rdev/cookbooks/trees/slackpath-1-authenticated-service.yaml

name: authenticated-service
description: "Slack Path 1: Identity Layer. Implements User Auth, JWT generation, and Protected Middleware."
version: 1

vars:
  project_name: ""
  service_name: "auth-api"
  feature_slug: "auth-system"

steps:
  # --- Infrastructure ---
  create-project:
    action: api
    method: POST
    endpoint: /project
    body:
      name: "{{ .vars.project_name }}"
      description: "Slack Path 1: Authentication"
    outputs:
      - project_id: .data.name
      - domain: .data.domain

  add-db:
    description: Add PostgreSQL for user storage
    depends_on: [create-project]
    action: api
    method: POST
    endpoint: "/projects/{{ .outputs.create-project.project_id }}/components"
    body:
      type: postgres
      name: "main-db"
    outputs:
      - db_url: .data.connection_string

  add-service:
    description: Add API service
    depends_on: [add-db]
    action: api
    method: POST
    endpoint: "/projects/{{ .outputs.create-project.project_id }}/components"
    body:
      type: service
      name: "{{ .vars.service_name }}"
      template: service

  wait-init:
    action: wait_pipeline
    project_id: "{{ .outputs.create-project.project_id }}"

  # --- SDLC: Build Auth ---
  create-feature:
    depends_on: [wait-init]
    action: api
    method: POST
    endpoint: "/projects/{{ .outputs.create-project.project_id }}/sdlc/features"
    body:
      slug: "{{ .vars.feature_slug }}"
      title: "Authentication System"

implement-auth:
    description: "Agent implements Login, Register, and JWT Middleware"
    depends_on: [create-feature]
    action: api
    method: POST
    endpoint: "/projects/{{ .outputs.create-project.project_id }}/builds"
    body:
      prompt: "/implement-feature {{ .vars.feature_slug }} --requirements 'User model with email/password. POST /register, POST /login (returns JWT). Middleware that checks Authorization header. GET /me returns user profile.'"
      auto_commit: true
      auto_push: true
      git_clone_url: "https://git.threesix.ai/jordan/{{ .outputs.create-project.project_id }}.git"
    outputs:
      - build_id: .data.task_id

  wait-build:
    action: shell
    command: |
      for i in {1..120}; do
        STATUS=$(curl -s "$RDEV_API_URL/builds/{{ .outputs.implement-auth.build_id }}" -H "X-API-Key: $RDEV_API_KEY" | jq -r '.data.status // .status')
        if [ "$STATUS" == "completed" ]; then exit 0; fi
        if [ "$STATUS" == "failed" ]; then exit 1; fi
        sleep 5
      done
      exit 1      

  wait-deploy:
    action: wait_pipeline
    project_id: "{{ .outputs.create-project.project_id }}"

  # --- Verification ---
  verify-security:
    description: "Ensure protected routes reject unauthenticated requests"
    depends_on: [wait-deploy]
    action: shell
    command: |
      HTTP_CODE=$(curl -s -o /dev/null -w "%{{http_code}}" "https://{{ .outputs.create-project.domain }}/api/me")
      if [ "$HTTP_CODE" == "401" ]; then echo "Security OK"; exit 0; else echo "Fail: /me returned $HTTP_CODE"; exit 1; fi      

  verify-login-flow:
    description: "Register -> Login -> Access Protected Route"
    depends_on: [verify-security]
    action: shell
    command: |
      DOMAIN="{{ .outputs.create-project.domain }}"
      EMAIL="test-{{ .outputs.create-project.project_id }}@example.com"
      
      # 1. Register
      curl -X POST "https://$DOMAIN/api/register" -d "{{\"email\":\"$EMAIL\",\"password\":\"hunter2\"}}"
      
      # 2. Login
      TOKEN=$(curl -s -X POST "https://$DOMAIN/api/login" -d "{{\"email\":\"$EMAIL\",\"password\":\"hunter2\"}}" | jq -r .token)
      
      # 3. Access Protected
      RESP=$(curl -s -H "Authorization: Bearer $TOKEN" "https://$DOMAIN/api/me")
      if echo "$RESP" | grep -q "$EMAIL"; then exit 0; else exit 1; fi      

teardown:
  - action: api
    method: DELETE
    endpoint: "/project/{{ .outputs.create-project.project_id }}"