This repository ships both a deployable auth service and a reusable SDK. Good changes keep those two surfaces aligned: code, tests, and documentation should move together.
- read
README.mdfor the repo overview - read
DEVELOPMENT.mdfor local setup - read
docs/README.mdfor the full docs map
When you make a change:
- keep docs in sync with behavior
- add or update tests for user-visible logic
- preserve compatibility between the service and the SDK
- avoid introducing configuration that is only documented in code
- Create or update your local environment from
.env-sample. - Run the stack or the dependencies you need.
- Make the smallest coherent change set you can.
- Run the relevant checks.
- Update docs if behavior, configuration, or operator workflows changed.
Run these before opening a PR:
python -m ruff check .
python -m black --check .
python -m pytest -q
python -m alembic upgrade head --sql
python -m build
python -m build sdkIf you use uv, equivalent commands are fine.
app/: service codesdk/: client-side integration packagetests/unit/: fast isolated coveragetests/integration/: DB, Redis, router, and workflow coverageloadtests/: Locust scenarios and seed helpersdocs/: maintainer and consumer documentation
When you change models or persistence behavior:
- add or update an Alembic migration in
migrations/versions/ - verify
python -m alembic upgrade head - verify
python -m alembic upgrade head --sql - document any new environment or operator steps
Update documentation whenever you change:
- endpoint behavior or response contracts
- configuration keys or defaults
- background worker behavior
- security assumptions
- contributor or deployment workflows
The goal is that a new engineer can trust the docs without reading the entire codebase first.
- behavior is covered by tests or the gap is explicitly called out
- docs and examples match the code
- new config is represented in
.env-samplewhen applicable - migrations are included when schema changes require them
- service and SDK impacts were both considered