Directories
¶
| Path | Synopsis |
|---|---|
|
Package abac is the ABAC (Attribute-Based Access Control) policy authoring and persistence model for accesscore.
|
Package abac is the ABAC (Attribute-Based Access Control) policy authoring and persistence model for accesscore. |
|
Package accountlockout is the typed mediator that drives auto-lockout decisions for sessionlogin.
|
Package accountlockout is the typed mediator that drives auto-lockout decisions for sessionlogin. |
|
adapters
|
|
|
http
Package http provides HTTP adapter implementations for accesscore's outbound cross-cell calls.
|
Package http provides HTTP adapter implementations for accesscore's outbound cross-cell calls. |
|
postgres/internal/pgexec
Package pgexec is the sealed PostgreSQL executor funnel for the accesscore adapter.
|
Package pgexec is the sealed PostgreSQL executor funnel for the accesscore adapter. |
|
Package adminprovision encapsulates the idempotent, race-safe "bring the first admin into existence" domain logic.
|
Package adminprovision encapsulates the idempotent, race-safe "bring the first admin into existence" domain logic. |
|
Package authzmutate is the single entry point for all authz-field mutations on a User aggregate.
|
Package authzmutate is the single entry point for all authz-field mutations on a User aggregate. |
|
Package credential is the single sanctioned holder of accesscore password hashing.
|
Package credential is the single sanctioned holder of accesscore password hashing. |
|
Package credentialauthority is the read-side funnel for "is this user-bound credential authorized to issue or continue using a session?" decisions.
|
Package credentialauthority is the read-side funnel for "is this user-bound credential authorized to issue or continue using a session?" decisions. |
|
Package credentialinvalidate is the single entry point for credential revocation events: it bumps the user's authz_epoch, revokes all active sessions, and revokes all refresh chains in one ambient transaction.
|
Package credentialinvalidate is the single entry point for credential revocation events: it bumps the user's authz_epoch, revokes all active sessions, and revokes all refresh chains in one ambient transaction. |
|
Package domain contains the accesscore Cell domain models.
|
Package domain contains the accesscore Cell domain models. |
|
Package dto contains accesscore's local typed views of cross-cell event payloads.
|
Package dto contains accesscore's local typed views of cross-cell event payloads. |
|
Package httpcookie delivers the accesscore refresh token as an httpOnly cookie on the session endpoints (login / refresh / logout) and reads it back on refresh.
|
Package httpcookie delivers the accesscore refresh token as an httpOnly cookie on the session endpoints (login / refresh / logout) and reads it back on refresh. |
|
Package mem provides in-memory repository implementations for accesscore.
|
Package mem provides in-memory repository implementations for accesscore. |
|
internal/txlock
Package txlock mints un-forgeable, self-invalidating lock-ownership leases for the mem accesscore store.
|
Package txlock mints un-forgeable, self-invalidating lock-ownership leases for the mem accesscore store. |
|
Package ports defines accesscore's outbound dependency interfaces.
|
Package ports defines accesscore's outbound dependency interfaces. |
|
conformance
Package conformance defines a UserRepository contract acceptance suite shared by all ports.UserRepository implementations (mem, PG, future).
|
Package conformance defines a UserRepository contract acceptance suite shared by all ports.UserRepository implementations (mem, PG, future). |
|
Package scopedtx funnels every tenant-scoped accesscore write (and tenant-scoped read inside a transaction) through a single tenant.WithScope + RunInTx wrapper.
|
Package scopedtx funnels every tenant-scoped accesscore write (and tenant-scoped read inside a transaction) through a single tenant.WithScope + RunInTx wrapper. |
|
Package sessionmint centralizes access-JWT issuance so that login, IssueForUser (change-password flow), and refresh share a single fail-closed "fetch roles → sign access" pipeline.
|
Package sessionmint centralizes access-JWT issuance so that login, IssueForUser (change-password flow), and refresh share a single fail-closed "fetch roles → sign access" pipeline. |
|
Package testutil provides shared test fixtures for cells/accesscore tests.
|
Package testutil provides shared test fixtures for cells/accesscore tests. |
Click to show internal directories.
Click to hide internal directories.