agentgit.auth package

Submodules

agentgit.auth.auth_service module

Authentication service for user registration, login, and session management.

Handles user registration, login, authentication operations, and LangGraph session management.

class agentgit.auth.auth_service.AuthService(user_repository=None)

Bases: object

Service for handling authentication operations.

Provides methods for user registration, login, and password management.

user_repository

Repository for user database operations.

Example

>>> auth = AuthService()
>>> success, user, msg = auth.register("alice", "password123")
>>> if success:
...     print(f"Registered user: {user.username}")
>>> success, user, msg = auth.login("alice", "password123")
>>> if success:
...     print(f"Logged in as: {user.username}")

add_user_session(user_id, session_id)

Add a new session for a user.

Parameters:

• user_id (int) – The ID of the user.

• session_id (int) – The external session ID to add.

Return type:

Tuple[bool, str]

Returns:

Tuple of (success, message).

change_password(user_id, current_password, new_password)

Change a user’s password.

Parameters:

• user_id (int) – The ID of the user changing their password.

• current_password (str) – The current password for verification.

• new_password (str) – The new password to set.

Return type:

Tuple[bool, str]

Returns:

Tuple of (success, message).

cleanup_user_sessions(user_id, active_session_ids)

Clean up inactive sessions for a user.

Parameters:

• user_id (int) – The ID of the user.

• active_session_ids (List[int]) – List of session IDs that are still active.

Return type:

Tuple[bool, str]

Returns:

Tuple of (success, message).

delete_user(admin_user_id, target_username)

Delete a user (admin only operation).

Parameters:

• admin_user_id (int) – The ID of the admin user performing the deletion.

• target_username (str) – The username of the user to delete.

Return type:

Tuple[bool, str]

Returns:

Tuple of (success, message).

Note

Only rootusr or admin users can delete other users. Admin users cannot delete themselves or other admins.

generate_api_key(user_id)

Generate a new API key for a user.

Parameters:

user_id (int) – The ID of the user.

Return type:

Tuple[bool, Optional[str], str]

Returns:

Tuple of (success, api_key, message).

get_user_sessions(user_id)

Get all active session IDs for a user.

Parameters:

user_id (int) – The ID of the user.

Return type:

List[int]

Returns:

List of active session IDs.

is_username_taken(username)

Check if a username already exists in the database.

Parameters:

username (str) – The username to check.

Return type:

bool

Returns:

True if username exists, False otherwise.

login(username, password)

Authenticate a user login.

Parameters:

• username (str) – The username to authenticate.

• password (str) – The password to verify.

Return type:

Tuple[bool, Optional[User], str]

Returns:

Tuple of (success, user_object, message).

Note

• Updates last_login timestamp on successful login

• Returns full user object for session management

login_with_api_key(api_key)

Authenticate using an API key.

Parameters:

api_key (str) – The API key to authenticate with.

Return type:

Tuple[bool, Optional[User], str]

Returns:

Tuple of (success, user_object, message).

register(username, password, confirm_password=None)

Register a new user.

Parameters:

• username (str) – The desired username.

• password (str) – The password for the account.

• confirm_password (Optional[str]) – Optional password confirmation.

Return type:

Tuple[bool, Optional[User], str]

Returns:

Tuple of (success, user_object, message).

Note

• Validates all input data before attempting registration

• Checks for username uniqueness

• Returns the created user object on success

remove_user_session(user_id, session_id)

Remove a session from a user’s active sessions.

Parameters:

• user_id (int) – The ID of the user.

• session_id (int) – The external session ID to remove.

Return type:

Tuple[bool, str]

Returns:

Tuple of (success, message).

reset_admin_password(current_password, new_password)

Reset the rootusr admin password.

Parameters:

• current_password (str) – The current rootusr password.

• new_password (str) – The new password to set.

Return type:

Tuple[bool, str]

Returns:

Tuple of (success, message).

Note

Special method for resetting the rootusr password as mentioned in the architecture document.

revoke_api_key(user_id)

Revoke a user’s API key.

Parameters:

user_id (int) – The ID of the user.

Return type:

Tuple[bool, str]

Returns:

Tuple of (success, message).

update_user_preferences(user_id, preferences)

Update user preferences for LangGraph agent configuration.

Parameters:

• user_id (int) – The ID of the user.

• preferences (Dict[str, Any]) – Dictionary of preferences to update.

Return type:

Tuple[bool, str]

Returns:

Tuple of (success, message).

verify_session_ownership(user_id, session_id)

Verify if a user owns a specific session.

Parameters:

• user_id (int) – The ID of the user.

• session_id (int) – The external session ID to check.

Return type:

bool

Returns:

True if user owns the session, False otherwise.

agentgit.auth.user module

User authentication and management module with LangGraph integration.

class agentgit.auth.user.User(id=None, username='', password_hash='', is_admin=False, created_at=None, last_login=None, active_sessions=<factory>, preferences=<factory>, api_key=None, session_limit=5, metadata=<factory>)

Bases: object

User model for authentication and authorization with session management.

This class represents a user in the Rollback Agent System with authentication capabilities, admin privileges support, and LangGraph session tracking.

id

Unique identifier for the user in the database.

username

Unique username for authentication.

password_hash

SHA256 hashed password for security.

is_admin

Flag indicating admin privileges (only rootusr by default).

created_at

Timestamp when the user was created.

last_login

Timestamp of the user’s last login.

active_sessions

List of active external session IDs for this user.

preferences

User-specific preferences for agent behavior.

api_key

Optional API key for programmatic access.

session_limit

Maximum number of concurrent sessions allowed.

metadata

Additional user metadata and settings.

Example

>>> user = User(username="john_doe")
>>> user.set_password("secure_password")
>>> user.verify_password("secure_password")
True
>>> user.to_dict()
{'id': None, 'username': 'john_doe', 'is_admin': False, ...}

active_sessions: List[int]

add_session(session_id)

Add a new active session for the user.

Parameters:

session_id (int) – External session ID to add.

Return type:

bool

Returns:

True if session was added, False if limit exceeded.

api_key: Optional[str] = None

created_at: Optional[datetime] = None

classmethod from_dict(data)

Create a User instance from a dictionary.

Parameters:

data (dict) – Dictionary containing user data.

Returns:

User instance populated with the provided data.

generate_api_key()

Generate a new API key for the user.

Return type:

str

Returns:

Generated API key string.

get_agent_config()

Get LangGraph agent configuration based on user preferences.

Return type:

Dict[str, Any]

Returns:

Dictionary of agent configuration options.

get_preference(key, default=None)

Get a user preference value.

Parameters:

• key (str) – Preference key.

• default (Any) – Default value if key not found.

Return type:

Any

Returns:

Preference value or default.

has_session(session_id)

Check if user owns a specific session.

Parameters:

session_id (int) – External session ID to check.

Return type:

bool

Returns:

True if user owns the session.

static hash_password(password)

Hash a password using SHA256.

Parameters:

password (str) – Plain text password to hash.

Return type:

str

Returns:

Hexadecimal string representation of the SHA256 hash.

id: Optional[int] = None

is_admin: bool = False

last_login: Optional[datetime] = None

metadata: Dict[str, Any]

password_hash: str = ''

preferences: Dict[str, Any]

remove_session(session_id)

Remove a session from active sessions.

Parameters:

session_id (int) – External session ID to remove.

session_limit: int = 5

set_password(password)

Set a new password for the user.

Parameters:

password (str) – New plain text password to set.

set_preference(key, value)

Set a user preference.

Parameters:

• key (str) – Preference key.

• value (Any) – Preference value.

to_dict()

Convert user object to dictionary.

Returns:

Dictionary representation of the user (excludes password_hash).

username: str = ''

verify_api_key(api_key)

Verify an API key against the stored key.

Parameters:

api_key (str) – API key to verify.

Return type:

bool

Returns:

True if key matches, False otherwise.

verify_password(password)

Verify a password against the stored hash.

Parameters:

password (str) – Plain text password to verify.

Return type:

bool

Returns:

True if password matches, False otherwise.

agentgit.auth.validators module

Validation rules for authentication and LangGraph configuration.

Provides reusable validation functions for user registration, authentication, and LangGraph agent configuration.

exception agentgit.auth.validators.ValidationError

Bases: Exception

Custom exception for validation failures.

agentgit.auth.validators.validate_admin_permission(requesting_user_is_admin)

Validate that a user has admin permissions for certain operations.

Parameters:

requesting_user_is_admin (bool) – Whether the requesting user is an admin.

Return type:

Tuple[bool, str]

Returns:

Tuple of (is_valid, error_message).

agentgit.auth.validators.validate_api_key_format(api_key)

Validate API key format.

Parameters:

api_key (str) – The API key to validate.

Return type:

Tuple[bool, str]

Returns:

Tuple of (is_valid, error_message).

Rules:

• Must start with ‘sk-’

• Must be at least 20 characters long

• Must contain only alphanumeric characters, hyphens, and underscores after prefix

agentgit.auth.validators.validate_password(password)

Validate password strength and requirements.

Parameters:

password (str) – The password to validate.

Return type:

Tuple[bool, str]

Returns:

Tuple of (is_valid, error_message).

Rules:

• Must be more than 4 characters

• Cannot contain spaces at the beginning or end

agentgit.auth.validators.validate_password_match(password, confirm_password)

Validate that two passwords match.

Parameters:

• password (str) – The original password.

• confirm_password (str) – The confirmation password.

Return type:

Tuple[bool, str]

Returns:

Tuple of (is_valid, error_message).

agentgit.auth.validators.validate_preferences(preferences)

Validate user preferences for LangGraph configuration.

Parameters:

preferences (Dict[str, Any]) – Dictionary of preferences to validate.

Return type:

Tuple[bool, str]

Returns:

Tuple of (is_valid, error_message).

agentgit.auth.validators.validate_registration_data(username, password, confirm_password=None)

Validate all registration data.

Parameters:

• username (str) – The username to register.

• password (str) – The password for the account.

• confirm_password (str) – Optional password confirmation.

Return type:

Tuple[bool, str]

Returns:

Tuple of (is_valid, error_message).

agentgit.auth.validators.validate_session_limit(session_limit)

Validate session limit for a user.

Parameters:

session_limit (int) – The session limit to validate.

Return type:

Tuple[bool, str]

Returns:

Tuple of (is_valid, error_message).

agentgit.auth.validators.validate_username(username)

Validate username format and requirements.

Parameters:

username (str) – The username to validate.

Return type:

Tuple[bool, str]

Returns:

Tuple of (is_valid, error_message).

Rules:

• Must be between 3 and 30 characters

• Can only contain letters, numbers, and underscores

• Must start with a letter

Module contents