From b93a85a280ecfa590f85948e69be29311f135c07 Mon Sep 17 00:00:00 2001 From: "glm-5.2" Date: Tue, 23 Jun 2026 14:10:54 +0000 Subject: [PATCH] tasks: mark vault/review-vault-sync and core/auth completed --- tasks/core/auth.md | 12 ++++++++++-- tasks/vault/review-vault-sync.md | 12 ++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/tasks/core/auth.md b/tasks/core/auth.md index c2c0ad2..8156cd4 100644 --- a/tasks/core/auth.md +++ b/tasks/core/auth.md @@ -1,7 +1,7 @@ --- id: core/auth name: Implement AuthContext, Identity, AuthToken, IdentityProvider trait, and ConfigIdentityProvider -status: pending +status: completed depends_on: [core/core-types] scope: moderate risk: medium @@ -159,4 +159,12 @@ per-request identity takes precedence for ACL. ## Summary -> To be filled on completion \ No newline at end of file +Implemented `AuthContext`, `Identity`, `AuthToken`, `IdentityProvider` trait, +and `ConfigIdentityProvider` in `auth.rs`. ConfigIdentityProvider reads from +`ArcSwap` on every call (hot-reloadable): fingerprint resolution +via `authorized_fingerprints` HashSet, token resolution via `alk_` prefix + +SHA-256 hash + expiry check. Also implemented minimal `config.rs` types +(`DynamicConfig`, `AuthPolicy`, `ApiKeyEntry`, `RateLimitConfig`, +`ConfigReloadHandle`) needed by auth — aligned with architecture docs for the +parallel `core/config` task to extend. 27 unit tests pass; clippy clean. +Merged to develop. \ No newline at end of file diff --git a/tasks/vault/review-vault-sync.md b/tasks/vault/review-vault-sync.md index 007deb3..8726dcf 100644 --- a/tasks/vault/review-vault-sync.md +++ b/tasks/vault/review-vault-sync.md @@ -1,7 +1,7 @@ --- id: vault/review-vault-sync name: Review vault implementation against specs after all drift fixes -status: pending +status: completed depends_on: [vault/irpc-removal, vault/osrng-iv-generation, vault/poisoned-lock-recovery, vault/remove-password-derivation, vault/unlock-new-zeroizing-return, vault/key-versioning-rotation, vault/derivedkey-serialization, vault/cache-zeroization-test] scope: moderate risk: low @@ -109,4 +109,12 @@ items were missed or incompletely fixed. ## Summary -> To be filled on completion \ No newline at end of file +Reviewed vault crate against all architecture specs. Fixed 5 spec-conformance +deviations: (1) EncryptionKey removed Clone (now move-only), added redacting +Debug; (2) EncryptionKey::new made private (cfg(test)), added pub(crate) +key_bytes(); (3) encrypt/decrypt made pub(crate) per encryption.md, crypto tests +moved to unit tests; (4) CachedKey refactored to wrap DerivedKey with +cached_at/last_accessed fields per service.md; (5) Mnemonic::to_seed() unwrap() +eliminated by storing validated Bip39Mnemonic (enabled bip39 zeroize feature). +All 10 drift items verified resolved. 79 lib + 12 integration tests pass; clippy +clean with all features. Merged to develop. \ No newline at end of file