62a9bbb237
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
RC-1: Gitea org fallback already removed (no-op, confirmed) RC-3: Push/pull now explicitly target origin main (HEAD:main) in both pod_git_operations.go and claudebox/git.go — fixes Woodpecker webhook trigger by ensuring pushes always land on the main branch RC-4: wait_for_pipeline records baseline pipeline number before polling; only returns success when a NEWER pipeline completes — prevents false positive when a prior pipeline was already success RC-5: Redis WRONGPASS fixed on live persona-community-5 instance; platform gap noted (no reprovision endpoint for Redis ACL drift) RC-6: Removed on_error:continue from all infra provisioning steps (add-db, add-redis) across persona-community, slackpath-2/3/4/5 trees — infra failures now fail the tree instead of silently continuing to a crash RC-7: Added .pnpm-store/ to skeleton .gitignore — prevents thousands of cache files being committed by agents after pnpm install RC-2: Updated all 12 cookbook trees — git_clone_url jordan/ → threesix/ (24 occurrences across all slackpath, aeries, full-stack, genkit trees) Also: strings.Cut and strings.SplitSeq lint fixes in pod_git_operations.go and claudebox/git.go Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
174 lines
5.6 KiB
YAML
174 lines
5.6 KiB
YAML
name: authenticated-service
|
|
description: "Slack Path 1: Identity Layer. Implements User Auth, JWT generation, and Protected Middleware."
|
|
version: 1
|
|
|
|
vars:
|
|
project_name: ""
|
|
service_name: "auth-api"
|
|
feature_slug: "auth-system"
|
|
|
|
steps:
|
|
# --- Infrastructure ---
|
|
create-project:
|
|
action: api
|
|
method: POST
|
|
endpoint: /project
|
|
body:
|
|
name: "{{ .vars.project_name }}"
|
|
description: "Slack Path 1: Authentication"
|
|
outputs:
|
|
- project_id: .data.name
|
|
- domain: .data.domain
|
|
|
|
add-db:
|
|
description: Add CockroachDB for user storage
|
|
depends_on: [create-project]
|
|
action: api
|
|
method: POST
|
|
endpoint: "/projects/{{ .outputs.create-project.project_id }}/components"
|
|
body:
|
|
type: postgres
|
|
name: "main-db"
|
|
outputs:
|
|
- db_url: .data.connection_string
|
|
|
|
add-service:
|
|
description: Add API service
|
|
depends_on: [add-db]
|
|
action: api
|
|
method: POST
|
|
endpoint: "/projects/{{ .outputs.create-project.project_id }}/components"
|
|
body:
|
|
type: service
|
|
name: "{{ .vars.service_name }}"
|
|
template: service
|
|
|
|
wait-init:
|
|
depends_on: [add-service]
|
|
action: wait_pipeline
|
|
project_id: "{{ .outputs.create-project.project_id }}"
|
|
|
|
verify-notify-domain:
|
|
description: Wait for the project email domain to be verified by Resend
|
|
depends_on: [wait-init]
|
|
on_error: continue
|
|
action: shell
|
|
command: |
|
|
PROJECT_ID="{{ .outputs.create-project.project_id }}"
|
|
API_URL="${RDEV_API_URL:-https://rdev.masq-ops.orchard9.ai}"
|
|
for i in $(seq 1 12); do
|
|
STATUS=$(curl -sf "$API_URL/projects/$PROJECT_ID/notify/status" \
|
|
-H "X-API-Key: $RDEV_API_KEY" | jq -r '.data.status // empty' 2>/dev/null)
|
|
echo "notify domain status (attempt $i/12): $STATUS"
|
|
if [ "$STATUS" = "verified" ]; then
|
|
echo "Email domain verified — OTP and auth emails will work"
|
|
exit 0
|
|
fi
|
|
if [ "$STATUS" = "not_configured" ]; then
|
|
echo "Notify not configured — skipping"
|
|
exit 0
|
|
fi
|
|
sleep 30
|
|
done
|
|
echo "Email domain not verified after 6 minutes — continuing, but OTP emails may fail"
|
|
exit 0
|
|
|
|
# --- SDLC: Build Auth ---
|
|
create-feature:
|
|
depends_on: [verify-notify-domain]
|
|
action: api
|
|
method: POST
|
|
endpoint: "/projects/{{ .outputs.create-project.project_id }}/sdlc/features"
|
|
body:
|
|
slug: "{{ .vars.feature_slug }}"
|
|
title: "Authentication System"
|
|
|
|
implement-auth:
|
|
description: "Agent implements Login, Register, and JWT Middleware"
|
|
depends_on: [create-feature]
|
|
action: api
|
|
method: POST
|
|
endpoint: "/projects/{{ .outputs.create-project.project_id }}/builds"
|
|
body:
|
|
prompt: "/implement-feature {{ .vars.feature_slug }} --requirements 'User model with email/password. POST /register, POST /login (returns JWT). Middleware that checks Authorization header. GET /me returns user profile.'"
|
|
auto_commit: true
|
|
auto_push: true
|
|
git_clone_url: "https://git.threesix.ai/threesix/{{ .outputs.create-project.project_id }}.git"
|
|
outputs:
|
|
- build_id: .data.task_id
|
|
|
|
wait-build:
|
|
description: Wait for agent code generation
|
|
depends_on: [implement-auth]
|
|
action: wait_build
|
|
build_id: "{{ .outputs.implement-auth.build_id }}"
|
|
max_attempts: 120
|
|
poll_interval: 5
|
|
|
|
wait-deploy:
|
|
depends_on: [wait-build]
|
|
action: wait_pipeline
|
|
project_id: "{{ .outputs.create-project.project_id }}"
|
|
|
|
# --- Verification ---
|
|
verify-service-running:
|
|
description: "Verify the auth service is running and reachable"
|
|
depends_on: [wait-deploy]
|
|
action: shell
|
|
command: |
|
|
DOMAIN="{{ .outputs.create-project.domain }}"
|
|
SERVICE_NAME="{{ .vars.service_name }}"
|
|
|
|
# Check health endpoint
|
|
HEALTH=$(curl -s "https://$DOMAIN/api/$SERVICE_NAME/health" | jq -r '.data.status // empty')
|
|
if [ "$HEALTH" == "healthy" ]; then
|
|
echo "Service healthy: /api/$SERVICE_NAME/health returned healthy"
|
|
exit 0
|
|
else
|
|
echo "Fail: service not healthy"
|
|
exit 1
|
|
fi
|
|
|
|
verify-login-flow:
|
|
description: "Register -> Login -> Access Protected Route (optional - depends on agent implementation)"
|
|
depends_on: [verify-service-running]
|
|
on_error: continue
|
|
action: shell
|
|
command: |
|
|
DOMAIN="{{ .outputs.create-project.domain }}"
|
|
SERVICE_NAME="{{ .vars.service_name }}"
|
|
PROJECT_ID="{{ .outputs.create-project.project_id }}"
|
|
EMAIL="test-${PROJECT_ID}@example.com"
|
|
BASE_URL="https://$DOMAIN/api/$SERVICE_NAME"
|
|
|
|
# 1. Register
|
|
echo "Registering $EMAIL..."
|
|
REGISTER_RESP=$(curl -s -X POST "$BASE_URL/register" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"$EMAIL\",\"password\":\"hunter2\"}")
|
|
echo "Register response: $REGISTER_RESP"
|
|
|
|
# 2. Login
|
|
echo "Logging in..."
|
|
LOGIN_RESP=$(curl -s -X POST "$BASE_URL/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"$EMAIL\",\"password\":\"hunter2\"}")
|
|
echo "Login response: $LOGIN_RESP"
|
|
TOKEN=$(echo "$LOGIN_RESP" | jq -r .token)
|
|
|
|
if [ -z "$TOKEN" ] || [ "$TOKEN" == "null" ]; then
|
|
echo "Failed: Could not get token from login response"
|
|
exit 1
|
|
fi
|
|
|
|
# 3. Access Protected
|
|
echo "Accessing protected route..."
|
|
RESP=$(curl -s -H "Authorization: Bearer $TOKEN" "$BASE_URL/me")
|
|
echo "Protected response: $RESP"
|
|
if echo "$RESP" | grep -q "$EMAIL"; then echo "Login flow OK"; exit 0; else echo "Failed: Email not found in response"; exit 1; fi
|
|
|
|
teardown:
|
|
- action: api
|
|
method: DELETE
|
|
endpoint: "/project/{{ .outputs.create-project.project_id }}"
|