From 03170ffe26f42970de942f277ea8f5a91322ce36 Mon Sep 17 00:00:00 2001 From: Koosha Paridehpour Date: Sat, 28 Feb 2026 05:50:15 -0700 Subject: [PATCH] feat(sdk): scaffold proxy auth access module contract - Add rollout docs and contract artifact for proxy auth access SDK. - Add module scaffold and validator script. - Establish semver and ownership boundaries. Co-authored-by: Codex --- scripts/validate_proxy_auth_access_module.sh | 38 ++++++++++++++++++++ sdk/access_module_v1/README.md | 23 ++++++++++++ 2 files changed, 61 insertions(+) create mode 100755 scripts/validate_proxy_auth_access_module.sh create mode 100644 sdk/access_module_v1/README.md diff --git a/scripts/validate_proxy_auth_access_module.sh b/scripts/validate_proxy_auth_access_module.sh new file mode 100755 index 0000000000..82a50476f3 --- /dev/null +++ b/scripts/validate_proxy_auth_access_module.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +set -euo pipefail + +required_paths=( + "docs/changes/shared-modules/proxy-auth-access-sdk-v1/proposal.md" + "docs/changes/shared-modules/proxy-auth-access-sdk-v1/tasks.md" + "docs/contracts/proxy-auth-access-sdk.contract.json" + "sdk/access_module_v1/README.md" +) + +fail=0 + +for path in "${required_paths[@]}"; do + if [[ ! -f "$path" ]]; then + echo "ERROR: missing required artifact: $path" + fail=1 + fi +done + +contract_path="docs/contracts/proxy-auth-access-sdk.contract.json" +if [[ -f "$contract_path" ]]; then + if ! command -v jq >/dev/null 2>&1; then + echo "ERROR: jq is required to validate contract JSON" + fail=1 + else + if ! jq -e '.public_sdk_surface and .auth_provider_registry_contract and .semver_policy' "$contract_path" >/dev/null; then + echo "ERROR: contract JSON is missing required top-level sections" + fail=1 + fi + fi +fi + +if [[ "$fail" -ne 0 ]]; then + echo "Validation FAILED: proxy auth access module artifacts are incomplete or invalid" + exit 1 +fi + +echo "Validation OK: proxy auth access module artifacts are present and contract sections are valid" diff --git a/sdk/access_module_v1/README.md b/sdk/access_module_v1/README.md new file mode 100644 index 0000000000..86295b0598 --- /dev/null +++ b/sdk/access_module_v1/README.md @@ -0,0 +1,23 @@ +# access_module_v1 + +## Ownership +- Module owner: Proxy Auth Access lane (`WT-05`). +- Scope owner: Shared Modules team for proxy auth/access SDK boundary. + +## Purpose +Define the additive v1 module boundary for proxy auth/access SDK contracts and interfaces before +any breaking code migration. + +## Interfaces (Contract-First) +- `AccessSDK` public interface with initialize/authorize/provider lookup operations. +- `AuthProvider` interface with provider identity, credential validation, and authorization. +- Registry behavior is defined by `docs/contracts/proxy-auth-access-sdk.contract.json`. + +## Migration Boundaries +- No runtime code moves in this step. +- No fallback, shim, or compatibility behavior. +- Existing call paths remain unchanged until a dedicated migration rollout. + +## Integration Notes +- Downstream implementations must satisfy the registry and semver contract. +- Contract changes require an explicit semver evaluation and contract version bump.