Sync Repo-docs-MODULE-ARCHITECTURE from project files
@@ -1,4 +1,4 @@
|
||||
<!-- codex-wiki-sync:ac612f4a103c52d994713144 -->
|
||||
<!-- codex-wiki-sync:bb7422b551349eda3e934059 -->
|
||||
|
||||
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/MODULE_ARCHITECTURE.md`.
|
||||
> Origin: `repository`.
|
||||
@@ -86,18 +86,27 @@ Known access-related capability names are defined in
|
||||
- `access.permissionEvaluator`
|
||||
- `access.resourceAccess`
|
||||
- `access.tenantProvisioner`
|
||||
- `access.administration`
|
||||
- `access.governanceMaterializer`
|
||||
- `tenancy.tenantResolver`
|
||||
- `security.secretProvider`
|
||||
- `audit.sink`
|
||||
|
||||
`govoplan-access` currently registers `access.principalResolver`,
|
||||
`access.permissionEvaluator`, `access.directory`, and
|
||||
`access.tenantProvisioner`. `govoplan-tenancy` registers
|
||||
`tenancy.tenantResolver`. The minimal authenticated platform set is now
|
||||
`tenancy` plus `access`; the registry inserts `tenancy` before `access` when
|
||||
only feature modules are requested. Feature modules should prefer these
|
||||
capabilities over direct reads of access/tenant ORM models when they need
|
||||
labels, group membership, default access provisioning, or tenant metadata.
|
||||
`access.permissionEvaluator`, `access.directory`, `access.tenantProvisioner`,
|
||||
`access.administration`, and `access.governanceMaterializer`.
|
||||
`govoplan-tenancy` registers `tenancy.tenantResolver`. The minimal
|
||||
authenticated platform set is now `tenancy` plus `access`; the registry
|
||||
inserts `tenancy` before `access` when only feature modules are requested.
|
||||
Feature modules should prefer these capabilities over direct reads of
|
||||
access/tenant ORM models when they need labels, group membership, default
|
||||
access provisioning, counts, audit actor labels, or tenant metadata.
|
||||
|
||||
FastAPI route dependencies for authenticated endpoints are access-owned and
|
||||
published from `govoplan_access.backend.auth.dependencies`. Routers may import
|
||||
that dependency module directly until a more generic request-principal adapter
|
||||
exists; they must not import access ORM models or other access implementation
|
||||
internals.
|
||||
|
||||
Current live table ownership:
|
||||
|
||||
@@ -115,7 +124,10 @@ Current admin route ownership follows the same boundary: access contributes
|
||||
users, groups, roles, system accounts/roles, auth, sessions, and API-key
|
||||
administration; tenancy contributes tenant registry/settings routes; admin
|
||||
contributes system settings, overview, and governance-template routes; audit
|
||||
contributes audit-log routes.
|
||||
contributes audit-log routes. Governance template metadata and assignment
|
||||
routes live in `govoplan-admin`; materializing those templates into
|
||||
access-owned groups and roles is performed by the
|
||||
`access.governanceMaterializer` capability.
|
||||
|
||||
Current admin WebUI ownership mirrors that route split. `govoplan-access`
|
||||
contributes the `/admin` route shell and admin nav item. Other platform modules
|
||||
@@ -314,6 +326,8 @@ The repository includes `scripts/check_dependency_boundaries.py`. It enforces th
|
||||
- access source may not import files/mail/campaign internals
|
||||
- feature modules may not import access implementation internals
|
||||
- feature modules may not add new direct imports of sibling feature modules
|
||||
- FastAPI routers may import the published
|
||||
`govoplan_access.backend.auth.dependencies` dependency API
|
||||
- the transitional allowlist is expected to stay empty
|
||||
|
||||
Any future exception is extraction debt and must be temporary, documented in the
|
||||
|
||||
Reference in New Issue
Block a user