What happened?
Server dependency setup has accumulated responsibilities as the user, identity, principal, vault, and hosted/local mode concepts evolved. Some dependencies appear to resolve too much application state, and responsibility boundaries between identity resolution, user/principal resolution, vault binding, and service construction are unclear.
What did you expect?
Server dependencies should have clear ownership boundaries. Request/auth dependencies should identify the caller. Principal and vault resolution should happen in one explicit place. Services should receive already-resolved dependencies and should not perform unrelated lookup or global state work internally.
Steps to reproduce
- Inspect server dependency injection and route construction.
- Trace how identity, principal/user, vault, config, registries, and
AuthService are created for a request.
- Identify duplicated or misplaced resolution logic.
- Refactor dependencies so each layer has a single responsibility and service constructors receive explicit, scoped inputs.
What happened?
Server dependency setup has accumulated responsibilities as the user, identity, principal, vault, and hosted/local mode concepts evolved. Some dependencies appear to resolve too much application state, and responsibility boundaries between identity resolution, user/principal resolution, vault binding, and service construction are unclear.
What did you expect?
Server dependencies should have clear ownership boundaries. Request/auth dependencies should identify the caller. Principal and vault resolution should happen in one explicit place. Services should receive already-resolved dependencies and should not perform unrelated lookup or global state work internally.
Steps to reproduce
AuthServiceare created for a request.