From 7cef6be54cc4871467d81079eeaf9111f49d77e7 Mon Sep 17 00:00:00 2001
From: Scott Idem <stidem@gmail.com>
Date: Fri, 1 May 2026 14:31:19 -0400
Subject: [PATCH] docs(core): mark data store fallback temporary and list
 special cases

---
 documentation/PROJECT__AE_Site_Passcode_Security.md | 13 +++++++++++++
 src/lib/ae_api/api_get__data_store.ts               |  9 ++++++---
 src/lib/ae_core/ae_core_functions.ts                |  3 +++
 src/lib/ae_core/core__data_store.ts                 |  4 ++++
 src/lib/elements/element_data_store.svelte          |  3 +++
 5 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/documentation/PROJECT__AE_Site_Passcode_Security.md b/documentation/PROJECT__AE_Site_Passcode_Security.md
index 3fda5e51..1edb6945 100644
--- a/documentation/PROJECT__AE_Site_Passcode_Security.md
+++ b/documentation/PROJECT__AE_Site_Passcode_Security.md
@@ -92,6 +92,19 @@ If the backend team revisits this area, keep the next round focused on narrowing
 3. Mark any remaining bypass-only helper as temporary and add a removal target.
 4. Plan the eventual removal of `access_code_kv_json` from public bootstrap payloads once passcode auth is fully deployed.
 
+### Frontend special-case endpoints to review
+
+These are the current frontend-facing exceptions that the backend work should assume are special-cased. None require a frontend/client code change today, but some are intentionally temporary.
+
+| Frontend path / helper | Status | Notes |
+| --- | --- | --- |
+| `src/routes/+layout.ts` | Keep | Bootstrap site-domain lookup before account context is known. |
+| `src/routes/manifest.webmanifest/+server.ts` | Keep | Public PWA branding lookup; bootstrap key only. |
+| `src/lib/ae_core/ae_core__site.ts` | Keep | Cache-first site-domain bootstrap path. Still a bootstrap-only special case. |
+| `src/lib/ae_api/api_get__data_store.ts` + `src/lib/ae_core/core__data_store.ts` + `src/lib/elements/element_data_store.svelte` | Temporary | Global-default fallback. Target state is JWT-backed account-scoped access only. |
+| `src/lib/ae_core/ae_core_functions.ts` | Remove candidate | Legacy site-domain helper with forced no-account scope. |
+| `src/routes/testing/+page.svelte` | Dev-only | Useful for trace testing; do not add to any production allowlist. |
+
 **Phase 2 status:** Not started — removing `access_code_kv_json` from the public site model remains pending.
 
 **File:** `aether_api_fastapi/app/routers/api.py`
diff --git a/src/lib/ae_api/api_get__data_store.ts b/src/lib/ae_api/api_get__data_store.ts
index 16114734..7700300c 100644
--- a/src/lib/ae_api/api_get__data_store.ts
+++ b/src/lib/ae_api/api_get__data_store.ts
@@ -12,7 +12,9 @@ interface GetDataStoreV3Params {
 
 /**
  * Get a Data Store object by its human-friendly code (V3)
- * Uses hierarchical fallback logic (Specific -> Account -> Global)
+ * Uses hierarchical fallback logic (Specific -> Account -> Global).
+ * TEMPORARY: the global fallback is a stopgap until the backend can
+ * serve account-scoped defaults via JWT-backed access only.
  * Path: GET /v3/data_store/code/{code}
  */
 export async function get_data_store({
@@ -36,8 +38,9 @@ export async function get_data_store({
 
     const headers: key_val = {};
     if (no_account_id) {
-        // Use the standard bypass header understood by get_object so the
-        // request can actually fall back to global defaults.
+        // TEMPORARY: keep this narrow global-default escape hatch until the
+        // backend can answer the data_store request with account-scoped JWT
+        // access only.
         headers['x-no-account-id'] = 'Nothing to See Here';
     }
 
diff --git a/src/lib/ae_core/ae_core_functions.ts b/src/lib/ae_core/ae_core_functions.ts
index 83cc8612..440bfc08 100644
--- a/src/lib/ae_core/ae_core_functions.ts
+++ b/src/lib/ae_core/ae_core_functions.ts
@@ -74,6 +74,9 @@ async function load_ae_obj_id__site_domain({
         no_account_id = true;
         // api_cfg.headers['x_account_id'] = 'nothing here';
     }
+    // LEGACY BOOTSTRAP SPECIAL CASE: this helper is effectively a remove
+    // candidate once all site-domain lookups use the cache-first/bootstrap
+    // path in ae_core__site.ts.
     no_account_id = true;
 
     const params = {};
diff --git a/src/lib/ae_core/core__data_store.ts b/src/lib/ae_core/core__data_store.ts
index 7916a493..a75806ca 100644
--- a/src/lib/ae_core/core__data_store.ts
+++ b/src/lib/ae_core/core__data_store.ts
@@ -28,6 +28,10 @@ export async function load_ae_obj_by_code__data_store({
     save_idb?: boolean;
     timeout?: number;
     log_lvl?: number;
+            // TEMPORARY: this no-account fallback exists only until the backend
+            // can serve account-scoped defaults via JWT-backed access alone.
+            // Keep this path narrow and remove it when the backend no longer
+            // needs a transport-level scope drop for data_store.
 }): Promise<any> {
     if (log_lvl) {
         console.log(`*** load_ae_obj_by_code__data_store() *** code=${code}`);
diff --git a/src/lib/elements/element_data_store.svelte b/src/lib/elements/element_data_store.svelte
index 09042658..4bf7b677 100644
--- a/src/lib/elements/element_data_store.svelte
+++ b/src/lib/elements/element_data_store.svelte
@@ -227,6 +227,9 @@ async function load_data_store() {
                     `ae_e_data_store [${ds_code}]: Not found in context (Status ${status_code}). Trying global fallback.`
                 );
 
+            // TEMPORARY: same global-default fallback as core__data_store.ts.
+            // This should go away once the backend can answer with JWT-backed,
+            // account-scoped defaults only.
             ds_results = await api.get_data_store({
                 api_cfg,
                 code: ds_code,