Refactor README into separate docs

Author: abrookins

README.md

@@ -0,0 +1,33 @@
+# Redis Agent Memory Server Documentation
+
+This directory contains comprehensive documentation for the Redis Agent Memory Server.
+
+## Documentation Index
+
+### Core Documentation
+
+- **[Authentication](authentication.md)** - OAuth2/JWT setup, configuration, and security best practices
+- **[REST API](api.md)** - Complete API reference with endpoints and examples
+- **[MCP Server](mcp.md)** - Model Context Protocol interface and client setup
+- **[CLI](cli.md)** - Command-line interface reference and examples
+
+### Setup and Configuration
+
+- **[Getting Started](getting-started.md)** - Installation, running servers, and Docker setup
+- **[Configuration](configuration.md)** - Environment variables, background tasks, and memory management
+
+### Development
+
+- **[Development](development.md)** - Testing, contributing, and development setup
+
+### Additional Resources
+
+- **[Manual OAuth Testing](../manual_oauth_qa/README.md)** - Comprehensive Auth0 testing guide
+- **[Main README](../README.md)** - Project overview and quick reference
+
+## Quick Links
+
+- **Start here**: [Getting Started](getting-started.md)
+- **API Reference**: [REST API](api.md)
+- **Authentication Setup**: [Authentication](authentication.md)
+- **MCP Integration**: [MCP Server](mcp.md)

docs/README.md

@@ -0,0 +1,134 @@
+# REST API Endpoints
+
+The following endpoints are available:
+
+- **GET /health**
+  A simple health check endpoint returning the current server time.
+  Example Response:
+
+  ```json
+  { "now": 1616173200 }
+  ```
+
+- **GET /sessions/**
+  Retrieves a paginated list of session IDs.
+  _Query Parameters:_
+
+  - `limit` (int): Number of sessions per page (default: 10)
+  - `offset` (int): Number of sessions to skip (default: 0)
+  - `namespace` (string, optional): Filter sessions by namespace.
+
+- **GET /sessions/{session_id}/memory**
+  Retrieves working memory for a session, including messages, structured memories,
+  context, and metadata.
+  _Query Parameters:_
+
+  - `namespace` (string, optional): The namespace to use for the session
+  - `window_size` (int, optional): Number of messages to include in the response (default from config)
+  - `model_name` (string, optional): The client's LLM model name to determine appropriate context window size
+  - `context_window_max` (int, optional): Direct specification of max context window tokens (overrides model_name)
+
+- **PUT /sessions/{session_id}/memory**
+  Sets working memory for a session, replacing any existing memory.
+  Automatically summarizes conversations that exceed the window size.
+  _Request Body Example:_
+
+  ```json
+  {
+    "messages": [
+      { "role": "user", "content": "Hello" },
+      { "role": "assistant", "content": "Hi there" }
+    ],
+    "memories": [
+      {
+        "id": "mem-123",
+        "text": "User prefers direct communication",
+        "memory_type": "semantic"
+      }
+    ],
+    "context": "Previous conversation summary...",
+    "session_id": "session-123",
+    "namespace": "default"
+  }
+  ```
+
+- **DELETE /sessions/{session_id}/memory**
+  Deletes all working memory (messages, context, structured memories, metadata) for a session.
+
+- **POST /long-term-memory**
+  Creates long-term memories directly, bypassing working memory.
+  _Request Body Example:_
+
+  ```json
+  {
+    "memories": [
+      {
+        "id": "mem-456",
+        "text": "User is interested in AI and machine learning",
+        "memory_type": "semantic",
+        "session_id": "session-123",
+        "namespace": "default"
+      }
+    ]
+  }
+  ```
+
+- **POST /long-term-memory/search**
+  Performs vector search on long-term memories with advanced filtering options.
+  _Request Body Example:_
+
+  ```json
+  {
+    "text": "Search query text",
+    "limit": 10,
+    "offset": 0,
+    "session_id": { "eq": "session-123" },
+    "namespace": { "eq": "default" },
+    "topics": { "any": ["AI", "Machine Learning"] },
+    "entities": { "all": ["OpenAI", "Claude"] },
+    "created_at": { "gte": 1672527600, "lte": 1704063599 },
+    "last_accessed": { "gt": 1704063600 },
+    "user_id": { "eq": "user-456" }
+  }
+  ```
+
+- **POST /memory-prompt**
+  Generates prompts enriched with relevant memory context from both working
+  memory and long-term memory. Useful for retrieving context before answering questions.
+  _Request Body Example:_
+
+  ```json
+  {
+    "query": "What did we discuss about AI?",
+    "session": {
+      "session_id": "session-123",
+      "namespace": "default",
+      "window_size": 10
+    },
+    "long_term_search": {
+      "text": "AI discussion",
+      "limit": 5,
+      "namespace": { "eq": "default" }
+    }
+  }
+  ```
+
+## Filter Options
+
+_Filter options for search endpoints:_
+
+- Tag filters (session_id, namespace, topics, entities, user_id):
+
+  - `eq`: Equals this value
+  - `ne`: Not equals this value
+  - `any`: Contains any of these values
+  - `all`: Contains all of these values
+
+- Numeric filters (created_at, last_accessed):
+  - `gt`: Greater than
+  - `lt`: Less than
+  - `gte`: Greater than or equal
+  - `lte`: Less than or equal
+  - `eq`: Equals
+  - `ne`: Not equals
+  - `between`: Between two values

docs/api.md

@@ -0,0 +1,132 @@
+# Authentication
+
+The Redis Agent Memory Server supports OAuth2/JWT Bearer token authentication for secure API access. All API endpoints (except `/health`, `/docs`, and `/openapi.json`) require valid JWT authentication unless disabled for development.
+
+## Features
+
+- **OAuth2/JWT Bearer Token Authentication**: Industry-standard authentication using JWT access tokens
+- **JWKS Public Key Validation**: Automatic fetching and caching of public keys for token signature verification
+- **Multi-Provider Support**: Compatible with Auth0, AWS Cognito, Okta, Azure AD, and any standard OAuth2 provider
+- **Flexible Configuration**: Environment variable-based configuration for different deployment scenarios
+- **Development Mode**: `DISABLE_AUTH` setting for local development and testing
+- **Role and Scope Support**: Fine-grained access control using JWT claims
+
+## Configuration
+
+Authentication is configured using environment variables:
+
+```bash
+# OAuth2 Provider Configuration
+OAUTH2_ISSUER_URL=https://your-auth-provider.com
+OAUTH2_AUDIENCE=your-api-audience
+OAUTH2_JWKS_URL=https://your-auth-provider.com/.well-known/jwks.json  # Optional, auto-derived from issuer
+OAUTH2_ALGORITHMS=["RS256"]  # Supported signing algorithms
+
+# Development Mode (DISABLE AUTHENTICATION - USE ONLY FOR DEVELOPMENT)
+DISABLE_AUTH=true  # Set to true to bypass all authentication (development only)
+```
+
+## Provider Examples
+
+### Auth0
+
+```bash
+OAUTH2_ISSUER_URL=https://your-domain.auth0.com/
+OAUTH2_AUDIENCE=https://your-api.com
+```
+
+### AWS Cognito
+
+```bash
+OAUTH2_ISSUER_URL=https://cognito-idp.region.amazonaws.com/your-user-pool-id
+OAUTH2_AUDIENCE=your-app-client-id
+```
+
+### Okta
+
+```bash
+OAUTH2_ISSUER_URL=https://your-domain.okta.com/oauth2/default
+OAUTH2_AUDIENCE=api://default
+```
+
+### Azure AD
+
+```bash
+OAUTH2_ISSUER_URL=https://login.microsoftonline.com/your-tenant-id/v2.0
+OAUTH2_AUDIENCE=your-application-id
+```
+
+## Usage Examples
+
+### With Authentication (Production)
+
+```bash
+# Make authenticated API request
+curl -H "Authorization: Bearer YOUR_JWT_TOKEN" \
+     -H "Content-Type: application/json" \
+     http://localhost:8000/sessions/
+
+# Python example
+import httpx
+
+headers = {
+    "Authorization": "Bearer YOUR_JWT_TOKEN",
+    "Content-Type": "application/json"
+}
+
+response = httpx.get("http://localhost:8000/sessions/", headers=headers)
+```
+
+### Development Mode (Local Testing)
+
+```bash
+# Set environment variable to disable auth
+export DISABLE_AUTH=true
+
+# Now you can make requests without tokens
+curl -H "Content-Type: application/json" \
+     http://localhost:8000/sessions/
+```
+
+## Token Requirements
+
+JWT tokens must include:
+
+- **Valid signature**: Verified using JWKS public keys from the issuer
+- **Not expired**: `exp` claim must be in the future
+- **Valid audience**: `aud` claim must match `OAUTH2_AUDIENCE` (if configured)
+- **Valid issuer**: `iss` claim must match `OAUTH2_ISSUER_URL`
+- **Subject**: `sub` claim identifying the user/client
+
+## Error Responses
+
+Authentication failures return HTTP 401 with details:
+
+```json
+{
+  "detail": "Invalid JWT: Token has expired",
+  "status_code": 401
+}
+```
+
+Common error scenarios:
+
+- `Missing authorization header`: No `Authorization: Bearer` header provided
+- `Missing bearer token`: Empty or malformed authorization header
+- `Invalid token header`: Malformed JWT structure
+- `Token has expired`: JWT `exp` claim is in the past
+- `Invalid audience`: JWT `aud` claim doesn't match expected audience
+- `Unable to find matching public key`: JWKS doesn't contain key for token's `kid`
+
+## Security Best Practices
+
+1. **Never use `DISABLE_AUTH=true` in production**
+2. **Use HTTPS in production** to protect tokens in transit
+3. **Implement token refresh** in your clients for long-running applications
+4. **Monitor token expiration** and handle 401 responses appropriately
+5. **Validate tokens server-side** - never trust client-side validation alone
+6. **Use appropriate scopes/roles** for fine-grained access control
+
+## Manual Testing
+
+For comprehensive Auth0 testing instructions, see the [manual OAuth testing guide](../manual_oauth_qa/README.md).