feat: microservice architecture

docs/content/stories/phase2/README.md

@@ -1,58 +1,52 @@
 # Phase 2: Authentication & Authorization
 
 ## Overview
-Implement JWT authentication, create identity management (User CRUD), build role and permission system, add authorization middleware, and implement audit logging.
+Implement complete JWT-based authentication system, build comprehensive identity management with user lifecycle, create role-based access control (RBAC) system, implement authorization middleware and permission checks, add comprehensive audit logging for security compliance, and provide database seeding for initial setup. All core services (Auth, Identity, Authz, Audit) are independent microservices that expose gRPC servers and register with the service registry.
 
-## Tasks
+## Stories
 
-### 2.1 Authentication (JWT)
-- [2.1.1 - Install JWT Library](./2.1.1-install-githubcomgolang-jwtjwtv5.md)
-- [2.1.2 - Create Auth Interfaces](./2.1.2-create-pkgauthauthgo-interfaces.md)
-- [2.1.3 - Implement JWT Auth](./2.1.3-implement-internalauthjwt_authgo.md)
-- [2.1.4 - Create Auth Middleware](./2.1.4-create-internalauthmiddlewarego.md)
-- [2.1.5 - Add Login Endpoint](./2.1.5-add-login-endpoint-post-apiv1authlogin.md)
-- [2.1.6 - Add Refresh Endpoint](./2.1.6-add-refresh-endpoint-post-apiv1authrefresh.md)
+### 2.1 JWT Authentication System
+- [Story: 2.1 - JWT Authentication](./2.1-jwt-authentication.md)
+- **Goal:** Implement a complete JWT-based authentication system with access tokens, refresh tokens, and secure token management.
+- **Deliverables:** Authentication interfaces, JWT implementation, authentication middleware, login/refresh endpoints
 
-### 2.2 Identity Management
-- [2.2.1 - Create Identity Interfaces](./2.2.1-create-pkgidentityidentitygo-interfaces.md)
-- [2.2.2 - Implement User Repository](./2.2.2-implement-internalidentityuser_repogo-using-ent.md)
-- [2.2.3 - Implement User Service](./2.2.3-implement-internalidentityuser_servicego.md)
-- [2.2.4 - Add Endpoints](./2.2.4-add-endpoints.md)
+### 2.2 Identity Management System
+- [Story: 2.2 - Identity Management](./2.2-identity-management.md)
+- **Goal:** Build a complete user identity management system with registration, email verification, password management, and user CRUD operations.
+- **Deliverables:** Identity interfaces, user repository, user service, user management API endpoints
 
-### 2.3 Roles & Permissions
-- [2.3.1 - Create Permission Types](./2.3.1-create-pkgpermpermgo.md)
-- [2.3.2 - Create Permission Resolver Interface](./2.3.2-create-pkgpermresolvergo-interface.md)
-- [2.3.3 - Implement In-Memory Resolver](./2.3.3-implement-internalpermin_memory_resolvergo.md)
-- [2.3.4 - Create Authorization Interface](./2.3.4-create-pkgauthauthzgo-interface.md)
-- [2.3.5 - Implement RBAC Authorizer](./2.3.5-implement-internalauthrbac_authorizergo.md)
-- [2.3.6 - Create Authorization Middleware](./2.3.6-create-authorization-middleware.md)
+### 2.3 Role-Based Access Control (RBAC) System
+- [Story: 2.3 - RBAC System](./2.3-rbac-system.md)
+- **Goal:** Implement a complete RBAC system with permissions, role management, and authorization middleware.
+- **Deliverables:** Permission system, permission resolver, authorization system, authorization middleware
 
-### 2.4 Role Management
-- [2.4.1 - Create Role Repository](./2.4.1-create-internalidentityrole_repogo.md)
-- [2.4.2 - Add Endpoints](./2.4.2-add-endpoints.md)
+### 2.4 Role Management API
+- [Story: 2.4 - Role Management](./2.4-role-management.md)
+- **Goal:** Provide complete API for managing roles, assigning permissions to roles, and assigning roles to users.
+- **Deliverables:** Role repository, role management API endpoints, authorization and validation
 
-### 2.5 Audit Logging
-- [2.5.1 - Create Audit Interface](./2.5.1-create-pkgauditauditgo-interface.md)
-- [2.5.2 - Implement Ent Auditor](./2.5.2-implement-internalauditent_auditorgo.md)
-- [2.5.3 - Add Audit Middleware](./2.5.3-add-audit-middleware.md)
-- [2.5.4 - Integrate with Auth Endpoints](./2.5.4-integrate-with-auth-endpoints.md)
+### 2.5 Audit Logging System
+- [Story: 2.5 - Audit Logging](./2.5-audit-logging.md)
+- **Goal:** Implement comprehensive audit logging that records all security-sensitive actions for compliance and security monitoring.
+- **Deliverables:** Audit interface, audit implementation, audit middleware, audit log query API
 
-### 2.6 Database Seeding
-- [2.6.1 - Create Seed Script](./2.6.1-create-internalseedseedgo.md)
+### 2.6 Database Seeding and Initialization
+- [Story: 2.6 - Database Seeding](./2.6-database-seeding.md)
+- **Goal:** Provide database seeding functionality to create initial admin user, default roles, and core permissions.
+- **Deliverables:** Seed script, seed command, integration with application startup
 
 ## Deliverables Checklist
-- [ ] JWT authentication working (access + refresh tokens)
-- [ ] User registration and management endpoints
-- [ ] Role and permission system implemented
-- [ ] Authorization middleware protecting endpoints
-- [ ] Audit logging captures all auth actions
-- [ ] Database seeding for initial admin user
+- [ ] JWT authentication with access/refresh tokens
+- [ ] User CRUD with email verification
+- [ ] Role and permission management
+- [ ] Authorization middleware
+- [ ] Audit logging for all actions
+- [ ] Seed script for initial data
 
 ## Acceptance Criteria
-- `POST /api/v1/auth/login` returns JWT tokens
-- `POST /api/v1/auth/refresh` issues new access token
-- Protected endpoints require valid JWT
-- Authorization middleware checks permissions
-- All auth actions are logged to audit table
-- Admin user can be created via seed script
-
+- User can register and login
+- JWT tokens are validated on protected routes
+- Users without permission get 403
+- All actions are logged in audit table
+- Admin can create roles and assign permissions
+- Integration test: user without permission cannot access protected resource