Files
arnes/spec/sdd/components/auth-service.md
rikrdo 3ff9b70e4c refactor: complete bootstrap of ARNES agent harness framework
- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter)
- Implement strict workflow with 9 stages and mandatory gates
- Add comprehensive verification script and runtime status tracking
- Create artifact-based evidence system with contracts and schemas
- Add agent policy matrix with permissions and anti-cheat rules
- Include test suite (44 tests passing) and CI-ready structure
- Add documentation: README, HOWTO, CHECKPOINTS, templates
- Configure model routing policies and token-aware task assignment
- Add BDD/SDD specification guides and feature templates
- Include starter pack for quick project onboarding

All verification checks pass. Framework ready for production use.
2026-05-17 23:25:35 +02:00

1.5 KiB

AuthService Component

Purpose

Handle user authentication (login/logout) with JWT tokens.

Public API

Methods

login(email: str, password: str) -> AuthResult

Authenticate user with email and password.

Parameters:

  • email: User email address
  • password: User password

Returns:

  • AuthResult with access_token, refresh_token, expires_in

Raises:

  • InvalidCredentialsError: Email or password incorrect
  • AccountLockedError: Account temporarily locked
  • ValidationError: Invalid input format

logout(user_id: str, token_id: str) -> bool

Invalidate a specific session/token.

Parameters:

  • user_id: User ID
  • token_id: JWT jti (token identifier)

Returns: True if successful

logout_all(user_id: str) -> int

Invalidate all sessions for a user.

Parameters:

  • user_id: User ID

Returns: Number of sessions invalidated

refresh(refresh_token: str) -> AuthResult

Get new access token from refresh token.

Parameters:

  • refresh_token: Valid refresh token

Returns: New AuthResult with access_token

Raises:

  • InvalidTokenError: Token expired or invalid

Dependencies

  • TokenService: JWT generation/validation
  • SessionStore: Track active sessions
  • UserRepository: Fetch user data
  • PasswordService: Verify password (from F-003)

Configuration

LOGIN_RATE_LIMIT = 10  # attempts per window
RATE_LIMIT_WINDOW = 900  # 15 minutes
ACCOUNT_LOCKOUT_DURATION = 1800  # 30 minutes