Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

contract

package

Go to main page

Versions in this module

v0

v0.2.0

Mar 8, 2026

Changes in this version

+ const DefaultContractVersion

+ const ErrorCodeBadRequest

+ const ErrorCodeForbidden

+ const ErrorCodeIdentityConflict

+ const ErrorCodeInternal

+ const ErrorCodeNotFederated

+ const ErrorCodeNotFound

+ const ErrorCodePolicyInvalid

+ const ErrorCodeSyncInProgress

+ const ErrorCodeUnauthorized

+ const FederationStatusFederated

+ const FederationStatusStandalone

+ const PermissionAuditConfig

+ const PermissionHealthRead

+ const PermissionIdentityRead

+ const PermissionIdentitySync

+ const PermissionPolicyRead

+ const PermissionPolicySync

+ func AudienceFromContext(ctx context.Context) string

+ func FederationIDFromContext(ctx context.Context) (uuid.UUID, bool)

+ func HasPermission(ctx context.Context, permission string) bool

+ func IsAuditStreamEnabled() bool

+ func LoggerFromContext(ctx context.Context) *slog.Logger

+ func PermissionsFromContext(ctx context.Context) []string

+ func RecordAuditEvent() int64

+ func RequireAuth(next http.Handler) http.Handler

+ func RequirePermission(permission string) func(http.Handler) http.Handler

+ func SubjectFromContext(ctx context.Context) string

+ func WithAudience(ctx context.Context, audience string) context.Context

+ func WithFederationID(ctx context.Context, federationID uuid.UUID) context.Context

+ func WithPermissions(ctx context.Context, permissions []string) context.Context

+ func WithSubject(ctx context.Context, subject string) context.Context

+ func WriteError(w http.ResponseWriter, err *Error)

+ type API struct

+ func NewAPI(provider *Provider, opts ...Option) (*API, error)

+ func (a *API) Huma() huma.API

+ func (a *API) Logger() *slog.Logger

+ func (a *API) Middleware() func(http.Handler) http.Handler

+ func (a *API) Provider() *Provider

+ func (a *API) Router() chi.Router

+ func (a *API) ServeHTTP(w http.ResponseWriter, r *http.Request)

+ type AuditAckInput struct

+ Body struct{ ... }

+ type AuditAckOutput struct

+ Body struct{ ... }

+ type AuditActor struct

+ ID string

+ Identifier string

+ Type string

+ type AuditContext struct

+ ClientIP string

+ SessionID string

+ TenantID string

+ UserAgent string

+ type AuditEvent struct

+ Action string

+ Actor AuditActor

+ Context AuditContext

+ Details map[string]any

+ EventType string

+ ID string

+ Outcome string

+ Resource AuditResource

+ Timestamp time.Time

+ type AuditResource struct

+ ID string

+ Identifier string

+ Type string

+ type AuditStreamConfig struct

+ AuthMethod string

+ BatchSize int

+ Enabled bool

+ Endpoint string

+ FlushIntervalMs int

+ LastSequence int64

+ func GetAuditStreamConfig() AuditStreamConfig

+ type AuditStreamConfigOutput struct

+ Body AuditStreamConfig

+ type Capability string

+ const CapabilityAudit

+ const CapabilityDelegation

+ const CapabilityIdentity

+ const CapabilityRBAC

+ const CapabilityTenancy

+ type Config struct

+ AppID string

+ BaseURL string

+ Capabilities []Capability

+ ContractVersion string

+ CoreControlIssuer string

+ CoreControlPublicKey any

+ DisplayName string

+ Version string

+ func DefaultConfig() *Config

+ func (c *Config) CapabilityStrings() []string

+ func (c *Config) EndpointPaths() map[string]string

+ func (c *Config) HasCapability(cap Capability) bool

+ func (c *Config) Validate() error

+ type ContractAgent struct

+ DelegatingPrincipal *uuid.UUID

+ ModelID string

+ RequiresConfirmation bool

+ Version string

+ type ContractApp struct

+ AppType string

+ ClientID string

+ Description string

+ FirstParty bool

+ type ContractHuman struct

+ Email string

+ FamilyName string

+ GivenName string

+ type ContractPrincipal struct

+ Active bool

+ Agent *ContractAgent

+ Application *ContractApp

+ Capabilities map[string]bool

+ CreatedAt time.Time

+ DisplayName string

+ Human *ContractHuman

+ ID uuid.UUID

+ Identifier string

+ OrganizationID *uuid.UUID

+ Service *ContractService

+ Type string

+ UpdatedAt time.Time

+ type ContractService struct

+ Description string

+ ServiceType string

+ type CoreControlClaims struct

+ FederationID string

+ Permissions []string

+ type Error struct

+ Code string

+ Details map[string]any

+ Message string

+ func ErrBadRequest(message string) *Error

+ func ErrForbidden(message string) *Error

+ func ErrIdentityConflict(identifier string, existingID string) *Error

+ func ErrInternal(message string) *Error

+ func ErrNotFederated(message string) *Error

+ func ErrNotFound(message string) *Error

+ func ErrPolicyInvalid(message string) *Error

+ func ErrSyncInProgress(message string) *Error

+ func ErrUnauthorized(message string) *Error

+ func NewError(status int, code, message string) *Error

+ func NewErrorWithDetails(status int, code, message string, details map[string]any) *Error

+ func ToContractError(err error) *Error

+ func (e *Error) Error() string

+ func (e *Error) Status() int

+ type ErrorResponse struct

+ Error *Error

+ type EvaluateInput struct

+ Body struct{ ... }

+ type EvaluateOutput struct

+ Body struct{ ... }

+ type FederationHealthOutput struct

+ Body struct{ ... }

+ type FederationState struct

+ func NewFederationState() *FederationState

+ func (s *FederationState) EndSync()

+ func (s *FederationState) FederationID() *uuid.UUID

+ func (s *FederationState) IsFederated() bool

+ func (s *FederationState) IsSyncInProgress() bool

+ func (s *FederationState) LastIdentitySync() *time.Time

+ func (s *FederationState) LastPolicySync() *time.Time

+ func (s *FederationState) LastSync() *time.Time

+ func (s *FederationState) SetFederated(federationID uuid.UUID)

+ func (s *FederationState) SetLastIdentitySync(t time.Time)

+ func (s *FederationState) SetLastPolicySync(t time.Time)

+ func (s *FederationState) SetStandalone()

+ func (s *FederationState) StartSync() bool

+ func (s *FederationState) Status() FederationStatus

+ func (s *FederationState) SyncLagSeconds() int

+ type FederationStatus struct

+ FederationID *uuid.UUID

+ Status string

+ type HealthChecker interface

+ Check func(ctx context.Context) string

+ type HealthOutput struct

+ Body struct{ ... }

+ type IdentityService interface

+ GetByID func(ctx context.Context, id uuid.UUID) (*principal.Principal, error)

+ GetByIdentifier func(ctx context.Context, identifier string) (*principal.Principal, error)

+ type IdentitySyncInput struct

+ Body struct{ ... }

+ type IdentitySyncOutput struct

+ Body struct{ ... }

+ type LookupInput struct

+ Body struct{ ... }

+ type LookupOutput struct

+ Body struct{ ... }

+ type MetadataResponse struct

+ Body struct{ ... }

+ type Option func(*API)

+ func WithLogger(logger *slog.Logger) Option

+ type Permission struct

+ Actions []string

+ Description string

+ DisplayName string

+ ID string

+ ResourceType string

+ type PermissionsListOutput struct

+ Body struct{ ... }

+ type PolicyService interface

+ type PolicySyncFailure struct

+ Error string

+ ID uuid.UUID

+ type PolicySyncInput struct

+ Body struct{ ... }

+ type PolicySyncOutput struct

+ Body struct{ ... }

+ type PrincipalGetInput struct

+ ID string

+ type PrincipalGetOutput struct

+ Body ContractPrincipal

+ type PrincipalsListInput struct

+ Cursor string

+ Limit int

+ TenantID string

+ Type string

+ type PrincipalsListOutput struct

+ Body struct{ ... }

+ type Provider struct

+ func NewProvider(config *Config, entClient *ent.Client, opts ...ProviderOption) (*Provider, error)

+ func (p *Provider) Config() *Config

+ func (p *Provider) EntClient() *ent.Client

+ func (p *Provider) FederationState() *FederationState

+ func (p *Provider) HealthCheckers() map[string]HealthChecker

+ func (p *Provider) IdentityService() IdentityService

+ func (p *Provider) Metadata() *MetadataResponse

+ func (p *Provider) PolicyService() PolicyService

+ func (p *Provider) UptimeSeconds() int64

+ type ProviderOption func(*Provider)

+ func WithHealthChecker(name string, checker HealthChecker) ProviderOption

+ func WithIdentityService(svc IdentityService) ProviderOption

+ func WithPolicyService(svc PolicyService) ProviderOption

+ type ResourceRef struct

+ ID uuid.UUID

+ Type string

+ type Role struct

+ Description string

+ DisplayName string

+ ID string

+ Level int

+ Permissions []string

+ Scope string

+ type RolesListOutput struct

+ Body struct{ ... }

+ type SyncFailure struct

+ Error string

+ GlobalID uuid.UUID

+ type SyncPolicy struct

+ ID uuid.UUID

+ Name string

+ Priority int

+ Rules []any

+ type SyncPrincipal struct

+ Attributes map[string]any

+ DisplayName string

+ GlobalID uuid.UUID

+ Identifier string

+ type Tenant struct

+ Active bool

+ CreatedAt time.Time

+ ID uuid.UUID

+ Name string

+ Slug string

+ type TenantsListOutput struct

+ Body struct{ ... }

+ type UpdateAuditStreamConfigInput struct

+ Body struct{ ... }

+ type UpdateAuditStreamConfigOutput struct

+ Body struct{ ... }