Operator Frame

Global navigation, page frame, and live control-plane status.

The shell is intentionally persistent: left-side navigation, a shared header, and durable status surfaces remain stable while future workflow views swap in.

Lane

Done

Domain

bootstrap

State

done

Work Item

Typed detail boundary

Control-plane detail payloads expose explicit context, lane, approvals, execution state, and action metadata.

Snapshot 2026-03-27T08:11:52.423Z

Done Work Item

Auth provider interface + local provider + session service — adapter-led auth foundation per spec

Implement the auth foundation as specified in docs/system/auth_identity_implementation_spec.md. Create: /auth/providers/auth_provider.interface.ts (AuthProvider interface with login, handleCallback, refresh, logout), /auth/providers/local.provider.ts (username+password login against hashed credentials in DB using BF-213 users table), /auth/services/auth.service.ts (provider orchestration, identity resolution, IdentityLink lookup+creation), /auth/services/session.service.ts (session creation, validation, expiry, secure HTTP-only cookie strategy), /auth/config/auth.config.ts (no hardcoding — config-driven provider list). Use bcrypt for password hashing. Return a typed AuthResult on success. Session must include user_id, roles, actor_type, expires_at. Prerequisite for BF-217 (middleware) and BF-219 (persistence repos).

bootstrapstate: done

Execution Context

ID
wi-BF-215
Branch
bf/BF-215-auth-provider-interface-local-session
Validation
./scripts/validate-local.ps1
PR
https://github.com/SingletonTheory/build-factory-bootstrap/pull/265

Lifecycle Metadata

Lane
Done
Work type
feature
Source
done
Status
done
State
done
Done criteria
8

Queue Truth

Freshness: Fresh (snapshot age 0s)

Drift: none.

Reconciliation Guidance

  • No reconciliation required; item truth signals are consistent.

Prompt Context

./work-items/prompts/wi-BF-215.prompt.md

Implement the auth foundation as specified in docs/system/auth_identity_implementation_spec.md. Create: /auth/providers/auth_provider.interface.ts (AuthProvider interface with login, handleCallback, refresh, logout), /auth/providers/local.provider.ts (username+password login against hashed credentials in DB using BF-213 users table), /auth/services/auth.service.ts (provider orchestration, identity resolution, IdentityLink lookup+creation), /auth/services/session.service.ts (session creation, validation, expiry, secure HTTP-only cookie strategy), /auth/config/auth.config.ts (no hardcoding — config-driven provider list). Use bcrypt for password hashing. Return a typed AuthResult on success. Session must include user_id, roles, actor_type, expires_at. Prerequisite for BF-217 (middleware) and BF-219 (persistence repos).

Available Actions

  • Start executionBlocked

    Queue execution handoff for this work item.

    Recovery guidance

    Cause
    Done items stay closed; Start execution cannot move them backward.
    Policy context
    Lane transition policy blocks Start execution when the item is already Done.
    Next step
    Create a net-new work item if more delivery is needed instead of reopening this one.
    Safe retry
    Do not retry Start execution on a done item.

    identity: start-execution

    permission: factory.work-item.execute

    policy gate lane-transition: blocked (Done items stay closed; Start execution cannot move them backward.)

    POST /api/control-plane/items/wi-BF-215/actions/start-execution

  • Request reviewBlocked

    Mark this item ready for review lane handoff.

    Recovery guidance

    Cause
    Done items stay closed; Request review cannot move them backward.
    Policy context
    Lane transition policy blocks Request review when the item is already Done.
    Next step
    Create a net-new work item if more delivery is needed instead of reopening this one.
    Safe retry
    Do not retry Request review on a done item.

    identity: request-review

    permission: factory.work-item.request-review

    policy gate lane-transition: blocked (Done items stay closed; Request review cannot move them backward.)

    POST /api/control-plane/items/wi-BF-215/actions/request-review

  • Prepare releaseEnabled

    Run release-preparation checks for the work item.

    identity: prepare-release

    permission: factory.work-item.prepare-release

    policy gate lane-eligibility: pass

    policy gate pull-request: pass

    POST /api/control-plane/items/wi-BF-215/actions/prepare-release

  • Record historyEnabled

    Capture history snapshots for audit and validation views.

    identity: record-history

    permission: factory.work-item.record-history

    policy gate context-visibility: pass

    POST /api/control-plane/items/wi-BF-215/actions/record-history