Devin 5a66cf87c8 API-key role binding: inject req.actorRole ...

Closes gap-analysis v2 §7.7.

- API_KEYS entries now accept the form key:role (back-compat: bare keys
  default to role=operator). Known roles come from ActorRole in
  transactionState.ts (coordinator / approver / releaser / validator /
  exception_manager / operator).
- apiKeyAuth + optionalApiKeyAuth inject req.actorRole alongside
  req.apiKey so the SoD enforcement in the state machine can consult
  the authenticated role directly.
- New requireRole(...roles) guard for per-route role gating.
- Fail-closed: unknown roles are skipped during parsing, not silently
  promoted to operator. Cache auto-invalidates when API_KEYS changes.
- 9 unit tests.

2026-04-22 18:17:05 +00:00

..

src

API-key role binding: inject req.actorRole

2026-04-22 18:17:05 +00:00

tests

API-key role binding: inject req.actorRole

2026-04-22 18:17:05 +00:00

jest.config.js

PR C: wire real NotaryRegistry on Chain 138 (arch step 4) (#7)

2026-04-22 17:11:50 +00:00

package.json

PR C: wire real NotaryRegistry on Chain 138 (arch step 4) (#7)

2026-04-22 17:11:50 +00:00

tsconfig.json

Add ECDSA signature verification and enhance ComboHandler functionality

2025-11-05 16:28:48 -08:00