worksession

package
v1.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ActivateWorkSession

func ActivateWorkSession(ac *client.AlpaconClient, id string) error

func ApproveWorkSession

func ApproveWorkSession(ac *client.AlpaconClient, id string, req WorkSessionApproveRequest) error

func CancelWorkSession added in v1.9.0

func CancelWorkSession(ac *client.AlpaconClient, id string) error

CancelWorkSession withdraws the requester's own pending session; the server restricts it to the creator/superuser and rejects non-pending sessions (unlike superuser-only RevokeWorkSession).

func CompleteWorkSession

func CompleteWorkSession(ac *client.AlpaconClient, id string) error

func ExtendWorkSession

func ExtendWorkSession(ac *client.AlpaconClient, id string, req WorkSessionExtendRequest) error

func GetWorkSessionRaw

func GetWorkSessionRaw(ac *client.AlpaconClient, id string) ([]byte, error)

func RejectWorkSession

func RejectWorkSession(ac *client.AlpaconClient, id string) error

func RevokeWorkSession

func RevokeWorkSession(ac *client.AlpaconClient, id string) error

Types

type Adjustments added in v1.9.0

type Adjustments struct {
	Scopes  *ScopeDiff  `json:"scopes,omitempty"`
	Servers *ServerDiff `json:"servers,omitempty"`
}

Adjustments is the approver's diff; each dimension is set only when changed, nil when unchanged.

type Recommendation added in v1.9.0

type Recommendation struct {
	ID            string `json:"id"`
	Text          string `json:"text"`
	Severity      string `json:"severity"`
	Source        string `json:"source"`
	AutoCheckable bool   `json:"auto_checkable"`
}

Recommendation is an admin-confirmed note attached at approval time.

type ScopeDiff added in v1.9.0

type ScopeDiff struct {
	Old []string `json:"old"`
	New []string `json:"new"`
}

ScopeDiff holds the requested (old) and granted (new) scope lists.

type ServerDiff added in v1.9.0

type ServerDiff struct {
	Old []types.ServerSummary `json:"old"`
	New []types.ServerSummary `json:"new"`
}

ServerDiff holds the requested (old) and granted (new) server lists.

type SudoPolicyInline added in v1.5.0

type SudoPolicyInline struct {
	ID             string   `json:"id,omitempty"`
	Commands       []string `json:"commands"`
	Reason         string   `json:"reason,omitempty"`
	AllowBypassMFA bool     `json:"allow_bypass_mfa"`
}

SudoPolicyInline is a sudo policy bound to a work session. It serves three roles: read (when returned on a WorkSession), create (attached at session create time), and modify (sent on update). Commands are the allowed patterns (wildcards permitted); AllowBypassMFA lets matching sudo run without interactive MFA, which is the only way a non-interactive caller (e.g. an AI agent running 'exec') can sudo. Users is intentionally omitted — the server binds the policy to the session assignee automatically so it never applies to other workspace users.

ID is set only on read and on modify: the sudo_policies field of an update PATCH is the FULL desired set, so existing policies must be echoed back with their ID (modify in place) alongside new entries without an ID (additions). Omitting an existing policy from the set deletes it, so callers must preserve the current entries.

type TimelineAttributes added in v1.4.8

type TimelineAttributes struct {
	Time    string `json:"timestamp" table:"Time"`
	Type    string `json:"type"      table:"Type"`
	Server  string `json:"server"    table:"Server"`
	User    string `json:"user"      table:"User"`
	Details string `json:"details"   table:"Details"`
}

type TimelineItem added in v1.4.8

type TimelineItem struct {
	Type      string  `json:"type"`
	Timestamp *string `json:"timestamp"`
	ID        string  `json:"id"`
	ServerID  *string `json:"server_id"`

	// shared across session-like types (websh_session, tunnel_session, ftp_session)
	Username   string  `json:"username"`
	Groupname  string  `json:"groupname"`
	ClosedAt   *string `json:"closed_at"`
	ClientType string  `json:"client_type"`

	// command
	Shell       string  `json:"shell"`
	Line        string  `json:"line"`
	Success     *bool   `json:"success"`
	Denied      bool    `json:"denied"`
	ElapsedTime float64 `json:"elapsed_time"`

	// tunnel_session
	IsTunnel   bool `json:"is_tunnel"`
	TargetPort *int `json:"target_port"`

	// file_upload / file_download
	Name string `json:"name"`
	Size int64  `json:"size"`

	// sudo_grant
	GrantType string  `json:"grant_type"`
	Status    string  `json:"status"`
	Command   *string `json:"command"`
	OneTime   bool    `json:"one_time"`

	// websh_record
	SessionID    string `json:"session_id"`
	MaskedRecord string `json:"masked_record"`
}

TimelineItem represents a single event in a work session's activity timeline. All event types share this struct; type-specific fields are zero-valued for other types.

func GetWorkSessionTimeline added in v1.4.8

func GetWorkSessionTimeline(ac *client.AlpaconClient, id string, includeRecords bool) ([]TimelineItem, error)

type WorkSession

type WorkSession struct {
	ID                string                `json:"id"`
	Title             string                `json:"title"`
	Description       string                `json:"description"`
	Status            string                `json:"status"`
	RequesterType     string                `json:"requester_type"`
	Scopes            []string              `json:"scopes"`
	Servers           []types.ServerSummary `json:"servers"`
	CreatedBy         *types.UserSummary    `json:"created_by"`
	AssignedUser      *types.UserSummary    `json:"assigned_user"`
	ApprovalRequestID string                `json:"approval_request_id"`
	StartsAt          *time.Time            `json:"starts_at"`
	ExpiresAt         time.Time             `json:"expires_at"`
	StartedAt         *time.Time            `json:"started_at"`
	CompletedAt       *time.Time            `json:"completed_at"`
	AddedAt           time.Time             `json:"added_at"`
	UpdatedAt         time.Time             `json:"updated_at"`
	SudoPolicies      []SudoPolicyInline    `json:"sudo_policies"`
	Adjustments       *Adjustments          `json:"adjustments"`
	Recommendations   []Recommendation      `json:"recommendations"`
}

func GetWorkSession

func GetWorkSession(ac *client.AlpaconClient, id string) (*WorkSession, error)

func UpdateWorkSession added in v1.5.0

func UpdateWorkSession(ac *client.AlpaconClient, id string, req WorkSessionUpdateRequest) (*WorkSession, error)

UpdateWorkSession PATCHes a work session. Used to attach sudo policies to an existing session (e.g. after an 'exec' sudo was denied). The server may queue the change for approval, in which case it takes effect only once approved.

type WorkSessionApproveRequest

type WorkSessionApproveRequest struct {
	AdjustedScopes  []string `json:"adjusted_scopes,omitempty"`
	AdjustedServers []string `json:"adjusted_servers,omitempty"`
}

type WorkSessionAttributes

type WorkSessionAttributes struct {
	// Active is the active-session marker ("*" for the workspace's active session, empty otherwise).
	// Decorated by cmd/worksession.MarkActive; hidden from JSON output via the "-" tag.
	Active      string `json:"-"           table:"Active"`
	ID          string `json:"id"          table:"ID"`
	Status      string `json:"status"      table:"Status"`
	Scopes      string `json:"scopes"      table:"Scopes"`
	Servers     string `json:"servers"     table:"Servers"`
	ExpiresAt   string `json:"expires_at"  table:"Expires At"`
	Description string `json:"description" table:"Description"`
}

func GetWorkSessionList

func GetWorkSessionList(ac *client.AlpaconClient, status, requesterType, assignedUser string) ([]WorkSessionAttributes, error)

func ProjectAttributes

func ProjectAttributes(ws *WorkSession) WorkSessionAttributes

ProjectAttributes converts a full WorkSession into the WorkSessionAttributes shape used by table outputs (ls, current). Single source of truth for column projection.

type WorkSessionCreateRequest

type WorkSessionCreateRequest struct {
	Description   string             `json:"description"`
	RequesterType string             `json:"requester_type"`
	Scopes        []string           `json:"scopes"`
	Servers       []string           `json:"servers"`
	ExpiresAt     string             `json:"expires_at"`
	SudoPolicies  []SudoPolicyInline `json:"sudo_policies,omitempty"`
}

type WorkSessionExtendRequest

type WorkSessionExtendRequest struct {
	ExpiresAt string `json:"expires_at"`
}

type WorkSessionUpdateRequest added in v1.5.0

type WorkSessionUpdateRequest struct {
	Title        string             `json:"title,omitempty"`
	Description  string             `json:"description,omitempty"`
	Scopes       []string           `json:"scopes,omitempty"`
	Servers      []string           `json:"servers,omitempty"`
	StartsAt     string             `json:"starts_at,omitempty"`
	ExpiresAt    string             `json:"expires_at,omitempty"`
	SudoPolicies []SudoPolicyInline `json:"sudo_policies,omitempty"`
}

WorkSessionUpdateRequest is a partial update: omitempty leaves unset fields untouched. SudoPolicies is PUT-style — the server replaces the whole set, so existing policies must be echoed back or they are deleted. An empty slice is also omitted (omitempty), so this request cannot clear policies.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL