azaion/annotations
1
0
Fork 0
mirror of https://github.com/azaion/annotations.git synced 2026-06-21 09:41:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
03f879206e6ef63b5e108e1487371588918e0a50
annotations/_docs/00_problem/restrictions.md
T
Oleksandr Bezdieniezhnykh 03f879206e docs+src: complete Steps 1-3 outcomes + auth re-sync baseline 
This commit captures everything produced during autodev existing-code
Steps 1 (Document), 2 (Architecture Baseline Scan), and 3 (Test Spec),
together with the targeted auth + CORS re-sync triggered on 2026-05-14
when codebase drift was detected at Step 4 entry. None of this work was
previously committed.

Step 1 (Document) — 50+ _docs/02_document/ files: problem, solution,
architecture, system flows, glossary, module-layout, per-component
specs (01..06), modules, deployment, diagrams, data model, FINAL
report, verification log, discovery.

Step 2 (Architecture Baseline) — architecture_compliance_baseline.md.
Verdict PASS_WITH_WARNINGS (0 Critical, 0 High, 1 Medium, 2 Low). No
High/Critical findings; auto-chained to Step 3 per existing-code flow.

Step 3 (Test Spec) — _docs/02_document/tests/* (67 scenarios across
blackbox, security, resilience, resource-limit, performance), plus
e2e/docker-compose.test.yml, e2e/seed/run.sh, scripts/run-tests.sh,
scripts/run-performance-tests.sh. Coverage 88% over the active scope
(40 of 45 items covered, 6 RB-deferred, 5 documented-as-uncovered).

Targeted auth + CORS re-sync — replaces the deleted in-house token
issuer with a JWKS-verifier model. AuthController and TokenService
removed; JwtExtensions switched from HS256 symmetric to ES256 over
admin's JWKS. ConfigurationResolver and CorsConfigurationValidator
added under src/Infrastructure/. ADR-002 and ADR-006 retired; SEC-01,
SEC-02, SEC-03 marked Closed. One new testability risk recorded in
architecture.md Open Risks Section 6 (JWKS HTTPS gating).

Source changes:
- src/Auth/JwtExtensions.cs (modified) — ES256, JWKS, alg pinning
- src/Program.cs (modified) — DI wiring for ConfigurationResolver
  and CorsConfigurationValidator
- src/Controllers/AuthController.cs (deleted) — no in-service issuance
- src/Services/TokenService.cs (deleted) — same
- src/Infrastructure/ConfigurationResolver.cs (new)
- src/Infrastructure/CorsConfigurationValidator.cs (new)
- .env.example (new) — required env var documentation
- .gitignore (updated)

Cross-repo coordination: _docs/cross-repo/flights_h1_h2_h3_change_spec
captures the change-spec for downstream services that consumed the now
deleted /auth endpoints.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-14 20:19:05 +03:00

4.8 KiB
Raw Blame History

Azaion.Annotations — Restrictions

Only constraints evidenced in code, configs, or Dockerfiles are listed. Inferred-but-unverified items are flagged.

Hardware

ID Restriction Evidence
HW-01 Service binary is built for ARM64 only — no AMD64 image is produced. .woodpecker/build-arm.yml (platforms: linux/arm64); Dockerfile --arch=$BUILDARCH driven by BUILDPLATFORM=linux/arm64.
HW-02 Local writable filesystem is required at images_dir / videos_dir / (planned) deleted_dir. Services/AnnotationService.cs (File.WriteAllBytesAsync), Services/PathResolver.cs, directory_settings table.
HW-03 Memory pressure scales with the largest single image read into memory by FailsafeProducer (re-reads the image to put bytes on the wire). Services/FailsafeProducer.cs:138 neighborhood.

Software

ID Restriction Evidence
SW-01 .NET 10 SDK and runtime — no fallback. Dockerfile mcr.microsoft.com/dotnet/sdk:10.0, aspnet:10.0.
SW-02 PostgreSQL backend; migrator emits IF NOT EXISTS, ON CONFLICT, CREATE TYPE — Postgres 13+ semantics expected. Database/DatabaseMigrator.cs.
SW-03 RabbitMQ broker with the streams plugin enabled — service uses RabbitMQ.Stream.Client, not classic queues. Services/FailsafeProducer.cs.
SW-04 Linq2DB ORM, MessagePack with the contractless resolver, gzip wire format. Services/FailsafeProducer.cs.
SW-05 JWT verification is ES256 over admin's JWKS (JWT_JWKS_URL); ValidAlgorithms is pinned to EcdsaSha256. Annotations is verifier-only — admin is the sole token issuer for the suite. JWKS retrieval requires HTTPS. Auth/JwtExtensions.cs.

Environment

ID Restriction Evidence
ENV-01 Required env vars (fail-fast at startup via ConfigurationResolver): DATABASE_URL, JWT_ISSUER, JWT_AUDIENCE, JWT_JWKS_URL. Optional with defaults: RABBITMQ_HOST, RABBITMQ_STREAM_PORT, RABBITMQ_PRODUCER_USER, RABBITMQ_PRODUCER_PASS. Program.cs, Infrastructure/ConfigurationResolver.cs, Services/FailsafeProducer.cs.
ENV-02 Service listens on port 8080 HTTP, no TLS terminator inside the image. Dockerfile EXPOSE 8080, ASPNETCORE_URLS=http://+:8080.
ENV-03 Build stamps AZAION_REVISION from CI; Program.cs echoes it on startup. Dockerfile ARG AZAION_REVISION, Program.cs.
ENV-04 Image tag scheme is branch-driven: ${BRANCH}-arm. No semver tags. .woodpecker/build-arm.yml.
ENV-05 Swagger UI is mounted unconditionally — present in production builds (ADR-005). Program.cs.
ENV-06 CORS is config-driven (CorsConfig:AllowedOrigins + opt-in CorsConfig:AllowAnyOrigin); CorsConfigurationValidator.EnsureSafeForEnvironment refuses to start in Production when the allow-list is empty and AllowAnyOrigin is not set. ADR-006 retired. Program.cs, Infrastructure/CorsConfigurationValidator.cs.
ENV-07 Boot-time DatabaseMigrator.MigrateAsync() runs on startup — no separate migration step in the deploy pipeline (ADR-007). Program.cs, Database/DatabaseMigrator.cs.

Operational

ID Restriction Evidence
OP-01 SSE state is per-instance — no broker fan-out — so horizontal scaling is bounded today. Services/AnnotationEventService.cs (in-process Channel<>).
OP-02 Outbox drainer has no row-leasing — running multiple instances will double-publish until RB-09 deduplication contract is in place. Services/FailsafeProducer.cs.
OP-03 No automated test suite in repo; CI does build-and-push only. _docs/02_document/00_discovery.md, .woodpecker/build-arm.yml.
OP-04 No lint or formatter step in CI. .woodpecker/build-arm.yml.
OP-05 Dockerfile HEALTHCHECK calls /health; HTTP 200 expected by orchestrator. Dockerfile.
OP-06 The service must be the only writer of annotations_queue_records — the table is treated as a private outbox. Services/AnnotationService.cs, Services/FailsafeProducer.cs.
OP-07 DB connection string format is the Java/Hikari jdbc:postgresql://… style; Helpers/PostgreSqlConnectionStringHelper parses it. Helpers/PostgreSqlConnectionStringHelper.cs.

Cross-cutting (suite-level, evidence in suite/_docs/01_annotations.md)

ID Restriction
SUITE-01 The shared JWT secret family is cross-service; revoking it invalidates every service token.
SUITE-02 Wire enums for AnnotationStatus, MediaType, QueueOperation are duplicated across services and must move in lock-step (or a single contract has to be published).
SUITE-03 Stream consumers (admin worker, AI training) commit offsets independently — Annotations does not own retention semantics.
Reference in New Issue View Git Blame Copy Permalink