Init

.github/workflows/pr-check.yml

@@ -0,0 +1,34 @@
+name: SpecLeft Pull Request Workflow
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  pr-check:
+    runs-on: ubuntu-latest
+    name: PR Checks
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install Dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install .
+          echo "PYTHONPATH=${GITHUB_WORKSPACE}:${PYTHONPATH}" >> $GITHUB_ENV
+
+
+      # 1. SpecLeft Core Policy (Critical Gate)
+      - name: 'Core Feature Coverage [Quality Gate]'
+        run: specleft enforce .specleft/licenses/policy-core.yml
+
+      # 2. Run High-Priority Tests (Fast Feedback)
+      - name: Behaviour Tests [High+ Priority]
+        run: pytest --specleft-priority critical --specleft-priority high --junitxml=pr-report.xml

.github/workflows/specleft-demo.yml

@@ -0,0 +1,136 @@
+name: SpecLeft AI Workflow Demo
+
+on:
+  schedule:
+    # Run weekly on Monday at 9:00 UTC
+    - cron: '0 9 * * 1'
+  workflow_dispatch:
+    # Allow manual trigger
+  push:
+    # Run on push to main for immediate feedback
+    branches: [ main ]
+
+jobs:
+  # ------------------------------------------------------------------------
+  # Job 1: Testing & Reporting
+  # ------------------------------------------------------------------------
+  test-and-report:
+    runs-on: ubuntu-latest
+    name: Test & Report
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install Dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install .
+
+      # Stage 1: Tool Health & Safety
+      - name: Tool Health Check (Doctor)
+        run: specleft doctor --format json
+
+      - name: Agent Safety Contract
+        run: specleft contract --format json
+
+      - name: Agent Safety Contract Verification
+        run: specleft contract test --format json
+
+      # Stage 2: Testing
+      - name: Run Tests (pytest)
+        id: run-tests
+        run: |
+          pytest --junitxml=report.xml
+        # Continue so we can generate report even if tests fail
+        continue-on-error: true
+
+      # Stage 3: Reporting
+      - name: Generate SpecLeft Test Report
+        if: always() 
+        run: specleft test report --output specleft-report.html
+
+      - name: Upload SpecLeft Report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: specleft-report
+          path: specleft-report.html
+
+  # ------------------------------------------------------------------------
+  # Job 2: Policy Enforcement - Core (Runs after Tests)
+  # ------------------------------------------------------------------------
+  policy-core:
+    needs: test-and-report
+    runs-on: ubuntu-latest
+    name: "Core Behaviour Coverage Gate"
+    # Run even if tests failed (because test-and-report handles failure gracefully)
+    if: always()
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install SpecLeft
+        run: |
+          python -m pip install --upgrade pip
+          pip install .
+          echo "PYTHONPATH=${GITHUB_WORKSPACE}:${PYTHONPATH}" >> $GITHUB_ENV
+
+      - name: Core Behaviour Coverage [SpecLeft]
+        run: specleft enforce .specleft/licenses/policy-core.yml
+
+  # ------------------------------------------------------------------------
+  # Job 3: Policy Enforcement - Main (Runs parallel to Core)
+  # ------------------------------------------------------------------------
+  policy-main:
+    needs: test-and-report
+    runs-on: ubuntu-latest
+    name: "Intent Coverage Gate"
+    # Run even if tests failed
+    if: always()
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install SpecLeft
+        run: |
+          python -m pip install --upgrade pip
+          pip install .
+          echo "PYTHONPATH=${GITHUB_WORKSPACE}:${PYTHONPATH}" >> $GITHUB_ENV
+
+      - name: Enforce Feature Intent [SpecLeft]
+        run: specleft enforce .specleft/licenses/policy.yml
+
+  # ------------------------------------------------------------------------
+  # Job 4: Build & Release (Mock)
+  # ------------------------------------------------------------------------
+  build-and-release:
+    needs: [policy-core, policy-main]
+    runs-on: ubuntu-latest
+    name: Build & Release
+
+    steps:
+      - name: Mock Build/Release
+        run: |
+          echo "=========================================="
+          echo "🚀 All policies passed!"
+          echo "📦 Starting Build & Release process..."
+          echo "=========================================="
+          # In a real workflow, you would build docker images, deploy to staging, etc.

.gitignore

@@ -1,3 +1,5 @@
+.specleft/results
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[codz]
@@ -205,3 +207,5 @@ cython_debug/
 marimo/_static/
 marimo/_lsp/
 __marimo__/
+FEEDBACK.md
+report.html

.python-version

@@ -0,0 +1 @@
+3.13.0

.specleft/licenses/policy-core.yml

@@ -0,0 +1,19 @@
+policy_id: core-v1
+policy_version: '1.0'
+policy_type: core
+license:
+  license_id: lic_36fbd139982f70dccore
+  licensed_to: SpecLeft/fastapi-auth-spec
+  issued_at: '2026-01-27'
+  expires_at: '2027-01-27'
+  derived_from: lic_36fbd139982f70dc
+rules:
+  priorities:
+    critical:
+      must_be_implemented: true
+    high:
+      must_be_implemented: true
+signature:
+  algorithm: ed25519
+  key_id: specleft-dev-2026
+  value: 0XlIDLWa3Iqyn6ZCO7qHaji3rckrHgfAYG10iEVZiMF78NQDmPtQvn+vHBrfZUUF0DcXdVuQQPC1hNrWSze0AA==

.specleft/licenses/policy.yml

@@ -0,0 +1,21 @@
+policy_id: enforce-v1
+policy_version: '1.0'
+policy_type: enforce
+license:
+  license_id: lic_36fbd139982f70dc
+  licensed_to: SpecLeft/fastapi-auth-spec
+  issued_at: '2026-01-27'
+  expires_at: '2027-01-27'
+rules:
+  priorities:
+    critical:
+      must_be_implemented: true
+    high:
+      must_be_implemented: true
+  coverage:
+    threshold_percent: 100
+    fail_below: true
+signature:
+  algorithm: ed25519
+  key_id: specleft-dev-2026
+  value: sBg2S260ohChF0Zr4Jk6LzdG7VbY6nN6Sb/9lZFqQ2RzZv2OmVdRPfi3I8gtNHluacciKLkTY0olbDIkNF9DBA==

PROGRESS.md

@@ -0,0 +1,21 @@
+# Progress Tracker
+
+- [x] **Phase 0: Initialization**
+    - [x] Create `PROGRESS.md`
+    - [x] Install dependencies (`specleft`, `fastapi`, `passlib`, `python-jose`, `pytest`, `httpx`)
+- [x] **Phase 1: Definition (SpecLeft Plan)**
+    - [x] Create `prd.md`
+    - [x] Generate feature specs (`specleft plan`)
+- [x] **Phase 2: Skeleton Generation**
+    - [x] Generate test skeletons (`specleft test skeleton`)
+    - [x] Verify initial failure (Red State)
+- [x] **Phase 3: Implementation**
+    - [x] Scaffold `main.py`
+    - [x] Implement Auth Logic (Register, Login, Protect)
+- [x] **Phase 4: Verification**
+    - [x] Verify success (Green State)
+    - [x] Check spec status
+- [x] **Phase 5: CI Automation**
+    - [x] Create `.github/workflows/specleft-demo.yml`
+    - [x] Validate workflow triggers (Cron, Dispatch, Push)
+    - [x] Implement Policy Enforcement and Reporting steps

README.md

@@ -1,2 +1,23 @@
 # fastapi-auth-spec
 This repository is a **minimal FastAPI authentication service designed to demonstrate spec-driven development using SpecLeft.
+
+The project intentionally includes:
+- Clearly defined behavioral requirements
+- Skeleton tests that express intent before implementation
+- CI enforcement that fails when behavior and tests diverge
+
+The goal is not feature completeness, but **behavioral clarity**:
+each test describes *what the system must do*, and enforcement ensures the code actually does it.
+
+This repository is optimised for use with AI coding agents.
+Behavioral intent is explicit, deterministic, and easy to verify.
+
+For more details on spec driven development with SpecLeft: [https://github.com/SpecLeft/specleft](https://github.com/SpecLeft/specleft)
+
+## Agent Guidance
+
+When modifying this repository:
+- Do not add new features unless explicitly specified
+- Preserve existing behavioral tests
+- Prefer failing fast over guessing intent
+- Behavior defined in tests is authoritative

features/auth.md

@@ -0,0 +1,51 @@
+# Feature: Auth Service
+
+## Scenarios
+
+### Scenario: Successful Registration
+priority: high
+
+- Given a new user "alice" with password "secret"
+- When they register
+- Then the user is created successfully
+- And the response status is 201
+
+### Scenario: Duplicate Username
+priority: medium
+
+- Given an existing user "alice"
+- When a new user tries to register as "alice"
+- Then the registration fails
+- And the response status is 400
+
+### Scenario: Successful Login
+priority: high
+
+- Given a user "alice" with password "secret"
+- When they log in with "alice" and "secret"
+- Then a valid access token is returned
+- And the response status is 200
+
+### Scenario: Invalid Password
+priority: medium
+
+- Given a user "alice" with password "secret"
+- When they log in with "alice" and "wrongpass"
+- Then the login fails
+- And the response status is 401
+
+### Scenario: Access Protected Route
+priority: high
+
+- Given a valid access token for "alice"
+- When they access the protected endpoint
+- Then the request is successful
+- And the response contains the username "alice"
+
+### Scenario: Access Without Token
+priority: high
+
+- Given no access token
+- When they access the protected endpoint
+- Then the request is denied
+- And the response status is 401