logout.py DOX

Purpose

Own the logout.py API endpoint.
This module clears login/session state for the current client.
Keep this file-level DOX profile synchronized with logout.py because this directory is intentionally flat.

logout.py owns the runtime implementation.
logout.py.dox.md owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
Classes:
ApiLogout (ApiHandler)
- requires_auth(cls) -> bool
- async process(self, input: dict, request: Request) -> dict

HTTP handlers must derive from helpers.api.ApiHandler; WebSocket handlers must derive from helpers.ws.WsHandler.
Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
ApiLogout is an ApiHandler.
ApiLogout defines process(...).
ApiLogout defines requires_auth(...).
Observed side-effect areas: secret handling.
Imported dependency areas include: helpers.api.

Important called helpers/classes observed in the source: session.clear, session.pop.
Keep request/response, tool, or helper semantics documented here at the same time as source changes.

Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
Update frontend callers, plugin callers, and tests together when payload shape changes.
Use helpers.api.Response for non-JSON responses, files, redirects, or status-specific replies.

Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
Related tests observed by source search:
- tests/test_office_document_store.py

No child DOX files.