Metadata-Version: 2.4
Name: tradekartauth
Version: 0.1.0
Summary: TradeKart authentication and RBAC for private tools (Cognito JWT + role permissions).
Author-email: Vikalp <tradekart@gmail.com>, Siddhant <tradekart@gmail.com>, Lakshay <tradekart@gmail.com>
License: MIT
Keywords: aws,cognito,jwt,rbac,authentication,authorization
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Typing :: Typed
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: PyJWT[crypto]>=2.8.0
Provides-Extra: dev
Requires-Dist: pytest>=7.4; extra == "dev"
Requires-Dist: pytest-cov>=4.1; extra == "dev"
Provides-Extra: aws
Requires-Dist: boto3>=1.28; extra == "aws"

# Tradekartauth

TradeKart authentication package for private tools.

## CDK pipeline: if a stage fails

`cdk deploy` only creates **CodePipeline**; failures after that happen **inside AWS** (Synth, UpdatePipeline, or Publish).

1. Open **CodePipeline** → `TradekartAuthPipeline` → click the failed execution → open the failed **stage** (red).
2. Open **Details** / **View in CodeBuild** and read the **log tail** (the last error line is what matters).

| Stage | Typical causes |
|--------|----------------|
| **Source** | Bitbucket connection not **Available**; wrong `repo` / `branch`; repo missing `infra/package-lock.json`. |
| **Build (Synth)** | `npm ci` / `tsc` must run inside **`infra/`** — the pipeline uses `cd infra && …` in one shell. Ensure **`infra/package-lock.json`** is committed. |
| **UpdatePipeline** | CDK bootstrap / IAM for self-mutation; upgrade CDK bootstrap if prompted. |
| **Publish** | PyPI token wrong or secret is JSON not raw token; **bump version** in `version.py` if `twine` says file already exists; KMS permission if secret uses a CMK. |

**Secret format:** `TWINE_PASSWORD` must be the **raw** PyPI token (`pypi-Ag...`). If you stored JSON in Secrets Manager, either switch to plaintext or adjust the pipeline to parse JSON.

After changing `infra/lib/pipeline-stack.ts`, run `cd infra && npm run build && npx cdk deploy ...` again to update the pipeline.
