feat(m7.1): wire compliance-agent to compliance-core auth + status gate
CI / Check (pull_request) Successful in 8m14s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
CI / Check (pull_request) Successful in 8m14s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
Supersedes #82. Deletes the inline JWT middleware in compliance-agent (now stale — missing JWKS refresh from #84 and tenant extraction from #83) and imports require_jwt_auth, require_tenant_status, JwksState from compliance_core::auth. Wires the status gate into the server's layer stack: Extension(jwks_state) → require_jwt_auth → require_tenant_status → handler. Adds the integration test from #82, retargeted to compliance_core::auth::require_tenant_status. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean (matches baseline) - cargo test -p compliance-core --lib — 7 tests pass - cargo test -p compliance-agent --lib — 228 tests pass - cargo test -p compliance-agent --test tenant_status_middleware — 6 tests pass - scripts/smoke.sh against live certifai KC — 15/15 cells pass (anon, bogus, active×2, trial, frozen, archived × {GET/health, GET/echo, POST/echo}) Caveats - M7.1 only — status gate + claim extraction. Per-collection tenant_id scoping (M7.2) still pending; agent will still serve any Active/Trial tenant's data to any caller until the ~38 query call-sites use compliance_core::db::tenant_filter. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -7,7 +7,7 @@ edition = "2021"
|
||||
workspace = true
|
||||
|
||||
[dependencies]
|
||||
compliance-core = { workspace = true, features = ["mongodb", "telemetry"] }
|
||||
compliance-core = { workspace = true, features = ["mongodb", "telemetry", "axum"] }
|
||||
compliance-graph = { path = "../compliance-graph" }
|
||||
compliance-dast = { path = "../compliance-dast" }
|
||||
serde = { workspace = true }
|
||||
@@ -44,7 +44,8 @@ dashmap = { workspace = true }
|
||||
tokio-stream = { workspace = true }
|
||||
|
||||
[dev-dependencies]
|
||||
compliance-core = { workspace = true, features = ["mongodb"] }
|
||||
compliance-core = { workspace = true, features = ["mongodb", "axum"] }
|
||||
tower = { version = "0.5", features = ["util"] }
|
||||
reqwest = { workspace = true }
|
||||
serde_json = { workspace = true }
|
||||
tokio = { workspace = true }
|
||||
|
||||
Reference in New Issue
Block a user