bridge

package
v0.35.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrJWTExpired   = errors.New("jwt expired")
	ErrJWTMalformed = errors.New("jwt malformed")
	ErrJWTSignature = errors.New("jwt signature invalid")
)

Functions

func EpochFromContext 

func EpochFromContext(ctx context.Context) int

func IssueWorkerJWT 

func IssueWorkerJWT(secret []byte, sessionID, sandboxID, workspaceID string, epoch int, ttl time.Duration) (string, error)

IssueWorkerJWT creates an HMAC-SHA256 JWT with the given claims.

func SandboxIDFromContext 

func SandboxIDFromContext(ctx context.Context) string

func SessionIDFromContext 

func SessionIDFromContext(ctx context.Context) string

func WorkspaceIDFromContext 

func WorkspaceIDFromContext(ctx context.Context) string

Types

type BoundedUUIDSet 

type BoundedUUIDSet struct {
	// contains filtered or unexported fields
}

BoundedUUIDSet is a fixed-capacity set with FIFO eviction. Used for echo/replay deduplication, matching CC's BoundedUUIDSet (capacity 2000). Thread-safe.

func NewBoundedUUIDSet 

func NewBoundedUUIDSet(capacity int) *BoundedUUIDSet

func (*BoundedUUIDSet) Add 

func (s *BoundedUUIDSet) Add(uuid string) bool

Add inserts a UUID. Returns false if already present (duplicate).

func (*BoundedUUIDSet) Has 

func (s *BoundedUUIDSet) Has(uuid string) bool

Has checks if a UUID is in the set.

type EpochCache 

type EpochCache struct {
	// contains filtered or unexported fields
}

EpochCache is an in-memory cache of session epochs backed by DB reads.

func NewEpochCache 

func NewEpochCache() *EpochCache

func (*EpochCache) Get 

func (c *EpochCache) Get(sessionID string) (int, bool)

Get returns the cached epoch for a session. ok=false if not cached.

func (*EpochCache) Invalidate 

func (c *EpochCache) Invalidate(sessionID string)

Invalidate removes the cached epoch for a session. Called after epoch bump so the next validation reads from DB.

func (*EpochCache) Set 

func (c *EpochCache) Set(sessionID string, epoch int)

Set stores the epoch for a session.

type Handler 

type Handler struct {
	DB        *db.DB
	SSE       *SSEBroker
	Epochs    *EpochCache
	JWTSecret []byte
	// contains filtered or unexported fields
}

Handler implements the CCR V2-compatible bridge API.

func NewHandler 

func NewHandler(database *db.DB, jwtSecret []byte) *Handler

func (*Handler) AgentOrUserAuthMiddleware 

func (h *Handler) AgentOrUserAuthMiddleware(userAuth func(http.Handler) http.Handler) func(http.Handler) http.Handler

AgentOrUserAuthMiddleware authenticates via proxy_token (agent) or delegates to the provided user auth middleware (web UI cookie).

func (*Handler) HandleArchive 

func (h *Handler) HandleArchive(w http.ResponseWriter, r *http.Request)

HandleArchive handles POST /v1/agent/sessions/{sessionId}/archive

func (*Handler) HandleBridge 

func (h *Handler) HandleBridge(w http.ResponseWriter, r *http.Request)

HandleBridge handles POST /v1/agent/sessions/{sessionId}/bridge

func (*Handler) HandleCreateSession 

func (h *Handler) HandleCreateSession(w http.ResponseWriter, r *http.Request)

HandleCreateSession handles POST /v1/agent/sessions

func (*Handler) HandleGetInternalEvents 

func (h *Handler) HandleGetInternalEvents(w http.ResponseWriter, r *http.Request)

HandleGetInternalEvents handles GET .../worker/internal-events

func (*Handler) HandleGetWorker 

func (h *Handler) HandleGetWorker(w http.ResponseWriter, r *http.Request)

HandleGetWorker handles GET .../worker

func (*Handler) HandleWorkerDelivery 

func (h *Handler) HandleWorkerDelivery(w http.ResponseWriter, r *http.Request)

HandleWorkerDelivery handles POST .../worker/events/delivery

func (*Handler) HandleWorkerEventStream 

func (h *Handler) HandleWorkerEventStream(w http.ResponseWriter, r *http.Request)

HandleWorkerEventStream handles GET .../worker/events/stream (SSE)

func (*Handler) HandleWorkerEvents 

func (h *Handler) HandleWorkerEvents(w http.ResponseWriter, r *http.Request)

HandleWorkerEvents handles POST .../worker/events

func (*Handler) HandleWorkerHeartbeat 

func (h *Handler) HandleWorkerHeartbeat(w http.ResponseWriter, r *http.Request)

HandleWorkerHeartbeat handles POST .../worker/heartbeat

func (*Handler) HandleWorkerInternalEvents 

func (h *Handler) HandleWorkerInternalEvents(w http.ResponseWriter, r *http.Request)

HandleWorkerInternalEvents handles POST .../worker/internal-events

func (*Handler) HandleWorkerState 

func (h *Handler) HandleWorkerState(w http.ResponseWriter, r *http.Request)

HandleWorkerState handles PUT .../worker

func (*Handler) WorkerAuthMiddleware 

func (h *Handler) WorkerAuthMiddleware(next http.Handler) http.Handler

WorkerAuthMiddleware validates worker JWT for /worker/* endpoints.

type SSEBroker 

type SSEBroker struct {
	// contains filtered or unexported fields
}

SSEBroker fans out events to per-session subscribers.

func NewSSEBroker 

func NewSSEBroker() *SSEBroker

func (*SSEBroker) Publish 

func (b *SSEBroker) Publish(sessionID string, event *StreamClientEvent)

Publish sends an event to all subscribers of a session. If a subscriber's channel is full, it is closed (force reconnect).

func (*SSEBroker) Subscribe 

func (b *SSEBroker) Subscribe(sessionID string) *SSESubscriber

Subscribe creates a new subscriber for a session.

func (*SSEBroker) Unsubscribe 

func (b *SSEBroker) Unsubscribe(sessionID string, sub *SSESubscriber)

Unsubscribe removes a subscriber.

type SSESubscriber 

type SSESubscriber struct {
	Ch chan *StreamClientEvent
	// contains filtered or unexported fields
}

SSESubscriber receives events for a single session.

func (*SSESubscriber) Close 

func (s *SSESubscriber) Close()

Close marks the subscriber as done.

func (*SSESubscriber) Done 

func (s *SSESubscriber) Done() <-chan struct{}

Done returns a channel closed when the subscriber is removed.

type StreamClientEvent 

type StreamClientEvent struct {
	EventID     string          `json:"event_id"`
	SequenceNum int64           `json:"sequence_num"`
	EventType   string          `json:"event_type"`
	Source      string          `json:"source"`
	Payload     json.RawMessage `json:"payload"`
	CreatedAt   string          `json:"created_at"`
}

StreamClientEvent is the SSE frame payload, aligned with CC's StreamClientEvent.

type WorkerJWTClaims 

type WorkerJWTClaims struct {
	SessionID   string `json:"sid"`
	SandboxID   string `json:"sbx"`
	WorkspaceID string `json:"wid"`
	Epoch       int    `json:"epoch"`
	Exp         int64  `json:"exp"`
}

WorkerJWTClaims are the claims embedded in a worker JWT.

func ValidateWorkerJWT 

func ValidateWorkerJWT(secret []byte, token string) (*WorkerJWTClaims, error)

ValidateWorkerJWT validates an HMAC-SHA256 JWT and returns the claims.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.