- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter) - Implement strict workflow with 9 stages and mandatory gates - Add comprehensive verification script and runtime status tracking - Create artifact-based evidence system with contracts and schemas - Add agent policy matrix with permissions and anti-cheat rules - Include test suite (44 tests passing) and CI-ready structure - Add documentation: README, HOWTO, CHECKPOINTS, templates - Configure model routing policies and token-aware task assignment - Add BDD/SDD specification guides and feature templates - Include starter pack for quick project onboarding All verification checks pass. Framework ready for production use.
75 lines
1.5 KiB
Markdown
75 lines
1.5 KiB
Markdown
# SessionStore Component
|
|
|
|
## Purpose
|
|
Manage active user sessions in Redis for fast authentication and revocation.
|
|
|
|
## Public API
|
|
|
|
### Methods
|
|
|
|
#### create_session(user_id: str, token_id: str, metadata: dict) -> bool
|
|
Store a new active session.
|
|
|
|
**Parameters:**
|
|
- `user_id`: User identifier
|
|
- `token_id`: JWT jti (unique token ID)
|
|
- `metadata`: Optional data (IP, user agent, device)
|
|
|
|
**Returns:** True if created
|
|
|
|
#### get_session(token_id: str) -> Session | None
|
|
Retrieve active session info.
|
|
|
|
**Parameters:**
|
|
- `token_id`: JWT jti
|
|
|
|
**Returns:** Session object or None if expired/revoked
|
|
|
|
#### revoke_session(token_id: str) -> bool
|
|
Invalidate a specific session.
|
|
|
|
**Parameters:**
|
|
- `token_id`: JWT jti
|
|
|
|
**Returns:** True if revoked
|
|
|
|
#### revoke_all_user_sessions(user_id: str) -> int
|
|
Invalidate all sessions for a user.
|
|
|
|
**Parameters:**
|
|
- `user_id`: User identifier
|
|
|
|
**Returns:** Count of sessions revoked
|
|
|
|
#### get_user_session_count(user_id: str) -> int
|
|
Count active sessions for a user.
|
|
|
|
**Parameters:**
|
|
- `user_id`: User identifier
|
|
|
|
**Returns:** Number of active sessions
|
|
|
|
---
|
|
|
|
## Redis Keys Structure
|
|
|
|
```
|
|
session:{user_id}:{token_id} -> JSON session metadata
|
|
user_sessions:{user_id} -> SET of active token_ids
|
|
rate_limit:login:{ip} -> COUNT with TTL
|
|
```
|
|
|
|
## TTL
|
|
- Session tokens: 15 minutes (synced with access token)
|
|
- Rate limit counters: 15 minutes
|
|
|
|
## Dependencies
|
|
- Redis connection (via aioredis)
|
|
- TokenService (for token ID generation)
|
|
|
|
## Configuration
|
|
```python
|
|
SESSION_TTL = 900 # 15 minutes
|
|
MAX_SESSIONS_PER_USER = 10
|
|
RATE_LIMIT_WINDOW = 900 # 15 minutes
|
|
``` |