Documentation
¶
Overview ¶
Package web provides the BubbleFish Nexus web dashboard.
The dashboard runs on a separate port (default 8081) and requires admin_token authentication on all endpoints. It uses textContent exclusively — inner HTML is NEVER used (XSS prevention).
Reference: Tech Spec Section 13.2.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditProvider ¶
type AuditProvider interface {
RecentInteractions(limit int) []AuditRecordInfo
InteractionsByActor(actorID string, limit int) []AuditRecordInfo
PolicyDenials(limit int) []AuditRecordInfo
AuditStats() AuditStatsInfo
}
AuditProvider supplies data for the dashboard audit tab. All methods must be safe for concurrent use.
Reference: Tech Spec Addendum Section A2.7.
type AuditRecordInfo ¶
type AuditRecordInfo struct {
RecordID string `json:"record_id"`
Timestamp string `json:"timestamp"`
Source string `json:"source"`
ActorType string `json:"actor_type"`
ActorID string `json:"actor_id"`
OperationType string `json:"operation_type"`
Endpoint string `json:"endpoint"`
HTTPStatusCode int `json:"http_status_code"`
PolicyDecision string `json:"policy_decision"`
PolicyReason string `json:"policy_reason,omitempty"`
LatencyMs float64 `json:"latency_ms"`
Destination string `json:"destination,omitempty"`
Subject string `json:"subject,omitempty"`
ResultCount int `json:"result_count,omitempty"`
}
AuditRecordInfo is a flat summary of an interaction record for the audit tab. Defined here to avoid importing the audit package into web.
type AuditStatsInfo ¶
type AuditStatsInfo struct {
TotalRecords int `json:"total_records"`
InteractionsPerHr map[string]int `json:"interactions_per_hour"`
DenialRate float64 `json:"denial_rate"`
FilterRate float64 `json:"filter_rate"`
TopSources map[string]int `json:"top_sources"`
TopActors map[string]int `json:"top_actors"`
ByOperation map[string]int `json:"by_operation"`
ByDecision map[string]int `json:"by_decision"`
}
AuditStatsInfo holds summary statistics for the audit tab.
type AuthFailureInfo ¶
type AuthFailureInfo struct {
Timestamp string `json:"timestamp"`
Source string `json:"source"`
IP string `json:"ip"`
Endpoint string `json:"endpoint"`
TokenClass string `json:"token_class"`
StatusCode int `json:"status_code"`
}
AuthFailureInfo is a single auth failure event for the security tab.
type Config ¶
type Config struct {
Port int
RequireAuth bool
AdminKey []byte // Resolved admin token bytes.
Logger *slog.Logger
SecurityProvider SecurityProvider // Optional; security tab disabled if nil.
AuditProvider AuditProvider // Optional; audit tab disabled if nil.
AdminHandler http.Handler // Optional; when set, /api/* routes are delegated to this handler.
DashboardHTML string // Optional; v4 dashboard HTML content. When set, replaces the builtin skeleton.
LogoPNG []byte // Optional; embedded logo PNG served at /logo_metal.png.
}
Config holds the settings for the web dashboard.
type Dashboard ¶
type Dashboard struct {
// contains filtered or unexported fields
}
Dashboard is the web dashboard server. All state is held in struct fields.
type LintFinding ¶
type LintFinding struct {
Severity string `json:"severity"`
Check string `json:"check"`
Message string `json:"message"`
}
LintFinding is a single lint diagnostic for the security tab.
type SecurityProvider ¶
type SecurityProvider interface {
SourcePolicies() []SourcePolicyInfo
AuthFailures(limit int) []AuthFailureInfo
LintFindings() []LintFinding
}
SecurityProvider supplies data for the dashboard security tab. All methods must be safe for concurrent use.
type SourcePolicyInfo ¶
type SourcePolicyInfo struct {
Name string `json:"name"`
CanRead bool `json:"can_read"`
CanWrite bool `json:"can_write"`
AllowedDestinations []string `json:"allowed_destinations"`
MaxResults int `json:"max_results"`
MaxResponseBytes int `json:"max_response_bytes"`
RateLimit int `json:"rate_limit_rpm"`
}
SourcePolicyInfo is a read-only summary of a source's policies for the security tab. Defined here to avoid importing config into web.
Source Files