744c149300
Some checks failed
Build and Deploy Docs / build-and-deploy (push) Has been cancelled
- Created logs/ structure (sessions, operations, incidents) - Added session-start/log/end scripts - Installed Git hooks for auto-logging commits/pushes - Added shell integration for zsh - Created CHANGELOG.md - Documented today's session (2026-01-10)
Auth Service
Port: 7011
Purpose: Identity & session management for DAARION
Features
✅ Session Management:
- Login with email (Phase 4: mock users)
- Session tokens (7-day expiry)
- Logout
✅ API Keys:
- Create API keys for programmatic access
- List/delete keys
- Optional expiration
✅ Actor Context:
- Unified ActorIdentity model
- Supports: human, agent, service actors
- MicroDAO membership + roles
Actor Model
ActorIdentity
{
"actor_id": "user:93",
"actor_type": "human",
"microdao_ids": ["microdao:daarion", "microdao:7"],
"roles": ["member", "microdao_owner"]
}
Actor Types:
human— Real usersagent— AI agentsservice— Internal services (llm-proxy, etc.)
Roles:
system_admin— Full system accessmicrodao_owner— Owner of a microDAOadmin— Admin in a microDAOmember— Regular memberagent— Agent role
API
POST /auth/login
curl -X POST http://localhost:7011/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@daarion.city",
"password": "any"
}'
Response:
{
"session_token": "...",
"actor": {
"actor_id": "user:93",
"actor_type": "human",
"microdao_ids": ["microdao:daarion"],
"roles": ["member"]
},
"expires_at": "2025-12-01T12:00:00Z"
}
Mock Users (Phase 4):
admin@daarion.city→ system_adminuser@daarion.city→ regular usersofia@agents.daarion.city→ agent
GET /auth/me
Get current actor:
curl http://localhost:7011/auth/me \
-H "Authorization: Bearer <session_token>"
POST /auth/logout
curl -X POST http://localhost:7011/auth/logout \
-H "Authorization: Bearer <session_token>"
POST /auth/api-keys
Create API key:
curl -X POST http://localhost:7011/auth/api-keys \
-H "Authorization: Bearer <session_token>" \
-H "Content-Type: application/json" \
-d '{
"description": "My API key",
"expires_days": 30
}'
Response:
{
"id": "key-123",
"key": "dk_abc123...",
"actor_id": "user:93",
"description": "My API key",
"created_at": "...",
"expires_at": "..."
}
⚠️ Key shown only once!
GET /auth/api-keys
List keys:
curl http://localhost:7011/auth/api-keys \
-H "Authorization: Bearer <session_token>"
DELETE /auth/api-keys/{key_id}
curl -X DELETE http://localhost:7011/auth/api-keys/key-123 \
-H "Authorization: Bearer <session_token>"
Integration
In Other Services
from actor_context import require_actor
from models import ActorIdentity
@app.get("/protected")
async def protected_route(
actor: ActorIdentity = Depends(require_actor)
):
# actor.actor_id, actor.roles, etc.
...
Authentication Priority
- X-API-Key header (for services)
- Authorization: Bearer (for API clients)
- session_token cookie (for web UI)
Database Schema
sessions
CREATE TABLE sessions (
token TEXT PRIMARY KEY,
actor_id TEXT NOT NULL,
actor_data JSONB NOT NULL,
created_at TIMESTAMPTZ DEFAULT NOW(),
expires_at TIMESTAMPTZ NOT NULL,
is_valid BOOLEAN DEFAULT true
);
api_keys
CREATE TABLE api_keys (
id TEXT PRIMARY KEY,
key TEXT UNIQUE NOT NULL,
actor_id TEXT NOT NULL,
actor_data JSONB NOT NULL,
description TEXT,
created_at TIMESTAMPTZ DEFAULT NOW(),
expires_at TIMESTAMPTZ,
last_used TIMESTAMPTZ,
is_active BOOLEAN DEFAULT true
);
Setup
Local Development
cd services/auth-service
pip install -r requirements.txt
python main.py
Docker
docker build -t auth-service .
docker run -p 7011:7011 \
-e DATABASE_URL="postgresql://..." \
auth-service
Roadmap
Phase 4 (Current):
- ✅ Mock login
- ✅ Session tokens
- ✅ API keys
- ✅ ActorContext helper
Phase 5:
- 🔜 Real Passkey integration
- 🔜 OAuth2 providers
- 🔜 Multi-factor auth
- 🔜 Session refresh tokens
Status: ✅ Phase 4 Ready
Version: 1.0.0
Last Updated: 2025-11-24