Documentation
¶
Overview ¶
Package enterprise defines the extension points that the proprietary enterprise tier implements. The OSS build wires in no-op stubs so that the server runs identically whether or not enterprise code is present.
Enterprise repo usage:
import "github.com/FluidifyAI/Regen/backend/enterprise"
hooks := enterprise.Hooks{
RBAC: myrbac.NewProvider(db),
Audit: myaudit.NewExporter(cfg),
SCIM: myscim.NewHandler(db),
Retention: myretention.NewWorker(db),
}
// pass hooks to serve.go → routes.go + worker.StartAll
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditEvent ¶
type AuditEvent struct {
Timestamp time.Time // server-generated, always UTC
ActorID string // user ID or "system"
ActorType string // "user" | "system" | "api_key"
Action string // dot-separated: "incident.created", "user.login", etc.
ResourceType string // "incident" | "user" | "schedule" | ...
ResourceID string // UUID of the affected resource
IPAddress string // from X-Forwarded-For or RemoteAddr
UserAgent string
StatusCode int // HTTP response status
Metadata map[string]any // action-specific extra fields
}
AuditEvent represents a single auditable action in the system.
type AuditExporter ¶
type AuditExporter interface {
// Export persists an audit event. Implementations must be non-blocking
// (queue internally) — the caller does not wait for the write to complete.
Export(ctx context.Context, event AuditEvent)
}
AuditExporter records a structured event log suitable for SOC2 audit trails. Called from the API middleware layer after each significant request.
type CustomFieldsHandler ¶
type CustomFieldsHandler interface {
RegisterRoutes(group *gin.RouterGroup, db *gorm.DB)
}
CustomFieldsHandler mounts custom field definition endpoints. The no-op stub returns 402 on all routes — custom fields require a Pro licence.
type Hooks ¶
type Hooks struct {
RBAC RBACProvider
Audit AuditExporter
SCIM SCIMHandler
Retention RetentionEnforcer
CustomFields CustomFieldsHandler
UI UIProvider
}
Hooks is passed from serve.go to routes.go and worker.StartAll. All fields default to their no-op stubs via NewNoOp().
type RBACProvider ¶
type RBACProvider interface {
// Middleware returns a Gin handler that enforces the given permission.
// resource examples: "incident", "schedule", "user"
// action examples: "read", "write", "delete"
Middleware(resource, action string) gin.HandlerFunc
}
RBACProvider enforces role-based access control on API routes. The no-op implementation allows every request through — OSS has a single implicit "admin" role for all authenticated users.
type RetentionEnforcer ¶
type RetentionEnforcer interface {
// Start launches the worker. Must be non-blocking (runs its own goroutine).
// The context is cancelled on server shutdown.
Start(ctx context.Context, db *gorm.DB)
}
RetentionEnforcer runs the data retention policy background worker. Policies define how long incidents, timeline entries, and audit logs are kept before being anonymised or deleted.
type SCIMHandler ¶
type SCIMHandler interface {
// RegisterRoutes mounts the SCIM endpoints on the provided router group.
// The group is already prefixed with /scim/v2 by the caller.
RegisterRoutes(group *gin.RouterGroup)
}
SCIMHandler mounts SCIM 2.0 endpoints for automated user provisioning (Okta, Azure AD, OneLogin, etc.). The no-op stub returns 501 on all routes so that misconfigured identity providers get a clear error, not a 404.
type UIProvider ¶
type UIProvider interface {
// FS returns the embedded frontend as an fs.FS rooted at dist/, or nil when
// no frontend has been built (the API still works, just no SPA).
FS() fs.FS
}
UIProvider supplies the embedded frontend filesystem served by the API server. The OSS no-op returns the OSS build; the Pro binary returns a Pro-built FS that includes all Pro-only pages and components.
Source Files