Failing tests first (4 red: unsigned POSTs returned 200 and minted objects), then the gate: host/blog--int-verify? checks x-int-sig = sess-sig(fed-secret, request TARGET) (params live in the query, body is empty); host/blog--protect-internal wraps the three routes → 403 unsigned. Secret unset = open (dev/tests). Callers (events→shop /ticket + /order, shop→identity /person) sign via host/blog--int-headers. Closes the live capacity-bypass (anyone could mint tickets directly). blog suite 225/225 (218 + 7 new). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
214 KiB
214 KiB