a7dfd83571
CI / a11y (pull_request) Successful in 3m22s
Docs site / build (pull_request) Successful in 3m29s
CI / perf (pull_request) Successful in 6m35s
CI / scan (pull_request) Successful in 3m10s
CI / commits (pull_request) Successful in 3m26s
CI / check (pull_request) Successful in 3m37s
Proposes a three-orthogonal-axis authorization model: - Privileges (Entra app roles): coarse portal-level capabilities. v1 catalogue ships one entry, Portal.Admin. - Functional roles (Entra security groups mapped to a curated slug catalogue): what someone does in APF. 22 v1 entries grouped into workforce / governance / volunteer / external. - Scopes (apf_portal-side user_scopes table, future Pléiades feed): where a role applies. 6 v1 kinds (self / etablissement / delegation / region / siege / unrestricted). Replaces stargate's linear hierarchy (Admin ⊃ Directeur ⊃ RH ⊃ Collaborateur) which conflated portal privilege with business role and ignored geographic scope entirely. Specifies the Entra-side setup (one app role + one security group per functional role), the Principal shape consumed by portal guards, and the deterministic projection to ADR-0024's flat-roles[] AI-service contract. Ten test-tenant personas documented for the user to provision in the freshly available test tenant. Status: proposed. Implementation phasing recorded in §"More Information" — types + Principal builder, guards, drift CI gate, test-tenant seed, in that order.
Documentation index
This is the entry point to all project documentation. It is maintained automatically: any addition, rename, or removal of a .md file under docs/ must be reflected here in the same change.
Conventions
- Documentation is written in English.
- One topic per file. Group related files into a folder when there are three or more.
- Cross-reference with relative links so they keep working in GitHub, IDEs, and exported sites.
- For architectural decisions, do not add them here — they belong in decisions/ as MADR 4.0.0 ADRs.
Sections
Daily development
- development.md — repo layout, prerequisites, initial setup, daily commands, observability dev-loop (Jaeger UI, log ↔ trace correlation), dependency updates (Renovate), conventional commit cycle. Day-to-day reference for working on the project.
Architecture
- architecture.md — cross-cutting Mermaid diagrams: C4 system context, C4 containers, Nx module boundaries, CI/CD pipeline. Single-decision diagrams (auth sequence, ERD, etc.) live inline in their ADR.
Onboarding & environment
Setup guides for new contributors:
- setup/01-wsl-terminal-setup.md — modern WSL terminal (Zsh + Powerlevel10k + CLI tools)
- setup/02-dev-web-stack.md — Node via nvm, pnpm via corepack, Docker
- setup/03-angular-nx-monorepo.md — Angular + Nx monorepo bootstrap
Operations & runbooks
Empty — to be populated when we deploy.
Security, performance, accessibility
Empty — placeholders to be filled with rationale docs alongside their corresponding ADRs.