ICPI Parity Verification
Scope
This sprint verified parity between:
- old colocated ICPI hosting in
services/svc-tenders
Loading module
Resolving locale, route permissions, and workspace projection.
Resolving locale, route permissions, and workspace projection.
Current scope: Guest
Category: 10_normative | Version: v1.0.0
Owner: DOCUMENT_CUSTODIAN | Review cycle: 90 days
Approval authority: GOVERNANCE_ADMIN
Documentation portal is read-only. Editing and mutation endpoints are disabled.
Kvary platform is originally created in Georgian. Where a Georgian version exists, Georgian is authoritative for platform UI, documentation, and legal interpretation.
Translations into other languages are provided for convenience. Some records may originate in other languages and carry their own source or legal locale for a specific flow, but where a Georgian version is available, the Georgian version prevails for platform-level wording and interpretation.
Metadata incomplete: Document ID, Version, Status, Owner Role, Last Review Date, Next Review Date, Change Log
This sprint verified parity between:
services/svc-tendersservices/svc-icpiTENDERS_SERVICE_URLICPI_SERVICE_URL=http://localhost:4021The goal was to verify behavior, not to remove the old host.
svc-auth on http://localhost:4100svc-tenders on http://localhost:4020svc-icpi on http://localhost:4021services/api on http://localhost:4001Verification was executed against live local processes. Read and write checks were performed from the same Node runtime family that hosted the services so localhost behavior stayed faithful to the actual process boundary.
GET /icpi/prices?page=1&pageSize=1GET /icpi/suggest?query=cement®ion=GE&limit=5GET /icpi/latest/ICPI_PARITY_MISSING?region=GEGET /icpi/estimate?itemCode=&quantity=abcGET /icpi/estimate?itemCode=ICPI_PARITY_MISSING&quantity=2®ion=GEPOST /icpi/upsert with no bearer tokenPOST /icpi/upsert with valid-signature access token whose principal could not be resolvedCompared gateway GET/POST /api/v1/icpi/* responses against direct old-host responses while ICPI_SERVICE_URL was unset and TENDERS_SERVICE_URL=http://127.0.0.1:4020.
Routes checked:
GET /api/v1/icpi/prices?page=1&pageSize=1GET /api/v1/icpi/suggest?query=cement®ion=GE&limit=5GET /api/v1/icpi/latest/ICPI_PARITY_MISSING?region=GEGET /api/v1/icpi/estimate?itemCode=&quantity=abcPOST /api/v1/icpi/upsert with no bearer tokenPOST /api/v1/icpi/upsert with valid-signature but unresolved principal tokenCompared gateway GET/POST /api/v1/icpi/* responses against direct new-host responses while ICPI_SERVICE_URL=http://127.0.0.1:4021.
Routes checked:
GET /api/v1/icpi/prices?page=1&pageSize=1GET /api/v1/icpi/suggest?query=cement®ion=GE&limit=5GET /api/v1/icpi/latest/ICPI_PARITY_MISSING?region=GEGET /api/v1/icpi/estimate?itemCode=&quantity=abcPOST /api/v1/icpi/upsert with no bearer tokenPOST /api/v1/icpi/upsert with valid-signature but unresolved principal tokenGET /icpi/prices: 200 and identical JSON shapeGET /icpi/suggest: 200 and identical JSON shapeGET /icpi/latest/:itemCode not-found path: 404 with reasonCode=icpi_not_foundGET /icpi/estimate invalid-input path: 400 with reasonCode=invalid_estimate_queryGET /icpi/estimate not-found path: 404 with reasonCode=icpi_not_foundPOST /icpi/upsert missing bearer token: 401 with reasonCode=missing_bearer_tokenPOST /icpi/upsert unresolved principal: 401 with reasonCode=principal_resolution_failedsvc-icpi runtime on all checked routesICPI_SERVICE_URL overrideNo ICPI route mismatches were found in the checked parity set.
Severity: MEDIUM
While probing /auth/me, svc-auth crashed when given a syntactically valid JWT whose sub was not UUID-shaped. That is not an ICPI runtime mismatch, but it is a real behavior exposed by the rehearsal.
Observed shape:
GET /auth/mesubsvc-auth process crash caused by database UUID parsing, instead of a clean non-OK auth responseThis did not block ICPI parity verification because:
subprincipal_resolution_failedNONE OBSERVEDNONE OBSERVEDNONE OBSERVEDMEDIUM, outside ICPI route parity itself