npm - syntaur - Versions diffs - 0.1.0 - Mend

syntaur 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/examples/sample-mission/assignments/write-auth-tests/assignment.md ADDED Viewed

@@ -0,0 +1,54 @@
+---
+id: d1e2f3a4-b5c6-7890-abcd-333333333333
+slug: write-auth-tests
+title: Write Auth System Tests
+status: pending
+priority: medium
+created: "2026-03-15T09:30:00Z"
+updated: "2026-03-15T09:30:00Z"
+assignee: null
+externalIds: []
+dependsOn:
+  - implement-jwt-middleware
+blockedReason: null
+workspace:
+  repository: null
+  worktreePath: null
+  branch: null
+  parentBranch: null
+tags: []
+---
+# Write Auth System Tests
+## Objective
+Write comprehensive unit and integration tests for the authentication system, covering the database schema, JWT middleware, token flows, and edge cases. Target 80%+ code coverage.
+## Acceptance Criteria
+- [ ] Unit tests for JWT generation and validation utilities
+- [ ] Unit tests for authentication middleware (mocked DB)
+- [ ] Integration tests for login, signup, refresh, and logout endpoints
+- [ ] Integration tests for role-based access control
+- [ ] Edge case tests: expired tokens, revoked sessions, refresh token reuse detection
+- [ ] Coverage report showing 80%+ line coverage
+## Context
+This assignment depends on [implement-jwt-middleware](../implement-jwt-middleware/assignment.md) being completed. Tests will cover both the schema layer (from design-auth-schema) and the middleware/endpoint layer (from implement-jwt-middleware). Use Jest as the test framework with `supertest` for HTTP integration tests.
+## Questions & Answers
+No questions yet.
+## Progress
+No progress yet.
+## Links
+- [Plan](./plan.md)
+- [Scratchpad](./scratchpad.md)
+- [Handoff](./handoff.md)
+- [Decision Record](./decision-record.md)

package/examples/sample-mission/assignments/write-auth-tests/decision-record.md ADDED Viewed

@@ -0,0 +1,9 @@
+---
+assignment: write-auth-tests
+updated: "2026-03-15T09:30:00Z"
+decisionCount: 0
+---
+# Decision Record
+No decisions recorded yet.

package/examples/sample-mission/assignments/write-auth-tests/handoff.md ADDED Viewed

@@ -0,0 +1,9 @@
+---
+assignment: write-auth-tests
+updated: "2026-03-15T09:30:00Z"
+handoffCount: 0
+---
+# Handoff Log
+No handoffs recorded yet.

package/examples/sample-mission/assignments/write-auth-tests/plan.md ADDED Viewed

@@ -0,0 +1,34 @@
+---
+assignment: write-auth-tests
+status: draft
+created: "2026-03-15T09:30:00Z"
+updated: "2026-03-15T09:30:00Z"
+---
+# Plan: Write Auth System Tests
+## Approach
+Write a layered test suite: unit tests for isolated functions (JWT utils, middleware with mocked dependencies), integration tests for full endpoint flows (login, signup, refresh, logout), and edge case tests for security-critical paths (token expiry, revocation, refresh reuse).
+## Tasks
+- [ ] Set up test infrastructure (Jest config, test database, fixtures)
+- [ ] Unit tests for `generateAccessToken` and `generateRefreshToken`
+- [ ] Unit tests for `verifyToken` with valid, expired, and malformed tokens
+- [ ] Unit tests for `authenticateToken` middleware with mocked DB
+- [ ] Unit tests for `requireRole` middleware
+- [ ] Integration tests for `POST /auth/signup` (happy path, duplicate email, weak password)
+- [ ] Integration tests for `POST /auth/login` (happy path, wrong password, nonexistent user)
+- [ ] Integration tests for `POST /auth/refresh` (happy path, expired token, reused token)
+- [ ] Integration tests for `POST /auth/logout` (revokes session and token family)
+- [ ] Integration tests for role-based route protection
+- [ ] Generate and verify coverage report
+## Risks & Mitigations
+| Risk | Mitigation |
+|------|------------|
+| Test database setup complexity | Use Docker Compose for isolated PostgreSQL instance; reset between test suites |
+| Flaky tests from timing-dependent JWT expiry | Use deterministic clock mocking with Jest fake timers |
+| Incomplete coverage of edge cases | Review OWASP auth testing checklist before writing tests |

package/examples/sample-mission/assignments/write-auth-tests/scratchpad.md ADDED Viewed

@@ -0,0 +1,8 @@
+---
+assignment: write-auth-tests
+updated: "2026-03-15T09:30:00Z"
+---
+# Scratchpad
+No working notes yet.

package/examples/sample-mission/claude.md ADDED Viewed

@@ -0,0 +1,13 @@
+# Claude Code Instructions — build-auth-system
+Read `agent.md` first for universal conventions and boundaries.
+## Additional Claude Code Rules
+- When creating new files, always add them to the appropriate barrel export (`index.ts`)
+- Run `npm run typecheck` after making changes to catch type errors early
+- Use `npm test -- --watch` during development for fast feedback
+- Prefer explicit type annotations on function signatures over inference
+- When writing SQL migrations, name files with sequential numbering: `001_create_users.sql`, `002_create_sessions.sql`, etc.
+- Commit frequently with descriptive messages referencing the assignment slug
+- If you encounter a question you cannot resolve from existing context, add it to the Q&A section of your assignment.md and continue working on other tasks — the unanswered question will surface through `_status.md` needsAttention. Do NOT set status to `blocked` for unanswered questions; `blocked` is reserved for hard runtime/manual blockers.

package/examples/sample-mission/manifest.md ADDED Viewed

@@ -0,0 +1,22 @@
+---
+version: "1.0"
+mission: build-auth-system
+generated: "2026-03-18T14:30:00Z"
+---
+# Mission: build-auth-system
+## Overview
+- [Mission Overview](./mission.md)
+## Indexes
+- [Assignments](./_index-assignments.md)
+- [Plans](./_index-plans.md)
+- [Decision Records](./_index-decisions.md)
+- [Status](./_status.md)
+- [Resources](./resources/_index.md)
+- [Memories](./memories/_index.md)
+## Config
+- [Agent Instructions](./agent.md)
+- [Claude Code Instructions](./claude.md)

package/examples/sample-mission/memories/_index.md ADDED Viewed

@@ -0,0 +1,11 @@
+---
+mission: build-auth-system
+generated: "2026-03-18T14:30:00Z"
+total: 1
+---
+# Memories
+| Name | Source | Scope | Source Assignment | Updated |
+|------|--------|-------|------------------|---------|
+| [postgres-connection-pooling](./postgres-connection-pooling.md) | claude-2 | mission | design-auth-schema | 2026-03-17T09:00:00Z |

package/examples/sample-mission/memories/postgres-connection-pooling.md ADDED Viewed

@@ -0,0 +1,35 @@
+---
+type: memory
+name: PostgreSQL Connection Pooling
+source: claude-2
+sourceAssignment: design-auth-schema
+relatedAssignments:
+  - design-auth-schema
+  - implement-jwt-middleware
+scope: mission
+created: "2026-03-17T09:00:00Z"
+updated: "2026-03-17T09:00:00Z"
+tags:
+  - postgresql
+  - performance
+---
+# PostgreSQL Connection Pooling
+## Context
+During schema design and migration testing, discovered that the default `pg` driver behavior of creating a new connection per query causes significant overhead under load. This is especially relevant for the auth system where every protected request hits the database to check session validity.
+## Learnings
+1. **Use `pg.Pool` instead of `pg.Client`:** The Pool manages a set of reusable connections. Set `max: 20` to match the non-functional requirement. The pool handles connection checkout, return, and idle timeout automatically.
+2. **Set `idleTimeoutMillis: 30000`:** Connections idle for more than 30 seconds are closed. This prevents holding connections during low-traffic periods while keeping them warm during bursts.
+3. **Set `connectionTimeoutMillis: 5000`:** If no connection is available within 5 seconds, fail fast rather than queue indefinitely. The auth middleware should return 503 in this case.
+4. **Pool per service, not per request:** Create the pool once at application startup and share it across all routes. Confirmed that `pg.Pool` is safe for concurrent use.
+## Recommendation
+Add pool configuration to the service initialization code before the JWT middleware work begins. The middleware will need the pool for session lookups on every authenticated request.

package/examples/sample-mission/mission.md ADDED Viewed

@@ -0,0 +1,34 @@
+---
+id: a1b2c3d4-e5f6-7890-abcd-ef1234567890
+slug: build-auth-system
+title: Build Authentication System
+archived: false
+archivedAt: null
+archivedReason: null
+created: "2026-03-15T09:00:00Z"
+updated: "2026-03-15T09:00:00Z"
+externalIds:
+  - system: jira
+    id: AUTH-42
+    url: https://jira.example.com/browse/AUTH-42
+tags: []
+workspace: sample-project
+---
+# Build Authentication System
+## Overview
+Build a complete authentication system for the auth-service backend. This includes designing the PostgreSQL schema for users, sessions, and tokens, implementing JWT-based middleware for route protection using RS256 signing, and writing comprehensive integration and unit tests.
+The system must support:
+- User registration and login with email/password
+- JWT access tokens (short-lived) and refresh tokens (long-lived)
+- Session management with revocation support
+- Role-based access control (RBAC) with admin and user roles
+Success looks like: all auth endpoints are functional, middleware protects routes correctly, token refresh flow works end-to-end, and test coverage exceeds 80%.
+## Notes
+The auth service is a greenfield project. We are using Express.js with TypeScript on Node 20. PostgreSQL 16 is the datastore. The team decided to use RS256 for JWT signing to support future key rotation without service restarts.

package/examples/sample-mission/resources/_index.md ADDED Viewed

@@ -0,0 +1,11 @@
+---
+mission: build-auth-system
+generated: "2026-03-18T14:30:00Z"
+total: 1
+---
+# Resources
+| Name | Category | Source | Related Assignments | Updated |
+|------|----------|--------|---------------------|---------|
+| [auth-requirements](./auth-requirements.md) | documentation | human | design-auth-schema, implement-jwt-middleware | 2026-03-15T09:00:00Z |

package/examples/sample-mission/resources/auth-requirements.md ADDED Viewed

@@ -0,0 +1,44 @@
+---
+type: resource
+name: Auth Requirements
+source: human
+category: documentation
+sourceUrl: null
+sourceAssignment: null
+relatedAssignments:
+  - design-auth-schema
+  - implement-jwt-middleware
+created: "2026-03-15T09:00:00Z"
+updated: "2026-03-15T09:00:00Z"
+---
+# Auth Requirements
+## Functional Requirements
+1. **User Registration:** Users can create an account with email and password. Emails must be unique. Passwords must be at least 12 characters with at least one uppercase, one lowercase, and one number.
+2. **User Login:** Users can authenticate with email and password. Returns a JWT access token (30-minute TTL) and a refresh token (7-day TTL).
+3. **Token Refresh:** Clients can exchange a valid refresh token for a new access/refresh token pair. Old refresh tokens are invalidated on use (rotation). If a previously-used refresh token is presented, revoke the entire token family (theft detection).
+4. **Logout:** Revokes the current session and all associated refresh tokens.
+5. **Protected Routes:** All API routes except `/auth/login`, `/auth/signup`, and `/auth/refresh` require a valid JWT access token in the `Authorization: Bearer <token>` header.
+6. **Role-Based Access:** Two roles: `user` and `admin`. Certain endpoints (user management, system config) require `admin` role.
+## Security Requirements
+- Passwords hashed with bcrypt (cost factor 12)
+- JWT signed with RS256 (asymmetric keys)
+- No sensitive data in JWT payload (no email, no password hash)
+- Refresh tokens stored as hashes in database (not plaintext)
+- Rate limiting on auth endpoints: 10 requests per minute per IP
+- All auth errors return generic messages (do not leak whether email exists)
+## Non-Functional Requirements
+- Auth endpoints respond within 200ms p95 under normal load
+- Support 1000 concurrent authenticated sessions
+- Database connection pooling with max 20 connections

package/package.json ADDED Viewed

@@ -0,0 +1,57 @@
+{
+  "name": "syntaur",
+  "version": "0.1.0",
+  "description": "CLI scaffolding tool for the Syntaur protocol",
+  "type": "module",
+  "bin": {
+    "syntaur": "./bin/syntaur.js"
+  },
+  "main": "./dist/index.js",
+  "files": [
+    "dist",
+    "bin",
+    ".agents",
+    "plugins",
+    "plugin",
+    "examples",
+    "dashboard/dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "build:dashboard": "npm run build && npm run build --prefix dashboard",
+    "dev": "tsup --watch",
+    "dev:dashboard": "cd dashboard && npm run dev",
+    "dashboard:install": "cd dashboard && npm install",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "prepublishOnly": "npm run build && npm ci --prefix dashboard && npm run build --prefix dashboard"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "dependencies": {
+    "better-sqlite3": "^11.0.0",
+    "chokidar": "^4.0.0",
+    "commander": "^13.0.0",
+    "express": "^5.0.1",
+    "fuse.js": "^7.1.0",
+    "ink": "^6.8.0",
+    "ink-text-input": "^6.0.0",
+    "open": "^10.0.0",
+    "react": "^19.2.4",
+    "ws": "^8.0.0"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.0",
+    "@types/express": "^5.0.6",
+    "@types/node": "^20.0.0",
+    "@types/react": "^19.2.14",
+    "@types/ws": "^8.0.0",
+    "@vitejs/plugin-react": "^6.0.1",
+    "tsup": "^8.0.0",
+    "typescript": "^5.7.0",
+    "vite": "^8.0.1",
+    "vitest": "^3.0.0"
+  }
+}

package/plugin/.claude-plugin/plugin.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "name": "syntaur",
+  "description": "Syntaur protocol adapter for Claude Code. Provides skills for grabbing, planning, and completing assignments, plus write boundary enforcement via hooks.",
+  "author": {
+    "name": "Brennen",
+    "email": ""
+  },
+  "version": "0.1.0"
+}