api

package

v0.9.0 Latest Latest Go to latest Published: Apr 3, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Temikus/denkeeper

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ValidateKeyInput(name string, scopes []string) error
type APIKeyRecord
type Deps
type KeyStore
- func NewInMemoryKeyStore() (*KeyStore, error)
- func NewKeyStore(dbPath string) (*KeyStore, error)
type Server
- func New(cfg config.APIConfig, deps Deps, logger *slog.Logger) *Server
- func (s *Server) RequireScope(scope string, next http.HandlerFunc) http.HandlerFunc
- func (s *Server) Run(ctx context.Context) error

Constants ¶

This section is empty.

Variables ¶

View Source

var ValidScopes = map[string]struct{}{
	"admin":           {},
	"chat":            {},
	"sessions:read":   {},
	"costs:read":      {},
	"skills:read":     {},
	"skills:write":    {},
	"schedules:read":  {},
	"schedules:write": {},
	"approvals:read":  {},
	"approvals:write": {},
	"tools:read":      {},
	"tools:write":     {},
	"browser:read":    {},
	"browser:write":   {},
	"health":          {},
}

ValidScopes is the set of scope values accepted by the key management system. Exported so the CLI can share the same allowlist.

Functions ¶

func ValidateKeyInput ¶ added in v0.1.0

func ValidateKeyInput(name string, scopes []string) error

ValidateKeyInput checks that name is within the length limit and every scope is in the ValidScopes allowlist. Returns a user-facing error on failure.

Types ¶

type APIKeyRecord ¶

type APIKeyRecord struct {
	ID         string     `json:"id"`
	Name       string     `json:"name"`
	Scopes     []string   `json:"scopes"`
	CreatedAt  time.Time  `json:"created_at"`
	LastUsedAt *time.Time `json:"last_used_at,omitempty"`
	Revoked    bool       `json:"revoked"`
}

APIKeyRecord is the public representation returned by the API (no hash exposed).

type Deps ¶

type Deps struct {
	Dispatcher      *agent.Dispatcher
	Scheduler       *scheduler.Scheduler
	CostTracker     *llm.CostTracker
	Memory          agent.MemoryStore
	Config          *config.Config
	Approvals       *approval.Manager       // nil = approval endpoints return 503
	LifecycleMgr    *tool.LifecycleManager  // nil = tool CRUD endpoints return 503
	BrowserProfiles *browser.ProfileService // nil = browser endpoints return 503
	WebHandler      http.Handler            // nil = no web dashboard served
	KeyStore        *KeyStore               // nil = API key CRUD endpoints return 503
	ConfigPath      string                  // TOML config path for schedule persistence
}

Deps holds the application dependencies the API server needs to serve data.

type KeyStore ¶

type KeyStore struct {
	// contains filtered or unexported fields
}

KeyStore manages API keys persisted in SQLite.

func NewInMemoryKeyStore ¶

func NewInMemoryKeyStore() (*KeyStore, error)

NewInMemoryKeyStore creates a KeyStore backed by an in-memory SQLite database. Intended for tests.

func NewKeyStore ¶

func NewKeyStore(dbPath string) (*KeyStore, error)

NewKeyStore opens (or creates) a SQLite DB at dbPath and applies the key schema. WAL mode is used so it can coexist with other connections to the same file.

func (*KeyStore) Create ¶

func (ks *KeyStore) Create(ctx context.Context, name string, scopes []string) (APIKeyRecord, string, error)

Create inserts a new API key. Returns the record and plaintext key (shown once).

func (*KeyStore) Delete ¶ added in v0.1.0

func (ks *KeyStore) Delete(ctx context.Context, id string) error

Delete permanently removes a revoked key from the store. Returns an error if the key does not exist or is still active (not revoked).

func (*KeyStore) FindActiveByHash ¶

func (ks *KeyStore) FindActiveByHash(ctx context.Context, tokenHash string) (*storedKey, error)

FindActiveByHash returns the matching active key row for a given token hash, or nil if not found.

func (*KeyStore) HasActiveKey ¶ added in v0.1.0

func (ks *KeyStore) HasActiveKey(ctx context.Context) (bool, error)

HasActiveKey reports whether at least one non-revoked key exists in the store.

func (*KeyStore) List ¶

func (ks *KeyStore) List(ctx context.Context) ([]APIKeyRecord, error)

List returns all key records ordered by creation date descending.

func (*KeyStore) Revoke ¶

func (ks *KeyStore) Revoke(ctx context.Context, id string) error

Revoke marks a key as revoked. Returns an error if the key does not exist or is already revoked.

func (*KeyStore) Rotate ¶

func (ks *KeyStore) Rotate(ctx context.Context, id string) (APIKeyRecord, string, error)

Rotate revokes the existing key and creates a replacement with the same name and scopes. Returns the new record and plaintext key.

func (*KeyStore) TouchLastUsed ¶

func (ks *KeyStore) TouchLastUsed(ctx context.Context, id string)

TouchLastUsed updates last_used_at for the given key ID (best-effort, non-fatal).

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server is the external REST API server.

func New ¶

func New(cfg config.APIConfig, deps Deps, logger *slog.Logger) *Server

New creates a new API server. The server is not started until Run is called.

func (*Server) RequireScope ¶

func (s *Server) RequireScope(scope string, next http.HandlerFunc) http.HandlerFunc

RequireScope returns middleware that checks for a valid API key with the required scope. Use this to wrap individual route handlers.

func (*Server) Run ¶

func (s *Server) Run(ctx context.Context) error

Run starts the server and blocks until ctx is cancelled. It performs a graceful shutdown with a 5-second deadline.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL