refactor: Align Epic 0 & Epic 1 with true microservices architecture

Refactor core kernel and infrastructure to support true microservices
architecture where services are independently deployable.

Phase 1: Core Kernel Cleanup
- Remove database provider from CoreModule (services create their own)
- Update ProvideHealthRegistry to not depend on database
- Add schema support to database client (NewClientWithSchema)
- Update main entry point to remove database dependency
- Core kernel now provides only: config, logger, error bus, health, metrics, tracer, service registry

Phase 2: Service Registry Implementation
- Create ServiceRegistry interface (pkg/registry/registry.go)
- Implement Consul registry (internal/registry/consul/consul.go)
- Add Consul dependency (github.com/hashicorp/consul/api)
- Add registry configuration to config/default.yaml
- Add ProvideServiceRegistry() to DI container

Phase 3: Service Client Interfaces
- Create service client interfaces:
  - pkg/services/auth.go - AuthServiceClient
  - pkg/services/identity.go - IdentityServiceClient
  - pkg/services/authz.go - AuthzServiceClient
  - pkg/services/audit.go - AuditServiceClient
- Create ServiceClientFactory (internal/client/factory.go)
- Create stub gRPC client implementations (internal/client/grpc/)
- Add ProvideServiceClientFactory() to DI container

Phase 4: gRPC Service Definitions
- Create proto files for all core services:
  - api/proto/auth.proto
  - api/proto/identity.proto
  - api/proto/authz.proto
  - api/proto/audit.proto
- Add generate-proto target to Makefile

Phase 5: API Gateway Implementation
- Create API Gateway service entry point (cmd/api-gateway/main.go)
- Create Gateway implementation (services/gateway/gateway.go)
- Add gateway configuration to config/default.yaml
- Gateway registers with Consul and routes requests to backend services

All code compiles successfully. Core services (Auth, Identity, Authz, Audit)
will be implemented in Epic 2 using these foundations.

pkg/registry/registry.go

@@ -0,0 +1,41 @@
+// Package registry provides service registry interface for service discovery.
+package registry
+
+import (
+	"context"
+)
+
+// ServiceRegistry is the interface for service discovery and registration.
+type ServiceRegistry interface {
+	// Register registers a service instance with the registry.
+	Register(ctx context.Context, service *ServiceInstance) error
+
+	// Deregister removes a service instance from the registry.
+	Deregister(ctx context.Context, serviceID string) error
+
+	// Discover returns all healthy instances of a service.
+	Discover(ctx context.Context, serviceName string) ([]*ServiceInstance, error)
+
+	// Watch returns a channel that receives updates when service instances change.
+	Watch(ctx context.Context, serviceName string) (<-chan []*ServiceInstance, error)
+
+	// Health returns the health status of a service instance.
+	Health(ctx context.Context, serviceID string) (*HealthStatus, error)
+}
+
+// ServiceInstance represents a service instance in the registry.
+type ServiceInstance struct {
+	ID       string            // Unique instance ID
+	Name     string            // Service name (e.g., "auth-service", "identity-service")
+	Address  string            // Service address (IP or hostname)
+	Port     int               // Service port
+	Tags     []string          // Service tags for filtering
+	Metadata map[string]string // Additional metadata
+}
+
+// HealthStatus represents the health status of a service instance.
+type HealthStatus struct {
+	ServiceID string // Service instance ID
+	Status    string // Health status: "healthy", "unhealthy", "critical"
+	Message   string // Optional status message
+}

pkg/services/audit.go

@@ -0,0 +1,39 @@
+// Package services provides service client interfaces for inter-service communication.
+package services
+
+import (
+	"context"
+)
+
+// AuditServiceClient is the interface for communicating with the Audit Service.
+type AuditServiceClient interface {
+	// Record records an audit log entry.
+	Record(ctx context.Context, entry *AuditLogEntry) error
+
+	// Query queries audit logs based on filters.
+	Query(ctx context.Context, filters *AuditLogFilters) ([]AuditLogEntry, error)
+}
+
+// AuditLogEntry represents an audit log entry.
+type AuditLogEntry struct {
+	UserID     string            `json:"user_id"`
+	Action     string            `json:"action"`   // e.g., "user.create", "user.update"
+	Resource   string            `json:"resource"` // e.g., "user", "role"
+	ResourceID string            `json:"resource_id"`
+	IPAddress  string            `json:"ip_address"`
+	UserAgent  string            `json:"user_agent"`
+	Metadata   map[string]string `json:"metadata"`
+	Timestamp  int64             `json:"timestamp"`
+}
+
+// AuditLogFilters contains filters for querying audit logs.
+type AuditLogFilters struct {
+	UserID     *string `json:"user_id,omitempty"`
+	Action     *string `json:"action,omitempty"`
+	Resource   *string `json:"resource,omitempty"`
+	ResourceID *string `json:"resource_id,omitempty"`
+	StartTime  *int64  `json:"start_time,omitempty"`
+	EndTime    *int64  `json:"end_time,omitempty"`
+	Limit      int     `json:"limit"`  // Max number of results
+	Offset     int     `json:"offset"` // Pagination offset
+}

pkg/services/auth.go

@@ -0,0 +1,37 @@
+// Package services provides service client interfaces for inter-service communication.
+package services
+
+import (
+	"context"
+)
+
+// AuthServiceClient is the interface for communicating with the Auth Service.
+type AuthServiceClient interface {
+	// Login authenticates a user and returns access and refresh tokens.
+	Login(ctx context.Context, email, password string) (*TokenResponse, error)
+
+	// RefreshToken refreshes an access token using a refresh token.
+	RefreshToken(ctx context.Context, refreshToken string) (*TokenResponse, error)
+
+	// ValidateToken validates a JWT token and returns the token claims.
+	ValidateToken(ctx context.Context, token string) (*TokenClaims, error)
+
+	// Logout invalidates a refresh token.
+	Logout(ctx context.Context, refreshToken string) error
+}
+
+// TokenResponse contains the authentication tokens.
+type TokenResponse struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	ExpiresIn    int64  `json:"expires_in"` // seconds
+	TokenType    string `json:"token_type"` // "Bearer"
+}
+
+// TokenClaims contains the claims from a validated JWT token.
+type TokenClaims struct {
+	UserID    string   `json:"user_id"`
+	Email     string   `json:"email"`
+	Roles     []string `json:"roles"`
+	ExpiresAt int64    `json:"expires_at"`
+}

pkg/services/authz.go

@@ -0,0 +1,37 @@
+// Package services provides service client interfaces for inter-service communication.
+package services
+
+import (
+	"context"
+)
+
+// AuthzServiceClient is the interface for communicating with the Authz Service.
+type AuthzServiceClient interface {
+	// Authorize checks if a user has a specific permission and returns an error if not.
+	Authorize(ctx context.Context, userID, permission string) error
+
+	// HasPermission checks if a user has a specific permission.
+	HasPermission(ctx context.Context, userID, permission string) (bool, error)
+
+	// GetUserPermissions returns all permissions for a user.
+	GetUserPermissions(ctx context.Context, userID string) ([]Permission, error)
+
+	// GetUserRoles returns all roles for a user.
+	GetUserRoles(ctx context.Context, userID string) ([]Role, error)
+}
+
+// Permission represents a permission in the system.
+type Permission struct {
+	ID          string `json:"id"`
+	Code        string `json:"code"`
+	Name        string `json:"name"`
+	Description string `json:"description"`
+}
+
+// Role represents a role in the system.
+type Role struct {
+	ID          string   `json:"id"`
+	Name        string   `json:"name"`
+	Description string   `json:"description"`
+	Permissions []string `json:"permissions"` // Permission codes
+}

pkg/services/identity.go

@@ -0,0 +1,62 @@
+// Package services provides service client interfaces for inter-service communication.
+package services
+
+import (
+	"context"
+)
+
+// IdentityServiceClient is the interface for communicating with the Identity Service.
+type IdentityServiceClient interface {
+	// GetUser retrieves a user by ID.
+	GetUser(ctx context.Context, id string) (*User, error)
+
+	// GetUserByEmail retrieves a user by email address.
+	GetUserByEmail(ctx context.Context, email string) (*User, error)
+
+	// CreateUser creates a new user.
+	CreateUser(ctx context.Context, user *CreateUserRequest) (*User, error)
+
+	// UpdateUser updates an existing user.
+	UpdateUser(ctx context.Context, id string, user *UpdateUserRequest) (*User, error)
+
+	// DeleteUser deletes a user.
+	DeleteUser(ctx context.Context, id string) error
+
+	// VerifyEmail verifies a user's email address using a verification token.
+	VerifyEmail(ctx context.Context, token string) error
+
+	// RequestPasswordReset requests a password reset token.
+	RequestPasswordReset(ctx context.Context, email string) error
+
+	// ResetPassword resets a user's password using a reset token.
+	ResetPassword(ctx context.Context, token, newPassword string) error
+}
+
+// User represents a user in the system.
+type User struct {
+	ID            string `json:"id"`
+	Email         string `json:"email"`
+	Username      string `json:"username"`
+	FirstName     string `json:"first_name"`
+	LastName      string `json:"last_name"`
+	EmailVerified bool   `json:"email_verified"`
+	CreatedAt     int64  `json:"created_at"`
+	UpdatedAt     int64  `json:"updated_at"`
+}
+
+// CreateUserRequest contains the data needed to create a new user.
+type CreateUserRequest struct {
+	Email     string `json:"email"`
+	Username  string `json:"username"`
+	Password  string `json:"password"`
+	FirstName string `json:"first_name"`
+	LastName  string `json:"last_name"`
+}
+
+// UpdateUserRequest contains the data needed to update a user.
+type UpdateUserRequest struct {
+	Email     *string `json:"email,omitempty"`
+	Username  *string `json:"username,omitempty"`
+	FirstName *string `json:"first_name,omitempty"`
+	LastName  *string `json:"last_name,omitempty"`
+}