KES Shared Shell Contract
Purpose
This document defines the smallest truthful shared-shell contract KES still depends on after host extraction and compatibility-layer removal.
It is not a target-state fantasy. It reflects current code truth.
Gateway behavior
Current gateway surface:
Current seam:
KES_ORCHESTRATOR_SERVICE_URL ?? TENDERS_SERVICE_URL
Classification:
- must remain shared
Why:
- the gateway route family is already the stable public HTTP contract
- extraction should preserve that seam instead of rebuilding client-facing routing
Auth behavior
Current runtime-local auth ingress:
- in