the caller's verified principal id, or null/undefined for anonymous.
Optionalisfast-path admin check (verified). If omitted, the literal "admin" scope is used.
Optionalscopesthe caller's granted scopes (e.g. ["admin"], ["org:1:read"]). Default: none.
the operation name for this request, or undefined for non-contract paths (static/auth/docs → allowed).
the declared access facet for an operation (e.g. from the document's x-suluk-access).
Optionaldefaultwhat an operation that declares NO access facet requires. Defaults to "authenticated" — DENY BY DEFAULT, so a
dropped/missing facet is a 401 in tests, NEVER a silent public route (a fail-open default is how an annotation
gap becomes a live breach). Mark genuinely-public ops explicitly requires:"anyone".
Read identity from a request — the app supplies these (it owns its principal/scope model).