feat(core-api): add verification pipeline with vertex attire adapter

2026-02-24 13:29:24 -05:00
parent f2912a1c32
commit 4a1d5f89e4
12 changed files with 997 additions and 13 deletions
--- a/docs/MILESTONES/M4/planning/m4-api-catalog.md
+++ b/docs/MILESTONES/M4/planning/m4-api-catalog.md
@@ -128,7 +128,83 @@ This catalog defines the currently implemented core backend contract for M4.
 - `MODEL_FAILED`
 - `RATE_LIMITED`

-## 3.4 Health
+## 3.4 Create verification job
+1. Method and route: `POST /core/verifications`
+2. Auth: required
+3. Request:
+```json
+{
+  "type": "attire",
+  "subjectType": "worker",
+  "subjectId": "worker_123",
+  "fileUri": "gs://krow-workforce-dev-private/uploads/<uid>/file.pdf",
+  "rules": {}
+}
+```
+4. Behavior:
+- validates `fileUri` ownership
+- requires file existence when `UPLOAD_MOCK=false` and `VERIFICATION_REQUIRE_FILE_EXISTS=true`
+- enqueues async verification
+5. Success `202`:
+```json
+{
+  "verificationId": "ver_123",
+  "status": "PENDING",
+  "type": "attire",
+  "requestId": "uuid"
+}
+```
+6. Errors:
+- `UNAUTHENTICATED`
+- `VALIDATION_ERROR`
+- `FORBIDDEN`
+- `NOT_FOUND`
+
+## 3.5 Get verification status
+1. Method and route: `GET /core/verifications/{verificationId}`
+2. Auth: required
+3. Success `200`:
+```json
+{
+  "verificationId": "ver_123",
+  "status": "NEEDS_REVIEW",
+  "type": "attire",
+  "requestId": "uuid"
+}
+```
+4. Errors:
+- `UNAUTHENTICATED`
+- `FORBIDDEN`
+- `NOT_FOUND`
+
+## 3.6 Review verification
+1. Method and route: `POST /core/verifications/{verificationId}/review`
+2. Auth: required
+3. Request:
+```json
+{
+  "decision": "APPROVED",
+  "note": "Manual review passed",
+  "reasonCode": "MANUAL_REVIEW"
+}
+```
+4. Success `200`: status becomes `APPROVED` or `REJECTED`.
+5. Errors:
+- `UNAUTHENTICATED`
+- `VALIDATION_ERROR`
+- `FORBIDDEN`
+- `NOT_FOUND`
+
+## 3.7 Retry verification
+1. Method and route: `POST /core/verifications/{verificationId}/retry`
+2. Auth: required
+3. Success `202`: status resets to `PENDING`.
+4. Errors:
+- `UNAUTHENTICATED`
+- `FORBIDDEN`
+- `NOT_FOUND`
+
+## 3.8 Health
 1. Method and route: `GET /health`
 2. Success `200`:
 ```json
@@ -150,3 +226,7 @@ This catalog defines the currently implemented core backend contract for M4.
 5. Max signed URL expiry: `900` seconds.
 6. LLM timeout: `20000` ms.
 7. LLM rate limit: `20` requests/minute/user.
+8. Verification access mode default: `authenticated`.
+9. Verification file existence check default: enabled (`VERIFICATION_REQUIRE_FILE_EXISTS=true`).
+10. Verification attire provider default in dev: `vertex` with model `gemini-2.0-flash-lite-001`.
+11. Verification government/certification providers: external adapters via configured provider URL/token.