agentidentity

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 26, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package agentidentity resolves daemon-validated caller identity for agent-facing CLI and UDS operations.

Index

Constants

View Source 
const (
	// ExitOK reports successful agent command execution.
	ExitOK = 0
	// ExitIdentityRequired reports missing caller identity input.
	ExitIdentityRequired = 64
	// ExitIdentityInvalid reports stale or mismatched caller identity.
	ExitIdentityInvalid = 65
	// ExitUnauthorized reports a caller identity that is valid but not allowed for the requested scope.
	ExitUnauthorized = 77
	// ExitUnavailable reports daemon lookup or validation infrastructure failure.
	ExitUnavailable = 69
	// ExitDoctorWarn reports doctor diagnostics with warnings.
	ExitDoctorWarn = 70
	// ExitDoctorError reports doctor diagnostics with errors.
	ExitDoctorError = 71
	// ExitConfigInvalid reports invalid runtime configuration.
	ExitConfigInvalid = 78
)
View Source 
const (
	// EnvSessionID is the daemon-issued session identifier visible inside agent sessions.
	EnvSessionID = "AGH_SESSION_ID"
	// EnvAgent is the daemon-issued agent name visible inside agent sessions.
	EnvAgent = "AGH_AGENT"

	// HeaderSessionID carries EnvSessionID over the local UDS HTTP transport.
	HeaderSessionID = "X-AGH-Session-ID"
	// HeaderAgent carries EnvAgent over the local UDS HTTP transport.
	HeaderAgent = "X-AGH-Agent"
	// HeaderWorkspaceID optionally narrows an agent request to the caller workspace.
	HeaderWorkspaceID = "X-AGH-Workspace-ID"
)

Variables

View Source 
var (
	// ErrIdentityRequired reports missing required agent caller sandbox.
	ErrIdentityRequired = errors.New("agent identity required")
	// ErrIdentityStale reports a missing, unknown, stopped, or otherwise inactive session identity.
	ErrIdentityStale = errors.New("agent identity stale")
	// ErrIdentityMismatch reports env/header identity that does not match the daemon session record.
	ErrIdentityMismatch = errors.New("agent identity mismatch")
	// ErrIdentityUnauthorized reports a validated identity that is not allowed for the requested scope.
	ErrIdentityUnauthorized = errors.New("agent identity unauthorized")
	// ErrIdentityLookupUnavailable reports validation infrastructure that is not available.
	ErrIdentityLookupUnavailable = errors.New("agent identity lookup unavailable")
)

Functions

func ExitCodeForError 

func ExitCodeForError(err error) int

ExitCodeForError maps agent identity and command errors to deterministic CLI exit codes.

func MarshalErrorJSON 

func MarshalErrorJSON(err error) ([]byte, error)

MarshalErrorJSON renders a stable JSON error object for agent CLI commands.

func MarshalErrorJSONL 

func MarshalErrorJSONL(err error) ([]byte, error)

MarshalErrorJSONL renders one stable JSONL error frame for agent CLI streaming commands.

Types

type Caller 

type Caller struct {
	Credentials Credentials
	Session     SessionSnapshot
	Actor       taskpkg.ActorContext
}

Caller is a validated agent-session caller and its task-domain actor context.

func Resolve 

func Resolve(ctx context.Context, opts ResolveOptions) (Caller, error)

Resolve validates untrusted caller credentials against the daemon session lookup.

type Credentials 

type Credentials struct {
	SessionID   string
	AgentName   string
	WorkspaceID string
}

Credentials carries untrusted caller identity hints from env or transport headers.

type Error 

type Error struct {
	Code    string
	Message string
	Action  string
	Err     error
}

Error carries a stable machine-readable identity failure code with an actionable message.

func (*Error) DiagnosticItem 

func (e *Error) DiagnosticItem() contract.DiagnosticItem

DiagnosticItem exposes the shared diagnostic shape for errors.As callers.

func (*Error) Error 

func (e *Error) Error() string

func (*Error) ToDiagnosticItem 

func (e *Error) ToDiagnosticItem() contract.DiagnosticItem

ToDiagnosticItem converts the identity error into the shared diagnostic shape.

func (*Error) Unwrap 

func (e *Error) Unwrap() error

type ErrorPayload 

type ErrorPayload struct {
	Code     string `json:"code"`
	Message  string `json:"message"`
	Action   string `json:"action"`
	ExitCode int    `json:"exit_code"`
}

ErrorPayload is the stable machine-readable CLI error shape for agent namespaces.

func ErrorPayloadFor 

func ErrorPayloadFor(err error) ErrorPayload

ErrorPayloadFor returns the stable machine-readable error payload for agent CLI output.

type ResolveOptions 

type ResolveOptions struct {
	Credentials         Credentials
	Lookup              SessionLookup
	ExpectedWorkspaceID string
	OriginKind          taskpkg.OriginKind
	OriginRef           string
}

ResolveOptions configures agent caller resolution.

type SessionLookup 

type SessionLookup func(context.Context, string) (SessionSnapshot, error)

SessionLookup loads a daemon-authoritative session snapshot by session ID.

type SessionSnapshot 

type SessionSnapshot struct {
	ID               string
	Name             string
	AgentName        string
	Provider         string
	Model            string
	WorkspaceID      string
	WorkspacePath    string
	Channel          string
	Type             session.Type
	Lineage          *store.SessionLineage
	State            session.State
	SoulSnapshotID   string
	SoulDigest       string
	ParentSoulDigest string
	CreatedAt        time.Time
	UpdatedAt        time.Time
}

SessionSnapshot is the daemon-authoritative session subset needed for identity validation.

func SessionSnapshotFromInfo 

func SessionSnapshotFromInfo(info *session.Info) SessionSnapshot

SessionSnapshotFromInfo converts the runtime session read model into a validation snapshot.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.