- Add VerifyPassword RPC to Identity Service
- Added to proto file and generated code
- Implemented in Identity Service gRPC server
- Added to Identity Service client interface and gRPC client
- Complete RefreshToken implementation
- Store refresh tokens in database using RefreshToken entity
- Validate refresh tokens with expiration checking
- Revoke refresh tokens on logout and token rotation
- Integrate Authz Service for role retrieval
- Added AuthzServiceClient to Auth Service
- Get user roles during login and token refresh
- Gracefully handle Authz Service failures
- Require JWT secret in configuration
- Removed default secret fallback
- Service fails to start if JWT secret is not configured
- Fix Consul health checks for Docker
- Services now register with Docker service names (e.g., audit-service)
- Allows Consul (in Docker) to reach services via Docker DNS
- Health checks use gRPC service names instead of localhost
This completes all TODOs in auth_service_fx.go and fixes the Consul
health check failures in Docker environments.
- Add gRPC health check support to Consul registry
- Services are gRPC-only, not HTTP
- Consul was trying HTTP health checks which failed
- Now uses gRPC health checks via grpc.health.v1.Health service
- Update HealthCheckConfig to support both HTTP and gRPC
- Add GRPC field for gRPC service name
- Add UseGRPC flag to choose health check type
- Default to gRPC for services (use_grpc: true in config)
- Fix service address registration in Docker
- Services now register with Docker service name (e.g., auth-service)
- Allows Consul to reach services via Docker network DNS
- Falls back to localhost for local development
- Update default.yaml to enable gRPC health checks
- Set use_grpc: true
- Set grpc: grpc.health.v1.Health
This fixes services being deregistered from Consul due to failed
HTTP health checks. Services will now pass gRPC health checks.
- Add SetEnvKeyReplacer to convert underscores to dots
- Explicitly bind DATABASE_DSN, REGISTRY_CONSUL_ADDRESS, REGISTRY_TYPE
- Fixes database connection issues in Docker where services couldn't
read DATABASE_DSN environment variable
- Services in Docker can now connect to postgres:5432 instead of localhost
- Change from 'go run ./cmd/{service}/main.go' to 'go run ./cmd/{service}/*.go'
- go run with single file doesn't include other files in the package
- Service implementations are in separate _fx.go files
- Using wildcard includes all .go files in the package
- Update README.md and SUMMARY.md with correct commands
- Fixes 'undefined: provideXService' errors when running services
- Create Dockerfile for API Gateway
- Multi-stage build using golang:1.25-alpine
- Minimal runtime image using alpine:latest
- Exposes port 8080
- Add API Gateway service to docker-compose.yml
- Depends on Consul and all core services
- Environment variables for gateway configuration
- Port 8080 exposed
- Update SUMMARY.md
- Add API Gateway to service list
- Add API Gateway to Docker build instructions
- Update file structure to include API Gateway Dockerfile
- Change from fx.Provide to fx.Invoke for health registry registration
- CoreModule() already provides *health.Registry
- Services should register their database checkers with the existing registry
- Use fx.Invoke to register database health checkers instead of providing new registry
- Fixes duplicate provider error for *health.Registry
- All services now build and should start successfully
- Remove duplicate CoreModule() calls from all service main.go files
- NewContainer() already includes CoreModule() automatically
- This was causing duplicate ConfigProvider provider errors
- Update all _fx.go files to use *database.Client instead of *ent.Client
- database.Client embeds *ent.Client, so it can be used directly
- This fixes type mismatches between providers and consumers
- Keep ent import for constants like ent.Desc
- All services now build and should start successfully
- Add Core Services section highlighting Epic 2 completion
- Update directory structure to include all service entry points
- Add comprehensive Quick Start guide with:
- Prerequisites including NixOS support
- Installation steps with code generation
- Two deployment options (development vs full Docker)
- Service endpoints and ports
- Testing examples with grpcurl
- Update Architecture section with Core Services details
- Add Implementation Status section showing completed epics
- Update Configuration section with service-specific settings
- Add links to Epic 2 documentation
- Create Dockerfiles for all four services (auth, identity, authz, audit)
- Multi-stage builds using golang:1.25-alpine
- Minimal runtime images using alpine:latest
- Copy config files to runtime image
- Create docker-compose.dev.yml for development
- Only PostgreSQL and Consul
- Use when running services locally with 'go run'
- Update docker-compose.yml for full deployment
- All services + infrastructure
- Services build from Dockerfiles
- Health checks and dependencies configured
- Environment variables for service configuration
- Add .dockerignore to optimize build context
- Excludes docs, tests, IDE files, build artifacts
- Update SUMMARY.md
- Document both docker-compose files
- Add Docker deployment section
- Update file structure to include Dockerfiles
- Add Consul service to docker-compose.yml
- Running in dev mode on port 8500
- Health checks configured
- Persistent volume for data
- Web UI available at http://localhost:8500/ui
- Update SUMMARY.md
- Document Consul setup in docker-compose
- Add Consul verification steps
- Update prerequisites to include Docker Compose
- Add note about Consul Web UI
- Remove obsolete version field from docker-compose.yml
- Implement Audit Service (2.5)
- gRPC server with Record and Query operations
- Database persistence with audit schema
- Service registry integration
- Entry point: cmd/audit-service
- Implement Identity Service (2.2)
- User CRUD operations
- Password hashing with argon2id
- Email verification and password reset flows
- Entry point: cmd/identity-service
- Fix package naming conflicts in user_service.go
- Implement Auth Service (2.1)
- JWT token generation and validation
- Login, RefreshToken, ValidateToken, Logout RPCs
- Integration with Identity Service
- Entry point: cmd/auth-service
- Note: RefreshToken entity needs Ent generation
- Implement Authz Service (2.3, 2.4)
- Permission checking and authorization
- User roles and permissions retrieval
- RBAC-based authorization
- Entry point: cmd/authz-service
- Implement gRPC clients for all services
- Auth, Identity, Authz, and Audit clients
- Service discovery integration
- Full gRPC communication
- Add service configurations to config/default.yaml
- Create SUMMARY.md with implementation details and testing instructions
- Fix compilation errors in Identity Service (password package conflicts)
- All services build successfully and tests pass
- Fix errcheck: explicitly ignore tx.Rollback() error in defer
- When transaction commits successfully, Rollback() returns an error (expected)
- Use defer func() with explicit error assignment to satisfy linter
- Remove unused connectToService function
- Function is not currently used (proto files not yet generated)
- Commented out with TODO for future implementation
- Prevents unused function lint error
- Change version from number to string: version: "2"
- Remove deprecated exclude-use-default option
- Change exclude-rules to exclude (new format in v2.6)
- Remove deprecated output section (print-issued-lines, print-linter-name)
- Remove linters-settings (not allowed in v2.6 schema validation)
Fixes CI validation errors with golangci-lint v2.6.1:
- version type validation error
- exclude-use-default and exclude-rules not allowed
- output options not allowed
- linters-settings not allowed at root level
- Fix race condition in gateway tests by using TestMain to set Gin mode once
- Remove duplicate gin.SetMode(gin.TestMode) calls from individual tests
- Add TestMain function to initialize test environment before all tests
- Prevents race conditions when tests run in parallel with -race flag
- Update golangci-lint-action from v6 to v7
- v6 doesn't support golangci-lint v2.x versions
- v7 supports golangci-lint v2.x and automatically selects compatible version
- Change version from v2.6.0 to latest for automatic compatibility
All tests now pass with race detector enabled.
- Replace manual golangci-lint v2.1.6 installation (built with Go 1.24)
- Use official golangci/golangci-lint-action@v6 GitHub Action
- Set version to v2.6.0 which supports Go 1.25+
- Action automatically handles Go version compatibility
Fixes CI error: 'the Go language version (go1.24) used to build
golangci-lint is lower than the targeted Go version (1.25.3)'
- Add unit tests for gateway service (services/gateway/gateway_test.go)
- Test gateway creation, route setup, service discovery, and error handling
- Achieve 67.9% code coverage for gateway service
- Test all HTTP methods are properly handled
- Test route matching and 404 handling
- Add tests for API Gateway main entry point (cmd/api-gateway/main_test.go)
- Test DI container setup and structure
- Test service instance creation logic
- Test lifecycle hooks registration
- Add testify dependency for assertions (go.mod)
All tests pass successfully. Proxy forwarding tests are noted for integration
test suite as they require real HTTP connections (per ADR-0028 testing strategy).
- Create ADR-0034 documenting Go version upgrade to 1.25.3
- Mark ADR-0002 as superseded by ADR-0034
- Update CI workflow to use Go 1.25.3
- Update Makefile to build both platform and api-gateway binaries
- Update CI workflow to build and upload both binaries
- Update documentation (ADR README and mkdocs.yml) to include ADR-0034
Refactor core kernel and infrastructure to support true microservices
architecture where services are independently deployable.
Phase 1: Core Kernel Cleanup
- Remove database provider from CoreModule (services create their own)
- Update ProvideHealthRegistry to not depend on database
- Add schema support to database client (NewClientWithSchema)
- Update main entry point to remove database dependency
- Core kernel now provides only: config, logger, error bus, health, metrics, tracer, service registry
Phase 2: Service Registry Implementation
- Create ServiceRegistry interface (pkg/registry/registry.go)
- Implement Consul registry (internal/registry/consul/consul.go)
- Add Consul dependency (github.com/hashicorp/consul/api)
- Add registry configuration to config/default.yaml
- Add ProvideServiceRegistry() to DI container
Phase 3: Service Client Interfaces
- Create service client interfaces:
- pkg/services/auth.go - AuthServiceClient
- pkg/services/identity.go - IdentityServiceClient
- pkg/services/authz.go - AuthzServiceClient
- pkg/services/audit.go - AuditServiceClient
- Create ServiceClientFactory (internal/client/factory.go)
- Create stub gRPC client implementations (internal/client/grpc/)
- Add ProvideServiceClientFactory() to DI container
Phase 4: gRPC Service Definitions
- Create proto files for all core services:
- api/proto/auth.proto
- api/proto/identity.proto
- api/proto/authz.proto
- api/proto/audit.proto
- Add generate-proto target to Makefile
Phase 5: API Gateway Implementation
- Create API Gateway service entry point (cmd/api-gateway/main.go)
- Create Gateway implementation (services/gateway/gateway.go)
- Add gateway configuration to config/default.yaml
- Gateway registers with Consul and routes requests to backend services
All code compiles successfully. Core services (Auth, Identity, Authz, Audit)
will be implemented in Epic 2 using these foundations.
Transform all documentation from modular monolith to true microservices
architecture where core services are independently deployable.
Key Changes:
- Core Kernel: Infrastructure only (no business logic)
- Core Services: Auth, Identity, Authz, Audit as separate microservices
- Each service has own entry point (cmd/{service}/)
- Each service has own gRPC server and database schema
- Services register with Consul for service discovery
- API Gateway: Moved from Epic 8 to Epic 1 as core infrastructure
- Single entry point for all external traffic
- Handles routing, JWT validation, rate limiting, CORS
- Service Discovery: Consul as primary mechanism (ADR-0033)
- Database Pattern: Per-service connections with schema isolation
Documentation Updates:
- Updated all 9 architecture documents
- Updated 4 ADRs and created 2 new ADRs (API Gateway, Service Discovery)
- Rewrote Epic 1: Core Kernel & Infrastructure (infrastructure only)
- Rewrote Epic 2: Core Services (Auth, Identity, Authz, Audit as services)
- Updated Epic 3-8 stories for service architecture
- Updated plan.md, playbook.md, requirements.md, index.md
- Updated all epic READMEs and story files
New ADRs:
- ADR-0032: API Gateway Strategy
- ADR-0033: Service Discovery Implementation (Consul)
New Stories:
- Epic 1.7: Service Client Interfaces
- Epic 1.8: API Gateway Implementation
