aisphere-kit

module
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2026 License: MIT

README

aisphere-kit

aisphere-kit is the framework-neutral SDK for AI Sphere components.

It integrates mature SDKs and libraries instead of reimplementing them:

  • MySQL via GORM
  • Redis single/cluster via go-redis
  • MinIO via minio-go
  • Casdoor authn/authz/audit via casdoor-go-sdk
  • Casdoor/Casbin permission management via Casdoor policy APIs
  • slog-based structured logging
  • Prometheus metrics helpers

Important boundary

aisphere-kit does not depend on Kratos. Kratos integration belongs in github.com/actionlab-ai/aisphere-kit-kratos.

aisphere-kit also does not keep a local ACL table as the permission authority. Sharing and resource grants are represented as Casdoor/Casbin policies through permission.Manager.

Runtime

cfg, rt, cleanup, err := starter.NewRuntimeFromConfig(ctx, []string{"configs/config.yaml"})
if err != nil {
    return err
}
defer cleanup()

// rt.DB
// rt.Redis
// rt.S3
// rt.Authn
// rt.Authz
// rt.Audit
// rt.Permission

Permission grant example

err := rt.Permission.Share(ctx, permission.ShareRequest{
    Resource:    resource.AIHubSkill(skillID),
    SubjectType: permission.SubjectUser,
    SubjectID:   userID,
    Role:        permission.RoleViewer,
    GrantedBy:   actor.SubjectID,
})

Resource deletion cleanup

err := rt.Permission.DeleteResourcePolicies(ctx, resource.AIHubSkill(skillID))

If cleanup fails, the business component should store an outbox job and retry. The business component must always check that the resource still exists before checking authorization.

PostgreSQL

See docs/DB_POSTGRES.md for PostgreSQL, auto-create database, JSONB, and safe pagination usage.

Casdoor JWT certificate

When features.authn=true, configure casdoor.certificate or casdoor.certificate_file with the public certificate/public key from the Casdoor Cert page. The kit validates this at startup so JWT signing-key mistakes fail early. See docs/CASDOOR_CERTIFICATE.md.

Directories

Path Synopsis
Package access provides a component-reusable access guard that combines principal lookup, authorization checks, and audit recording.
Package access provides a component-reusable access guard that combines principal lookup, authorization checks, and audit recording.
Package permission defines AI Sphere permission-management abstractions.
Package permission defines AI Sphere permission-management abstractions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL