feat(broker): OAuth-refresh auth type for upstream credentials

[mvanhorn]

Summary

Adds a new oauth auth type alongside the existing bearer, basic, api-key, custom, and passthrough. The stored credential is an OAuth2 refresh token; the broker exchanges it for an access token at request time, caches the access token until just before expiry, and injects it as a bearer Authorization. Three catalog templates ship: github-oauth, google-oauth, microsoft-oauth.

Fixes #149.

Type of change

• Bug fix
• New feature
• Refactor / cleanup
• Documentation
• CI / build

Test plan

• Existing tests pass (make test)
• Added/updated tests for new behavior
• Manual testing (describe below)

New tests:

• internal/broker/broker_test.go covers oauth validation: required fields, https-only token endpoint, UPPER_SNAKE_CASE credential keys, rejection of unexpected fields on oauth, and rejection of oauth fields on other auth types
• internal/brokercore/oauth_test.go covers the access-token cache: fresh fetch, cache hit, cache expiry (TTL = expires_in minus 60s), and non-200 responses mapping to ErrOAuthRefreshFailed
• internal/brokercore/credential_test.go covers the inject path end-to-end with an injected fake token source

Manual testing:

• Built and started the server locally with a fresh database
• Browsed the catalog with agent-vault catalog --json | jq '.[] | select(.auth_type=="oauth")' and verified the three new templates appear with correct token_endpoint values
• Confirmed vault service add --auth-type oauth ... rejects http:// endpoints, rejects lowercase credential keys, and accepts a valid configuration
• Confirmed vault service list round-trips the new fields (client_id, token_endpoint, scopes)

Security checklist

• No secrets or credentials in code
• No new unauthenticated endpoints
• Input validation on new API surfaces
• Checked for OWASP top 10 (injection, XSS, etc.)

Threat-model notes:

• Refresh tokens and client secrets are stored as ordinary vault credentials (AES-256-GCM at rest), referenced by key name in the service config. Values never leave the broker.
• Access tokens live in process memory only (sha256-keyed cache), not persisted
• Refresh-token and client-secret values are never logged: only the credential key names appear in request logs and slog output
• Token endpoint must be https:// with a non-empty host (validated at config time)
• Credential key names must be UPPER_SNAKE_CASE (existing convention, enforced via validateCredentialKey)
• On token-endpoint rejection (400/401/403), the broker returns 502 with a proposal_hint so the operator can replace the revoked credentials via the existing proposal flow
• No new dependencies added (golang.org/x/oauth2 was deliberately not pulled in; the refresh-token grant is one stdlib net/http POST)

AI was used for assistance.

[claude]

Claude Code Review

This pull request is from a fork — automated review is disabled. A repository maintainer can comment @claude review to run a one-time review.