Documentation
¶
Overview ¶
Package enterprise provides enterprise-grade features for OK: SSO, RBAC, audit exports, session persistence, air-gap mode, and metrics.
Index ¶
- Variables
- func AirGapMiddleware(cfg AirGapConfig) func(http.Handler) http.Handler
- func OIDCMiddleware(issuerURL, clientID string) func(http.Handler) http.Handler
- func ParseRSAPublicKey(pemData []byte) (*rsa.PublicKey, error)
- type AdminServer
- type AirGapConfig
- type AuditEntry
- type AuditExporter
- type Authorizer
- type Controller
- type Role
- type SessionInfo
- type SessionStore
- type UserClaims
Constants ¶
This section is empty.
Variables ¶
var DefaultRoles = map[string]Role{ "admin": {Name: "admin", AllowAll: true}, "dev": {Name: "dev", AllowReads: true, AllowWrites: true, RequireApproval: true, RequireAudit: true}, "viewer": {Name: "viewer", AllowReads: true}, "auditor": {Name: "auditor", AllowReads: true, RequireAudit: true}, }
DefaultRoles maps role names to their definitions.
Functions ¶
func AirGapMiddleware ¶
func AirGapMiddleware(cfg AirGapConfig) func(http.Handler) http.Handler
AirGapMiddleware enforces air-gap restrictions.
func OIDCMiddleware ¶
OIDCMiddleware validates Bearer tokens via OIDC JWKS.
Types ¶
type AdminServer ¶
type AdminServer struct {
// contains filtered or unexported fields
}
AdminServer provides management REST API endpoints.
func NewAdminServer ¶
func NewAdminServer(ctrl Controller, exporter *AuditExporter, authorizer *Authorizer, apiKey string) *AdminServer
NewAdminServer creates an admin API server.
func (*AdminServer) RegisterRoutes ¶
func (s *AdminServer) RegisterRoutes(mux *http.ServeMux)
RegisterRoutes adds admin API endpoints to the given mux.
type AirGapConfig ¶
type AirGapConfig struct {
Enabled bool // true when running in air-gapped mode
AllowedCAs []string // allowed certificate authorities for local PKI
}
AirGapConfig holds configuration for air-gapped (offline) mode.
type AuditEntry ¶
type AuditEntry struct {
Timestamp time.Time `json:"timestamp"`
UserID string `json:"user_id"`
Action string `json:"action"`
ToolName string `json:"tool_name"`
Subject string `json:"subject"`
Args map[string]interface{} `json:"args,omitempty"`
Result string `json:"result"`
ProofHash string `json:"proof_hash"`
}
type AuditExporter ¶
type AuditExporter struct {
// contains filtered or unexported fields
}
func (*AuditExporter) Add ¶
func (e *AuditExporter) Add(entry AuditEntry)
func (*AuditExporter) ExportJSON ¶
func (e *AuditExporter) ExportJSON() ([]byte, error)
func (*AuditExporter) ExportSplunk ¶
func (e *AuditExporter) ExportSplunk() string
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer checks if a user has permission to perform an action.
func NewAuthorizer ¶
func NewAuthorizer(assignments map[string]string) *Authorizer
NewAuthorizer creates an authorizer with the given role assignments.
func (*Authorizer) CanRead ¶
func (a *Authorizer) CanRead(userID string) bool
CanRead checks if a user can read.
func (*Authorizer) CanWrite ¶
func (a *Authorizer) CanWrite(userID string) bool
CanWrite checks if a user can write.
type Controller ¶
type Controller interface {
SessionCount() int
TotalToolCalls() int64
TotalTokens() int64
ListSessions() []SessionInfo
}
Controller is the minimal interface the admin server needs from control.Controller.
type Role ¶
type Role struct {
Name string
AllowAll bool
AllowReads bool
AllowWrites bool
RequireAudit bool
RequireApproval bool
}
Role defines a set of permissions.
type SessionInfo ¶
type SessionInfo struct {
ID string `json:"id"`
CreatedAt time.Time `json:"created_at"`
Model string `json:"model"`
Messages int `json:"messages"`
}
SessionInfo represents a session in the system.
type SessionStore ¶
type SessionStore struct {
// contains filtered or unexported fields
}
SessionStore persists sessions for recovery across restarts.
func NewSessionStore ¶
func NewSessionStore() *SessionStore
NewSessionStore creates an in-memory session store.
func (*SessionStore) Delete ¶
func (s *SessionStore) Delete(id string)
func (*SessionStore) List ¶
func (s *SessionStore) List() []string