jester/zlh-grind
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Add Authentication Ownership section - Portal/APIv2 responsibilities and explicit non-responsibilities

Browse Source
This commit is contained in:
jester 2025-12-28 22:28:12 +00:00
parent 6e353c381f
commit bd067ba801
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
UPSTREAMS.md
View File

@ -1,4 +1,4 @@
# Upstreams zlh-grind # Upstreams zlh-grind
This repository tracks GPT execution work across upstream projects. This repository tracks GPT execution work across upstream projects.
@ -24,3 +24,22 @@ This repository tracks GPT execution work across upstream projects.
- Repo: `https://git.zerolaghub.com/jester/zlh-agent` - Repo: `https://git.zerolaghub.com/jester/zlh-agent`
- Role: Agent runtime for provisioning/install/verify/start workflows - Role: Agent runtime for provisioning/install/verify/start workflows
- Notes: Tagged `v0.1.0-dev` as the first dev snapshot. - Notes: Tagged `v0.1.0-dev` as the first dev snapshot.
---
## Authentication Ownership
### Portal
- Owns identity UX (login, logout, session handling)
- Stores JWT token
- Attaches Authorization header to API calls
### APIv2
- Validates credentials
- Issues JWT tokens
- Verifies tokens for protected routes
- Persists user records
### Explicit Non-Responsibilities
- API does not manage frontend sessions
- Portal does not validate credentials directly