From 0c2489c79fd01a30cb71b86d58b3889b90d362f4 Mon Sep 17 00:00:00 2001 From: zemion Date: Tue, 7 Jul 2026 01:00:21 +0200 Subject: [PATCH] Sync Repo-docs-ACCESS-EXTRACTION-PLAN from project files --- Repo-docs-ACCESS-EXTRACTION-PLAN.-.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/Repo-docs-ACCESS-EXTRACTION-PLAN.-.md b/Repo-docs-ACCESS-EXTRACTION-PLAN.-.md index 1bef831..5bca52c 100644 --- a/Repo-docs-ACCESS-EXTRACTION-PLAN.-.md +++ b/Repo-docs-ACCESS-EXTRACTION-PLAN.-.md @@ -1,4 +1,4 @@ - + > Mirrored from `/mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md`. > Origin: `repository`. @@ -246,8 +246,9 @@ Acceptance criteria: Move active identity/access models out of `govoplan_core.db.models`. Current state: the stable table naming strategy is to keep legacy table names -and move SQLAlchemy class definitions under their platform owners. Core keeps -`govoplan_core.db.models` as a compatibility re-export. The earlier +and move SQLAlchemy class definitions under their platform owners. The old +`govoplan_core.db.models` compatibility re-export has been removed; callers +must import module-owned models or use kernel capabilities. The earlier `access_*` candidate tables are not active metadata. Current table ownership: @@ -265,15 +266,16 @@ Tasks: - [x] Map legacy model names to access-owned model classes. - [x] Keep database table names where possible to avoid data migration churn. - [x] Add Alembic migration metadata owned by the platform module owners. -- [x] Keep compatibility aliases in core while modules migrate. +- [x] Remove core model compatibility aliases after callers moved to + module-owned imports. - [x] Update bootstrap/create-all compatibility paths. Acceptance criteria: - Existing development databases migrate without data loss. - New databases initialize with module-owned metadata. -- Core no longer owns live account/user/group/role/session/API-key model - definitions except compatibility aliases. +- Core no longer owns or re-exports live account/user/group/role/session/API-key + model definitions. ### Stage 4: Move Auth Routes And Dependencies @@ -433,6 +435,8 @@ Acceptance criteria: them through the `admin.sections` UI capability. - [x] Remove transitional boundary checker allowlist entries as each contract lands. +- [x] Remove old core import shims for access models, access routes, admin + service helpers, and access-owned security services. - [ ] Move campaign-scoped mail policy ownership fully behind an API/event workflow if direct synchronous capability calls become too tight for later deployment boundaries.