Khala Phase 2: Agent auth middleware & admin API #127

New Issue

2026-04-25T04:33:41Z

tuanzi commented

2026-04-25 04:33:41 +00:00

Parent: #119

Objective

Bearer token auth for agents + admin routes for agent management.

Tasks

2.1 Auth Middleware

Create packages/khala/src/auth.ts:

Hono middleware: extract Bearer token, SHA-256 hash, lookup in agents table
Set agentId in context on success, 401 on failure

2.2 Admin Routes

Create packages/khala/src/routes/admin.ts:

POST /admin/agents — body { id, token } → hash token, insert. Protected by ADMIN_SECRET env var.
DELETE /admin/agents/:id — remove agent
GET /admin/agents — list agents (no tokens)

Wire into main app in src/index.ts.

References

Plan: docs/plans/2026-04-25-khala-mvp.md (Task 2.1, 2.2)

Parent: #119 ## Objective Bearer token auth for agents + admin routes for agent management. ## Tasks ### 2.1 Auth Middleware Create `packages/khala/src/auth.ts`: - Hono middleware: extract Bearer token, SHA-256 hash, lookup in `agents` table - Set `agentId` in context on success, 401 on failure ### 2.2 Admin Routes Create `packages/khala/src/routes/admin.ts`: - `POST /admin/agents` — body `{ id, token }` → hash token, insert. Protected by `ADMIN_SECRET` env var. - `DELETE /admin/agents/:id` — remove agent - `GET /admin/agents` — list agents (no tokens) Wire into main app in `src/index.ts`. ## References - Plan: `docs/plans/2026-04-25-khala-mvp.md` (Task 2.1, 2.2)

scottwei referenced this issue from a commit

2026-04-25 04:44:28 +00:00

feat(khala): complete MVP — CF Worker with D1, DO, auth, task queue, moderator

scottwei closed this issue

2026-04-25 04:44:28 +00:00

This repo is archived. You cannot comment on issues.

Branches Tags

main

chore/325-workflow-cleanup

refactor/320-extract-workflow-package

refactor/318-sense-shell-only

refactor/316-followup

feat/315-shell-trigger

feat/agent-inject-claude

fix/313-state-persistence-hardening

refactor/308-stateful-sense

docs/285-workflow-naming-convention

feat/agent-inject-cursor

chore/dead-code-cleanup

chore/rfc-006-cleanup

fix/298-update-hermes-skill

refactor/rfc-006-workflow-runtime

feat/agent-inject-phase3

feat/agent-inject-phase2

refactor/rfc-006-worker-runtime

refactor/287-align-prompts-knowledge

feat/agent-inject-phase1

refactor/277-llm-adapter-four-tuple

refactor/274-single-package-workspace

refactor/core-file-consolidation

refactor/rfc-005-phase-1

chore/knowledge-cards

refactor/pure-sense-compute

feat/sense-contract

feat/workflow-meta-package

feat/role-reviewer-package

feat/rfc004-role-committer

docs/rfc-004-package-architecture

feat/254-with-dry-run

fix/136-reflex-null-on

fix/134-hot-reload-in-flight

feat/130-dryrun-defaults

fix/123-llmextract-dryrun-defaults

feat/121-workflow-exit-codes

refactor/111-split-types-generify-sense-result

refactor/110-moderator-context-restructure

refactor/109-role-step

refactor/113-logentry-timestamp

refactor/108-remove-null-unify-ts

feat/106-workspace-biome

feat/104-dryrun-utils

feat/101-dry-run

refactor/100-extract-start-signal

feat/97-workflow-utils

docs/95-update-readme-to-match-code

refactor/93-shared-ipc-types

chore/add-pre-push-hook

fix/test-failures-after-type-safety-refactor

refactor/type-safety

refactor/split-kernel

refactor/extract-nerve-store

fix/pr81-review-followups

refactor/workflow-type-safety

feat/workflow-thread-77

chore/cursor-rules-from-conventions

fix/trigger-payload-string-support

docs/readme-update

feat/init-from-git

build/tsup-to-rslib

refactor/drizzle-v1-node-sqlite

fix/walkthrough-cleanup

refactor/node-sqlite

refactor/sql-js-migration

refactor/static-imports

feat/sense-query

fix/dev-worker-crash

refactor/daemon-subcommand

fix/review-issues-46-49

feat/blob-store

fix/init-sqlite-retry

refactor/decouple-daemon-from-cli

feat/log-archive

feat/nerve-logs

fix/phase4-followup

feat/workflow-engine-phase4

feat/workflow-engine-phase3

fix/init-runtime-bugs

feat/workflow-engine-phase2

feat/workflow-engine-phase1

rfc-002-workflow

feat/phase-7-logging

feat/phase-6-hot-reload

feat/phase-5-cli-workspace

feat/phase-4-process-manager

feat/signal-bus-reflex

feat/sense-runtime

feat/phase-1-core-types

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: uncaged/nerve#127