Headless clients for the DBIS/cc-* bounded-context repos that actually
ship runnable code today:
- cc-identity-core — HTTP service (GET /health, GET /ready,
POST /v1/subjects per upstream openapi.yaml / src/server.mjs).
- cc-compliance-controls — controls/matrix/v0.yaml (loader with
embedded v0 snapshot + optional remote JSON override).
Other cc-* repos (cc-payment-adapters, cc-audit-ledger,
cc-shared-events, cc-shared-schemas) remain template scaffolds
upstream at recon time; when those services ship, add sibling clients
here following the same pattern.
Wired via the standard provider-switch pattern:
- CC_IDENTITY_URL unset → MockCcIdentityClient.
- CC_IDENTITY_URL set → HttpCcIdentityClient (X-API-Key +
X-Correlation-Id auto-minted, 10s AbortController timeout).
- CC_CONTROLS_MATRIX_URL unset → embedded v0 matrix.
- CC_CONTROLS_MATRIX_URL set → remote JSON loader, normalises
snake_case → camelCase per upstream YAML.
16 jest tests cover both legs of both adapters: mock shapes + live
fetch stubs for auth headers, correlation ids, JSON body, path
encoding, error handling, and matrix normalisation. No network, no
UI. Full unit suite: 12 suites / 156 tests still passing. tsc clean.
