In production, backends use the internal Docker URL (http://mana-auth:3001) for
MANA_CORE_AUTH_URL but tokens are issued with BASE_URL (https://auth.mana.how) as
the issuer. Accept both to prevent "unexpected iss claim value" errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace HTTP POST to /api/v1/auth/validate with local JWT verification
using jose + createRemoteJWKSet. Eliminates ~5-20ms HTTP roundtrip per
API request across all backends. JWKS cached automatically by jose.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add build:packages step to all test.yml jobs (fixes @manacore/shared-nestjs-auth not found)
- Handle missing coverage artifacts gracefully in test-coverage.yml
- Update .prettierignore to exclude apps-archived/ and problematic files
- Format all source files to pass CI checks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create @manacore/shared-nestjs-auth package with JwtAuthGuard
- Update @mana-core/nestjs-integration to validate tokens via auth service
- Replace insecure local JWT decode with server-side validation
- Integrate Zitare, Presi, ManaDeck backends with centralized auth
- Add DEV_BYPASS_AUTH support for development mode
- Document auth architecture in CLAUDE.md
