Production-ready authentication infrastructure for DevGrid.
This service provides secure GitHub OAuth authentication infrastructure. It is not the DevGrid product—it exists solely to support secure GitHub OAuth authentication for the DevGrid Extension.
Phase: Phase 4A - OAuth Infrastructure (Foundational)
Current Implementation: Service skeleton with configuration management and health monitoring.
src/
├── main.ts # Application entry point
├── config/ # Configuration management
│ └── index.ts # Environment validation and loading
├── routes/ # API endpoints
│ ├── index.ts # Route exports
│ └── health.ts # Health check endpoint
├── services/ # Service implementations (future)
│ ├── index.ts
│ ├── auth/ # Authentication service
│ ├── oauth/ # GitHub OAuth integration
│ └── session/ # Session management
├── middleware/ # Express middleware (future)
├── domain/ # Domain models and types (future)
└── utils/ # Utility functions (future)
- Node.js >= 18.0.0
- npm or yarn
npm installCopy .env.example to .env and populate required variables:
cp .env.example .envRequired environment variables:
NODE_ENV- Deployment environment (development, staging, production)PORT- Service port (default: 3000)GITHUB_CLIENT_ID- GitHub OAuth application client IDGITHUB_CLIENT_SECRET- GitHub OAuth application client secretAUTH_SERVICE_URL- Service URL for OAuth callbacksFRONTEND_URL- Frontend URL for CORSSESSION_SECRET- Secret for session management
npm run devStarts the development server with hot reload.
npm run buildCompiles TypeScript to JavaScript in dist/ directory.
npm run start:prodStarts the compiled service.
GET /api/v1/health
Returns service health status. No authentication required.
Response:
{
"success": true,
"service": "devgrid-auth",
"status": "healthy"
}- No secrets committed to source control
- All secrets managed through environment variables
- HTTPS enforced for all communication
- No placeholder authentication logic
- Configuration validation on startup
See docs/SECURITY_MODEL.md for detailed security architecture.
This service is deployable to Render and other standard Node.js hosting platforms.
npm install
npm run buildnpm run start:prodSee docs/DEPLOYMENT.md for detailed deployment instructions.
docs/AUTH_FLOW.md- Complete authentication flow documentationdocs/API_CONTRACT.md- API endpoint contractdocs/SECURITY_MODEL.md- Security model and threat analysisdocs/DEPLOYMENT.md- Deployment architectureinstruction.md- Service constitution and governancev2-planning.md- Development roadmap
Phase 4A implements:
- Service foundation and configuration management
- Environment validation
- Health monitoring endpoint
- Deployment readiness
Explicitly Not Implemented (Phase 4B):
- OAuth login flow
- OAuth callback handling
- OAuth token exchange
- GitHub API communication
- Session management
- Database integration
This service adheres to the approved architecture defined in instruction.md. No alternative architectures are permitted without explicit approval.
- Authentication Only - Every feature must directly support authentication
- No Product Logic - Product logic belongs in devgrid-extension
- No GitHub Proxy - The service never proxies repository operations
- Secret Ownership - All authentication secrets remain in this service
- Infrastructure Minimalism - Keep the service as small as possible
- Security Before Convenience - When conflicts arise, security wins
- Independent Deployability - No source-code dependencies on devgrid-extension
MIT
For issues related to the authentication service, refer to the documentation files in docs/ directory.