# GovOPlaN Identity Codex Guide ## Scope This repository owns the canonical GovOPlaN identity directory: internal identity records and links between identities and platform accounts. The module does not own authentication sessions, passwords, API keys, roles, permissions, or external IDM connector behavior. ## Boundaries - Depend on kernel contracts from `govoplan-core`. - Do not import access, IDM, organizations, postbox, workflow, or portal internals. - Expose integration through manifests, capabilities, API routes, events, and typed DTOs. - Keep external-provider synchronization in `govoplan-idm`; this module stores accepted normalized identity facts. ## Local Workflow Use Gitea issues as the canonical backlog and state log. The shared workflow is installed under `.gitea/`, with labels in `docs/gitea-labels.json`. Focused verification is still driven from `/mnt/DATA/git/govoplan-core` for cross-repository behavior.