How this service handles authentication.
Full flows: docs/architecture/auth-flows.md
Tokens This Service Accepts
| Token type | Where validated | Guard / middleware |
|---|
| (none) | N/A | N/A |
Tokens This Service Sends
| Calling | Token used | How attached |
|---|
| hbf-core | CORE_TOKEN | Authorization: Bearer <CORE_TOKEN> header (via hbf-core-client.service.ts) |
Tokens This Service Issues
None.
Roles / Scopes Enforced
| Endpoint pattern | Required role |
|---|
| (none) | N/A |
Auth Notes
- NestJS-based infinite-loop daemon that aggregates stats and writes them back to hbf-core via API.
- No exposed HTTP endpoints with auth guards. Auth is outbound only.
- Uses
CORE_TOKEN exclusively for outbound calls to hbf-core.