refactor: complete bootstrap of ARNES agent harness framework
- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter) - Implement strict workflow with 9 stages and mandatory gates - Add comprehensive verification script and runtime status tracking - Create artifact-based evidence system with contracts and schemas - Add agent policy matrix with permissions and anti-cheat rules - Include test suite (44 tests passing) and CI-ready structure - Add documentation: README, HOWTO, CHECKPOINTS, templates - Configure model routing policies and token-aware task assignment - Add BDD/SDD specification guides and feature templates - Include starter pack for quick project onboarding All verification checks pass. Framework ready for production use.
This commit is contained in:
65
spec/sdd/components/auth-service.md
Normal file
65
spec/sdd/components/auth-service.md
Normal file
@@ -0,0 +1,65 @@
|
||||
# AuthService Component
|
||||
|
||||
## Purpose
|
||||
Handle user authentication (login/logout) with JWT tokens.
|
||||
|
||||
## Public API
|
||||
|
||||
### Methods
|
||||
|
||||
#### login(email: str, password: str) -> AuthResult
|
||||
Authenticate user with email and password.
|
||||
|
||||
**Parameters:**
|
||||
- `email`: User email address
|
||||
- `password`: User password
|
||||
|
||||
**Returns:**
|
||||
- `AuthResult` with access_token, refresh_token, expires_in
|
||||
|
||||
**Raises:**
|
||||
- `InvalidCredentialsError`: Email or password incorrect
|
||||
- `AccountLockedError`: Account temporarily locked
|
||||
- `ValidationError`: Invalid input format
|
||||
|
||||
#### logout(user_id: str, token_id: str) -> bool
|
||||
Invalidate a specific session/token.
|
||||
|
||||
**Parameters:**
|
||||
- `user_id`: User ID
|
||||
- `token_id`: JWT jti (token identifier)
|
||||
|
||||
**Returns:** True if successful
|
||||
|
||||
#### logout_all(user_id: str) -> int
|
||||
Invalidate all sessions for a user.
|
||||
|
||||
**Parameters:**
|
||||
- `user_id`: User ID
|
||||
|
||||
**Returns:** Number of sessions invalidated
|
||||
|
||||
#### refresh(refresh_token: str) -> AuthResult
|
||||
Get new access token from refresh token.
|
||||
|
||||
**Parameters:**
|
||||
- `refresh_token`: Valid refresh token
|
||||
|
||||
**Returns:** New AuthResult with access_token
|
||||
|
||||
**Raises:**
|
||||
- `InvalidTokenError`: Token expired or invalid
|
||||
|
||||
---
|
||||
|
||||
## Dependencies
|
||||
- `TokenService`: JWT generation/validation
|
||||
- `SessionStore`: Track active sessions
|
||||
- `UserRepository`: Fetch user data
|
||||
- `PasswordService`: Verify password (from F-003)
|
||||
|
||||
## Configuration
|
||||
```python
|
||||
LOGIN_RATE_LIMIT = 10 # attempts per window
|
||||
RATE_LIMIT_WINDOW = 900 # 15 minutes
|
||||
ACCOUNT_LOCKOUT_DURATION = 1800 # 30 minutes
|
||||
Reference in New Issue
Block a user