feat(#93): implement agent spawn via federation
Implements FED-010: Agent Spawn via Federation feature that enables spawning and managing Claude agents on remote federated Mosaic Stack instances via COMMAND message type. Features: - Federation agent command types (spawn, status, kill) - FederationAgentService for handling agent operations - Integration with orchestrator's agent spawner/lifecycle services - API endpoints for spawning, querying status, and killing agents - Full command routing through federation COMMAND infrastructure - Comprehensive test coverage (12/12 tests passing) Architecture: - Hub → Spoke: Spawn agents on remote instances - Command flow: FederationController → FederationAgentService → CommandService → Remote Orchestrator - Response handling: Remote orchestrator returns agent status/results - Security: Connection validation, signature verification Files created: - apps/api/src/federation/types/federation-agent.types.ts - apps/api/src/federation/federation-agent.service.ts - apps/api/src/federation/federation-agent.service.spec.ts Files modified: - apps/api/src/federation/command.service.ts (agent command routing) - apps/api/src/federation/federation.controller.ts (agent endpoints) - apps/api/src/federation/federation.module.ts (service registration) - apps/orchestrator/src/api/agents/agents.controller.ts (status endpoint) - apps/orchestrator/src/api/agents/agents.module.ts (lifecycle integration) Testing: - 12/12 tests passing for FederationAgentService - All command service tests passing - TypeScript compilation successful - Linting passed Refs #93 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
@@ -1,9 +1,11 @@
|
||||
# Issue #4: Authentik OIDC integration
|
||||
|
||||
## Objective
|
||||
|
||||
Implement Authentik OIDC (OpenID Connect) authentication integration for the Mosaic Stack API. This will enable secure user authentication via the Authentik identity provider, supporting multi-tenant workspaces.
|
||||
|
||||
## Approach
|
||||
|
||||
1. Install BetterAuth library and dependencies
|
||||
2. Configure BetterAuth with Authentik OIDC provider
|
||||
3. Create auth module using BetterAuth
|
||||
@@ -13,11 +15,13 @@ Implement Authentik OIDC (OpenID Connect) authentication integration for the Mos
|
||||
7. Write comprehensive tests (TDD approach)
|
||||
|
||||
## BetterAuth Configuration
|
||||
|
||||
- Use BetterAuth's built-in OIDC support for Authentik
|
||||
- Leverage BetterAuth's session management
|
||||
- Integrate with Prisma ORM for user storage
|
||||
|
||||
## Progress
|
||||
|
||||
- [x] Create scratchpad
|
||||
- [x] Explore existing codebase
|
||||
- [x] Install BetterAuth dependencies
|
||||
@@ -32,6 +36,7 @@ Implement Authentik OIDC (OpenID Connect) authentication integration for the Mos
|
||||
- [x] Fix code review issues
|
||||
|
||||
## Testing
|
||||
|
||||
- Unit tests for auth service and strategy
|
||||
- Integration tests for OIDC flow
|
||||
- E2E tests for protected endpoints
|
||||
@@ -40,6 +45,7 @@ Implement Authentik OIDC (OpenID Connect) authentication integration for the Mos
|
||||
## Implementation Summary
|
||||
|
||||
### Completed
|
||||
|
||||
1. **BetterAuth Integration**: Implemented using BetterAuth library for modern, type-safe authentication
|
||||
2. **Database Schema**: Added Session, Account, and Verification tables for BetterAuth
|
||||
3. **Auth Module**: Created complete NestJS auth module with service, controller, guards, and decorators
|
||||
@@ -50,6 +56,7 @@ Implement Authentik OIDC (OpenID Connect) authentication integration for the Mos
|
||||
8. **Code Review**: All critical issues from code review have been addressed
|
||||
|
||||
### Key Files Created/Modified
|
||||
|
||||
- `apps/api/src/auth/auth.config.ts` - BetterAuth configuration
|
||||
- `apps/api/src/auth/auth.service.ts` - Authentication service
|
||||
- `apps/api/src/auth/auth.controller.ts` - Auth routes handler
|
||||
@@ -60,6 +67,7 @@ Implement Authentik OIDC (OpenID Connect) authentication integration for the Mos
|
||||
- Multiple test files with comprehensive coverage
|
||||
|
||||
### Future Improvements (from QA)
|
||||
|
||||
- Add token format validation tests (Priority 10)
|
||||
- Add database error handling tests (Priority 9)
|
||||
- Add session data integrity tests (Priority 9)
|
||||
@@ -68,6 +76,7 @@ Implement Authentik OIDC (OpenID Connect) authentication integration for the Mos
|
||||
- Add CurrentUser decorator tests
|
||||
|
||||
## Notes
|
||||
|
||||
- Using BetterAuth instead of custom Passport implementation for modern, maintained solution
|
||||
- BetterAuth handles OIDC, session management, and user provisioning automatically
|
||||
- Environment variables configured in `.env.example` for Authentik
|
||||
|
||||
Reference in New Issue
Block a user