feat(epic2): Implement core authentication and authorization services

- Implement Audit Service (2.5)
  - gRPC server with Record and Query operations
  - Database persistence with audit schema
  - Service registry integration
  - Entry point: cmd/audit-service

- Implement Identity Service (2.2)
  - User CRUD operations
  - Password hashing with argon2id
  - Email verification and password reset flows
  - Entry point: cmd/identity-service
  - Fix package naming conflicts in user_service.go

- Implement Auth Service (2.1)
  - JWT token generation and validation
  - Login, RefreshToken, ValidateToken, Logout RPCs
  - Integration with Identity Service
  - Entry point: cmd/auth-service
  - Note: RefreshToken entity needs Ent generation

- Implement Authz Service (2.3, 2.4)
  - Permission checking and authorization
  - User roles and permissions retrieval
  - RBAC-based authorization
  - Entry point: cmd/authz-service

- Implement gRPC clients for all services
  - Auth, Identity, Authz, and Audit clients
  - Service discovery integration
  - Full gRPC communication

- Add service configurations to config/default.yaml
- Create SUMMARY.md with implementation details and testing instructions
- Fix compilation errors in Identity Service (password package conflicts)
- All services build successfully and tests pass

internal/ent/schema/audit_log.go

@@ -20,15 +20,24 @@ func (AuditLog) Fields() []ent.Field {
 		field.String("id").
 			Unique().
 			Immutable(),
-		field.String("actor_id").
+		field.String("user_id").
 			NotEmpty().
 			Comment("ID of the user/actor performing the action"),
 		field.String("action").
 			NotEmpty().
-			Comment("Action performed (e.g., create, update, delete)"),
-		field.String("target_id").
+			Comment("Action performed (e.g., user.create, user.update)"),
+		field.String("resource").
+			Optional().
+			Comment("Resource type (e.g., user, role)"),
+		field.String("resource_id").
 			Optional().
 			Comment("ID of the target resource"),
+		field.String("ip_address").
+			Optional().
+			Comment("IP address of the client"),
+		field.String("user_agent").
+			Optional().
+			Comment("User agent of the client"),
 		field.JSON("metadata", map[string]interface{}{}).
 			Optional().
 			Comment("Additional metadata as JSON"),
@@ -41,9 +50,10 @@ func (AuditLog) Fields() []ent.Field {
 // Indexes of the AuditLog.
 func (AuditLog) Indexes() []ent.Index {
 	return []ent.Index{
-		index.Fields("actor_id"),
-		index.Fields("target_id"),
+		index.Fields("user_id"),
+		index.Fields("resource_id"),
 		index.Fields("timestamp"),
 		index.Fields("action"),
+		index.Fields("resource"),
 	}
 }

internal/ent/schema/refresh_token.go

@@ -0,0 +1,44 @@
+package schema
+
+import (
+	"time"
+
+	"entgo.io/ent"
+	"entgo.io/ent/schema/field"
+	"entgo.io/ent/schema/index"
+)
+
+// RefreshToken holds the schema definition for the RefreshToken entity.
+type RefreshToken struct {
+	ent.Schema
+}
+
+// Fields of the RefreshToken.
+func (RefreshToken) Fields() []ent.Field {
+	return []ent.Field{
+		field.String("id").
+			Unique().
+			Immutable(),
+		field.String("user_id").
+			NotEmpty().
+			Comment("ID of the user who owns this refresh token"),
+		field.String("token_hash").
+			NotEmpty().
+			Sensitive().
+			Comment("SHA256 hash of the refresh token"),
+		field.Time("expires_at").
+			Comment("When the refresh token expires"),
+		field.Time("created_at").
+			Default(time.Now).
+			Immutable(),
+	}
+}
+
+// Indexes of the RefreshToken.
+func (RefreshToken) Indexes() []ent.Index {
+	return []ent.Index{
+		index.Fields("user_id"),
+		index.Fields("token_hash"),
+		index.Fields("expires_at"),
+	}
+}

internal/ent/schema/user.go

@@ -22,10 +22,24 @@ func (User) Fields() []ent.Field {
 		field.String("email").
 			Unique().
 			NotEmpty(),
+		field.String("username").
+			Optional(),
+		field.String("first_name").
+			Optional(),
+		field.String("last_name").
+			Optional(),
 		field.String("password_hash").
 			NotEmpty(),
 		field.Bool("verified").
 			Default(false),
+		field.String("email_verification_token").
+			Optional().
+			Sensitive(),
+		field.String("password_reset_token").
+			Optional().
+			Sensitive(),
+		field.Time("password_reset_expires_at").
+			Optional(),
 		field.Time("created_at").
 			Default(time.Now).
 			Immutable(),