Closes the missing piece of ADR-0021's admin surface. Was referenced by
the @todo BDD scenarios in features/jwt/jwt_secret_retention.feature
since PR #41 but never wired up.
Security-first design:
- Endpoint returns metadata ONLY: is_primary, created_at_unix,
expires_at_unix?, age_seconds, is_expired, secret_sha256 (8-byte
prefix as fingerprint). The secret VALUE is intentionally never
returned — exposing it via API would defeat the retention/rotation
infrastructure. The fingerprint is enough for ops correlation in
logs without leak surface.
- Routed under /api/v1/admin/jwt/secrets. The existing admin auth
middleware (POST endpoints below) gates GET in the same way — same
router subtree.
Plumbing:
- New JWTSecretInfo struct in pkg/user/user.go (metadata-only).
- AuthService.ListJWTSecretsInfo() interface method.
- userServiceImpl.ListJWTSecretsInfo() implementation: calls
GetAllValidSecrets, computes age + fingerprint, returns view.
- handleListJWTSecrets in pkg/user/api/admin_handler.go.
- Documentation/API.md updated with full schema + security note.
Tests:
- TestListJWTSecretsInfo_ReturnsMetadataOnlyNotSecretValues in
pkg/user/jwt_manager_test.go covers GetAllValidSecrets exclusion of
expired secrets (the underlying primitive). go test -race passes.
- Full BDD suite (auth/config/greet/health/info/jwt) green.
@todo BDD scenarios in features/jwt/jwt_secret_retention.feature can
now be activated in a follow-up PR — left as @todo for review.
Added ADR-0018 for User Management and Authentication System with:
- Non-persisted admin user with master password authentication
- JWT-based authentication with bcrypt password hashing
- PostgreSQL database schema and GORM integration
- Admin-assisted password reset workflow
- Comprehensive security considerations
Added ADR-0019 for BDD Feature Structure:
- Epic/User Story organization pattern
- Unified development workflow
- Source of truth hierarchy
Added ADR-0020 for Docker Build Strategy:
- Multi-stage build approach
- Cache optimization strategy
- Production vs development build differences
Added technical documentation:
- Complete user management system specification
- API endpoints and integration details
- Security architecture and best practices
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- Created comprehensive Gitmoji cheatsheet in documentation/
- Added quick reference to README for common Gitmoji
- Links to full cheatsheet for all Gitmoji options
- Helps team use consistent commit message format
This provides:
- Quick visual reference for common Gitmoji
- Examples of good/bad commit messages
- Best practices for commit formatting
- Easy access to full reference when needed
No more guessing which Gitmoji to use!
Refs: #documentation, #gitmoji, #conventions
- Created comprehensive agent usage guide in documentation/
- Added quick launch commands to README
- Provides clear guidance on when to use each agent
- Includes workflow examples and best practices
- Links to full documentation for details
This makes it easier for new users to:
- Launch the correct agent for their task
- Follow established workflows
- Understand agent capabilities
- Find troubleshooting help
Refs: #documentation, #onboarding, #usability
- Moved all documentation files from doc/ to documentation/
- Removed empty doc/ directory
- Single unified location for all project documentation
- Includes BDD guide, CI/CD testing guide, version management guide
Refs: #documentation, #organization, #cleanup
