Documentation
¶
Overview ¶
Package agent implements the scoped /v1/agent/* tool surface controllers: the triage bundle, read-only context passthroughs, typed-action proposals, and timeline notes. Every route is gated by the auth middleware's agent-scope switch (api/middleware/auth_scope.go), which 403s an agent-session token on any incident but the one its credential was minted for.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Actions ¶
Actions handles POST /v1/agent/incidents/:id/actions — propose/execute a typed remediation action. The action is validated and executed by Stream B's server-side action executor (the agent never gets shell/SQL/generic HTTP); until that executor is wired the action is recorded as `proposed` for the audit spine. Tier-3 actions always route to a human approval, never auto-execute — that boundary is enforced server-side by the executor, not here.
func Bundle ¶
Bundle handles GET /v1/agent/incidents/:id/bundle — the JSON triage document the agent fetches once at startup.
func Context ¶
Context handles GET /v1/agent/incidents/:id/context/* — the read-only passthroughs (logs, why, run history) scoped to the incident's frozen job allowlist. The wildcard subpath selects the passthrough. Cross-job reads are gated against the allowlist injected by the auth middleware.
func MCP ¶
MCP handles POST /v1/agent/incidents/:id/mcp: a synchronous JSON-RPC 2.0 MCP endpoint for the same incident-scoped agent tool surface as the REST routes. The incident id is read only from the route, so the auth middleware's per-incident agent-token confinement applies before JSON-RPC dispatch.
Types ¶
This section is empty.