feat(identity): stage 1.2 — POST /capabilities/request step-up auth endpoint spec #1

Merged

peterswimm merged 7 commits from mark/stage-1-2-identity into main

2026-06-07 02:49:45 +00:00

peterswimm commented

2026-06-07 02:49:08 +00:00

Owner

Summary

Adds the endpoint spec for POST /capabilities/request — the JIT capability step-up API from Stage 1.2.

This endpoint is the server-side counterpart to CapabilityClient.swift (Rituals macOS PR #122). It resolves an actor's capability grant status and either returns a short-lived Vault token or a Keycloak step-up challenge URL.

See docs/capabilities-request.md for the full request/response shapes, auth flow, and error codes.

Rituals macOS #122 — CapabilityClient Swift implementation
spel #210 — core.capability_scopes + core.actor_identity_bindings migrations that back this endpoint

## Summary Adds the endpoint spec for `POST /capabilities/request` — the JIT capability step-up API from Stage 1.2. This endpoint is the server-side counterpart to `CapabilityClient.swift` (Rituals macOS PR #122). It resolves an actor's capability grant status and either returns a short-lived Vault token or a Keycloak step-up challenge URL. See `docs/capabilities-request.md` for the full request/response shapes, auth flow, and error codes. ## Related - Rituals macOS #122 — `CapabilityClient` Swift implementation - spel #210 — `core.capability_scopes` + `core.actor_identity_bindings` migrations that back this endpoint

peterswimm added 7 commits

2026-06-07 02:49:08 +00:00

feat(schema): ResourceBlock + /resources/* broker surface d05427239b

Adds the Phase 2 resource-broker contract: a new ForgeBlock discriminant
for compute/event-stream resources, plus REST paths for managing them.
All changes are additive — existing block types, oneOf order, and
discriminator mappings are preserved.

schemas/forge_block.json:
  * ResourceBlock variant (kind: mlx_model | kafka_topic | kafka_consumer
    | tier_policy) with handle/title/health/metrics/actions
  * ResourceKind, ResourceHealth, ResourceMetric supporting types
  * ForgeBlock.oneOf and discriminator.mapping extended with "resource"

openapi.yaml:
  * frame_type enum gains "resource_allocation"
  * ResourceBlock + supporting schemas mirrored under components.schemas
  * ForgeBlock oneOf/discriminator extended in parallel
  * 6 new path operations under /resources/{mlx-models, mlx-models/{handle},
    kafka-topics, kafka-consumers, kafka-consumers/{group_id}, tier-policy}
  * new "resources" tag

Validates: 50 paths, 63 schemas, all $refs resolve, discriminator
coverage complete. The TS client at rituals-chat/packages/channel-adapter
mirrors these definitions; once this lands the client regenerates from
the canonical schema via json-schema-to-typescript.

Merge pull request 'feat(schema): ResourceBlock + /resources/* broker surface' (#1 ) from feat/resource-block-broker into main 00d7b7dca2

Reviewed-on: #1

docs(discovery): document attributes.service contract + schema c5eabbb8fd

Adds the form-driven service discovery contract to the API spec so
external pattern authors know how to declare downstream-service
bindings in core.patterns.attributes.

- schemas/service_descriptor.json: JSON Schema for the attributes.service
  shape (name + optional tags, path, namespace). Frozen contract used by
  the ritual runtime to resolve services against the Nomad catalog
  before dispatching.
- docs/form_driven_discovery.md: conceptual doc covering the contract
  shape, resolution flow (Nomad catalog lookup, 5s TTL cache, soft
  fallback semantics), Ollama executor precedence ladder, multi-tenant
  namespacing, and step-by-step guidance for migrating an executor to
  consume context.resolved_service.
- schemas/index.json: new discovery category; service_descriptor v1.0
  registered alongside the existing entity/manifest/ui schemas.
- CHANGELOG.md: 1.1.0 entry summarizing the additive contract.

Companion to ritual-engine PRs #61 (NomadResolver), #62 (dispatch
wiring), #63 (Ollama executor migration), #64 (query_intent wiring +
INFO log).

Merge branch 'main' into docs/form-driven-discovery d5cbf24024

chore: gcm diagnose log 6c8d4566d1

feat(api-spec): Add schema-driven block rendering endpoints 9423448638

New endpoints for universal entity blocks:
- GET /{entity_type}/{entity_id}/blocks - render entity detail blocks
- GET /{entity_type} - list entity blocks with pagination
- GET /wishes/active, /wishes/active/hydration-needs, /wishes/active/hydrate
- POST /wishes/groom-queue/{id}/review - triage backlog items
- GET /wishes/groom-queue - browse pending backlog
- POST /ruses/{id}/invoke - execute ruse
- GET /lineage/{id}/graph - ancestry/descendant graph

Supports multiple rendering surfaces (web, flutter, macos) via spec and surface query params.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

feat(identity): stage 1.2 — POST /capabilities/request step-up auth endpoint spec d2156e9328

peterswimm merged commit 09d3e7152b into main

2026-06-07 02:49:45 +00:00

peterswimm deleted branch mark/stage-1-2-identity

2026-06-07 02:49:45 +00:00

peterswimm referenced this pull request from a commit

2026-06-07 02:49:47 +00:00

Merge pull request 'feat(schema): ResourceBlock + /resources/* broker surface' (#1) from feat/resource-block-broker into main

peterswimm referenced this pull request from a commit

2026-06-07 02:49:47 +00:00

Merge pull request 'feat(identity): stage 1.2 — POST /capabilities/request step-up auth endpoint spec' (#1) from mark/stage-1-2-identity into main