feat: auth surface exposée + ChatService partagé (v0.19.0)

Auth login fort : mot de passe scrypt + TOTP 2FA (otplib) + JWT HS256 (jose), login tout-ou-rien sans indice. ChatService factorise le tour d'agent pour toutes les surfaces (Telegram refactoré). 60 tests, 0 vuln. Palier de risque : reversible (logique d'auth ; surface API câblée en v0.20). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 02:06:32 +02:00
parent b617487d0d
commit e322ed1167
7 changed files with 299 additions and 13 deletions
@@ -18,6 +18,8 @@
  "dependencies": {
    "@modelcontextprotocol/sdk": "1.29.0",
    "fastify": "5.8.5",
+    "jose": "6.2.3",
+    "otplib": "13.4.1",
    "pino": "10.3.1",
    "zod": "3.24.1"
  },