Files
arnes/spec/sdd/components/session-store.md
rikrdo 3ff9b70e4c refactor: complete bootstrap of ARNES agent harness framework
- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter)
- Implement strict workflow with 9 stages and mandatory gates
- Add comprehensive verification script and runtime status tracking
- Create artifact-based evidence system with contracts and schemas
- Add agent policy matrix with permissions and anti-cheat rules
- Include test suite (44 tests passing) and CI-ready structure
- Add documentation: README, HOWTO, CHECKPOINTS, templates
- Configure model routing policies and token-aware task assignment
- Add BDD/SDD specification guides and feature templates
- Include starter pack for quick project onboarding

All verification checks pass. Framework ready for production use.
2026-05-17 23:25:35 +02:00

1.5 KiB

SessionStore Component

Purpose

Manage active user sessions in Redis for fast authentication and revocation.

Public API

Methods

create_session(user_id: str, token_id: str, metadata: dict) -> bool

Store a new active session.

Parameters:

  • user_id: User identifier
  • token_id: JWT jti (unique token ID)
  • metadata: Optional data (IP, user agent, device)

Returns: True if created

get_session(token_id: str) -> Session | None

Retrieve active session info.

Parameters:

  • token_id: JWT jti

Returns: Session object or None if expired/revoked

revoke_session(token_id: str) -> bool

Invalidate a specific session.

Parameters:

  • token_id: JWT jti

Returns: True if revoked

revoke_all_user_sessions(user_id: str) -> int

Invalidate all sessions for a user.

Parameters:

  • user_id: User identifier

Returns: Count of sessions revoked

get_user_session_count(user_id: str) -> int

Count active sessions for a user.

Parameters:

  • user_id: User identifier

Returns: Number of active sessions


Redis Keys Structure

session:{user_id}:{token_id} -> JSON session metadata
user_sessions:{user_id} -> SET of active token_ids
rate_limit:login:{ip} -> COUNT with TTL

TTL

  • Session tokens: 15 minutes (synced with access token)
  • Rate limit counters: 15 minutes

Dependencies

  • Redis connection (via aioredis)
  • TokenService (for token ID generation)

Configuration

SESSION_TTL = 900  # 15 minutes
MAX_SESSIONS_PER_USER = 10
RATE_LIMIT_WINDOW = 900  # 15 minutes