feat(federation): scope schema validator [FED-M2-03] #489
Reference in New Issue
Block a user
Delete Branch "feat/federation-m2-scope-schema"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Pure validator for federation grant scope objects per PRD §8.1. Independent of CA / DB / NestJS wiring — those land in M2-06.
What's in this PR
apps/gateway/src/federation/scope-schema.ts— Zod schema,parseFederationScope,FederationScopetype,FederationScopeErrorFEDERATION_RESOURCE_VALUESclosed allowlist of federation resources (extends in M3+)credentials/api_keysviaconsole.warn(full gating in M2-06)Decisions to confirm before M2-06 wires this up
.issuesAPI: Gateway uses Zod ^4.3.6. In Zod v4, the error issues array is accessed viaerror.issues(noterror.errorsas in v3). The parser uses this correctly.filterskey type:filtersis typed asRecord<string, ResourceFilterSchema>(notRecord<FederationResource, ...>) to avoid TS strictness issues with optional record keys. ThesuperRefinecross-check enforces filter keys must be inresourcesat runtime.include_teamsnot UUID-validated: Per PRD §8.3, team IDs are arbitrary BetterAuth strings (not UUIDs). The schema acceptsstring[].Test plan
Refs #461