/v1/auth/* is implemented in govoplan_access.backend.api.v1.auth and registered by the access module route factory.
  • Session, password, and API-key services are owned by govoplan_access.backend.security.*.
  • Core keeps compatibility import shims for older import paths, verified by tests.
  • Feature routers no longer import core auth dependency wrappers; they use the access-published FastAPI dependency API while the broader stage-6 decoupling remains tracked separately.

Verification:

  • ./.venv/bin/python -m unittest tests.test_access_contracts tests.test_module_system -> 66 tests OK
  • ./.venv/bin/python scripts/check_dependency_boundaries.py -> passed, 0 transitional exceptions

Closing because auth/session/API-key route and dependency ownership has moved to access.

Codex status: done. Completed evidence: - `/api/v1/auth/*` is implemented in `govoplan_access.backend.api.v1.auth` and registered by the access module route factory. - Session, password, and API-key services are owned by `govoplan_access.backend.security.*`. - Core keeps compatibility import shims for older import paths, verified by tests. - Feature routers no longer import core auth dependency wrappers; they use the access-published FastAPI dependency API while the broader stage-6 decoupling remains tracked separately. Verification: - `./.venv/bin/python -m unittest tests.test_access_contracts tests.test_module_system` -> 66 tests OK - `./.venv/bin/python scripts/check_dependency_boundaries.py` -> passed, 0 transitional exceptions Closing because auth/session/API-key route and dependency ownership has moved to access.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-core#44
No description provided.