chore(semantic): checkpoint remediation progress

backend/src/services/auth_service.py

@@ -11,6 +11,10 @@
 # @RELATION:  [DEPENDS_ON] ->[backend.src.models.auth.Role]
 #
 # @INVARIANT: Authentication succeeds only for active users with valid credentials; issued sessions encode subject and scopes from assigned roles.
+# @PRE:       Core auth models and security utilities available.
+# @POST:      User identity verified and session tokens issued according to role scopes.
+# @SIDE_EFFECT: Writes last login timestamps and JIT-provisions external users.
+# @DATA_CONTRACT: [Credentials | ADFSClaims] -> [UserEntity | SessionToken]
 
 # [SECTION: IMPORTS]
 from typing import Dict, Any
@@ -23,9 +27,11 @@ from ..core.logger import belief_scope
 # [/SECTION]
 
 # [DEF:AuthService:Class]
+# @TIER: STANDARD
 # @PURPOSE: Provides high-level authentication services.
 class AuthService:
     # [DEF:__init__:Function]
+    # @TIER: TRIVIAL
     # @PURPOSE: Initializes the authentication service with repository access over an active DB session.
     # @PRE: db is a valid SQLAlchemy Session instance bound to the auth persistence context.
     # @POST: self.repo is initialized and ready for auth user/role CRUD operations.
@@ -37,6 +43,7 @@ class AuthService:
     # [/DEF:__init__:Function]
 
     # [DEF:authenticate_user:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Validates credentials and account state for local username/password authentication.
     # @PRE: username and password are non-empty credential inputs.
     # @POST: Returns User only when user exists, is active, and password hash verification succeeds; otherwise returns None.
@@ -62,6 +69,7 @@ class AuthService:
     # [/DEF:authenticate_user:Function]
 
     # [DEF:create_session:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Issues an access token payload for an already authenticated user.
     # @PRE: user is a valid User entity containing username and iterable roles with role.name values.
     # @POST: Returns session dict with non-empty access_token and token_type='bearer'.
@@ -87,6 +95,7 @@ class AuthService:
     # [/DEF:create_session:Function]
 
     # [DEF:provision_adfs_user:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Performs ADFS Just-In-Time provisioning and role synchronization from AD group mappings.
     # @PRE: user_info contains identity claims where at least one of 'upn' or 'email' is present; 'groups' may be absent.
     # @POST: Returns persisted user entity with roles synchronized to mapped AD groups and refreshed state.
@@ -121,7 +130,6 @@ class AuthService:
             self.repo.db.refresh(user)
             return user
     # [/DEF:provision_adfs_user:Function]
-
 # [/DEF:AuthService:Class]
 
 # [/DEF:backend.src.services.auth_service:Module]

backend/src/services/health_service.py

@@ -3,9 +3,9 @@
 # @SEMANTICS: health, aggregation, dashboards
 # @PURPOSE: Business logic for aggregating dashboard health status from validation records.
 # @LAYER: Domain/Service
-# @RELATION: DEPENDS_ON -> ValidationRecord
-# @RELATION: DEPENDS_ON -> backend.src.core.superset_client.SupersetClient
-# @RELATION: DEPENDS_ON -> backend.src.core.task_manager.cleanup.TaskCleanupService
+# @RELATION: [DEPENDS_ON] ->[backend.src.models.llm.ValidationRecord]
+# @RELATION: [DEPENDS_ON] ->[backend.src.core.superset_client.SupersetClient]
+# @RELATION: [DEPENDS_ON] ->[backend.src.core.task_manager.cleanup.TaskCleanupService]
 
 from typing import List, Dict, Any, Optional, Tuple
 import time

backend/src/services/resource_service.py

@@ -18,10 +18,12 @@ from ..core.logger import logger, belief_scope
 # [/SECTION]
 
 # [DEF:ResourceService:Class]
+# @TIER: STANDARD
 # @PURPOSE: Provides centralized access to resource data with enhanced metadata
 class ResourceService:
     
     # [DEF:__init__:Function]
+    # @TIER: TRIVIAL
     # @PURPOSE: Initialize the resource service with dependencies
     # @PRE: None
     # @POST: ResourceService is ready to fetch resources
@@ -32,15 +34,16 @@ class ResourceService:
     # [/DEF:__init__:Function]
     
     # [DEF:get_dashboards_with_status:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Fetch dashboards from environment with Git status and last task status
     # @PRE: env is a valid Environment object
     # @POST: Returns list of dashboards with enhanced metadata
     # @PARAM: env (Environment) - The environment to fetch from
     # @PARAM: tasks (List[Task]) - List of tasks to check for status
     # @RETURN: List[Dict] - Dashboards with git_status and last_task fields
-    # @RELATION: CALLS -> SupersetClient.get_dashboards_summary
-    # @RELATION: CALLS -> self._get_git_status_for_dashboard
-    # @RELATION: CALLS -> self._get_last_llm_task_for_dashboard
+    # @RELATION: CALLS ->[SupersetClient:get_dashboards_summary]
+    # @RELATION: CALLS ->[self:_get_git_status_for_dashboard]
+    # @RELATION: CALLS ->[self:_get_last_llm_task_for_dashboard]
     async def get_dashboards_with_status(
         self, 
         env: Any, 
@@ -81,6 +84,7 @@ class ResourceService:
     # [/DEF:get_dashboards_with_status:Function]
 
     # [DEF:get_dashboards_page_with_status:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Fetch one dashboard page from environment and enrich only that page with status metadata.
     # @PRE: env is valid; page >= 1; page_size > 0.
     # @POST: Returns page items plus total counters without scanning all pages locally.
@@ -144,6 +148,7 @@ class ResourceService:
     # [/DEF:get_dashboards_page_with_status:Function]
 
     # [DEF:_get_last_llm_task_for_dashboard:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Get most recent LLM validation task for a dashboard in an environment
     # @PRE: dashboard_id is a valid integer identifier
     # @POST: Returns the newest llm_dashboard_validation task summary or None
@@ -224,6 +229,7 @@ class ResourceService:
     # [/DEF:_get_last_llm_task_for_dashboard:Function]
 
     # [DEF:_normalize_task_status:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Normalize task status to stable uppercase values for UI/API projections
     # @PRE: raw_status can be enum or string
     # @POST: Returns uppercase status without enum class prefix
@@ -240,6 +246,7 @@ class ResourceService:
     # [/DEF:_normalize_task_status:Function]
 
     # [DEF:_normalize_validation_status:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Normalize LLM validation status to PASS/FAIL/WARN/UNKNOWN
     # @PRE: raw_status can be any scalar type
     # @POST: Returns normalized validation status token or None
@@ -255,6 +262,7 @@ class ResourceService:
     # [/DEF:_normalize_validation_status:Function]
 
     # [DEF:_normalize_datetime_for_compare:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Normalize datetime values to UTC-aware values for safe comparisons.
     # @PRE: value may be datetime or any scalar.
     # @POST: Returns UTC-aware datetime; non-datetime values map to minimal UTC datetime.
@@ -269,14 +277,15 @@ class ResourceService:
     # [/DEF:_normalize_datetime_for_compare:Function]
     
     # [DEF:get_datasets_with_status:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Fetch datasets from environment with mapping progress and last task status
     # @PRE: env is a valid Environment object
     # @POST: Returns list of datasets with enhanced metadata
     # @PARAM: env (Environment) - The environment to fetch from
     # @PARAM: tasks (List[Task]) - List of tasks to check for status
     # @RETURN: List[Dict] - Datasets with mapped_fields and last_task fields
-    # @RELATION: CALLS -> SupersetClient.get_datasets_summary
-    # @RELATION: CALLS -> self._get_last_task_for_resource
+    # @RELATION: CALLS ->[SupersetClient:get_datasets_summary]
+    # @RELATION: CALLS ->[self:_get_last_task_for_resource]
     async def get_datasets_with_status(
         self, 
         env: Any, 
@@ -307,6 +316,7 @@ class ResourceService:
     # [/DEF:get_datasets_with_status:Function]
     
     # [DEF:get_activity_summary:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Get summary of active and recent tasks for the activity indicator
     # @PRE: tasks is a list of Task objects
     # @POST: Returns summary with active_count and recent_tasks
@@ -346,12 +356,13 @@ class ResourceService:
     # [/DEF:get_activity_summary:Function]
     
     # [DEF:_get_git_status_for_dashboard:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Get Git sync status for a dashboard
     # @PRE: dashboard_id is a valid integer
     # @POST: Returns git status or None if no repo exists
     # @PARAM: dashboard_id (int) - The dashboard ID
     # @RETURN: Optional[Dict] - Git status with branch and sync_status
-    # @RELATION: CALLS -> GitService.get_repo
+    # @RELATION: CALLS ->[GitService:get_repo]
     def _get_git_status_for_dashboard(self, dashboard_id: int) -> Optional[Dict[str, Any]]:
         try:
             repo = self.git_service.get_repo(dashboard_id)
@@ -405,6 +416,7 @@ class ResourceService:
     # [/DEF:_get_git_status_for_dashboard:Function]
     
     # [DEF:_get_last_task_for_resource:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Get the most recent task for a specific resource
     # @PRE: resource_id is a valid string
     # @POST: Returns task summary or None if no tasks found
@@ -442,6 +454,7 @@ class ResourceService:
     # [/DEF:_get_last_task_for_resource:Function]
     
     # [DEF:_extract_resource_name_from_task:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Extract resource name from task params
     # @PRE: task is a valid Task object
     # @POST: Returns resource name or task ID
@@ -453,6 +466,7 @@ class ResourceService:
     # [/DEF:_extract_resource_name_from_task:Function]
     
     # [DEF:_extract_resource_type_from_task:Function]
+    # @TIER: STANDARD
     # @PURPOSE: Extract resource type from task params
     # @PRE: task is a valid Task object
     # @POST: Returns resource type or 'unknown'
@@ -462,6 +476,5 @@ class ResourceService:
         params = task.params or {}
         return params.get('resource_type', 'unknown')
     # [/DEF:_extract_resource_type_from_task:Function]
-
 # [/DEF:ResourceService:Class]
 # [/DEF:backend.src.services.resource_service:Module]