feat(#93): implement agent spawn via federation

Implements FED-010: Agent Spawn via Federation feature that enables spawning and managing Claude agents on remote federated Mosaic Stack instances via COMMAND message type. Features: - Federation agent command types (spawn, status, kill) - FederationAgentService for handling agent operations - Integration with orchestrator's agent spawner/lifecycle services - API endpoints for spawning, querying status, and killing agents - Full command routing through federation COMMAND infrastructure - Comprehensive test coverage (12/12 tests passing) Architecture: - Hub → Spoke: Spawn agents on remote instances - Command flow: FederationController → FederationAgentService → CommandService → Remote Orchestrator - Response handling: Remote orchestrator returns agent status/results - Security: Connection validation, signature verification Files created: - apps/api/src/federation/types/federation-agent.types.ts - apps/api/src/federation/federation-agent.service.ts - apps/api/src/federation/federation-agent.service.spec.ts Files modified: - apps/api/src/federation/command.service.ts (agent command routing) - apps/api/src/federation/federation.controller.ts (agent endpoints) - apps/api/src/federation/federation.module.ts (service registration) - apps/orchestrator/src/api/agents/agents.controller.ts (status endpoint) - apps/orchestrator/src/api/agents/agents.module.ts (lifecycle integration) Testing: - 12/12 tests passing for FederationAgentService - All command service tests passing - TypeScript compilation successful - Linting passed Refs #93 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-03 14:37:06 -06:00
parent a8c8af21e5
commit 12abdfe81d
405 changed files with 13545 additions and 2153 deletions
--- a/docs/1-getting-started/3-configuration/2-authentik.md
+++ b/docs/1-getting-started/3-configuration/2-authentik.md
@@ -36,6 +36,7 @@ docker compose logs -f
 ```

 **Access Authentik:**
+
 - URL: http://localhost:9000/if/flow/initial-setup/
 - Create admin account during initial setup

@@ -53,17 +54,17 @@ Sign up at [goauthentik.io](https://goauthentik.io) for managed Authentik.

 4. **Configure Provider:**

-   | Field | Value |
-   |-------|-------|
-   | **Name** | Mosaic Stack |
-   | **Authorization flow** | default-provider-authorization-implicit-consent |
-   | **Client type** | Confidential |
-   | **Client ID** | (auto-generated, save this) |
-   | **Client Secret** | (auto-generated, save this) |
-   | **Redirect URIs** | `http://localhost:3001/auth/callback` |
-   | **Scopes** | `openid`, `email`, `profile` |
-   | **Subject mode** | Based on User's UUID |
-   | **Include claims in id_token** | ✅ Enabled |
+   | Field                          | Value                                           |
+   | ------------------------------ | ----------------------------------------------- |
+   | **Name**                       | Mosaic Stack                                    |
+   | **Authorization flow**         | default-provider-authorization-implicit-consent |
+   | **Client type**                | Confidential                                    |
+   | **Client ID**                  | (auto-generated, save this)                     |
+   | **Client Secret**              | (auto-generated, save this)                     |
+   | **Redirect URIs**              | `http://localhost:3001/auth/callback`           |
+   | **Scopes**                     | `openid`, `email`, `profile`                    |
+   | **Subject mode**               | Based on User's UUID                            |
+   | **Include claims in id_token** | ✅ Enabled                                      |

 5. **Click "Create"**

@@ -77,12 +78,12 @@ Sign up at [goauthentik.io](https://goauthentik.io) for managed Authentik.

 3. **Configure Application:**

-   | Field | Value |
-   |-------|-------|
-   | **Name** | Mosaic Stack |
-   | **Slug** | mosaic-stack |
-   | **Provider** | Select "Mosaic Stack" (created in Step 2) |
-   | **Launch URL** | `http://localhost:3000` |
+   | Field          | Value                                     |
+   | -------------- | ----------------------------------------- |
+   | **Name**       | Mosaic Stack                              |
+   | **Slug**       | mosaic-stack                              |
+   | **Provider**   | Select "Mosaic Stack" (created in Step 2) |
+   | **Launch URL** | `http://localhost:3000`                   |

 4. **Click "Create"**

@@ -99,6 +100,7 @@ OIDC_REDIRECT_URI=http://localhost:3001/auth/callback
 ```

 **Important Notes:**
+
 - `OIDC_ISSUER` must end with a trailing slash `/`
 - Replace `<your-client-id>` and `<your-client-secret>` with actual values from Step 2
 - `OIDC_REDIRECT_URI` must exactly match what you configured in Authentik
@@ -218,6 +220,7 @@ Customize Authentik's login page:
 **Cause:** Redirect URI in `.env` doesn't match Authentik configuration

 **Fix:**
+
 ```bash
 # Ensure exact match (including http vs https)
 # In Authentik: http://localhost:3001/auth/callback
@@ -229,6 +232,7 @@ Customize Authentik's login page:
 **Cause:** Incorrect client ID or secret

 **Fix:**
+
 1. Double-check Client ID and Secret in Authentik provider
 2. Copy values exactly (no extra spaces)
 3. Update `.env` with correct values
@@ -239,6 +243,7 @@ Customize Authentik's login page:
 **Cause:** `OIDC_ISSUER` incorrect or Authentik not accessible

 **Fix:**
+
 ```bash
 # Ensure OIDC_ISSUER ends with /
 # Test discovery endpoint
@@ -252,6 +257,7 @@ curl http://localhost:9000/application/o/mosaic-stack/.well-known/openid-configu
 **Cause:** User doesn't have permission in Authentik

 **Fix:**
+
 1. In Authentik, go to **Directory** → **Users**
 2. Select user
 3. Click **Assigned to applications**
@@ -264,6 +270,7 @@ Or enable **Superuser privileges** for the user (development only).
 **Cause:** JWT expiration set too low

 **Fix:**
+
 ```bash
 # In .env, increase expiration
 JWT_EXPIRATION=7d  # 7 days instead of 24h