Document landed local auth in CLAUDE.md and ARCHITECTURE

Records the auth model (Argon2, opaque sessions, Bearer/cookie, email verify/reset behind AuthProvider/Mailer), supersedes the interim X-User-Id note, and adds integrations/ to the backend layout.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
This commit is contained in:
2026-06-06 10:51:51 -04:00
parent 9f8dd960f4
commit e2edd4b2f1
2 changed files with 4 additions and 4 deletions
+2 -2
View File
@@ -38,13 +38,13 @@ Pick libraries consistent with this stack. If you introduce a significant depend
```
/ # docs and project meta (this file, README, LICENSE, COC, CONTRIBUTING)
/docs # PRD.md, ARCHITECTURE.md
/backend # FastAPI service (uv-managed). app/{api/v1, services (+ privacy engine), repositories, models, schemas, core}; migrations/ = Alembic
/backend # FastAPI service (uv-managed). app/{api/v1, services (+ privacy engine), repositories, models, schemas, integrations (auth/mailer), core}; migrations/ = Alembic
/deploy # docker-compose.yml, Caddyfile, .env.example — the self-host stack
/.gitea/workflows # Gitea Actions CI (build images → Gitea registry)
/frontend # Next.js app — not yet scaffolded (Phase 0, after the deploy story)
```
Phase 0 is landing **deploy-first**: the compose stack (Postgres + MinIO + Caddy + a minimal FastAPI backend exposing `/health` and `/health/ready`) and CI come before the real data model and the frontend. Backend dependencies are managed with **uv**; migrations use **Alembic**. The core data model (ARCHITECTURE §5) and its initial migration have landed; local auth and the frontend are next. A temporary `X-User-Id` header shim stands in for auth until that slice. Keep this section current as the tree grows.
Phase 0 is landing **deploy-first**: the compose stack (Postgres + MinIO + Caddy + a minimal FastAPI backend exposing `/health` and `/health/ready`) and CI come before the real data model and the frontend. Backend dependencies are managed with **uv**; migrations use **Alembic**. The core data model (ARCHITECTURE §5) and **local auth** (Argon2 passwords, backend-issued sessions, email verify/reset behind the `AuthProvider` interface) have landed. API auth uses a session token (Bearer header or HttpOnly cookie). The **frontend scaffold** is next; OIDC/social auth is Phase 5. Keep this section current as the tree grows.
## Where to start