# Technical Design: Service Mesh Interop

## Architecture

```
Client --Bearer token--> Chat-svc --POST /validate--> Auth-svc
                            |
                            +--Enqueue(chat_task)--> PostgreSQL jobs table --> Worker-svc
```

## Component Changes

### 1. Auth-svc: /validate Endpoint
- **New handler**: `handlers/validate.go` - accepts POST with Bearer token, validates via existing JWT validator, returns user info
- **Route**: `POST /api/auth-svc/validate` (public endpoint, token is in the request body/header)
- **OpenAPI**: Document in `spec.go`

### 2. Chat-svc: Auth Client + Queue Producer
- **New adapter**: `internal/adapter/authclient/client.go` - wraps `svc.Client` to call auth-svc /validate
- **New port**: `internal/port/auth.go` - `AuthValidator` interface
- **New adapter**: `internal/adapter/jobqueue/producer.go` - wraps `queue.Producer`
- **New port**: `internal/port/queue.go` - `TaskProducer` interface
- **Wire into routes**: Protected routes validate via auth-svc, handlers can enqueue tasks

### 3. Worker-svc: Chat Task Handler
- **New handler**: `internal/handlers/chat_task.go` - processes `chat_task` jobs
- **Register**: In `main.go`, register the handler

## Patterns
- Use `pkg/svc.NewClient("auth-svc")` for service discovery
- Use `pkg/queue.Producer` interface for enqueuing
- Follow hexagonal architecture (ports + adapters)
- All handlers return `error`, wrapped with `app.Wrap()`