From 6d262f7d7c7bec37200a66a3dd800eee8292e8f5 Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Wed, 3 Jun 2026 00:36:55 -0400 Subject: [PATCH] =?UTF-8?q?docs:=20Auth+Audit=20normalization=20PUSHED=20t?= =?UTF-8?q?o=20origin=20(gitea)=202026-06-03=20=E2=80=94=20default=20branc?= =?UTF-8?q?hes=20in=20sync;=20feat/*=20kept=20locally?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CLAUDE.md | 12 ++++++------ components/audit/GAPS.md | 2 +- components/auth/GAPS.md | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 3bcdd9d..bb97150 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -120,12 +120,12 @@ each project's **code-verified current state**, and the **gaps** between. See | Component | Status | Goal | Design | Implementation | |---|---|---|---|---| -| Auth (login / identity / authz) | Adopted (lib `0.1.3`; all 3 apps, merged to **local default** main/master, **not pushed**) | Shared `ZB.MOM.WW.Auth` lib | [`components/auth/`](components/auth/) | [`ZB.MOM.WW.Auth/`](ZB.MOM.WW.Auth/) | +| Auth (login / identity / authz) | Adopted (lib `0.1.3`; all 3 apps, merged to **local default** main/master + **pushed to origin** (gitea)) | Shared `ZB.MOM.WW.Auth` lib | [`components/auth/`](components/auth/) | [`ZB.MOM.WW.Auth/`](ZB.MOM.WW.Auth/) | | UI Theme (layout / tokens / components) | Built (lib `0.1.0`) | Shared `ZB.MOM.WW.Theme` RCL | [`components/ui-theme/`](components/ui-theme/) | [`ZB.MOM.WW.Theme/`](ZB.MOM.WW.Theme/) | | Health (readiness / liveness / active-node) | Built (lib `0.1.0`) | Shared `ZB.MOM.WW.Health` lib | [`components/health/`](components/health/) | [`ZB.MOM.WW.Health/`](ZB.MOM.WW.Health/) | | Observability (metrics / traces / logs) | Built (lib `0.1.0`) | Shared `ZB.MOM.WW.Telemetry` lib + `.Serilog` | [`components/observability/`](components/observability/) | [`ZB.MOM.WW.Telemetry/`](ZB.MOM.WW.Telemetry/) | | Config + validation (options / startup validation) | Adopted (lib `0.1.0`; all 3 apps, local) | Shared `ZB.MOM.WW.Configuration` lib | [`components/configuration/`](components/configuration/) | [`ZB.MOM.WW.Configuration/`](ZB.MOM.WW.Configuration/) | -| Audit (event model + writer seam) | Adopted (lib `0.1.0`; all 3 apps, merged to **local default** main/master, **not pushed**) | Shared `ZB.MOM.WW.Audit` lib | [`components/audit/`](components/audit/) | [`ZB.MOM.WW.Audit/`](ZB.MOM.WW.Audit/) | +| Audit (event model + writer seam) | Adopted (lib `0.1.0`; all 3 apps, merged to **local default** main/master + **pushed to origin** (gitea)) | Shared `ZB.MOM.WW.Audit` lib | [`components/audit/`](components/audit/) | [`ZB.MOM.WW.Audit/`](ZB.MOM.WW.Audit/) | The auth component is fully populated: a normalized [`spec`](components/auth/spec/SPEC.md), a proposed [`shared-contract`](components/auth/shared-contract/ZB.MOM.WW.Auth.md), three @@ -138,8 +138,8 @@ The shared library is **built and lives in this repo** at [`ZB.MOM.WW.Auth/`](ZB 172 tests; `dotnet pack` → 4 nupkgs @ 0.1.0). The implementation plan is at [`docs/plans/2026-06-01-zb-mom-ww-auth-shared-library.md`](docs/plans/2026-06-01-zb-mom-ww-auth-shared-library.md). **Adopted across all three apps on 2026-06-02** (auth GAPS #1–#8) on each repo's `feat/adopt-zb-auth` branch — -committed + reviewed, then **fast-forward-merged into the repo's local default (main/master) on 2026-06-03; NOT pushed** -(origin untouched; the `feat/*` branches were kept as history). Cutover: shared `Auth.Ldap`, +committed + reviewed, then **fast-forward-merged into the repo's local default (main/master) and PUSHED to origin +(gitea) on 2026-06-03** (in sync; the `feat/*` branches kept locally as history). Cutover: shared `Auth.Ldap`, `Auth.ApiKeys` (ScadaBridge inbound fully re-architected to the keyId/Bearer model), `IGroupRoleMapper` seam, `Transport`-enum config, canonical `ZbClaimTypes`/`ZbCookieDefaults`, unified dev base DN `dc=zb,dc=local`, and the canonical-six role vocabulary (with ScadaBridge's accepted auditor/admin SoD collapse). Consumer pins: OtOpcUa `0.1.1`, @@ -239,8 +239,8 @@ The shared library is **built and lives in this repo** at [`ZB.MOM.WW.Audit/`](Z (.NET 10; 1 package — `ZB.MOM.WW.Audit`; only non-BCL dependency `Microsoft.Extensions.DependencyInjection.Abstractions`; 19 tests; `dotnet pack` → 1 nupkg @ 0.1.0). Repo: `https://gitea.dohertylan.com/dohertj2/zb-mom-ww-audit`. **Adopted across all three apps on 2026-06-02** (audit GAPS #1–#6) on each repo's `feat/adopt-zb-audit` branch -(stacked on `feat/adopt-zb-auth`) — committed + reviewed, then **merged into the repo's local default (main/master) on -2026-06-03; NOT pushed** (origin untouched). Depth = +(stacked on `feat/adopt-zb-auth`) — committed + reviewed, then **merged into the repo's local default (main/master) +and PUSHED to origin (gitea) on 2026-06-03** (in sync). Depth = **DEEP adopt** (the canonical 9-field `AuditEvent` is the record everywhere; domain fields ride in `DetailsJson`). OtOpcUa: canonical record + `AuditWriterActor : IAuditWriter` + `Outcome` column/migration + `ClusterAudit` fix. MxGateway: new canonical SQLite `audit_event` store + `IAuditWriter` + `IApiKeyAuditStore`→canonical adapter. diff --git a/components/audit/GAPS.md b/components/audit/GAPS.md index a353412..713c508 100644 --- a/components/audit/GAPS.md +++ b/components/audit/GAPS.md @@ -5,7 +5,7 @@ reach the shared `ZB.MOM.WW.Audit` library. Status legend: ⛔ gap · 🟡 parti > **✅ ADOPTED 2026-06-02 (local-only) — DEEP.** The backlog (#1–#6) was implemented across all three apps on each repo's > **`feat/adopt-zb-audit`** branch (stacked on `feat/adopt-zb-auth`) — committed + spec/code-reviewed, then **merged to -> each repo's local default (main/master) on 2026-06-03; NOT pushed** (origin untouched). The user chose **DEEP adopt**: +> each repo's local default (main/master) and PUSHED to origin (gitea) on 2026-06-03** (in sync). The user chose **DEEP adopt**: > the canonical 9-field `AuditEvent` is the record EVERYWHERE > (domain fields ride in `DetailsJson`), so the §1 "keep own record" framing below was superseded. OtOpcUa: canonical > record + `AuditWriterActor : IAuditWriter` + `Outcome` col/migration + `ClusterAudit` fix. MxGateway: canonical SQLite diff --git a/components/auth/GAPS.md b/components/auth/GAPS.md index ccd12b8..59f22fa 100644 --- a/components/auth/GAPS.md +++ b/components/auth/GAPS.md @@ -5,7 +5,7 @@ reach the shared `ZB.MOM.WW.Auth` library. Status legend: ⛔ gap · 🟡 partia > **✅ ADOPTED 2026-06-02 (local-only).** The full backlog (#1–#8) was implemented across all three apps on each repo's > **`feat/adopt-zb-auth`** branch — committed + spec/code-reviewed, then **merged to each repo's local default -> (main/master) on 2026-06-03; NOT pushed** (origin untouched; `feat/*` kept). Shared +> (main/master) and PUSHED to origin (gitea) on 2026-06-03** (in sync; `feat/*` kept locally). Shared > `Auth.Ldap` + `Auth.ApiKeys` (ScadaBridge inbound re-architected to keyId/Bearer), `IGroupRoleMapper`, > `Transport`-enum config, canonical `ZbClaimTypes`/`ZbCookieDefaults`, unified dev base DN `dc=zb,dc=local`, and the > canonical-six roles (with ScadaBridge's accepted auditor/admin SoD collapse). Consumer pins: OtOpcUa `0.1.1`,