Sync Repo-docs-MODULE-ARCHITECTURE from project files

2026-07-07 02:53:55 +02:00
parent 319e402a68
commit 881af0e943

@@ -1,4 +1,4 @@
<!-- codex-wiki-sync:ac612f4a103c52d994713144 --> <!-- codex-wiki-sync:bb7422b551349eda3e934059 -->
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/MODULE_ARCHITECTURE.md`. > Mirrored from `/mnt/DATA/git/govoplan-core/docs/MODULE_ARCHITECTURE.md`.
> Origin: `repository`. > Origin: `repository`.
@@ -86,18 +86,27 @@ Known access-related capability names are defined in
- `access.permissionEvaluator` - `access.permissionEvaluator`
- `access.resourceAccess` - `access.resourceAccess`
- `access.tenantProvisioner` - `access.tenantProvisioner`
- `access.administration`
- `access.governanceMaterializer`
- `tenancy.tenantResolver` - `tenancy.tenantResolver`
- `security.secretProvider` - `security.secretProvider`
- `audit.sink` - `audit.sink`
`govoplan-access` currently registers `access.principalResolver`, `govoplan-access` currently registers `access.principalResolver`,
`access.permissionEvaluator`, `access.directory`, and `access.permissionEvaluator`, `access.directory`, `access.tenantProvisioner`,
`access.tenantProvisioner`. `govoplan-tenancy` registers `access.administration`, and `access.governanceMaterializer`.
`tenancy.tenantResolver`. The minimal authenticated platform set is now `govoplan-tenancy` registers `tenancy.tenantResolver`. The minimal
`tenancy` plus `access`; the registry inserts `tenancy` before `access` when authenticated platform set is now `tenancy` plus `access`; the registry
only feature modules are requested. Feature modules should prefer these inserts `tenancy` before `access` when only feature modules are requested.
capabilities over direct reads of access/tenant ORM models when they need Feature modules should prefer these capabilities over direct reads of
labels, group membership, default access provisioning, or tenant metadata. access/tenant ORM models when they need labels, group membership, default
access provisioning, counts, audit actor labels, or tenant metadata.
FastAPI route dependencies for authenticated endpoints are access-owned and
published from `govoplan_access.backend.auth.dependencies`. Routers may import
that dependency module directly until a more generic request-principal adapter
exists; they must not import access ORM models or other access implementation
internals.
Current live table ownership: Current live table ownership:
@@ -115,7 +124,10 @@ Current admin route ownership follows the same boundary: access contributes
users, groups, roles, system accounts/roles, auth, sessions, and API-key users, groups, roles, system accounts/roles, auth, sessions, and API-key
administration; tenancy contributes tenant registry/settings routes; admin administration; tenancy contributes tenant registry/settings routes; admin
contributes system settings, overview, and governance-template routes; audit contributes system settings, overview, and governance-template routes; audit
contributes audit-log routes. contributes audit-log routes. Governance template metadata and assignment
routes live in `govoplan-admin`; materializing those templates into
access-owned groups and roles is performed by the
`access.governanceMaterializer` capability.
Current admin WebUI ownership mirrors that route split. `govoplan-access` Current admin WebUI ownership mirrors that route split. `govoplan-access`
contributes the `/admin` route shell and admin nav item. Other platform modules contributes the `/admin` route shell and admin nav item. Other platform modules
@@ -314,6 +326,8 @@ The repository includes `scripts/check_dependency_boundaries.py`. It enforces th
- access source may not import files/mail/campaign internals - access source may not import files/mail/campaign internals
- feature modules may not import access implementation internals - feature modules may not import access implementation internals
- feature modules may not add new direct imports of sibling feature modules - feature modules may not add new direct imports of sibling feature modules
- FastAPI routers may import the published
`govoplan_access.backend.auth.dependencies` dependency API
- the transitional allowlist is expected to stay empty - the transitional allowlist is expected to stay empty
Any future exception is extraction debt and must be temporary, documented in the Any future exception is extraction debt and must be temporary, documented in the