Conversation
geoffjay
added
the
review-agent
Owner
Author
This was referenced Apr 9, 2026
6 tasks
…oint Adds TenantContext extractor (session + active org required, 403 if no active org) and PUT /users/me/active-organization endpoint with membership validation. Also adds api/users.rs module with 4 endpoint tests.
Adds `agent auth register/login/logout/status` and `agent org list/create/switch` commands communicating with the agentd-core service (port 17007). Session token stored at ~/.config/agentd/session with 0600 permissions. Adds `dirs` dependency for cross-platform config path resolution. Registers core service in status check.
Adds GET/PUT /api/v1/users/me, PUT /api/v1/users/me/password, GET /api/v1/users/me/organizations, and full CRUD for organizations with member management (add, remove, list). Enforces owner-only mutations, last-owner protection, and clears active_organization_id on org deletion. Adds update_email, update_password, and clear_active_organization_for_org to UserStorage. 21 new endpoint tests covering auth and authorization checks.
Implements HTTP reverse proxy in crates/core that forwards /api/v1/{service}/*
requests to downstream agentd services with X-Tenant-ID and X-Request-ID header
injection. Includes concurrent health aggregation at /api/v1/health.
This was referenced Apr 15, 2026
feat(core): add API gateway proxy for downstream service routing
feat(cli): add auth and org commands for core service
feat(core): add user and organization management API endpoints
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds multi-tenant request isolation infrastructure:
TenantContextextractor (middleware/tenant.rs) — resolves session → user → active org per-request; returns 401 for missing/expired sessions and 403 if no active organization is set. Designed to forwardorganization_idasX-Tenant-IDto downstream services.PUT /users/me/active-organization(api/users.rs) — validates the requesting user is a member of the target org (403 if not), then updatesactive_organization_id. Returns the updated user profile withoutpassword_hash.Closes #216