From cd4300039d79315b4cea7a67efc944b724c488f7 Mon Sep 17 00:00:00 2001 From: Samir Boulahtit Date: Wed, 31 Dec 2025 22:01:15 +0100 Subject: [PATCH] fix: AUTH-004 rule now accepts # authenticated marker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Shop endpoints can use three valid vendor context patterns: - require_vendor_context() dependency - # public - for public endpoints - # authenticated - for customer-authenticated endpoints Customer auth (get_current_customer_api) includes vendor context validation, so # authenticated is a valid marker. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- scripts/validate_architecture.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/validate_architecture.py b/scripts/validate_architecture.py index cb4cdf42..3cc7c8bf 100755 --- a/scripts/validate_architecture.py +++ b/scripts/validate_architecture.py @@ -2612,9 +2612,12 @@ class ArchitectureValidator: if "noqa: auth-004" in content.lower(): return - # Shop APIs that need vendor context should use require_vendor_context or # public + # Shop APIs that need vendor context should use require_vendor_context, + # # public, or # authenticated (customer auth includes vendor context) has_vendor_context = ( - "require_vendor_context" in content or "# public" in content + "require_vendor_context" in content + or "# public" in content + or "# authenticated" in content ) # Check for routes that might need vendor context @@ -2623,10 +2626,11 @@ class ArchitectureValidator: lines = content.split("\n") for i, line in enumerate(lines, 1): if "@router." in line: - # Check next few lines for public marker or vendor context + # Check next few lines for public/authenticated marker or vendor context context_lines = "\n".join(lines[i - 1 : i + 10]) if ( "# public" not in context_lines + and "# authenticated" not in context_lines and "require_vendor_context" not in context_lines ): self._add_violation(