Auth Boundaries

Boundary Rule

User-facing services validate Clerk identity at their edge. Sirloin generally trusts verified upstream callers and uses the Clerk SDK for user lookups. Round has no auth and must remain internal-only.

Service Rules

Brisket uses @clerk/nextjs middleware and auth().
Strip uses custom Fiber middleware and clerk-sdk-go/v2.
Brain uses NestJS Passport guards and @clerk/backend, with explicit public/API-key route escape hatches.
Sirloin should not silently become a general JWT validation boundary without an architecture decision.
Round must not be exposed publicly without adding an auth boundary.

Verification

Auth changes should run service-local tests for the service whose boundary changed and review Authentication.