Token-based authentication

[abrookins]

In addition to "no auth" and oAuth, we should have a basic token-based system.

[Copilot]

Pull Request Overview

Adds a basic token-based authentication option alongside no-auth and OAuth2, including CLI commands, backend support, configuration, and documentation.

• Introduced TokenInfo model and bcrypt-backed token generation, hashing, and verification in auth.py.
• Implemented a new token CLI group with add, list, show, and remove commands in cli.py.
• Extended settings, docs, and tests to cover token authentication (added auth_mode, token_auth_enabled, bcrypt dependency).

Reviewed Changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
agent_memory_server/auth.py	Added TokenInfo model, token generation, hashing, verification, and integrated token auth into get_current_user and verify_auth_config.
agent_memory_server/cli.py	Implemented token CLI commands (add, list, show, remove) with Redis storage and bcrypt hashing.
agent_memory_server/config.py	Added auth_mode and token_auth_enabled settings to support token authentication.
agent_memory_server/utils/keys.py	Added helper methods for token Redis keys (auth_token_key, auth_tokens_list_key).
pyproject.toml	Added bcrypt dependency for token hashing.
docs/configuration.md	Documented environment variables and settings for token authentication.
docs/cli.md	Added CLI documentation for the new token command group.
docs/authentication.md	Updated main authentication documentation to include token auth.
tests/test_token_cli.py	Added integration tests for all token CLI commands.
tests/test_token_auth.py	Added unit tests for token auth generation, hashing, and verification.
tests/test_auth.py	Extended existing auth tests to cover new settings (auth_mode, token_auth_enabled).

Comments suppressed due to low confidence (4)

agent_memory_server/cli.py:306

• [nitpick] This function is named list, which shadows the built-in list type. Consider renaming it to list_tokens to avoid confusion and potential issues.

def list():

agent_memory_server/cli.py:262

• The get_redis_conn function is not imported in this module, leading to a NameError. Add from agent_memory_server.utils.redis import get_redis_conn at the top of the file.

        redis = await get_redis_conn()

agent_memory_server/cli.py:392

• This error message is inconsistent with the partial-hash branch and the tests. Tests expect No token found matching. Update this to click.echo(f"No token found matching '{token_hash}'").

            click.echo(f"Token not found: {token_hash}")

agent_memory_server/auth.py:372

• Missing checks for absent or empty credentials. Before verifying a token or JWT, you should raise an HTTPException with status 401 for missing authorization header and missing bearer token, matching existing test expectations.

    # Determine authentication mode

[abrookins]

You've heard of oAuth, but have you heard of No Auth