Adds an abstraction over the CreateChallengeRequest.complexity field
(already present in the proto since the original altcha module landed),
letting applications scale PoW difficulty per request based on actor
signals — repeat-offender counters, threat-intel headers, reputation
scores — without leaking those concerns into the gRPC provider.
- new IAltchaDifficultyAdvisor in Svrnty.CQRS.Altcha.Abstractions:
Task<uint?> GetComplexityAsync(...). null means "use the upstream
service's configured default."
- NullAltchaDifficultyAdvisor in Svrnty.CQRS.Altcha is the no-op
fallback registered by AddSvrntyAltcha() via TryAddSingleton, so
applications can replace it without ordering constraints.
- AltchaGrpcChallengeProvider now resolves the advisor and sets
CreateChallengeRequest.Complexity when the advisor returns a value.
The Altcha server clamps to its configured min/max, so callers
don't need to enforce bounds here.
No breaking changes to existing consumers — the no-op default keeps
behaviour identical when no advisor is registered.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Abstractions for the Altcha-based proof-of-work module:
- AltchaAttribute (AllowMobileAttestationBypass param)
- IHasAltchaSolution — marker interface for request POCOs carrying
the widget's solution payload over HTTP/gRPC transports
- IAltchaVerifier / IAltchaChallengeProvider — transport-agnostic
interfaces; default gRPC implementations ship in Svrnty.CQRS.Altcha.Grpc
- IMobileAttestationProvider — Phase 3 placeholder; concrete impls
stamp ctx.Items["mobile_attested"] for the Altcha check to read as
a bypass when AllowMobileAttestationBypass is true
- AltchaChallenge / AltchaVerifyResult DTOs
Lean dependencies — only references Svrnty.CQRS.Abstractions for the
auth-check pipeline types.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
