Sharang Parnerkar
324b137862
CI / Check (pull_request) Successful in 8m14s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
Supersedes #82. Deletes the inline JWT middleware in compliance-agent (now stale — missing JWKS refresh from #84 and tenant extraction from #83) and imports require_jwt_auth, require_tenant_status, JwksState from compliance_core::auth. Wires the status gate into the server's layer stack: Extension(jwks_state) → require_jwt_auth → require_tenant_status → handler. Adds the integration test from #82, retargeted to compliance_core::auth::require_tenant_status. Test plan - cargo fmt --all clean - cargo clippy --workspace --exclude compliance-dashboard -- -D warnings clean (matches baseline) - cargo test -p compliance-core --lib — 7 tests pass - cargo test -p compliance-agent --lib — 228 tests pass - cargo test -p compliance-agent --test tenant_status_middleware — 6 tests pass - scripts/smoke.sh against live certifai KC — 15/15 cells pass (anon, bogus, active×2, trial, frozen, archived × {GET/health, GET/echo, POST/echo}) Caveats - M7.1 only — status gate + claim extraction. Per-collection tenant_id scoping (M7.2) still pending; agent will still serve any Active/Trial tenant's data to any caller until the ~38 query call-sites use compliance_core::db::tenant_filter. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>