Documentation
¶
Index ¶
- Constants
- func GenerateAPIKey() (string, error)
- func GenerateAgentToken() (string, error)
- func GetRootKeyRef(ctx context.Context, s KVStore) (string, error)
- func HasAgentToken(ctx context.Context, s KVStore, agentID string) bool
- func IsBootstrapped(ctx context.Context, s KVStore) bool
- func MarkBootstrapped(ctx context.Context, s KVStore) error
- func RevokeAPIKey(ctx context.Context, s KVStore, keyID string) error
- func StoreAgentToken(ctx context.Context, s KVStore, agentID, token string) error
- func StoreRootKeyRef(ctx context.Context, s KVStore, rawKey string) error
- type APIKeyMeta
- func EnsureAPIKey(ctx context.Context, s KVStore, rawKey, label, createdBy string) (APIKeyMeta, error)
- func ListAPIKeys(ctx context.Context, s KVStore) ([]APIKeyMeta, error)
- func StoreAPIKey(ctx context.Context, s KVStore, rawKey, label, createdBy string) (APIKeyMeta, error)
- func ValidateAPIKey(ctx context.Context, s KVStore, rawKey string) (APIKeyMeta, error)
- type AgentTokenMeta
- type HostEntry
- type HostVulnerabilityStat
- type KVStore
- type ScanResult
- type SnapshotMetadata
- type SubScan
- type SubScanProgress
- type ValkeyResponse
- type ValkeyValue
- type VulnerabilityCounts
- type VulnerabilitySnapshot
- type VulnerabilitySummary
Constants ¶
const (
// APIKeyPrefix is prepended to all generated API keys for easy identification.
APIKeyPrefix = "sk_"
)
const (
SIRIUS_VALKEY = "sirius-valkey:6379"
)
Variables ¶
This section is empty.
Functions ¶
func GenerateAPIKey ¶ added in v0.0.15
GenerateAPIKey creates a cryptographically random API key with the sk_ prefix. The returned string is the only time the raw key is available.
func GenerateAgentToken ¶ added in v0.0.15
GenerateAgentToken creates a cryptographically random token string for an agent. The token is 32 random bytes hex-encoded (64 characters).
func GetRootKeyRef ¶ added in v0.0.15
GetRootKeyRef retrieves the raw root key stored during bootstrap.
func HasAgentToken ¶ added in v0.0.15
HasAgentToken returns true if a token already exists for the given agent ID.
func IsBootstrapped ¶ added in v0.0.15
IsBootstrapped returns true if a root key has already been generated.
func MarkBootstrapped ¶ added in v0.0.15
MarkBootstrapped sets the bootstrap flag so that a root key is not regenerated on subsequent startups.
func RevokeAPIKey ¶ added in v0.0.15
RevokeAPIKey deletes an API key by its hash ID.
func StoreAgentToken ¶ added in v0.0.15
StoreAgentToken persists an agent token in Valkey keyed by agent ID.
Types ¶
type APIKeyMeta ¶ added in v0.0.15
type APIKeyMeta struct {
ID string `json:"id"` // SHA-256 hash of the raw key (also used as Valkey key suffix)
Label string `json:"label"` // Human-readable label
Prefix string `json:"prefix"` // First 8 characters of the raw key for display
CreatedBy string `json:"created_by"` // User or system that created the key
CreatedAt string `json:"created_at"` // RFC-3339 timestamp
LastUsedAt string `json:"last_used_at"` // RFC-3339 timestamp, empty if never used
}
APIKeyMeta holds metadata about an API key. The raw key is never persisted.
func EnsureAPIKey ¶ added in v0.0.15
func EnsureAPIKey(ctx context.Context, s KVStore, rawKey, label, createdBy string) (APIKeyMeta, error)
EnsureAPIKey ensures metadata exists for a raw API key hash. If metadata is already present it is returned unchanged; otherwise it is created.
func ListAPIKeys ¶ added in v0.0.15
func ListAPIKeys(ctx context.Context, s KVStore) ([]APIKeyMeta, error)
ListAPIKeys returns metadata for every API key stored in Valkey.
func StoreAPIKey ¶ added in v0.0.15
func StoreAPIKey(ctx context.Context, s KVStore, rawKey, label, createdBy string) (APIKeyMeta, error)
StoreAPIKey persists API key metadata in Valkey. The raw key is hashed and used as the lookup key; the raw key itself is never stored.
func ValidateAPIKey ¶ added in v0.0.15
ValidateAPIKey checks whether the given raw key exists in Valkey. If valid it returns the associated metadata and updates the LastUsedAt timestamp.
type AgentTokenMeta ¶ added in v0.0.15
type AgentTokenMeta struct {
AgentID string `json:"agent_id"`
Token string `json:"token"`
CreatedAt string `json:"created_at"`
LastSeen string `json:"last_seen"`
}
AgentTokenMeta holds metadata for a per-agent authentication token.
func GetAgentToken ¶ added in v0.0.15
GetAgentToken retrieves the stored token metadata for an agent.
func ValidateAgentToken ¶ added in v0.0.15
func ValidateAgentToken(ctx context.Context, s KVStore, agentID, token string) (AgentTokenMeta, error)
ValidateAgentToken checks whether the provided token matches the one stored for the given agent ID. On success, it updates the LastSeen timestamp.
type HostEntry ¶ added in v0.0.14
type HostEntry struct {
ID string `json:"id"`
IP string `json:"ip"`
Hostname string `json:"hostname,omitempty"`
Aliases []string `json:"aliases,omitempty"`
Sources []string `json:"sources,omitempty"`
}
HostEntry represents a discovered host with canonical IP identity. Multiple scanners may discover the same host; entries are merged by IP.
type HostVulnerabilityStat ¶ added in v0.0.12
type HostVulnerabilityStat struct {
HostIP string `json:"host_ip"`
Hostname string `json:"hostname,omitempty"`
Total int `json:"total"`
Critical int `json:"critical"`
High int `json:"high"`
Medium int `json:"medium"`
Low int `json:"low"`
Informational int `json:"informational"`
}
HostVulnerabilityStat represents vulnerability statistics for a specific host
type KVStore ¶
type KVStore interface {
// SetValue sets the given key to the specified value.
SetValue(ctx context.Context, key, value string) error
// SetValueWithTTL sets the given key to the specified value with a TTL in seconds.
SetValueWithTTL(ctx context.Context, key, value string, ttlSeconds int) error
// GetValue retrieves the value associated with the given key.
GetValue(ctx context.Context, key string) (ValkeyResponse, error)
// GetTTL retrieves the remaining TTL in seconds for the given key.
GetTTL(ctx context.Context, key string) (int, error)
// SetExpire sets the TTL for an existing key in seconds.
SetExpire(ctx context.Context, key string, ttlSeconds int) error
// ListKeys retrieves all keys matching the given pattern.
ListKeys(ctx context.Context, pattern string) ([]string, error)
// DeleteValue removes the value associated with the given key.
DeleteValue(ctx context.Context, key string) error
// Close shuts down the underlying connection.
Close() error
}
KVStore defines the key/value operations our store supports.
func NewValkeyStore ¶
NewValkeyStore creates a new store connected to sirius-valkey:6379.
type ScanResult ¶
type ScanResult struct {
ID string `json:"id"`
Status string `json:"status"`
Targets []string `json:"targets"`
Hosts []HostEntry `json:"hosts"`
HostsCompleted int `json:"hosts_completed"`
Vulnerabilities []VulnerabilitySummary `json:"vulnerabilities"`
StartTime string `json:"start_time"`
EndTime string `json:"end_time,omitempty"`
SubScans map[string]SubScan `json:"sub_scans,omitempty"`
}
type SnapshotMetadata ¶ added in v0.0.12
type SnapshotMetadata struct {
TotalHosts int `json:"total_hosts"`
HostsWithVulnerabilities int `json:"hosts_with_vulnerabilities"`
ScanCoveragePercent float64 `json:"scan_coverage_percent"`
SnapshotDurationMs int64 `json:"snapshot_duration_ms"`
}
SnapshotMetadata contains metadata about the snapshot
type SubScan ¶ added in v0.0.14
type SubScan struct {
Type string `json:"type"`
Enabled bool `json:"enabled"`
Status string `json:"status"`
Progress SubScanProgress `json:"progress"`
Metadata json.RawMessage `json:"metadata,omitempty"`
}
SubScan represents a modular scanner contribution to a scan. Each scanner type (network, agent, cloud, etc.) gets its own entry. Metadata is stored as json.RawMessage so that scanners that don't understand another scanner's metadata will preserve it verbatim during read-modify-write cycles.
type SubScanProgress ¶ added in v0.0.14
type SubScanProgress struct {
Completed int `json:"completed"`
Total int `json:"total"`
Label string `json:"label,omitempty"`
}
SubScanProgress tracks completion progress for a sub-scan.
type ValkeyResponse ¶
type ValkeyResponse struct {
Message ValkeyValue `json:"Message"`
Type string `json:"Type"`
}
type ValkeyValue ¶
type ValkeyValue struct {
Value string `json:"Value"`
}
type VulnerabilityCounts ¶ added in v0.0.12
type VulnerabilityCounts struct {
Total int `json:"total"`
Critical int `json:"critical"`
High int `json:"high"`
Medium int `json:"medium"`
Low int `json:"low"`
Informational int `json:"informational"`
}
VulnerabilityCounts represents the total counts of vulnerabilities by severity
type VulnerabilitySnapshot ¶ added in v0.0.12
type VulnerabilitySnapshot struct {
SnapshotID string `json:"snapshot_id"` // YYYY-MM-DD format
Timestamp time.Time `json:"timestamp"`
Counts VulnerabilityCounts `json:"counts"`
ByHost []HostVulnerabilityStat `json:"by_host"`
Metadata SnapshotMetadata `json:"metadata"`
}
VulnerabilitySnapshot represents a point-in-time vulnerability state
type VulnerabilitySummary ¶
type VulnerabilitySummary struct {
ID string `json:"id"`
Severity string `json:"severity"`
Title string `json:"title"`
Description string `json:"description"`
CVSSScore float64 `json:"cvss_score,omitempty"`
RiskScore float64 `json:"risk_score,omitempty"`
ScanSource string `json:"scan_source,omitempty"`
HostID string `json:"host_id,omitempty"`
AgentID string `json:"agent_id,omitempty"`
}
Source Files