Documentation
¶
Index ¶
- Variables
- func ValidateKeyInput(name string, scopes []string) error
- type APIKeyRecord
- type Deps
- type KeyStore
- func (ks *KeyStore) Create(ctx context.Context, name string, scopes []string) (APIKeyRecord, string, error)
- func (ks *KeyStore) Delete(ctx context.Context, id string) error
- func (ks *KeyStore) FindActiveByHash(ctx context.Context, tokenHash string) (*storedKey, error)
- func (ks *KeyStore) HasActiveKey(ctx context.Context) (bool, error)
- func (ks *KeyStore) List(ctx context.Context) ([]APIKeyRecord, error)
- func (ks *KeyStore) Revoke(ctx context.Context, id string) error
- func (ks *KeyStore) Rotate(ctx context.Context, id string) (APIKeyRecord, string, error)
- func (ks *KeyStore) TouchLastUsed(ctx context.Context, id string)
- type Server
Constants ¶
This section is empty.
Variables ¶
var ValidScopes = map[string]struct{}{
"admin": {},
"chat": {},
"sessions:read": {},
"costs:read": {},
"skills:read": {},
"schedules:read": {},
"approvals:read": {},
"approvals:write": {},
"tools:read": {},
"tools:write": {},
"health": {},
}
ValidScopes is the set of scope values accepted by the key management system. Exported so the CLI can share the same allowlist.
Functions ¶
func ValidateKeyInput ¶ added in v0.1.0
ValidateKeyInput checks that name is within the length limit and every scope is in the ValidScopes allowlist. Returns a user-facing error on failure.
Types ¶
type APIKeyRecord ¶
type APIKeyRecord struct {
ID string `json:"id"`
Name string `json:"name"`
Scopes []string `json:"scopes"`
CreatedAt time.Time `json:"created_at"`
LastUsedAt *time.Time `json:"last_used_at,omitempty"`
Revoked bool `json:"revoked"`
}
APIKeyRecord is the public representation returned by the API (no hash exposed).
type Deps ¶
type Deps struct {
Dispatcher *agent.Dispatcher
Scheduler *scheduler.Scheduler
CostTracker *llm.CostTracker
Memory agent.MemoryStore
Config *config.Config
Approvals *approval.Manager // nil = approval endpoints return 503
LifecycleMgr *tool.LifecycleManager // nil = tool CRUD endpoints return 503
WebHandler http.Handler // nil = no web dashboard served
KeyStore *KeyStore // nil = API key CRUD endpoints return 503
}
Deps holds the application dependencies the API server needs to serve data.
type KeyStore ¶
type KeyStore struct {
// contains filtered or unexported fields
}
KeyStore manages API keys persisted in SQLite.
func NewInMemoryKeyStore ¶
NewInMemoryKeyStore creates a KeyStore backed by an in-memory SQLite database. Intended for tests.
func NewKeyStore ¶
NewKeyStore opens (or creates) a SQLite DB at dbPath and applies the key schema. WAL mode is used so it can coexist with other connections to the same file.
func (*KeyStore) Create ¶
func (ks *KeyStore) Create(ctx context.Context, name string, scopes []string) (APIKeyRecord, string, error)
Create inserts a new API key. Returns the record and plaintext key (shown once).
func (*KeyStore) Delete ¶ added in v0.1.0
Delete permanently removes a revoked key from the store. Returns an error if the key does not exist or is still active (not revoked).
func (*KeyStore) FindActiveByHash ¶
FindActiveByHash returns the matching active key row for a given token hash, or nil if not found.
func (*KeyStore) HasActiveKey ¶ added in v0.1.0
HasActiveKey reports whether at least one non-revoked key exists in the store.
func (*KeyStore) List ¶
func (ks *KeyStore) List(ctx context.Context) ([]APIKeyRecord, error)
List returns all key records ordered by creation date descending.
func (*KeyStore) Revoke ¶
Revoke marks a key as revoked. Returns an error if the key does not exist or is already revoked.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the external REST API server.
func (*Server) RequireScope ¶
func (s *Server) RequireScope(scope string, next http.HandlerFunc) http.HandlerFunc
RequireScope returns middleware that checks for a valid API key with the required scope. Use this to wrap individual route handlers.
Source Files