name: authenticated-service description: "Slack Path 1: Identity Layer. Implements User Auth, JWT generation, and Protected Middleware." version: 1 vars: project_name: "" service_name: "auth-api" feature_slug: "auth-system" steps: # --- Infrastructure --- create-project: action: api method: POST endpoint: /project body: name: "{{ .vars.project_name }}" description: "Slack Path 1: Authentication" outputs: - project_id: .data.name - domain: .data.domain add-db: description: Add PostgreSQL for user storage depends_on: [create-project] action: api method: POST endpoint: "/projects/{{ .outputs.create-project.project_id }}/components" body: type: postgres name: "main-db" outputs: - db_url: .data.connection_string add-service: description: Add API service depends_on: [add-db] action: api method: POST endpoint: "/projects/{{ .outputs.create-project.project_id }}/components" body: type: service name: "{{ .vars.service_name }}" template: service wait-init: action: wait_pipeline project_id: "{{ .outputs.create-project.project_id }}" # --- SDLC: Build Auth --- create-feature: depends_on: [wait-init] action: api method: POST endpoint: "/projects/{{ .outputs.create-project.project_id }}/sdlc/features" body: slug: "{{ .vars.feature_slug }}" title: "Authentication System" implement-auth: description: "Agent implements Login, Register, and JWT Middleware" depends_on: [create-feature] action: api method: POST endpoint: "/projects/{{ .outputs.create-project.project_id }}/builds" body: prompt: "/implement-feature {{ .vars.feature_slug }} --requirements 'User model with email/password. POST /register, POST /login (returns JWT). Middleware that checks Authorization header. GET /me returns user profile.'" auto_commit: true auto_push: true git_clone_url: "https://git.threesix.ai/jordan/{{ .outputs.create-project.project_id }}.git" outputs: - build_id: .data.task_id wait-build: action: shell command: | for i in {1..120}; do STATUS=$(curl -s "$RDEV_API_URL/builds/{{ .outputs.implement-auth.build_id }}" -H "X-API-Key: $RDEV_API_KEY" | jq -r '.data.status // .status') if [ "$STATUS" == "completed" ]; then exit 0; fi if [ "$STATUS" == "failed" ]; then exit 1; fi sleep 5 done exit 1 wait-deploy: action: wait_pipeline project_id: "{{ .outputs.create-project.project_id }}" # --- Verification --- verify-security: description: "Ensure protected routes reject unauthenticated requests" depends_on: [wait-deploy] action: shell command: | HTTP_CODE=$(curl -s -o /dev/null -w "%{{http_code}}" "https://{{ .outputs.create-project.domain }}/api/me") if [ "$HTTP_CODE" == "401" ]; then echo "Security OK"; exit 0; else echo "Fail: /me returned $HTTP_CODE"; exit 1; fi verify-login-flow: description: "Register -> Login -> Access Protected Route" depends_on: [verify-security] action: shell command: | DOMAIN="{{ .outputs.create-project.domain }}" EMAIL="test-{{ .outputs.create-project.project_id }}@example.com" # 1. Register curl -X POST "https://$DOMAIN/api/register" -d "{{\"email\":\"$EMAIL\",\"password\":\"hunter2\"}}" # 2. Login TOKEN=$(curl -s -X POST "https://$DOMAIN/api/login" -d "{{\"email\":\"$EMAIL\",\"password\":\"hunter2\"}}" | jq -r .token) # 3. Access Protected RESP=$(curl -s -H "Authorization: Bearer $TOKEN" "https://$DOMAIN/api/me") if echo "$RESP" | grep -q "$EMAIL"; then exit 0; else exit 1; fi teardown: - action: api method: DELETE endpoint: "/project/{{ .outputs.create-project.project_id }}"