- Add bounds checking for Limit and Offset conversions in audit_client.go
- Add bounds checking for t, m, and p conversions in password.go
- Add nolint comments with explanations for safe conversions
- Add VerifyPassword RPC to Identity Service
- Added to proto file and generated code
- Implemented in Identity Service gRPC server
- Added to Identity Service client interface and gRPC client
- Complete RefreshToken implementation
- Store refresh tokens in database using RefreshToken entity
- Validate refresh tokens with expiration checking
- Revoke refresh tokens on logout and token rotation
- Integrate Authz Service for role retrieval
- Added AuthzServiceClient to Auth Service
- Get user roles during login and token refresh
- Gracefully handle Authz Service failures
- Require JWT secret in configuration
- Removed default secret fallback
- Service fails to start if JWT secret is not configured
- Fix Consul health checks for Docker
- Services now register with Docker service names (e.g., audit-service)
- Allows Consul (in Docker) to reach services via Docker DNS
- Health checks use gRPC service names instead of localhost
This completes all TODOs in auth_service_fx.go and fixes the Consul
health check failures in Docker environments.
- Add gRPC health check support to Consul registry
- Services are gRPC-only, not HTTP
- Consul was trying HTTP health checks which failed
- Now uses gRPC health checks via grpc.health.v1.Health service
- Update HealthCheckConfig to support both HTTP and gRPC
- Add GRPC field for gRPC service name
- Add UseGRPC flag to choose health check type
- Default to gRPC for services (use_grpc: true in config)
- Fix service address registration in Docker
- Services now register with Docker service name (e.g., auth-service)
- Allows Consul to reach services via Docker network DNS
- Falls back to localhost for local development
- Update default.yaml to enable gRPC health checks
- Set use_grpc: true
- Set grpc: grpc.health.v1.Health
This fixes services being deregistered from Consul due to failed
HTTP health checks. Services will now pass gRPC health checks.
- Add SetEnvKeyReplacer to convert underscores to dots
- Explicitly bind DATABASE_DSN, REGISTRY_CONSUL_ADDRESS, REGISTRY_TYPE
- Fixes database connection issues in Docker where services couldn't
read DATABASE_DSN environment variable
- Services in Docker can now connect to postgres:5432 instead of localhost
- Implement Audit Service (2.5)
- gRPC server with Record and Query operations
- Database persistence with audit schema
- Service registry integration
- Entry point: cmd/audit-service
- Implement Identity Service (2.2)
- User CRUD operations
- Password hashing with argon2id
- Email verification and password reset flows
- Entry point: cmd/identity-service
- Fix package naming conflicts in user_service.go
- Implement Auth Service (2.1)
- JWT token generation and validation
- Login, RefreshToken, ValidateToken, Logout RPCs
- Integration with Identity Service
- Entry point: cmd/auth-service
- Note: RefreshToken entity needs Ent generation
- Implement Authz Service (2.3, 2.4)
- Permission checking and authorization
- User roles and permissions retrieval
- RBAC-based authorization
- Entry point: cmd/authz-service
- Implement gRPC clients for all services
- Auth, Identity, Authz, and Audit clients
- Service discovery integration
- Full gRPC communication
- Add service configurations to config/default.yaml
- Create SUMMARY.md with implementation details and testing instructions
- Fix compilation errors in Identity Service (password package conflicts)
- All services build successfully and tests pass
- Fix errcheck: explicitly ignore tx.Rollback() error in defer
- When transaction commits successfully, Rollback() returns an error (expected)
- Use defer func() with explicit error assignment to satisfy linter
- Remove unused connectToService function
- Function is not currently used (proto files not yet generated)
- Commented out with TODO for future implementation
- Prevents unused function lint error
Refactor core kernel and infrastructure to support true microservices
architecture where services are independently deployable.
Phase 1: Core Kernel Cleanup
- Remove database provider from CoreModule (services create their own)
- Update ProvideHealthRegistry to not depend on database
- Add schema support to database client (NewClientWithSchema)
- Update main entry point to remove database dependency
- Core kernel now provides only: config, logger, error bus, health, metrics, tracer, service registry
Phase 2: Service Registry Implementation
- Create ServiceRegistry interface (pkg/registry/registry.go)
- Implement Consul registry (internal/registry/consul/consul.go)
- Add Consul dependency (github.com/hashicorp/consul/api)
- Add registry configuration to config/default.yaml
- Add ProvideServiceRegistry() to DI container
Phase 3: Service Client Interfaces
- Create service client interfaces:
- pkg/services/auth.go - AuthServiceClient
- pkg/services/identity.go - IdentityServiceClient
- pkg/services/authz.go - AuthzServiceClient
- pkg/services/audit.go - AuditServiceClient
- Create ServiceClientFactory (internal/client/factory.go)
- Create stub gRPC client implementations (internal/client/grpc/)
- Add ProvideServiceClientFactory() to DI container
Phase 4: gRPC Service Definitions
- Create proto files for all core services:
- api/proto/auth.proto
- api/proto/identity.proto
- api/proto/authz.proto
- api/proto/audit.proto
- Add generate-proto target to Makefile
Phase 5: API Gateway Implementation
- Create API Gateway service entry point (cmd/api-gateway/main.go)
- Create Gateway implementation (services/gateway/gateway.go)
- Add gateway configuration to config/default.yaml
- Gateway registers with Consul and routes requests to backend services
All code compiles successfully. Core services (Auth, Identity, Authz, Audit)
will be implemented in Epic 2 using these foundations.
The Gin framework uses a global mode setting (gin.SetMode()) which is not
thread-safe when tests run in parallel. Removing t.Parallel() from metrics
tests that use gin.SetMode() prevents data races when running tests with
the race detector enabled.
All tests now pass with 'make test' which includes -race flag.
- Use typed context key instead of string in errorbus test to avoid collisions
- Remove unused imports (health.HealthChecker, trace.TracerProvider) from test files
- Simplify interface verification checks (removed unnecessary type assertions)
All linting errors resolved. make lint now passes.
The mockLogger's errors slice was being accessed concurrently from
multiple goroutines (the error bus consumer and the test goroutine),
causing race conditions when running tests with the race detector.
Added sync.Mutex to protect the errors slice and proper locking when
accessing it in test assertions.
The Gin framework uses a global mode setting (gin.SetMode()) which is not
thread-safe when tests run in parallel. Removing t.Parallel() from all
server tests that use gin.SetMode() prevents data races when running
tests with the race detector enabled.
All tests now pass with 'make test' which includes -race flag.
Story 1.2: Database Layer
- Test database client creation, connection, ping, and close
- Test connection pooling configuration
- Tests skip if database is not available (short mode)
Story 1.3: Health Monitoring and Metrics
- Test health registry registration and checking
- Test database health checker
- Test liveness and readiness checks
- Test metrics creation, middleware, and handler
- Test Prometheus metrics endpoint
Story 1.4: Error Handling and Error Bus
- Test channel-based error bus creation
- Test error publishing with context
- Test nil error handling
- Test channel full scenario
- Test graceful shutdown
- Fix Close() method to handle multiple calls safely
Story 1.5: HTTP Server and Middleware
- Test server creation with all middleware
- Test request ID middleware
- Test logging middleware
- Test panic recovery middleware
- Test CORS middleware
- Test timeout middleware
- Test health and metrics endpoints
- Test server shutdown
Story 1.6: OpenTelemetry Tracing
- Test tracer initialization (enabled/disabled)
- Test development and production modes
- Test OTLP exporter configuration
- Test graceful shutdown
- Test no-op tracer provider
All tests follow Go testing best practices:
- Table-driven tests where appropriate
- Parallel execution
- Proper mocking of interfaces
- Skip tests requiring external dependencies in short mode
- Fix error return value checks (errcheck)
- Fix unused parameters by using underscore prefix
- Add missing package comments to all packages
- Fix context key type issue in middleware (use typed contextKey)
- Replace deprecated trace.NewNoopTracerProvider with noop.NewTracerProvider
- Fix embedded field selector in database client
- Remove trailing whitespace
- Remove revive linter (as requested) to avoid stuttering warnings for public API interfaces
All linting and formatting checks now pass.
- Add fx.Invoke in main.go to force database and HTTP server creation
- This ensures all providers execute and their lifecycle hooks are registered
- Clean up debug logging statements
- Database migrations and HTTP server now start correctly on application startup
Fixes issue where database migrations and HTTP server were not starting
because FX providers were not being executed (lazy evaluation).
- Added logging when HTTP server OnStart hook is called
- Added error logging for database migration failures
- This will help identify if hooks are being called and where failures occur
- Added better error detection for HTTP server startup
- Added connectivity check to verify server is actually listening
- Increased wait time to 500ms for better error detection
- Added warning log if server connectivity check fails (may still be starting)
- Improved logging messages for server startup
This should help diagnose why the HTTP server isn't starting and provide better visibility into the startup process.
Fixes:
- Added database connection logging with masked DSN
- Added migration progress logging
- Added HTTP server startup logging with address
- Fixed database provider to accept logger parameter
- Improved error visibility throughout initialization
Documentation:
- Moved Story 1.7 (Service Client Interfaces) to Epic 2 as Story 2.7
- Updated Epic 1 and Epic 2 READMEs
- Updated COMPLETE_TASK_LIST.md
- Updated story metadata (ID, Epic, Dependencies)
These changes will help diagnose startup issues and provide better visibility into what the application is doing.
Story 1.6: OpenTelemetry Distributed Tracing
- Implemented tracer initialization with stdout (dev) and OTLP (prod) exporters
- Added HTTP request instrumentation via Gin middleware
- Integrated trace ID correlation in structured logs
- Added tracing configuration to config files
- Registered tracer provider in DI container
Documentation and Setup:
- Created Docker Compose setup for PostgreSQL database
- Added comprehensive Epic 1 summary with verification instructions
- Added Epic 0 summary with verification instructions
- Linked summaries in documentation index and epic READMEs
- Included detailed database testing instructions
- Added Docker Compose commands and troubleshooting guide
All Epic 1 stories (1.1-1.6) are now complete. Story 1.7 depends on Epic 2.
Implemented Epic 1 core kernel and infrastructure stories:
Story 1.1: Enhanced DI Container
- Added providers for database, health, metrics, and error bus
- Extended CoreModule to include all core services
Story 1.2: Database Layer with Ent ORM
- Created Ent schema for User, Role, Permission, AuditLog entities
- Implemented many-to-many relationships (User-Role, Role-Permission)
- Created database client wrapper with connection pooling
- Added database provider to DI container with migration support
Story 1.3: Health Monitoring and Metrics System
- Implemented health check registry and interface
- Added database health checker
- Created Prometheus metrics system with HTTP instrumentation
- Added health and metrics providers to DI container
Story 1.4: Error Handling and Error Bus
- Implemented channel-based error bus
- Created ErrorPublisher interface
- Added error bus provider with lifecycle management
Story 1.5: HTTP Server Foundation
- Created HTTP server with Gin framework
- Implemented comprehensive middleware stack:
- Request ID generation
- Structured logging
- Panic recovery with error bus integration
- Prometheus metrics collection
- CORS support
- Registered core routes: /healthz, /ready, /metrics
- Integrated with FX lifecycle for graceful shutdown
All components are integrated via DI container and ready for use.
- Remove t.Parallel() from tests that use gin.SetMode()
- gin.SetMode() modifies global state and is not thread-safe
- Tests affected:
* TestRequestIDMiddleware_GenerateNewID
* TestRequestIDMiddleware_UseExistingID
* TestLoggingMiddleware
* TestLoggingMiddleware_WithRequestID
* TestRequestIDMiddleware_MultipleRequests
- Add comments explaining why these tests cannot run in parallel
- All tests now pass with race detector enabled (-race flag)
This fixes data race warnings that were occurring when running tests
with the race detector, specifically when multiple tests tried to set
Gin's mode concurrently.
- Add tests for internal/config package (90.9% coverage)
- Test all viperConfig getter methods
- Test LoadConfig with default and environment-specific configs
- Test error handling for missing config files
- Add tests for internal/di package (88.1% coverage)
- Test Container lifecycle (NewContainer, Start, Stop)
- Test providers (ProvideConfig, ProvideLogger, CoreModule)
- Test lifecycle hooks registration
- Include mock implementations for testing
- Add tests for internal/logger package (96.5% coverage)
- Test zapLogger with JSON and console formats
- Test all logging levels and methods
- Test middleware (RequestIDMiddleware, LoggingMiddleware)
- Test context helper functions
- Include benchmark tests
- Update CI workflow to skip tests when no test files exist
- Add conditional test execution based on test file presence
- Add timeout for test execution
- Verify build when no tests are present
All tests follow Go best practices with table-driven patterns,
parallel execution where safe, and comprehensive coverage.
Implemented all 5 stories from Epic 0:
Story 0.1: Project Initialization
- Initialize Go module with path git.dcentral.systems/toolz/goplt
- Create complete directory structure (cmd/, internal/, pkg/, modules/, config/, etc.)
- Add comprehensive .gitignore for Go projects
- Create README.md with project overview and setup instructions
Story 0.2: Configuration Management System
- Define ConfigProvider interface in pkg/config
- Implement Viper-based configuration in internal/config
- Create configuration loader with environment support
- Add default, development, and production YAML config files
Story 0.3: Structured Logging System
- Define Logger interface in pkg/logger
- Implement Zap-based logger in internal/logger
- Add request ID middleware for Gin
- Create global logger export with convenience functions
- Support context-aware logging with request/user ID extraction
Story 0.4: CI/CD Pipeline
- Create GitHub Actions workflow for CI (test, lint, build, fmt)
- Add comprehensive Makefile with development commands
- Configure golangci-lint with reasonable defaults
Story 0.5: Dependency Injection and Bootstrap
- Create FX-based DI container in internal/di
- Implement provider functions for Config and Logger
- Create application entry point in cmd/platform/main.go
- Add lifecycle management with graceful shutdown
All acceptance criteria met:
- go build ./cmd/platform succeeds
- go test ./... runs successfully
- go mod verify passes
- Config loads from config/default.yaml
- Logger can be injected and used
- Application starts and shuts down gracefully
