UAPI Auth Identity Contracts v0
Unified login, principal, session, service token, and device identity contract baseline.
Promotion Metadata
- Source feedback id:
87 - Source feedback ids:
87 - Promotion request id:
21 - Feedback category:
beneficial - Feedback source:
ai-lane - Feedback created at:
2026-06-22T16:36:03.510786+00:00 - Target slug:
[REDACTED:high-entropy] - Review state:
review - Reviewer note: AI lane auto-promoted redacted feedback into internal catalog context.
Source Feedback Body
Feedback 87
- Product:
uapi - Category:
beneficial - Related slug:
[REDACTED:high-entropy] - Source:
ai-lane - Created at:
2026-06-22T16:36:03.510786+00:00
title: UAPI Auth Identity Contracts v0 project: uapi kind: runbook state: draft tags: [docs, runbook, uapi, auth, identity]
UAPI Auth Identity Contracts v0
Goal: one-login identity model across Explorer, Cortex, Beacon, UAPI, Cadence/Interpreter, and related layers without sharing raw credentials between services.
UnifiedIdentityPrincipal fields: - principal_id: stable opaque id. - principal_type: human, ai_service, device, system. - display_label: safe label for UI and audit. - org_id and project_id. - roles: operator, reviewer, builder, service, device, observer. - scopes: explicit permission strings. - trust_tier: public_safe, internal, privileged, break_glass. - auth_method: password, passkey, session, service_token, device_attestation, delegated. - status: active, suspended, revoked.
LoginSession fields: - session_id, principal_id, issued_at, expires_at, last_seen_at. - assurance_level and mfa_state. - device_binding_id when applicable. - allowed_products and denied_products. - revocation_reason and revoked_at.
ServiceToken fields: - token_id, service_principal_id, scopes, route_allowlist, project_allowlist. - issued_at, expires_at, rotation_parent, rotated_at. - last_used_at, last_used_route, audit_event_id. - secret_material_state: never_exposed, escrowed, rotated, revoked.
DeviceIdentity fields: - device_id, friendly_name, device_class, owner_product. - attestation_state, observed_capabilities, allowed_routes. - health_state, last_inventory_at, policy_bundle_id.
Denial tests: 1. Human token cannot act as device. 2. Service token cannot approve operator gates. 3. Device identity cannot read unrelated Explorer context. 4. Expired or revoked token fails closed. 5. Missing scope denies route execution.