Files
arnes/spec/sdd/components/session-store.md
rikrdo 3ff9b70e4c refactor: complete bootstrap of ARNES agent harness framework
- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter)
- Implement strict workflow with 9 stages and mandatory gates
- Add comprehensive verification script and runtime status tracking
- Create artifact-based evidence system with contracts and schemas
- Add agent policy matrix with permissions and anti-cheat rules
- Include test suite (44 tests passing) and CI-ready structure
- Add documentation: README, HOWTO, CHECKPOINTS, templates
- Configure model routing policies and token-aware task assignment
- Add BDD/SDD specification guides and feature templates
- Include starter pack for quick project onboarding

All verification checks pass. Framework ready for production use.
2026-05-17 23:25:35 +02:00

75 lines
1.5 KiB
Markdown

# SessionStore Component
## Purpose
Manage active user sessions in Redis for fast authentication and revocation.
## Public API
### Methods
#### create_session(user_id: str, token_id: str, metadata: dict) -> bool
Store a new active session.
**Parameters:**
- `user_id`: User identifier
- `token_id`: JWT jti (unique token ID)
- `metadata`: Optional data (IP, user agent, device)
**Returns:** True if created
#### get_session(token_id: str) -> Session | None
Retrieve active session info.
**Parameters:**
- `token_id`: JWT jti
**Returns:** Session object or None if expired/revoked
#### revoke_session(token_id: str) -> bool
Invalidate a specific session.
**Parameters:**
- `token_id`: JWT jti
**Returns:** True if revoked
#### revoke_all_user_sessions(user_id: str) -> int
Invalidate all sessions for a user.
**Parameters:**
- `user_id`: User identifier
**Returns:** Count of sessions revoked
#### get_user_session_count(user_id: str) -> int
Count active sessions for a user.
**Parameters:**
- `user_id`: User identifier
**Returns:** Number of active sessions
---
## Redis Keys Structure
```
session:{user_id}:{token_id} -> JSON session metadata
user_sessions:{user_id} -> SET of active token_ids
rate_limit:login:{ip} -> COUNT with TTL
```
## TTL
- Session tokens: 15 minutes (synced with access token)
- Rate limit counters: 15 minutes
## Dependencies
- Redis connection (via aioredis)
- TokenService (for token ID generation)
## Configuration
```python
SESSION_TTL = 900 # 15 minutes
MAX_SESSIONS_PER_USER = 10
RATE_LIMIT_WINDOW = 900 # 15 minutes
```