Add auth extension examples

Covers basic auth, tool permissions, persona tiers, custom providers, and no-auth usage.

Author: jddunn

registry/curated/auth/examples/01-basic-auth.ts

@@ -0,0 +1,119 @@
+/**
+ * Example 1: Basic Authentication
+ * 
+ * This example shows how to use the auth extension with AgentOS for basic
+ * JWT authentication and subscription management.
+ */
+
+import { AgentOS } from '@framers/agentos';
+import { createAuthExtension } from '@framers/agentos-extensions/auth';
+
+async function main() {
+  console.log('=== Example 1: Basic Authentication ===\n');
+
+  // 1. Create auth extension with configuration
+  const { authService, subscriptionService } = createAuthExtension({
+    auth: {
+      jwtSecret: process.env.JWT_SECRET || 'demo-secret-change-in-production',
+      jwtExpiresIn: '7d',
+      bcryptSaltRounds: 12,
+    },
+    subscription: {
+      defaultTier: 'free',
+      tiers: [
+        { name: 'free', level: 0, features: [], isActive: true },
+        { name: 'pro', level: 1, features: ['FEATURE_ADVANCED_SEARCH'], isActive: true },
+      ],
+    },
+  });
+
+  // 2. Initialize AgentOS with auth services
+  const agentos = new AgentOS();
+  await agentos.initialize({
+    authService,
+    subscriptionService,
+    // ... other AgentOS config
+  });
+
+  console.log('✓ AgentOS initialized with auth extension\n');
+
+  // 3. User Registration Flow
+  console.log('--- User Registration ---');
+  const userId = 'user-123';
+  const email = 'user@example.com';
+  const password = 'secure-password-123';
+
+  // Hash password for storage
+  const passwordHash = await authService.hashPassword!(password);
+  console.log(`✓ Password hashed for user: ${email}`);
+
+  // 4. User Login Flow
+  console.log('\n--- User Login ---');
+
+  // Verify password
+  const isPasswordValid = await authService.verifyPassword!(password, passwordHash);
+  if (!isPasswordValid) {
+    throw new Error('Invalid password');
+  }
+  console.log('✓ Password verified');
+
+  // Generate JWT token
+  const token = authService.generateToken!(userId, {
+    email,
+    roles: ['user'],
+    tier: 'pro',
+  });
+  console.log('✓ JWT token generated:', token.substring(0, 20) + '...');
+
+  // 5. Token Validation (on subsequent requests)
+  console.log('\n--- Token Validation ---');
+  const authenticatedUser = await authService.validateToken(token);
+  if (!authenticatedUser) {
+    throw new Error('Token validation failed');
+  }
+
+  console.log('✓ User authenticated:');
+  console.log('  - ID:', authenticatedUser.id);
+  console.log('  - Email:', authenticatedUser.email);
+  console.log('  - Tier:', authenticatedUser.tier);
+
+  // 6. Check Subscription Tier
+  console.log('\n--- Subscription Check ---');
+  subscriptionService.setUserTier!(userId, 'pro');
+  const tier = await subscriptionService.getUserSubscription(userId);
+
+  console.log('✓ User subscription tier:');
+  console.log('  - Name:', tier?.name);
+  console.log('  - Level:', tier?.level);
+  console.log('  - Features:', tier?.features?.join(', ') || 'none');
+
+  // 7. Feature Access Check
+  const hasAdvancedSearch = await subscriptionService.validateAccess(
+    userId,
+    'FEATURE_ADVANCED_SEARCH'
+  );
+  console.log('  - Advanced Search:', hasAdvancedSearch ? '✓ Allowed' : '✗ Denied');
+
+  // 8. Token Refresh
+  console.log('\n--- Token Refresh ---');
+  const refreshedToken = await authService.refreshToken!(token);
+  if (refreshedToken) {
+    console.log('✓ Token refreshed:', refreshedToken.substring(0, 20) + '...');
+  } else {
+    console.log('ℹ Token not yet in refresh window');
+  }
+
+  // 9. Token Revocation (logout)
+  console.log('\n--- Logout ---');
+  await authService.revokeToken!(token);
+  const afterRevocation = await authService.validateToken(token);
+  console.log('✓ Token revoked:', afterRevocation === null ? 'success' : 'failed');
+
+  console.log('\n✅ Basic auth example complete!');
+}
+
+main().catch((error) => {
+  console.error('Error:', error);
+  process.exit(1);
+});
+

registry/curated/auth/examples/02-tool-permissions.ts

@@ -0,0 +1,156 @@
+/**
+ * Example 2: Tool Permission Integration
+ * 
+ * This example shows how to integrate the auth extension with AgentOS tool
+ * permissions to control which tools users can access based on their subscription tier.
+ */
+
+import { AgentOS } from '@framers/agentos';
+import { createAuthExtension, ToolPermissionProvider } from '@framers/agentos-extensions/auth';
+
+async function main() {
+  console.log('=== Example 2: Tool Permission Integration ===\n');
+
+  // 1. Create auth extension with tiered features
+  const { authService, subscriptionService } = createAuthExtension({
+    auth: { jwtSecret: 'demo-secret' },
+    subscription: {
+      defaultTier: 'free',
+      tiers: [
+        {
+          name: 'free',
+          level: 0,
+          features: [],
+          isActive: true,
+        },
+        {
+          name: 'basic',
+          level: 1,
+          features: ['FEATURE_WEB_SEARCH'],
+          isActive: true,
+        },
+        {
+          name: 'pro',
+          level: 2,
+          features: ['FEATURE_WEB_SEARCH', 'FEATURE_CODE_EXECUTION'],
+          isActive: true,
+        },
+        {
+          name: 'enterprise',
+          level: 3,
+          features: [
+            'FEATURE_WEB_SEARCH',
+            'FEATURE_CODE_EXECUTION',
+            'FEATURE_DATABASE_ACCESS',
+          ],
+          isActive: true,
+        },
+      ],
+    },
+  });
+
+  // 2. Create tool permission provider
+  const toolPermissions = new ToolPermissionProvider(subscriptionService);
+
+  // 3. Initialize AgentOS
+  const agentos = new AgentOS();
+  await agentos.initialize({
+    authService,
+    subscriptionService,
+  });
+
+  console.log('✓ AgentOS initialized with auth extension\n');
+
+  // 4. Define available tools with their requirements
+  const availableTools = [
+    {
+      id: 'basic-calculator',
+      name: 'calculator',
+      requiredFeatures: [], // Free for all
+    },
+    {
+      id: 'web-search',
+      name: 'webSearch',
+      requiredFeatures: ['FEATURE_WEB_SEARCH'],
+    },
+    {
+      id: 'code-executor',
+      name: 'executeCode',
+      requiredFeatures: ['FEATURE_CODE_EXECUTION'],
+    },
+    {
+      id: 'database-query',
+      name: 'queryDatabase',
+      requiredFeatures: ['FEATURE_DATABASE_ACCESS'],
+    },
+  ];
+
+  // 5. Test access for different user tiers
+  const users = [
+    { id: 'user-free', tier: 'free' },
+    { id: 'user-basic', tier: 'basic' },
+    { id: 'user-pro', tier: 'pro' },
+    { id: 'user-enterprise', tier: 'enterprise' },
+  ];
+
+  for (const user of users) {
+    console.log(`\n--- ${user.tier.toUpperCase()} User (${user.id}) ---`);
+    subscriptionService.setUserTier!(user.id, user.tier);
+
+    // Check access to each tool
+    for (const tool of availableTools) {
+      const result = await toolPermissions.checkToolAccess({
+        userId: user.id,
+        toolId: tool.id,
+        toolName: tool.name,
+        requiredFeatures: tool.requiredFeatures,
+      });
+
+      const status = result.allowed ? '✓ Allowed' : '✗ Denied';
+      console.log(`  ${tool.name}: ${status}`);
+
+      if (!result.allowed && result.missingFeatures) {
+        console.log(`    Missing: ${result.missingFeatures.join(', ')}`);
+      }
+    }
+
+    // Get list of accessible tools
+    const accessibleTools = await toolPermissions.getAccessibleTools(
+      user.id,
+      availableTools
+    );
+    console.log(`  Accessible tools: ${accessibleTools.join(', ')}`);
+  }
+
+  // 6. Simulate tool execution with permission check
+  console.log('\n--- Simulating Tool Execution ---');
+  const userId = 'user-basic';
+  const toolToExecute = 'webSearch';
+  const tool = availableTools.find((t) => t.name === toolToExecute);
+
+  if (tool) {
+    const result = await toolPermissions.checkToolAccess({
+      userId,
+      toolId: tool.id,
+      toolName: tool.name,
+      requiredFeatures: tool.requiredFeatures,
+    });
+
+    if (result.allowed) {
+      console.log(`✓ Executing ${toolToExecute}...`);
+      // Execute tool here
+      console.log(`  Result: [search results]`);
+    } else {
+      console.log(`✗ Access denied: ${result.reason}`);
+      console.log('  Upgrade to:', result.missingFeatures?.join(', '));
+    }
+  }
+
+  console.log('\n✅ Tool permissions example complete!');
+}
+
+main().catch((error) => {
+  console.error('Error:', error);
+  process.exit(1);
+});
+