- Fixed CreateSession and GetSession SQL queries to use user_uuid instead of user_id
- Added unique constraint on sessions.token column for proper upsert support
- Created migration file to add the unique index to existing databases
This fixes the 500 error on /api/auth/login caused by session creation failure
- Moved /api/auth/mfa/status outside authProtected group to allow pre-login MFA checks
- Added session management to Store interface with CreateSession, GetSession, DeleteSession
- Implemented session persistence in both memoryStore and postgresStore
- Updated handler to use store-based sessions instead of in-memory map
- Added database schema for users, sessions, agents, and email_blacklist tables
- This fixes the 401 error when checking MFA status before login
Core Changes:
- Add Agent struct and management methods to Store interface
- Implement PostgreSQL store methods (UpsertAgent, ListAgents, DeleteAgent, DeleteStaleAgents)
- Integrate persistence into Registry with async database writes
- Add Load() method to restore agents from database on startup
- Implement runAgentCleanup background task (5min interval, 10min stale threshold)
Database:
- Update agents table schema to use JSONB for groups field
- Add indexes on last_heartbeat and healthy columns
- Support health tracking and automatic cleanup of stale agents
Documentation:
- Add comprehensive DB access and upgrade guide
- Include agent persistence implementation plan
- Document diagnostic procedures and troubleshooting steps
- Add walkthrough of multi-agent support implementation
This enables:
- Persistent agent state across service restarts
- Automatic cleanup of offline agents
- Multi-agent support with shared token authentication
- Add AgentID field to StatusReport for agent self-identification
- Implement RegisterAgent() method for dynamic agent registration
- Modify agentReportStatusHandler to extract and use agent-reported IDs
- Use wildcard credential to support multiple agents with INTERNAL_SERVICE_TOKEN
- Add agents table schema for future persistence
This enables scalable multi-node deployment without pre-configuring each agent ID.
- Add ListUsers to Store interface and implementations
- Add user listing API endpoint (GET /api/users)
- Add role management endpoints (POST/DELETE /api/auth/admin/users/:userId/role)
- Add GeneratePublicToken to TokenService for OAuth callback
- Add CancelSubscription to Store interface
- Update go.mod with oauth2 dependencies
