Multi-user auth via gnexus-auth OAuth + hybrid role/permission model

Fork: 0

root / navi-1

Browse code Multi-user auth via gnexus-auth OAuth + hybrid role/permission model - Integrate gnexus-auth-client-py (GAuthClient) for OAuth flow, token refresh, and webhook parsing - Add navi/auth/ package: User model, Fernet encryptor, client singleton, deps (get_current_user, require_admin, require_permission) - New tables: navi_users, user_auth_sessions (auto-created on startup) - Session/memory isolation by user_id with legacy NULL support - Cookie-based auth proxy: /auth/login, /callback, /logout, /me - Webhook receiver /webhooks/gnexus-auth handling user events, global logout, session revocation, role/permission changes - Admin endpoints (/admin/*) gated by role + permissions - Webclient auth store with isAdmin/hasPermission guards - Admin-only profile filtering in /agents/profiles - 200/200 tests passing Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> feature/navi-code master vmkdemo
1 parent d28e6a5 commit 3014ba6f3d43c77ff753b97d8cd528fd8bfbb16c Eugene Sukhodolskiy authored on 3 May

Browse code

- Integrate gnexus-auth-client-py (GAuthClient) for OAuth flow, token refresh,
  and webhook parsing
- Add navi/auth/ package: User model, Fernet encryptor, client singleton,
  deps (get_current_user, require_admin, require_permission)
- New tables: navi_users, user_auth_sessions (auto-created on startup)
- Session/memory isolation by user_id with legacy NULL support
- Cookie-based auth proxy: /auth/login, /callback, /logout, /me
- Webhook receiver /webhooks/gnexus-auth handling user events, global logout,
  session revocation, role/permission changes
- Admin endpoints (/admin/*) gated by role + permissions
- Webclient auth store with isAdmin/hasPermission guards
- Admin-only profile filtering in /agents/profiles
- 200/200 tests passing

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feature/navi-code master vmkdemo

1 parent d28e6a5 commit 3014ba6f3d43c77ff753b97d8cd528fd8bfbb16c

Eugene Sukhodolskiy authored on 3 May

Patch

Unified Split

Showing 37 changed files

Ignore Space Show notes View navi/api/deps.py

Ignore Space Show notes View navi/api/routes/admin.py 0 → 100644

Ignore Space Show notes View navi/api/routes/agents.py

Ignore Space Show notes View navi/api/routes/auth.py 0 → 100644

Ignore Space Show notes View navi/api/routes/messages.py

Ignore Space Show notes View navi/api/routes/sessions.py

Ignore Space Show notes View navi/api/routes/webhooks.py 0 → 100644

Ignore Space Show notes View navi/api/websocket.py

Ignore Space Show notes View navi/auth/__init__.py 0 → 100644

Ignore Space Show notes View navi/auth/_ddl.py 0 → 100644

Ignore Space Show notes View navi/auth/client.py 0 → 100644

Ignore Space Show notes View navi/auth/deps.py 0 → 100644

Ignore Space Show notes View navi/auth/encrypt.py 0 → 100644

Ignore Space Show notes View navi/config.py

Ignore Space Show notes View navi/core/agent.py

Ignore Space Show notes View navi/core/context_builder.py

Ignore Space Show notes View navi/core/pg_session_store.py

Ignore Space Show notes View navi/core/session.py

Ignore Space Show notes View navi/main.py

Ignore Space Show notes View navi/memory/_ddl.py

Ignore Space Show notes View navi/memory/_facts.py

Ignore Space Show notes View navi/memory/_summary.py

Ignore Space Show notes View navi/memory/extractor.py

Ignore Space Show notes View navi/profiles/base.py

Ignore Space Show notes View tests/integration/conftest.py

Ignore Space Show notes View tests/unit/api/test_session_files.py

Ignore Space Show notes View tests/unit/memory/test_extractor.py

Ignore Space Show notes View tests/unit/test_startup.py

Ignore Space Show notes View webclient/dist/assets/index-BAFK9TX3.css 0 → 100644

Show notes View webclient/dist/assets/index-C1CG_FUm.js 100644 → 0
Not supported

Ignore Space Show notes View webclient/dist/assets/index-DA27t1M9.js 0 → 100644
Not supported

Show notes View webclient/dist/assets/index-DjmTz8GY.css 100644 → 0

Ignore Space Show notes View webclient/dist/index.html

Ignore Space Show notes View webclient/src/App.vue

Ignore Space Show notes View webclient/src/api/index.js

Ignore Space Show notes View webclient/src/components/sidebar/AppSidebar.vue

Ignore Space Show notes View webclient/src/stores/auth.js 0 → 100644

Show line notes below