- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter) - Implement strict workflow with 9 stages and mandatory gates - Add comprehensive verification script and runtime status tracking - Create artifact-based evidence system with contracts and schemas - Add agent policy matrix with permissions and anti-cheat rules - Include test suite (44 tests passing) and CI-ready structure - Add documentation: README, HOWTO, CHECKPOINTS, templates - Configure model routing policies and token-aware task assignment - Add BDD/SDD specification guides and feature templates - Include starter pack for quick project onboarding All verification checks pass. Framework ready for production use.
1.5 KiB
1.5 KiB
SessionStore Component
Purpose
Manage active user sessions in Redis for fast authentication and revocation.
Public API
Methods
create_session(user_id: str, token_id: str, metadata: dict) -> bool
Store a new active session.
Parameters:
user_id: User identifiertoken_id: JWT jti (unique token ID)metadata: Optional data (IP, user agent, device)
Returns: True if created
get_session(token_id: str) -> Session | None
Retrieve active session info.
Parameters:
token_id: JWT jti
Returns: Session object or None if expired/revoked
revoke_session(token_id: str) -> bool
Invalidate a specific session.
Parameters:
token_id: JWT jti
Returns: True if revoked
revoke_all_user_sessions(user_id: str) -> int
Invalidate all sessions for a user.
Parameters:
user_id: User identifier
Returns: Count of sessions revoked
get_user_session_count(user_id: str) -> int
Count active sessions for a user.
Parameters:
user_id: User identifier
Returns: Number of active sessions
Redis Keys Structure
session:{user_id}:{token_id} -> JSON session metadata
user_sessions:{user_id} -> SET of active token_ids
rate_limit:login:{ip} -> COUNT with TTL
TTL
- Session tokens: 15 minutes (synced with access token)
- Rate limit counters: 15 minutes
Dependencies
- Redis connection (via aioredis)
- TokenService (for token ID generation)
Configuration
SESSION_TTL = 900 # 15 minutes
MAX_SESSIONS_PER_USER = 10
RATE_LIMIT_WINDOW = 900 # 15 minutes