Documentation
¶
Overview ¶
Package contract implements the CoreForge Product Contract specification, providing standardized endpoints for integration with CoreControl federation.
Index ¶
- Constants
- func AudienceFromContext(ctx context.Context) string
- func FederationIDFromContext(ctx context.Context) (uuid.UUID, bool)
- func HasPermission(ctx context.Context, permission string) bool
- func IsAuditStreamEnabled() bool
- func LoggerFromContext(ctx context.Context) *slog.Logger
- func PermissionsFromContext(ctx context.Context) []string
- func RecordAuditEvent() int64
- func RequireAuth(next http.Handler) http.Handler
- func RequirePermission(permission string) func(http.Handler) http.Handler
- func SubjectFromContext(ctx context.Context) string
- func WithAudience(ctx context.Context, audience string) context.Context
- func WithFederationID(ctx context.Context, federationID uuid.UUID) context.Context
- func WithPermissions(ctx context.Context, permissions []string) context.Context
- func WithSubject(ctx context.Context, subject string) context.Context
- func WriteError(w http.ResponseWriter, err *Error)
- type API
- type AuditAckInput
- type AuditAckOutput
- type AuditActor
- type AuditContext
- type AuditEvent
- type AuditResource
- type AuditStreamConfig
- type AuditStreamConfigOutput
- type Capability
- type Config
- type ContractAgent
- type ContractApp
- type ContractHuman
- type ContractPrincipal
- type ContractService
- type CoreControlClaims
- type Error
- func ErrBadRequest(message string) *Error
- func ErrForbidden(message string) *Error
- func ErrIdentityConflict(identifier string, existingID string) *Error
- func ErrInternal(message string) *Error
- func ErrNotFederated(message string) *Error
- func ErrNotFound(message string) *Error
- func ErrPolicyInvalid(message string) *Error
- func ErrSyncInProgress(message string) *Error
- func ErrUnauthorized(message string) *Error
- func NewError(status int, code, message string) *Error
- func NewErrorWithDetails(status int, code, message string, details map[string]any) *Error
- func ToContractError(err error) *Error
- type ErrorResponse
- type EvaluateInput
- type EvaluateOutput
- type FederationHealthOutput
- type FederationState
- func (s *FederationState) EndSync()
- func (s *FederationState) FederationID() *uuid.UUID
- func (s *FederationState) IsFederated() bool
- func (s *FederationState) IsSyncInProgress() bool
- func (s *FederationState) LastIdentitySync() *time.Time
- func (s *FederationState) LastPolicySync() *time.Time
- func (s *FederationState) LastSync() *time.Time
- func (s *FederationState) SetFederated(federationID uuid.UUID)
- func (s *FederationState) SetLastIdentitySync(t time.Time)
- func (s *FederationState) SetLastPolicySync(t time.Time)
- func (s *FederationState) SetStandalone()
- func (s *FederationState) StartSync() bool
- func (s *FederationState) Status() FederationStatus
- func (s *FederationState) SyncLagSeconds() int
- type FederationStatus
- type HealthChecker
- type HealthOutput
- type IdentityService
- type IdentitySyncInput
- type IdentitySyncOutput
- type LookupInput
- type LookupOutput
- type MetadataResponse
- type Option
- type Permission
- type PermissionsListOutput
- type PolicyService
- type PolicySyncFailure
- type PolicySyncInput
- type PolicySyncOutput
- type PrincipalGetInput
- type PrincipalGetOutput
- type PrincipalsListInput
- type PrincipalsListOutput
- type Provider
- func (p *Provider) Config() *Config
- func (p *Provider) EntClient() *ent.Client
- func (p *Provider) FederationState() *FederationState
- func (p *Provider) HealthCheckers() map[string]HealthChecker
- func (p *Provider) IdentityService() IdentityService
- func (p *Provider) Metadata() *MetadataResponse
- func (p *Provider) PolicyService() PolicyService
- func (p *Provider) UptimeSeconds() int64
- type ProviderOption
- type ResourceRef
- type Role
- type RolesListOutput
- type SyncFailure
- type SyncPolicy
- type SyncPrincipal
- type Tenant
- type TenantsListOutput
- type UpdateAuditStreamConfigInput
- type UpdateAuditStreamConfigOutput
Constants ¶
const ( PermissionIdentityRead = "identity:read" PermissionIdentitySync = "identity:sync" PermissionPolicyRead = "policy:read" PermissionPolicySync = "policy:sync" PermissionAuditConfig = "audit:config" PermissionHealthRead = "health:read" )
Permission scopes as defined in the product contract specification.
const ( ErrorCodeNotFederated = "NOT_FEDERATED" ErrorCodeSyncInProgress = "SYNC_IN_PROGRESS" ErrorCodeIdentityConflict = "IDENTITY_CONFLICT" ErrorCodePolicyInvalid = "POLICY_INVALID" ErrorCodeForbidden = "FORBIDDEN" ErrorCodeNotFound = "NOT_FOUND" ErrorCodeBadRequest = "BAD_REQUEST" ErrorCodeInternal = "INTERNAL_ERROR" )
Error codes as defined in the product contract specification.
const DefaultContractVersion = "1.0"
DefaultContractVersion is the current contract specification version.
const FederationStatusFederated = "federated"
FederationStatusFederated is the status value for federated mode.
const FederationStatusStandalone = "standalone"
FederationStatusStandalone is the status value for standalone mode.
Variables ¶
This section is empty.
Functions ¶
func AudienceFromContext ¶
AudienceFromContext extracts the audience from context.
func FederationIDFromContext ¶
FederationIDFromContext extracts the federation ID from context.
func HasPermission ¶
HasPermission checks if a permission exists in the context.
func IsAuditStreamEnabled ¶
func IsAuditStreamEnabled() bool
IsAuditStreamEnabled returns true if audit streaming is enabled.
func LoggerFromContext ¶
LoggerFromContext returns the logger from context, or slog.Default() if not set.
func PermissionsFromContext ¶
PermissionsFromContext extracts permissions from context.
func RecordAuditEvent ¶
func RecordAuditEvent() int64
RecordAuditEvent records an audit event and returns its sequence number. This is called internally by the application when emitting audit events.
func RequireAuth ¶
RequireAuth is a middleware that ensures authentication in any mode. Use this for endpoints that always require authentication.
func RequirePermission ¶
RequirePermission returns middleware that checks for a specific permission.
func SubjectFromContext ¶
SubjectFromContext extracts the subject from context.
func WithAudience ¶
WithAudience adds an audience to the context.
func WithFederationID ¶
WithFederationID adds a federation ID to the context.
func WithPermissions ¶
WithPermissions adds permissions to the context.
func WithSubject ¶
WithSubject adds a subject to the context.
func WriteError ¶
func WriteError(w http.ResponseWriter, err *Error)
WriteError writes a contract error response to the HTTP response writer.
Types ¶
type API ¶
type API struct {
// contains filtered or unexported fields
}
API wraps the Huma API and provides contract endpoint registration.
func (*API) Middleware ¶
Middleware returns HTTP middleware for CoreControl authentication. In standalone mode, requests are allowed without authentication. In federated mode, CoreControl JWTs are validated.
type AuditAckInput ¶
type AuditAckInput struct {
Body struct {
Sequence int64 `json:"sequence" doc:"Sequence number to acknowledge" required:"true" example:"12345"`
Timestamp time.Time `json:"timestamp" doc:"Acknowledgment timestamp" required:"true" format:"date-time"`
}
}
AuditAckInput is the body for POST /coreforge/audit/stream/ack.
type AuditAckOutput ¶
type AuditAckOutput struct {
Body struct {
Acknowledged bool `json:"acknowledged" doc:"Whether acknowledgment was successful" example:"true"`
NextSequence int64 `json:"next_sequence" doc:"Next expected sequence number" example:"12346"`
}
}
AuditAckOutput is returned by POST /coreforge/audit/stream/ack.
type AuditActor ¶
type AuditActor struct {
ID string `json:"id"`
Type string `json:"type"` // "human" | "application" | "agent" | "service"
Identifier string `json:"identifier"`
}
AuditActor represents the actor in an audit event.
type AuditContext ¶
type AuditContext struct {
TenantID string `json:"tenant_id,omitempty"`
SessionID string `json:"session_id,omitempty"`
ClientIP string `json:"client_ip,omitempty"`
UserAgent string `json:"user_agent,omitempty"`
}
AuditContext represents the context of an audit event.
type AuditEvent ¶
type AuditEvent struct {
ID string `json:"id"`
Timestamp time.Time `json:"timestamp"`
EventType string `json:"event_type"`
Action string `json:"action"`
Actor AuditActor `json:"actor"`
Resource AuditResource `json:"resource"`
Context AuditContext `json:"context"`
Outcome string `json:"outcome"` // "success" | "failure"
Details map[string]any `json:"details,omitempty"`
}
AuditEvent represents a standardized audit event.
type AuditResource ¶
type AuditResource struct {
Type string `json:"type"`
ID string `json:"id"`
Identifier string `json:"identifier,omitempty"`
}
AuditResource represents the resource in an audit event.
type AuditStreamConfig ¶
type AuditStreamConfig struct {
Enabled bool `json:"enabled" doc:"Whether streaming is enabled" example:"true"`
Endpoint string `json:"endpoint,omitempty" doc:"Streaming endpoint URL" format:"uri" example:"https://corecontrol.example.com/audit/ingest"`
BatchSize int `json:"batch_size,omitempty" doc:"Events per batch" minimum:"1" maximum:"1000" example:"100"`
FlushIntervalMs int `json:"flush_interval_ms,omitempty" doc:"Flush interval in milliseconds" minimum:"100" example:"5000"`
AuthMethod string `json:"auth_method,omitempty" doc:"Authentication method" enum:"bearer" example:"bearer"`
LastSequence int64 `json:"last_sequence,omitempty" doc:"Last recorded sequence number" example:"12345"`
}
AuditStreamConfig holds audit streaming configuration.
func GetAuditStreamConfig ¶
func GetAuditStreamConfig() AuditStreamConfig
GetAuditStreamConfig returns the current audit stream configuration.
type AuditStreamConfigOutput ¶
type AuditStreamConfigOutput struct {
Body AuditStreamConfig
}
AuditStreamConfigOutput is returned by GET /coreforge/audit/stream/config.
type Capability ¶
type Capability string
Capability represents a supported contract capability.
const ( // CapabilityIdentity indicates principal management support. CapabilityIdentity Capability = "identity" // CapabilityRBAC indicates role-based access control support. CapabilityRBAC Capability = "rbac" // CapabilityAudit indicates audit event emission support. CapabilityAudit Capability = "audit" // CapabilityTenancy indicates multi-tenant support. CapabilityTenancy Capability = "tenancy" // CapabilityDelegation indicates agent delegation support. CapabilityDelegation Capability = "delegation" )
type Config ¶
type Config struct {
// BaseURL is the base path for contract endpoints (default: "/coreforge").
BaseURL string
// AppID is the unique application identifier.
AppID string
// DisplayName is the human-readable application name.
DisplayName string
// Version is the application version (semver format).
Version string
// ContractVersion is the contract specification version implemented.
ContractVersion string
// Capabilities lists the supported contract capabilities.
Capabilities []Capability
// CoreControlIssuer is the expected JWT issuer for CoreControl tokens.
// Required for federated mode authentication.
CoreControlIssuer string
// CoreControlPublicKey is the public key for validating CoreControl JWTs.
// Can be *rsa.PublicKey, *ecdsa.PublicKey, or ed25519.PublicKey.
CoreControlPublicKey any
}
Config holds configuration for the contract endpoints.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns a Config with sensible defaults.
func (*Config) CapabilityStrings ¶
CapabilityStrings returns capabilities as a string slice.
func (*Config) EndpointPaths ¶
EndpointPaths returns the endpoint paths based on configuration.
func (*Config) HasCapability ¶
func (c *Config) HasCapability(cap Capability) bool
HasCapability checks if a capability is enabled.
type ContractAgent ¶
type ContractAgent struct {
ModelID string `json:"model_id" doc:"AI model identifier" example:"claude-3-opus"`
Version string `json:"version,omitempty" doc:"Agent version"`
DelegatingPrincipal *uuid.UUID `json:"delegating_principal_id,omitempty" doc:"Principal that delegated to this agent" format:"uuid"`
RequiresConfirmation bool `json:"requires_confirmation" doc:"Whether actions require confirmation" example:"true"`
}
ContractAgent represents agent-specific data in contract responses.
type ContractApp ¶
type ContractApp struct {
ClientID string `json:"client_id" doc:"OAuth client ID" example:"my-app-client"`
AppType string `json:"app_type" doc:"Application type" enum:"web,spa,native,machine" example:"web"`
FirstParty bool `json:"first_party" doc:"Whether this is a first-party application" example:"true"`
Description string `json:"description,omitempty" doc:"Application description"`
}
ContractApp represents application-specific data in contract responses.
type ContractHuman ¶
type ContractHuman struct {
Email string `json:"email" doc:"Email address" format:"email" example:"user@example.com"`
GivenName string `json:"given_name,omitempty" doc:"Given/first name" example:"John"`
FamilyName string `json:"family_name,omitempty" doc:"Family/last name" example:"Doe"`
}
ContractHuman represents human-specific data in contract responses.
type ContractPrincipal ¶
type ContractPrincipal struct {
ID uuid.UUID `json:"id" doc:"Principal unique identifier" format:"uuid"`
Type string `json:"type" doc:"Principal type" enum:"human,application,agent,service" example:"human"`
Identifier string `json:"identifier" doc:"Unique identifier (email, client_id, etc.)" example:"user@example.com"`
DisplayName string `json:"display_name" doc:"Human-readable display name" example:"John Doe"`
Active bool `json:"active" doc:"Whether the principal is active" example:"true"`
OrganizationID *uuid.UUID `json:"organization_id,omitempty" doc:"Organization this principal belongs to" format:"uuid"`
Capabilities map[string]bool `json:"capabilities,omitempty" doc:"Principal capabilities"`
CreatedAt time.Time `json:"created_at" doc:"Creation timestamp" format:"date-time"`
UpdatedAt time.Time `json:"updated_at" doc:"Last update timestamp" format:"date-time"`
Human *ContractHuman `json:"human,omitempty" doc:"Human-specific data (when type=human)"`
Application *ContractApp `json:"application,omitempty" doc:"Application-specific data (when type=application)"`
Agent *ContractAgent `json:"agent,omitempty" doc:"Agent-specific data (when type=agent)"`
Service *ContractService `json:"service,omitempty" doc:"Service-specific data (when type=service)"`
}
ContractPrincipal represents a principal in contract responses.
type ContractService ¶
type ContractService struct {
ServiceType string `json:"service_type" doc:"Type of service" example:"backend"`
Description string `json:"description,omitempty" doc:"Service description"`
}
ContractService represents service-specific data in contract responses.
type CoreControlClaims ¶
type CoreControlClaims struct {
jwt.RegisteredClaims
FederationID string `json:"federation_id"`
Permissions []string `json:"permissions"`
}
CoreControlClaims represents the JWT claims from CoreControl.
type Error ¶
type Error struct {
Code string `json:"code"`
Message string `json:"message"`
Details map[string]any `json:"details,omitempty"`
// contains filtered or unexported fields
}
Error represents a contract error response.
func ErrBadRequest ¶
ErrBadRequest creates a 400 Bad Request error.
func ErrForbidden ¶
ErrForbidden creates a 403 Forbidden error.
func ErrIdentityConflict ¶
ErrIdentityConflict creates a 409 Conflict error for identity mapping conflicts.
func ErrInternal ¶
ErrInternal creates a 500 Internal Server Error.
func ErrNotFederated ¶
ErrNotFederated creates a 503 error for operations requiring federation.
func ErrNotFound ¶
ErrNotFound creates a 404 Not Found error.
func ErrPolicyInvalid ¶
ErrPolicyInvalid creates a 400 Bad Request error for invalid policies.
func ErrSyncInProgress ¶
ErrSyncInProgress creates a 409 Conflict error when sync is already running.
func ErrUnauthorized ¶
ErrUnauthorized creates a 401 Unauthorized error.
func NewErrorWithDetails ¶
NewErrorWithDetails creates a new contract error with additional details.
func ToContractError ¶
ToContractError converts a standard error to a contract error. If the error is already a contract error, it is returned as-is. Otherwise, a 500 Internal Server Error is returned.
type ErrorResponse ¶
type ErrorResponse struct {
Error *Error `json:"error"`
}
ErrorResponse wraps an Error for JSON serialization.
type EvaluateInput ¶
type EvaluateInput struct {
Body struct {
PrincipalID uuid.UUID `json:"principal_id" doc:"Principal to evaluate" required:"true" format:"uuid"`
Action string `json:"action" doc:"Action to evaluate" required:"true" example:"users:read"`
Resource ResourceRef `json:"resource" doc:"Resource to evaluate against" required:"true"`
Context map[string]any `json:"context,omitempty" doc:"Additional context for evaluation"`
}
}
EvaluateInput is the body for POST /coreforge/policy/evaluate.
type EvaluateOutput ¶
type EvaluateOutput struct {
Body struct {
Allowed bool `json:"allowed" doc:"Whether the action is allowed" example:"true"`
Reason string `json:"reason" doc:"Reason for the decision" example:"role:admin grants users:*"`
Policies []string `json:"policies,omitempty" doc:"Policies that contributed to the decision"`
EvaluatedAt time.Time `json:"evaluated_at" doc:"Timestamp of evaluation" format:"date-time"`
}
}
EvaluateOutput is returned by POST /coreforge/policy/evaluate.
type FederationHealthOutput ¶
type FederationHealthOutput struct {
Body struct {
FederationStatus string `json:"federation_status" doc:"Federation connection status" enum:"standalone,connected,disconnected" example:"standalone"`
FederationID *uuid.UUID `json:"federation_id,omitempty" doc:"Federation identifier" format:"uuid"`
LastSync *time.Time `json:"last_sync,omitempty" doc:"Last sync timestamp" format:"date-time"`
SyncLagSeconds int `json:"sync_lag_seconds,omitempty" doc:"Seconds since last sync" example:"5"`
Checks map[string]string `json:"checks,omitempty" doc:"Federation health check results"`
}
}
FederationHealthOutput is returned by GET /coreforge/health/federation.
type FederationState ¶
type FederationState struct {
// contains filtered or unexported fields
}
FederationState manages the federation state for an application.
func NewFederationState ¶
func NewFederationState() *FederationState
NewFederationState creates a new federation state in standalone mode.
func (*FederationState) EndSync ¶
func (s *FederationState) EndSync()
EndSync marks a sync operation as complete.
func (*FederationState) FederationID ¶
func (s *FederationState) FederationID() *uuid.UUID
FederationID returns the current federation ID, or nil if standalone.
func (*FederationState) IsFederated ¶
func (s *FederationState) IsFederated() bool
IsFederated returns true if the application is in federated mode.
func (*FederationState) IsSyncInProgress ¶
func (s *FederationState) IsSyncInProgress() bool
IsSyncInProgress returns true if a sync operation is currently running.
func (*FederationState) LastIdentitySync ¶
func (s *FederationState) LastIdentitySync() *time.Time
LastIdentitySync returns the time of the last identity sync.
func (*FederationState) LastPolicySync ¶
func (s *FederationState) LastPolicySync() *time.Time
LastPolicySync returns the time of the last policy sync.
func (*FederationState) LastSync ¶
func (s *FederationState) LastSync() *time.Time
LastSync returns the most recent sync time (identity or policy).
func (*FederationState) SetFederated ¶
func (s *FederationState) SetFederated(federationID uuid.UUID)
SetFederated sets the application to federated mode with the given federation ID.
func (*FederationState) SetLastIdentitySync ¶
func (s *FederationState) SetLastIdentitySync(t time.Time)
SetLastIdentitySync updates the last identity sync time.
func (*FederationState) SetLastPolicySync ¶
func (s *FederationState) SetLastPolicySync(t time.Time)
SetLastPolicySync updates the last policy sync time.
func (*FederationState) SetStandalone ¶
func (s *FederationState) SetStandalone()
SetStandalone returns the application to standalone mode.
func (*FederationState) StartSync ¶
func (s *FederationState) StartSync() bool
StartSync marks a sync operation as in progress. Returns false if a sync is already in progress.
func (*FederationState) Status ¶
func (s *FederationState) Status() FederationStatus
Status returns the current federation status.
func (*FederationState) SyncLagSeconds ¶
func (s *FederationState) SyncLagSeconds() int
SyncLagSeconds returns the number of seconds since the last sync. Returns 0 if no sync has occurred.
type FederationStatus ¶
type FederationStatus struct {
Status string `json:"status" doc:"Federation status" enum:"standalone,federated" example:"standalone"`
FederationID *uuid.UUID `json:"federation_id,omitempty" doc:"Federation identifier when federated"`
}
FederationStatus tracks standalone vs federated mode.
type HealthChecker ¶
type HealthChecker interface {
// Check returns the health status of a component.
// Returns "healthy", "degraded", or "unhealthy".
Check(ctx context.Context) string
}
HealthChecker provides health check functionality.
type HealthOutput ¶
type HealthOutput struct {
Body struct {
Status string `json:"status" doc:"Overall health status" enum:"healthy,degraded,unhealthy" example:"healthy"`
Version string `json:"version" doc:"Application version" example:"1.2.0"`
UptimeSeconds int64 `json:"uptime_seconds" doc:"Seconds since startup" example:"86400"`
Checks map[string]string `json:"checks,omitempty" doc:"Health check results by component"`
}
}
HealthOutput is returned by GET /coreforge/health.
type IdentityService ¶
type IdentityService interface {
// GetByID retrieves a principal by ID.
GetByID(ctx context.Context, id uuid.UUID) (*principal.Principal, error)
// GetByIdentifier retrieves a principal by unique identifier.
GetByIdentifier(ctx context.Context, identifier string) (*principal.Principal, error)
}
IdentityService provides identity-related operations for the contract.
type IdentitySyncInput ¶
type IdentitySyncInput struct {
Body struct {
FederationID uuid.UUID `json:"federation_id" doc:"Federation identifier" required:"true" format:"uuid"`
SyncToken string `json:"sync_token" doc:"Sync token for idempotency" required:"true"`
Principals []SyncPrincipal `json:"principals" doc:"Principals to sync" required:"true"`
}
}
IdentitySyncInput is the body for POST /coreforge/identity/sync.
type IdentitySyncOutput ¶
type IdentitySyncOutput struct {
Body struct {
Synced []uuid.UUID `json:"synced" doc:"Successfully synced principal IDs"`
Failed []SyncFailure `json:"failed" doc:"Failed sync operations"`
SyncToken string `json:"sync_token" doc:"Updated sync token"`
}
}
IdentitySyncOutput is returned by POST /coreforge/identity/sync.
type LookupInput ¶
type LookupInput struct {
Body struct {
Identifier string `json:"identifier" doc:"Identifier to look up (email, client_id, etc.)" required:"true" example:"user@example.com"`
}
}
LookupInput is the body for POST /coreforge/identity/principals/lookup.
type LookupOutput ¶
type LookupOutput struct {
Body struct {
Principal *ContractPrincipal `json:"principal" doc:"Found principal, or null if not found"`
}
}
LookupOutput is returned by POST /coreforge/identity/principals/lookup.
type MetadataResponse ¶
type MetadataResponse struct {
Body struct {
AppID string `json:"app_id" doc:"Unique application identifier" example:"my-saas-app"`
DisplayName string `json:"display_name" doc:"Human-readable application name" example:"My SaaS Application"`
Version string `json:"version" doc:"Application version (semver)" example:"1.2.0"`
ContractVersion string `json:"contract_version" doc:"Contract specification version" example:"1.0"`
Capabilities []string `json:"capabilities" doc:"Supported contract capabilities" example:"[\"identity\", \"rbac\", \"audit\"]"`
Endpoints map[string]string `json:"endpoints" doc:"Endpoint paths by capability"`
Federation FederationStatus `json:"federation" doc:"Current federation status"`
}
}
MetadataResponse is returned by GET /coreforge/meta.
type Option ¶
type Option func(*API)
Option configures an API.
func WithLogger ¶
WithLogger sets the logger for the API. If not set, slog.Default() is used.
type Permission ¶
type Permission struct {
ID string `json:"id" doc:"Permission identifier" example:"users:read"`
DisplayName string `json:"display_name" doc:"Human-readable permission name" example:"Read Users"`
Description string `json:"description,omitempty" doc:"Permission description"`
ResourceType string `json:"resource_type,omitempty" doc:"Resource type this permission applies to" example:"users"`
Actions []string `json:"actions,omitempty" doc:"Actions this permission grants" example:"[\"read\", \"list\"]"`
}
Permission represents a permission in contract responses.
type PermissionsListOutput ¶
type PermissionsListOutput struct {
Body struct {
Permissions []Permission `json:"permissions" doc:"List of permissions"`
}
}
PermissionsListOutput is returned by GET /coreforge/policy/permissions.
type PolicyService ¶
type PolicyService interface {
authz.DecisionAuthorizer
}
PolicyService provides policy-related operations for the contract.
type PolicySyncFailure ¶
type PolicySyncFailure struct {
ID uuid.UUID `json:"id" doc:"Failed policy identifier" format:"uuid"`
Error string `json:"error" doc:"Error message" example:"invalid_rule"`
}
PolicySyncFailure represents a failed policy sync operation.
type PolicySyncInput ¶
type PolicySyncInput struct {
Body struct {
FederationID uuid.UUID `json:"federation_id" doc:"Federation identifier" required:"true" format:"uuid"`
SyncToken string `json:"sync_token" doc:"Sync token for idempotency" required:"true"`
Policies []SyncPolicy `json:"policies" doc:"Policies to sync" required:"true"`
RemovedIDs []uuid.UUID `json:"removed_ids,omitempty" doc:"Policy IDs to remove"`
}
}
PolicySyncInput is the body for POST /coreforge/policy/sync.
type PolicySyncOutput ¶
type PolicySyncOutput struct {
Body struct {
Applied []uuid.UUID `json:"applied" doc:"Successfully applied policy IDs"`
Failed []PolicySyncFailure `json:"failed" doc:"Failed policy operations"`
SyncToken string `json:"sync_token" doc:"Updated sync token"`
}
}
PolicySyncOutput is returned by POST /coreforge/policy/sync.
type PrincipalGetInput ¶
type PrincipalGetInput struct {
ID string `path:"id" doc:"Principal ID" format:"uuid"`
}
PrincipalGetInput defines path parameters for getting a principal.
type PrincipalGetOutput ¶
type PrincipalGetOutput struct {
Body ContractPrincipal
}
PrincipalGetOutput is returned by GET /coreforge/identity/principals/{id}.
type PrincipalsListInput ¶
type PrincipalsListInput struct {
Type string `query:"type" doc:"Filter by principal type" enum:"human,application,agent,service"`
TenantID string `query:"tenant_id" doc:"Filter by tenant/organization ID" format:"uuid"`
Limit int `query:"limit" doc:"Maximum number of results" minimum:"1" maximum:"1000" default:"100"`
Cursor string `query:"cursor" doc:"Pagination cursor"`
}
PrincipalsListInput defines query parameters for listing principals.
type PrincipalsListOutput ¶
type PrincipalsListOutput struct {
Body struct {
Principals []ContractPrincipal `json:"principals" doc:"List of principals"`
NextCursor string `json:"next_cursor,omitempty" doc:"Cursor for next page"`
Total int `json:"total" doc:"Total number of principals" example:"42"`
}
}
PrincipalsListOutput is returned by GET /coreforge/identity/principals.
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider assembles the services needed for contract endpoints.
func NewProvider ¶
NewProvider creates a new contract Provider.
func (*Provider) FederationState ¶
func (p *Provider) FederationState() *FederationState
FederationState returns the federation state.
func (*Provider) HealthCheckers ¶
func (p *Provider) HealthCheckers() map[string]HealthChecker
HealthCheckers returns the registered health checkers.
func (*Provider) IdentityService ¶
func (p *Provider) IdentityService() IdentityService
IdentityService returns the identity service.
func (*Provider) Metadata ¶
func (p *Provider) Metadata() *MetadataResponse
Metadata returns the metadata response for GET /coreforge/meta.
func (*Provider) PolicyService ¶
func (p *Provider) PolicyService() PolicyService
PolicyService returns the policy service.
func (*Provider) UptimeSeconds ¶
UptimeSeconds returns the number of seconds since the provider started.
type ProviderOption ¶
type ProviderOption func(*Provider)
ProviderOption configures a Provider.
func WithHealthChecker ¶
func WithHealthChecker(name string, checker HealthChecker) ProviderOption
WithHealthChecker adds a health checker for a component.
func WithIdentityService ¶
func WithIdentityService(svc IdentityService) ProviderOption
WithIdentityService sets the identity service.
func WithPolicyService ¶
func WithPolicyService(svc PolicyService) ProviderOption
WithPolicyService sets the policy service.
type ResourceRef ¶
type ResourceRef struct {
Type string `json:"type" doc:"Resource type" required:"true" example:"document"`
ID uuid.UUID `json:"id" doc:"Resource identifier" required:"true" format:"uuid"`
}
ResourceRef references a resource for policy evaluation.
type Role ¶
type Role struct {
ID string `json:"id" doc:"Role identifier" example:"admin"`
DisplayName string `json:"display_name" doc:"Human-readable role name" example:"Administrator"`
Description string `json:"description,omitempty" doc:"Role description" example:"Full administrative access"`
Permissions []string `json:"permissions" doc:"Permissions granted by this role"`
Scope string `json:"scope,omitempty" doc:"Role scope" enum:"tenant,platform" example:"tenant"`
Level int `json:"level,omitempty" doc:"Hierarchy level (higher = more access)" example:"80"`
}
Role represents a role in contract responses.
type RolesListOutput ¶
type RolesListOutput struct {
Body struct {
Roles []Role `json:"roles" doc:"List of roles"`
}
}
RolesListOutput is returned by GET /coreforge/policy/roles.
type SyncFailure ¶
type SyncFailure struct {
GlobalID uuid.UUID `json:"global_id" doc:"Failed principal identifier" format:"uuid"`
Error string `json:"error" doc:"Error message" example:"conflict"`
}
SyncFailure represents a failed sync operation.
type SyncPolicy ¶
type SyncPolicy struct {
ID uuid.UUID `json:"id" doc:"Policy identifier" required:"true" format:"uuid"`
Name string `json:"name" doc:"Policy name" required:"true" example:"Global Admin Policy"`
Rules []any `json:"rules" doc:"Policy rules"`
Priority int `json:"priority" doc:"Policy priority (higher = evaluated first)" example:"100"`
}
SyncPolicy represents a policy to sync from CoreControl.
type SyncPrincipal ¶
type SyncPrincipal struct {
GlobalID uuid.UUID `json:"global_id" doc:"Global principal identifier" required:"true" format:"uuid"`
Identifier string `json:"identifier" doc:"Principal identifier" required:"true" example:"user@example.com"`
DisplayName string `json:"display_name" doc:"Display name" required:"true" example:"John Doe"`
Attributes map[string]any `json:"attributes,omitempty" doc:"Additional attributes"`
}
SyncPrincipal represents a principal to sync from CoreControl.
type Tenant ¶
type Tenant struct {
ID uuid.UUID `json:"id" doc:"Tenant unique identifier" format:"uuid"`
Name string `json:"name" doc:"Tenant name" example:"Acme Corp"`
Slug string `json:"slug,omitempty" doc:"URL-friendly slug" example:"acme-corp"`
Active bool `json:"active" doc:"Whether the tenant is active" example:"true"`
CreatedAt time.Time `json:"created_at" doc:"Creation timestamp" format:"date-time"`
}
Tenant represents an organization/tenant in contract responses.
type TenantsListOutput ¶
type TenantsListOutput struct {
Body struct {
Tenants []Tenant `json:"tenants" doc:"List of tenants"`
}
}
TenantsListOutput is returned by GET /coreforge/identity/tenants.
type UpdateAuditStreamConfigInput ¶
type UpdateAuditStreamConfigInput struct {
Body struct {
Enabled bool `json:"enabled" doc:"Enable or disable streaming" required:"true"`
Endpoint string `json:"endpoint" doc:"Streaming endpoint URL" required:"true" format:"uri"`
BearerToken string `json:"bearer_token,omitempty" doc:"Bearer token for authentication"` // #nosec G117
BatchSize int `json:"batch_size,omitempty" doc:"Events per batch" minimum:"1" maximum:"1000"`
FlushIntervalMs int `json:"flush_interval_ms,omitempty" doc:"Flush interval in milliseconds" minimum:"100"`
}
}
UpdateAuditStreamConfigInput is the body for PUT /coreforge/audit/stream/config.
type UpdateAuditStreamConfigOutput ¶
type UpdateAuditStreamConfigOutput struct {
Body struct {
Status string `json:"status" doc:"Configuration status" enum:"configured,failed" example:"configured"`
TestResult string `json:"test_result,omitempty" doc:"Connection test result" example:"success"`
}
}
UpdateAuditStreamConfigOutput is returned by PUT /coreforge/audit/stream/config.
Source Files
Directories