- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter) - Implement strict workflow with 9 stages and mandatory gates - Add comprehensive verification script and runtime status tracking - Create artifact-based evidence system with contracts and schemas - Add agent policy matrix with permissions and anti-cheat rules - Include test suite (44 tests passing) and CI-ready structure - Add documentation: README, HOWTO, CHECKPOINTS, templates - Configure model routing policies and token-aware task assignment - Add BDD/SDD specification guides and feature templates - Include starter pack for quick project onboarding All verification checks pass. Framework ready for production use.
1.4 KiB
1.4 KiB
TokenService Component
Purpose
Generate, validate, and manage JWT tokens.
Public API
Methods
create_access_token(user: User) -> str
Generate a new JWT access token.
Parameters:
user: User object with id, email, role
Returns: JWT token string
Token claims:
{
"sub": user.id,
"email": user.email,
"role": user.role,
"iat": current_timestamp,
"exp": current_timestamp + 900, # 15 min
"jti": uuid4()
}
create_refresh_token(user: User) -> str
Generate a new refresh token.
Returns: JWT refresh token (7 day expiration)
verify_token(token: str) -> TokenPayload
Validate and decode a JWT token.
Parameters:
token: JWT token string
Returns: TokenPayload with claims
Raises:
ExpiredSignatureError: Token expiredInvalidTokenError: Token invalid/malformed
revoke_token(token_id: str, user_id: str) -> bool
Mark a token as revoked in session store.
Parameters:
token_id: JWT jti claimuser_id: User ID
Returns: True if revoked
Configuration
ACCESS_TOKEN_EXPIRE = 900 # 15 minutes
REFRESH_TOKEN_EXPIRE = 604800 # 7 days
ALGORITHM = "HS256" # or RS256 with key pair
SECRET_KEY = os.getenv("JWT_SECRET")
Security
- Tokens include unique
jticlaim for revocation tracking - Short access token duration minimizes theft window
- Refresh tokens stored in Redis for fast revocation