Phase 1: Core Platform
Phase 1: Core Platform — complete as of 2026-06-05.
Phase 1: Core Platform
Status: Complete
Completed: 2026-06-05
Exit audit: PHASE1_EXIT_AUDIT.md
Current milestone: 1.5.1 Security integration test suite — Complete
Milestones
| ID | Milestone | Status |
|---|---|---|
| 1.0.1 | Go integration test infrastructure | Complete |
| 1.1.1 | Postgres migrations | Complete |
| 1.1.2 | Auth proto and codegen | Complete |
| 1.1.3 | Auth token validation | Complete |
| 1.1.4 | Token creation and management API | Complete |
| 1.1.5 | Permission bitmap contract and ADR | Complete |
| 1.1.6 | Argon2id parameters and crypto policy ADR | Complete |
| 1.2.1 | Proxy auth client | Complete |
| 1.2.2 | Proxy request normalization | Complete |
| 1.2.3 | Proxy input validation and error envelope | Complete |
| 1.1.7 | Users and agents schema | Complete |
| 1.2.4 | Proxy rate limit skeleton | Complete |
| 1.2.5 | Proxy agent identity verification | Complete |
| 1.2.6 | Request ID correlation middleware | Complete |
| 1.2.7 | Graceful shutdown | Complete |
| 1.3.1 | OTel tracer and meter provider init | Complete |
| 1.3.2 | Prometheus metric catalog and client migration | Complete |
| 1.3.3 | Shared structured logger package | Complete |
| 1.4.1 | Developer experience baseline | Complete |
| 1.4.2 | Shared config and error packages | Complete |
| 1.4.3 | Health check contract | Complete |
| 1.5.1 | Security integration test suite | Complete |
Execution order
All milestones complete. 1.5.1 was the explicit Phase 1 completion gate.
Theme
Build the platform layer required before any LLM provider call: durable schema, auth validation, proxy authentication wiring, request normalization, and observability baseline.
Why this phase matters
Foundation-004 delivered honest skeletons. Phase 1 turns them into a fail-closed platform: tokens validated against Postgres, proxy rejects unauthenticated traffic, requests parsed into a stable internal shape—without yet calling OpenAI or implementing memory.
Entry criteria
- Phase 0 complete (
mainincludes toolchain, compose, proto source, Go skeletons) -
make compose-dev-upbrings Postgres/Redis healthy - Required CI green on
main
Exit criteria
-
make db-migrateapplies minimalibex_coreschema; second run is no-op - Auth service validates organization API tokens (PAT) via gRPC; Argon2id verify; permission bitmap returned
- Auth and proxy cross-tenant integration tests pass (M1.5.1 SEC matrix)
- Proxy middleware rejects missing/invalid auth before handler logic
- Proxy parses OpenAI-compatible chat request JSON into internal struct (no upstream HTTP)
- OTel tracer provider registered (noop exporter OK); Prometheus via official client
- ADR-0005 (migrations), ADR-0006 (auth proto) accepted
-
docs/app/content/roadmap/CURRENT_STATEupdated at phase exit
Dependencies
| Dependency | Notes |
|---|---|
| Docker Compose dev stack | Postgres 16 + pgvector image already in compose |
| Buf | For auth proto in milestone 1.1.2 |
| golang-migrate (or ADR-chosen tool) | Milestone 1.1.1 |
Documents
- goals.md — Goals 1.0–1.5
- milestones/ — PR-sized work units
- PHASE1_EXIT_AUDIT.md — Phase 1 exit audit summary
- decisions.md — Phase-local decision log
- risks.md — Risks and mitigations
Goal overview
| Goal | Focus |
|---|---|
| 1.0 | Integration test harness (optional before heavy integration work) |
| 1.1 | Migrations, auth proto, token validation, token API backlog |
| 1.2 | Proxy auth client, normalization, validation, rate limits |
| 1.3 | OTel + Prometheus client |
| 1.4 | Seed data, .env.example, shared packages, health checks |
| 1.5 | Cross-tenant security integration gate |
Next phase
Exit criteria met. Begin Phase 2: Single Provider E2E.
Last updated on