PR M: API-key role binding (req.actorRole) #17

Open

nsatoshi wants to merge 1 commits from devin/1776881763-pr-m-role-binding into main

pull from: devin/1776881763-pr-m-role-binding

merge into: d-bis:main

d-bis:main

d-bis:devin/1776919187-responsive-uiux-system

d-bis:devin/1776918348-pr-ab-complete-phoenix-scaffolding

d-bis:sync/currencicombo-phoenix-e2e

d-bis:devin/1776898782-pr-aa-phoenix-migration

d-bis:devin/1776896284-pr-z-deploy-sandbox

d-bis:devin/1776890754-pr-t-evaluator-consolidation

d-bis:devin/1776883227-pr-s-obligations

d-bis:devin/1776883027-pr-r-fin-sandbox

d-bis:devin/1776882556-pr-q-e2e

d-bis:devin/1776882394-pr-p-rules-engine

d-bis:devin/1776882169-pr-o-eip712

d-bis:devin/1776881860-pr-n-swift-msgid

d-bis:devin/1776881508-pr-l-participants

d-bis:devin/1776881375-pr-k-phase-timeouts

d-bis:devin/1776881249-pr-j-redis-event-bus

d-bis:devin/1776880983-pr-i-boot-assertions-ci

d-bis:devin/1776533597-fix-undo-redo-history

d-bis:develop

Conversation 0 Commits 1 Files Changed 2 +252 -17

1 Commits

Author	SHA1	Message	Date
Devin	5a66cf87c8	API-key role binding: inject req.actorRole ... Closes gap-analysis v2 §7.7. - API_KEYS entries now accept the form key:role (back-compat: bare keys default to role=operator). Known roles come from ActorRole in transactionState.ts (coordinator / approver / releaser / validator / exception_manager / operator). - apiKeyAuth + optionalApiKeyAuth inject req.actorRole alongside req.apiKey so the SoD enforcement in the state machine can consult the authenticated role directly. - New requireRole(...roles) guard for per-route role gating. - Fail-closed: unknown roles are skipped during parsing, not silently promoted to operator. Cache auto-invalidates when API_KEYS changes. - 9 unit tests.	2026-04-22 18:17:05 +00:00