New types: UpdateResourceMetadataRequest and GetResourceMetadataResponse in types.go
AuthService methods: StoreResourceMetadata and GetResourceMetadata in auth/auth.go
Handlers: getResourceMetadataHandler and updateResourceMetadataHandler in server/handlers.go
Routes: /kv/{path}/metadata (GET for read, PUT for update) with auth middleware in server/routes.go
Enables fine-grained control over KV path ownership, group assignments, and POSIX-inspired permissions.
- Add HasUsers() method to AuthService to check for existing users
- Add setupRootAccount() logic that only triggers when:
- No users exist in database AND no seed nodes are configured
- AuthEnabled is true (respects feature toggle)
- Create root user with UUID, admin group, and comprehensive scopes
- Generate 24-hour JWT token with full administrative permissions
- Display token prominently on console for initial setup
- Prevent duplicate root account creation on subsequent starts
- Skip root account creation in cluster mode (with seed nodes)
Root account includes all administrative scopes:
- admin:users:*, admin:groups:*, admin:tokens:*
- Standard read/write/delete permissions
This resolves the bootstrap problem for authentication-enabled deployments
and provides secure initial access for administrative operations.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create auth/jwt.go with JWT token management
- Create auth/permissions.go with permission checking logic
- Create auth/storage.go with storage key utilities
- Create auth/auth.go with main authentication service
- Create auth/middleware.go with auth and rate limit middleware
- Update main.go to import auth package and use auth.* functions
- Add authService to Server struct
Major auth functionality now separated into dedicated package.
Build tested and verified working.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
