admin/_docs/02_document/04_verification_log.md

# Verification Log

## Summary

| Metric | Count |
|--------|-------|
| Total entities verified | 87 |
| Entities flagged | 0 |
| Corrections applied | 3 |
| Remaining gaps | 0 |
| Completeness score | 27/27 modules (100%) |

## Entity Verification

All class names, method signatures, interfaces, enum values, and endpoints referenced in documentation were cross-referenced against actual source code. No hallucinated entities found.

### Classes & Interfaces Verified
- `User`, `UserConfig`, `UserQueueOffsets`, `RoleEnum` ✓
- `BusinessException`, `ExceptionEnum` (all 10 values) ✓
- `IDbFactory`, `DbFactory`, `AzaionDb`, `AzaionDbSchemaHolder` ✓
- `IUserService`, `UserService` (all 10 methods) ✓
- `IAuthService`, `AuthService` (2 methods) ✓
- `IResourcesService`, `ResourcesService` (5 methods) ✓
- `ICache`, `MemoryCache` (2 methods) ✓
- `Security` (5 methods) ✓
- `BusinessExceptionHandler` ✓
- All config POCOs (`ConnectionStrings`, `JwtConfig`, `ResourcesConfig`) ✓
- All request DTOs + validators ✓

### Endpoints Verified
All 17 endpoints in `Program.cs` match documentation. Routes, HTTP methods, and authorization requirements confirmed.

## Corrections Applied

### Correction 1: `apiUploaderPolicy` is unused dead code

**Document**: `components/05_admin_api/description.md`, `architecture.md`

**Finding**: `apiUploaderPolicy` is defined in `Program.cs` (lines 55-61) and registered via `AddPolicy`, but it is **never applied to any endpoint**. No `RequireAuthorization(apiUploaderPolicy)` call exists in the codebase. It is effectively dead code.

**Action**: Added note in architecture.md and admin API component spec.

### Correction 2: `BusinessExceptionHandler` cross-project namespace

**Document**: `modules/admin_api_business_exception_handler.md`

**Finding**: `BusinessExceptionHandler.cs` resides in the `Azaion.AdminApi` project but declares `namespace Azaion.Common;`. This is an unusual cross-project namespace usage — the class lives in the API project but belongs to the Common namespace.

**Action**: Noted in module doc.

### Correction 3: Missing appsettings discovery

**Document**: `deployment/environment_strategy.md`

**Finding**: `appsettings.json` was not initially read during discovery. It reveals:
- `ResourcesConfig` defaults: `ResourcesFolder: "Content"`, `SuiteInstallerFolder: "suite"`, `SuiteStageInstallerFolder: "suite-stage"`
- `JwtConfig`: Issuer `"AzaionApi"`, Audience `"Annotators/OrangePi/Admins"`, TokenLifetimeHours `4`
- `ConnectionStrings` and `JwtConfig.Secret` are NOT in appsettings — must be provided via environment variables (correct practice for secrets)

**Action**: Updated environment strategy doc.

## Observations (not errors)

### `hardware_hash` column mismatch
The `users` table DDL includes `hardware_hash varchar(120)` but the application code does not map or use this column. The `User` entity has no `HardwareHash` property. The application stores raw hardware in `hardware` and computes hashes at runtime. The DDL column appears to be a leftover from an earlier design.

### No UNIQUE constraint on `email`
The DDL (`env/db/02_structure.sql`) does not include a UNIQUE constraint on the `email` column. Uniqueness is enforced at the application level in `UserService.RegisterUser` (check-then-insert pattern), which is susceptible to race conditions.

### Test credentials in source
`UserServiceTest.cs` contains hardcoded PostgreSQL credentials for a remote database server. These should be in a test configuration file or environment variables.

### JWT Audience reveals system scope
The JWT audience value `"Annotators/OrangePi/Admins"` reveals that the system serves annotators (operators), OrangePi/CompanionPC devices, and administrators — consistent with the `RoleEnum` definitions.

## Completeness Check

| Module (source file) | Module Doc | Component |
|---------------------|-----------|-----------|
| Common/Extensions/EnumExtensions.cs | ✓ | Common Helpers |
| Common/Extensions/StringExtensions.cs | ✓ | Common Helpers |
| Common/Extensions/StreamExtensions.cs | ✓ | Common Helpers |
| Common/Extensions/QueryableExtensions.cs | ✓ | Common Helpers |
| Common/Entities/RoleEnum.cs | ✓ | 01 Data Layer |
| Common/Entities/User.cs | ✓ | 01 Data Layer |
| Common/Configs/ConnectionStrings.cs | ✓ | 01 Data Layer |
| Common/Configs/JwtConfig.cs | ✓ | 01 Data Layer |
| Common/Configs/ResourcesConfig.cs | ✓ | 01 Data Layer |
| Common/Database/AzaionDb.cs | ✓ | 01 Data Layer |
| Common/Database/AzaionDbSchemaHolder.cs | ✓ | 01 Data Layer |
| Common/Database/DbFactory.cs | ✓ | 01 Data Layer |
| Common/BusinessException.cs | ✓ | Common Helpers |
| Common/Requests/LoginRequest.cs | ✓ | 02 User Management |
| Common/Requests/RegisterUserRequest.cs | ✓ | 02 User Management |
| Common/Requests/GetResourceRequest.cs | ✓ | 04 Resource Management |
| Common/Requests/SetHWRequest.cs | ✓ | 02 User Management |
| Common/Requests/SetUserQueueOffsetsRequest.cs | ✓ | 02 User Management |
| Services/Security.cs | ✓ | 03 Auth & Security |
| Services/Cache.cs | ✓ | 01 Data Layer |
| Services/UserService.cs | ✓ | 02 User Management |
| Services/AuthService.cs | ✓ | 03 Auth & Security |
| Services/ResourcesService.cs | ✓ | 04 Resource Management |
| AdminApi/BusinessExceptionHandler.cs | ✓ | 05 Admin API |
| AdminApi/Program.cs | ✓ | 05 Admin API |
| Test/SecurityTest.cs | ✓ | Tests |
| Test/UserServiceTest.cs | ✓ | Tests |

All 27 modules are covered. No gaps.

## Consistency Check

- Component docs agree with architecture doc ✓
- Flow diagrams match component interfaces ✓
- Data model matches entity definitions ✓
- Deployment docs match Dockerfile and CI config ✓