P1-13: Blueprint Context Injection

inherited from epic

Token Management

Sequence: Auth Token Flow

JWT Service T-005

active

Token Refresh T-006

Token Revocation T-007

Work Session Context — T-005

Ticket Context

Steps:

1. Create JwtService class in src/auth/

2. Implement RS256 signing with jose

3. Add configurable expiration

Acceptance Criteria:

Tokens signed with RS256

Tokens expire after 15min

Files:

src/auth/jwt.service.ts

src/auth/jwt.service.test.ts

Blueprint (from epic)

Sequence: Auth Token Flow

Actors: Client → Gateway → AuthService → TokenStore

Token refresh: rotating key pairs

Error path: expired → 401 → refresh → retry

Self-contained. The agent implements without asking questions.

Blueprints link to EPICS, not individual tickets.

5 tickets, 1 blueprint link.

Same blueprint. Every ticket in the epic.