Description
- Short-lived access, refresh rotation, revocation list optional.
Requirements and context
- Must be secure, tested, and documented for production operation.
- Should be efficient, observable, and easy to review in PRs.
- Scope is Predictify backend / off-chain services only (no Soroban contract changes, no frontend UI in this issue).
Suggested execution
- Fork the repository and create a branch:
git checkout -b feature/jwt-session-bridge
- Implement changes:
- Service / module: implement in
src/auth/jwt.rs and related packages as needed.
- Tests: add or extend
token forgery tests (unit + integration where applicable).
- Documentation: update or add
docs/backend/AUTH.md (architecture notes, OpenAPI, or runbooks).
- Comments & types: document public APIs, config knobs, and failure modes clearly.
Primary touchpoints: src/auth/jwt.rs
Test and commit
- Run the project test command (e.g.
pytest, cargo test, or npm test — follow repo conventions).
- Cover edge cases listed in the description; add regression tests for any bug found.
- In the PR, include summarized test output and security / ops notes (authn/z, data handling, rate limits).
Example commit message
feat(auth): jwt session bridge
Guidelines
- Target ≥ 95% coverage on new or materially changed modules (per language/tooling configured in CI).
- Documentation must allow a new engineer to operate and verify the feature locally.
- Timeframe: 96 hours from assignment.
Description
Requirements and context
Suggested execution
git checkout -b feature/jwt-session-bridgesrc/auth/jwt.rsand related packages as needed.token forgery tests(unit + integration where applicable).docs/backend/AUTH.md(architecture notes, OpenAPI, or runbooks).Primary touchpoints:
src/auth/jwt.rsTest and commit
pytest,cargo test, ornpm test— follow repo conventions).Example commit message
Guidelines