- docs/deployment.md: new "Token sources" section listing the three
bearer-token source precedences (AWS SM, JSON file/env, single token).
New "Build Variants" section explaining default vs aws builds and
their release-artifact naming. New "AWS Secrets Manager" section
covering env var, secret payload format, IAM role credential
discovery, and the hard error for feature-less builds.
- CONTRIBUTING.md: documents the `aws` feature and the two test
commands contributors should run when touching auth code.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Describe the CI workflow that regenerates openapi.json on PRs and the
fork fallback. The workflow itself is added in a follow-up commit via
the GitHub API (local tooling lacks workflow-scope).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Track a project pre-commit hook under scripts/hooks/ that regenerates
openapi.json when server source is staged, and auto-stages the updated
spec into the commit. Zero external dependencies — plain bash + cargo.
Enable via `git config core.hooksPath scripts/hooks`. The CI drift
test remains the authoritative check.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Wire a local pre-commit hook that regenerates openapi.json whenever
the server source changes, and document the workflow in CONTRIBUTING.
Opt-in via `pre-commit install`; the existing CI test remains the
authoritative drift check.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
