Documentation
¶
Overview ¶
Package enterprise provides per-enterprise configuration and secret management for Tier 2.5 hierarchical private search.
Each enterprise has its own:
- AES-256 key for vector encryption
- LSH seed for secret hyperplane generation
- Centroids for HE scoring
These secrets are distributed to authenticated users via the auth service, ensuring that the server cannot map bucket IDs to query regions.
Index ¶
- Variables
- type Config
- func LoadConfig(r io.Reader) (*Config, error)
- func LoadConfigFromFile(path string) (*Config, error)
- func NewConfig(enterpriseID string, dimension int, numSuperBuckets int) (*Config, error)
- func NewConfigWithSubBuckets(enterpriseID string, dimension int, numSuperBuckets int, numSubBuckets int) (*Config, error)
- func (c *Config) Clone() *Config
- func (c *Config) Fingerprint() string
- func (c *Config) GetLSHSeedAsInt64() int64
- func (c *Config) GetSubLSHBits() int
- func (c *Config) GetSubLSHSeedAsInt64() int64
- func (c *Config) Save(w io.Writer) error
- func (c *Config) SaveToFile(path string) error
- func (c *Config) SetCentroids(centroids [][]float64)
- func (c *Config) Validate() error
- type FileStore
- func (s *FileStore) Close() error
- func (s *FileStore) Delete(ctx context.Context, enterpriseID string) error
- func (s *FileStore) Exists(ctx context.Context, enterpriseID string) bool
- func (s *FileStore) Get(ctx context.Context, enterpriseID string) (*Config, error)
- func (s *FileStore) List(ctx context.Context) ([]string, error)
- func (s *FileStore) Put(ctx context.Context, cfg *Config) error
- type MemoryStore
- func (s *MemoryStore) Close() error
- func (s *MemoryStore) Delete(ctx context.Context, enterpriseID string) error
- func (s *MemoryStore) Exists(ctx context.Context, enterpriseID string) bool
- func (s *MemoryStore) Get(ctx context.Context, enterpriseID string) (*Config, error)
- func (s *MemoryStore) List(ctx context.Context) ([]string, error)
- func (s *MemoryStore) Put(ctx context.Context, cfg *Config) error
- type Store
Constants ¶
This section is empty.
Variables ¶
var ( // ErrEnterpriseNotFound is returned when an enterprise configuration is not found. ErrEnterpriseNotFound = errors.New("enterprise not found") // ErrEnterpriseExists is returned when trying to create an enterprise that already exists. ErrEnterpriseExists = errors.New("enterprise already exists") )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// EnterpriseID uniquely identifies the enterprise
EnterpriseID string
// AESKey is the 256-bit key for vector encryption (32 bytes)
AESKey []byte
// LSHSeed is the cryptographically random seed for LSH hyperplanes
// This is SECRET - unlike the current public seeds (42, 137)
LSHSeed []byte // 32 bytes
// Centroids are the super-bucket centroids for HE scoring
// These can be cached client-side after authentication
Centroids [][]float64
// Dimension is the vector dimension
Dimension int
// NumSuperBuckets is the number of super-buckets
NumSuperBuckets int
// NumSubBuckets is the number of sub-buckets (within each super-bucket)
NumSubBuckets int
// Metadata
CreatedAt time.Time
UpdatedAt time.Time
Version int
Description string
}
Config holds all enterprise-specific secrets and configuration. This is distributed to authenticated users via the auth service.
func LoadConfig ¶
LoadConfig deserializes a configuration from a reader.
func LoadConfigFromFile ¶
LoadConfigFromFile loads a configuration from a file.
func NewConfig ¶
NewConfig creates a new enterprise configuration with fresh secrets. Uses default of 64 sub-buckets.
func NewConfigWithSubBuckets ¶
func NewConfigWithSubBuckets(enterpriseID string, dimension int, numSuperBuckets int, numSubBuckets int) (*Config, error)
NewConfigWithSubBuckets creates a new enterprise configuration with custom sub-bucket count.
func (*Config) Fingerprint ¶
Fingerprint returns a safe identifier for logging (not the full key).
func (*Config) GetLSHSeedAsInt64 ¶
GetLSHSeedAsInt64 returns the LSH seed as int64 for compatibility with the existing lsh.Index which uses int64 seeds.
func (*Config) GetSubLSHBits ¶
GetSubLSHBits returns the number of LSH bits for sub-buckets. This must match what the builder uses for consistent hashing.
func (*Config) GetSubLSHSeedAsInt64 ¶
GetSubLSHSeedAsInt64 returns a derived seed for sub-bucket LSH. Uses XOR with a constant to derive a different but deterministic seed.
func (*Config) SaveToFile ¶
SaveToFile saves the configuration to a file.
func (*Config) SetCentroids ¶
SetCentroids updates the centroids (called after index building).
type FileStore ¶
type FileStore struct {
// contains filtered or unexported fields
}
FileStore implements Store using filesystem storage. Each enterprise config is stored as a separate file.
func NewFileStore ¶
NewFileStore creates a file-based configuration store.
type MemoryStore ¶
type MemoryStore struct {
// contains filtered or unexported fields
}
MemoryStore implements Store using in-memory storage. For production, implement a secure vault-backed store.
func NewMemoryStore ¶
func NewMemoryStore() *MemoryStore
NewMemoryStore creates an in-memory configuration store.
func (*MemoryStore) Delete ¶
func (s *MemoryStore) Delete(ctx context.Context, enterpriseID string) error
Delete removes an enterprise configuration.
func (*MemoryStore) Exists ¶
func (s *MemoryStore) Exists(ctx context.Context, enterpriseID string) bool
Exists checks if an enterprise exists.
type Store ¶
type Store interface {
// Get retrieves an enterprise configuration by ID.
Get(ctx context.Context, enterpriseID string) (*Config, error)
// Put stores or updates an enterprise configuration.
Put(ctx context.Context, cfg *Config) error
// Delete removes an enterprise configuration.
Delete(ctx context.Context, enterpriseID string) error
// List returns all enterprise IDs.
List(ctx context.Context) ([]string, error)
// Exists checks if an enterprise exists.
Exists(ctx context.Context, enterpriseID string) bool
// Close closes the store.
Close() error
}
Store is the interface for enterprise configuration storage.
Source Files