jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fa0d030def
rdev/cookbooks/trees/slackpath-1-authenticated-service.yaml
jordan fa0d030def
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
feat: improve notify domain verification reliability and add status endpoints 
- Add verifyWithRetry to provisioner: 60s initial DNS propagation delay,
  5 retries with 30s backoff before marking verification as failed
- Add GetNotifyDomainStatus: polls Resend API for domain verification status,
  returns "not_configured" when Resend not set up
- Add VerifyProjectNotify: synchronous re-verification for handler use
- Add getDomainStatus to resendAPI interface + resendClient implementation
- Add NotifyDomainStatus domain struct (host, resend_domain_id, status)
- Guard NOTIFY_RESEND_DOMAIN_ID storage against empty string writes
- New handler: GET /projects/{id}/notify/status (returns verification state)
- New handler: POST /projects/{id}/notify/verify (triggers re-verification)
- Add verify-notify-domain cookbook step to persona-community,
  slackpath-1, and slackpath-4 trees (polls status for up to 6 min)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-23 16:25:55 -07:00

174 lines
5.6 KiB
YAML
Raw Blame History

name: authenticated-service
description: "Slack Path 1: Identity Layer. Implements User Auth, JWT generation, and Protected Middleware."
version: 1
vars:
project_name: ""
service_name: "auth-api"
feature_slug: "auth-system"
steps:
# --- Infrastructure ---
create-project:
action: api
method: POST
endpoint: /project
body:
name: "{{ .vars.project_name }}"
description: "Slack Path 1: Authentication"
outputs:
- project_id: .data.name
- domain: .data.domain
add-db:
description: Add CockroachDB for user storage
depends_on: [create-project]
action: api
method: POST
endpoint: "/projects/{{ .outputs.create-project.project_id }}/components"
body:
type: postgres
name: "main-db"
outputs:
- db_url: .data.connection_string
add-service:
description: Add API service
depends_on: [add-db]
action: api
method: POST
endpoint: "/projects/{{ .outputs.create-project.project_id }}/components"
body:
type: service
name: "{{ .vars.service_name }}"
template: service
wait-init:
depends_on: [add-service]
action: wait_pipeline
project_id: "{{ .outputs.create-project.project_id }}"
verify-notify-domain:
description: Wait for the project email domain to be verified by Resend
depends_on: [wait-init]
on_error: continue
action: shell
command: |
PROJECT_ID="{{ .outputs.create-project.project_id }}"
API_URL="${RDEV_API_URL:-https://rdev.masq-ops.orchard9.ai}"
for i in $(seq 1 12); do
STATUS=$(curl -sf "$API_URL/projects/$PROJECT_ID/notify/status" \
-H "X-API-Key: $RDEV_API_KEY" | jq -r '.data.status // empty' 2>/dev/null)
echo "notify domain status (attempt $i/12): $STATUS"
if [ "$STATUS" = "verified" ]; then
echo "Email domain verified — OTP and auth emails will work"
exit 0
fi
if [ "$STATUS" = "not_configured" ]; then
echo "Notify not configured — skipping"
exit 0
fi
sleep 30
done
echo "Email domain not verified after 6 minutes — continuing, but OTP emails may fail"
exit 0
# --- SDLC: Build Auth ---
create-feature:
depends_on: [verify-notify-domain]
action: api
method: POST
endpoint: "/projects/{{ .outputs.create-project.project_id }}/sdlc/features"
body:
slug: "{{ .vars.feature_slug }}"
title: "Authentication System"
implement-auth:
description: "Agent implements Login, Register, and JWT Middleware"
depends_on: [create-feature]
action: api
method: POST
endpoint: "/projects/{{ .outputs.create-project.project_id }}/builds"
body:
prompt: "/implement-feature {{ .vars.feature_slug }} --requirements 'User model with email/password. POST /register, POST /login (returns JWT). Middleware that checks Authorization header. GET /me returns user profile.'"
auto_commit: true
auto_push: true
git_clone_url: "https://git.threesix.ai/jordan/{{ .outputs.create-project.project_id }}.git"
outputs:
- build_id: .data.task_id
wait-build:
description: Wait for agent code generation
depends_on: [implement-auth]
action: wait_build
build_id: "{{ .outputs.implement-auth.build_id }}"
max_attempts: 120
poll_interval: 5
wait-deploy:
depends_on: [wait-build]
action: wait_pipeline
project_id: "{{ .outputs.create-project.project_id }}"
# --- Verification ---
verify-service-running:
description: "Verify the auth service is running and reachable"
depends_on: [wait-deploy]
action: shell
command: |
DOMAIN="{{ .outputs.create-project.domain }}"
SERVICE_NAME="{{ .vars.service_name }}"
# Check health endpoint
HEALTH=$(curl -s "https://$DOMAIN/api/$SERVICE_NAME/health" | jq -r '.data.status // empty')
if [ "$HEALTH" == "healthy" ]; then
echo "Service healthy: /api/$SERVICE_NAME/health returned healthy"
exit 0
else
echo "Fail: service not healthy"
exit 1
fi
verify-login-flow:
description: "Register -> Login -> Access Protected Route (optional - depends on agent implementation)"
depends_on: [verify-service-running]
on_error: continue
action: shell
command: |
DOMAIN="{{ .outputs.create-project.domain }}"
SERVICE_NAME="{{ .vars.service_name }}"
PROJECT_ID="{{ .outputs.create-project.project_id }}"
EMAIL="test-${PROJECT_ID}@example.com"
BASE_URL="https://$DOMAIN/api/$SERVICE_NAME"
# 1. Register
echo "Registering $EMAIL..."
REGISTER_RESP=$(curl -s -X POST "$BASE_URL/register" \
-H "Content-Type: application/json" \
-d "{\"email\":\"$EMAIL\",\"password\":\"hunter2\"}")
echo "Register response: $REGISTER_RESP"
# 2. Login
echo "Logging in..."
LOGIN_RESP=$(curl -s -X POST "$BASE_URL/login" \
-H "Content-Type: application/json" \
-d "{\"email\":\"$EMAIL\",\"password\":\"hunter2\"}")
echo "Login response: $LOGIN_RESP"
TOKEN=$(echo "$LOGIN_RESP" | jq -r .token)
if [ -z "$TOKEN" ] || [ "$TOKEN" == "null" ]; then
echo "Failed: Could not get token from login response"
exit 1
fi
# 3. Access Protected
echo "Accessing protected route..."
RESP=$(curl -s -H "Authorization: Bearer $TOKEN" "$BASE_URL/me")
echo "Protected response: $RESP"
if echo "$RESP" | grep -q "$EMAIL"; then echo "Login flow OK"; exit 0; else echo "Failed: Email not found in response"; exit 1; fi
teardown:
- action: api
method: DELETE
endpoint: "/project/{{ .outputs.create-project.project_id }}"
Reference in New Issue View Git Blame Copy Permalink