diff --git a/CLAUDE.md b/CLAUDE.md index 3f1af02..5eac21b 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -38,13 +38,13 @@ Pick libraries consistent with this stack. If you introduce a significant depend ``` / # docs and project meta (this file, README, LICENSE, COC, CONTRIBUTING) /docs # PRD.md, ARCHITECTURE.md -/backend # FastAPI service (uv-managed). app/{api/v1, services (+ privacy engine), repositories, models, schemas, core}; migrations/ = Alembic +/backend # FastAPI service (uv-managed). app/{api/v1, services (+ privacy engine), repositories, models, schemas, integrations (auth/mailer), core}; migrations/ = Alembic /deploy # docker-compose.yml, Caddyfile, .env.example — the self-host stack /.gitea/workflows # Gitea Actions CI (build images → Gitea registry) /frontend # Next.js app — not yet scaffolded (Phase 0, after the deploy story) ``` -Phase 0 is landing **deploy-first**: the compose stack (Postgres + MinIO + Caddy + a minimal FastAPI backend exposing `/health` and `/health/ready`) and CI come before the real data model and the frontend. Backend dependencies are managed with **uv**; migrations use **Alembic**. The core data model (ARCHITECTURE §5) and its initial migration have landed; local auth and the frontend are next. A temporary `X-User-Id` header shim stands in for auth until that slice. Keep this section current as the tree grows. +Phase 0 is landing **deploy-first**: the compose stack (Postgres + MinIO + Caddy + a minimal FastAPI backend exposing `/health` and `/health/ready`) and CI come before the real data model and the frontend. Backend dependencies are managed with **uv**; migrations use **Alembic**. The core data model (ARCHITECTURE §5) and **local auth** (Argon2 passwords, backend-issued sessions, email verify/reset behind the `AuthProvider` interface) have landed. API auth uses a session token (Bearer header or HttpOnly cookie). The **frontend scaffold** is next; OIDC/social auth is Phase 5. Keep this section current as the tree grows. ## Where to start diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md index b6b3bc6..611ec73 100644 --- a/docs/ARCHITECTURE.md +++ b/docs/ARCHITECTURE.md @@ -147,7 +147,7 @@ Three parts, deliberately separated: - `AuthProvider` interface with implementations for **local** (password + email verification/reset), **OIDC** (validated against Authentik; expected to work with Keycloak, Auth0, etc.), and **social** (Google, Apple, Facebook). - Operators enable any subset via config. This deployment will use Authentik (`auth.jpaul.io`) plus selected social providers; a bare self-hoster can run local-only. - Sessions are backend-issued; the assistant principal is minted per-session and scoped to the acting user. -- *Phase 0 interim:* until the auth slice lands, the API identifies the caller via a temporary `X-User-Id` header shim (replaced by real sessions/tokens), and account creation is an open dev bootstrap. Every write still records an attributable actor in the audit log. +- *Status:* **local auth has landed** — Argon2id password hashing, opaque backend-issued sessions (only the token hash is stored; presented as a Bearer token or HttpOnly cookie), and email verification + password reset via the `Mailer` interface (console in dev, SMTP for operators). OIDC and social providers are Phase 5. Every write records an attributable actor in the audit log. ## 10. Search @@ -179,7 +179,7 @@ Jobs are idempotent and retryable; an external failure degrades gracefully rathe **Repository layout (as scaffolded):** ``` -/backend # FastAPI, uv-managed. app/{api/v1, services (+privacy), repositories, models, schemas, core}; migrations/ = Alembic +/backend # FastAPI, uv-managed. app/{api/v1, services (+privacy), repositories, models, schemas, integrations (auth/mailer), core}; migrations/ = Alembic /deploy # docker-compose.yml, Caddyfile, .env.example /.gitea/workflows # Gitea Actions: build images → Gitea registry /frontend # Next.js (pending)