refactor(semantics): migrate legacy @TIER to @COMPLEXITY annotations

- Replaced @TIER: TRIVIAL with @COMPLEXITY: 1 - Replaced @TIER: STANDARD with @COMPLEXITY: 3 - Replaced @TIER: CRITICAL with @COMPLEXITY: 5 - Manually elevated specific critical/complex components to levels 2 and 4 - Ignored legacy, specs, and node_modules directories - Updated generated semantic map
2026-03-16 10:06:44 +03:00
parent 321e0eb2db
commit 274510fc38
321 changed files with 30101 additions and 58483 deletions
--- a/backend/src/services/auth_service.py
+++ b/backend/src/services/auth_service.py
@@ -1,6 +1,6 @@
 # [DEF:backend.src.services.auth_service:Module]
 #
-# @TIER:      CRITICAL
+# @COMPLEXITY: 5
 # @SEMANTICS: auth, service, business-logic, login, jwt, adfs, jit-provisioning
 # @PURPOSE:   Orchestrates credential authentication and ADFS JIT user provisioning.
 # @LAYER:     Domain
@@ -27,11 +27,11 @@ from ..core.logger import belief_scope
 # [/SECTION]

 # [DEF:AuthService:Class]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Provides high-level authentication services.
 class AuthService:
    # [DEF:__init__:Function]
-    # @TIER: TRIVIAL
+    # @COMPLEXITY: 1
    # @PURPOSE: Initializes the authentication service with repository access over an active DB session.
    # @PRE: db is a valid SQLAlchemy Session instance bound to the auth persistence context.
    # @POST: self.repo is initialized and ready for auth user/role CRUD operations.
@@ -43,7 +43,7 @@ class AuthService:
    # [/DEF:__init__:Function]

    # [DEF:authenticate_user:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
    # @PURPOSE: Validates credentials and account state for local username/password authentication.
    # @PRE: username and password are non-empty credential inputs.
    # @POST: Returns User only when user exists, is active, and password hash verification succeeds; otherwise returns None.
@@ -69,7 +69,7 @@ class AuthService:
    # [/DEF:authenticate_user:Function]

    # [DEF:create_session:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
    # @PURPOSE: Issues an access token payload for an already authenticated user.
    # @PRE: user is a valid User entity containing username and iterable roles with role.name values.
    # @POST: Returns session dict with non-empty access_token and token_type='bearer'.
@@ -95,7 +95,7 @@ class AuthService:
    # [/DEF:create_session:Function]

    # [DEF:provision_adfs_user:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
    # @PURPOSE: Performs ADFS Just-In-Time provisioning and role synchronization from AD group mappings.
    # @PRE: user_info contains identity claims where at least one of 'upn' or 'email' is present; 'groups' may be absent.
    # @POST: Returns persisted user entity with roles synchronized to mapped AD groups and refreshed state.