provider

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package provider defines interfaces for credential and agent providers.

All providers implement CredentialProvider for credential acquisition, proxy configuration, and container setup. Agent providers (Claude, Codex, Gemini) additionally implement AgentProvider for container preparation and CLI commands. Endpoint providers (AWS) implement EndpointProvider to expose HTTP endpoints.

Providers are registered explicitly via Register() and looked up via Get().

Index

Constants

View Source 
const MetaKeyTokenSource = "token_source"

MetaKeyTokenSource is the metadata key for recording how a token was obtained.

Variables

View Source 
var (
	// ErrProviderNotFound is returned when a provider is not registered.
	ErrProviderNotFound = errors.New("provider not found")
	// ErrCredentialNotFound is returned when no credential exists for a provider.
	ErrCredentialNotFound = errors.New("credential not found")
	// ErrCredentialExpired is returned when a credential has expired.
	ErrCredentialExpired = errors.New("credential expired")
	// ErrRefreshNotSupported is returned when refresh is attempted on a static credential.
	ErrRefreshNotSupported = errors.New("credential refresh not supported")
	// ErrTokenRevoked is returned when a refresh token has been revoked.
	ErrTokenRevoked = errors.New("refresh token revoked")
)

Functions

func Clear 

func Clear()

Clear removes all registered providers and aliases. For testing only.

func Names 

func Names() []string

Names returns the names of all registered providers, sorted.

func Register 

func Register(p CredentialProvider)

Register adds a provider to the registry.

func RegisterAlias 

func RegisterAlias(alias, canonical string)

RegisterAlias registers an alternative name for a provider. This allows looking up a provider by either its canonical name or any alias. For example: RegisterAlias("anthropic", "claude") allows Get("anthropic") to return the "claude" provider.

func ResolveName added in v0.3.0 

func ResolveName(name string) string

ResolveName returns the canonical provider name for a given name or alias. If the name is directly registered or unknown, it is returned as-is. If the name is an alias, the canonical name is returned.

Types

type AgentProvider 

type AgentProvider interface {
	CredentialProvider

	// PrepareContainer sets up staging directories and config files.
	PrepareContainer(ctx context.Context, opts PrepareOpts) (*ContainerConfig, error)

	// RegisterCLI adds provider-specific commands to the root command.
	RegisterCLI(root *cobra.Command)
}

AgentProvider extends CredentialProvider for AI agent runtimes. Implemented by claude, codex, and gemini providers.

func Agents 

func Agents() []AgentProvider

Agents returns all providers that implement AgentProvider.

func GetAgent 

func GetAgent(name string) AgentProvider

GetAgent returns an AgentProvider by name. Returns nil if not found or not an agent provider.

type ContainerConfig 

type ContainerConfig struct {
	Env        []string
	Mounts     []MountConfig
	StagingDir string // Temporary directory containing config files (for later cleanup tracking)
	Cleanup    func()
}

ContainerConfig is returned by AgentProvider.PrepareContainer.

type Credential 

type Credential struct {
	Provider  string            `json:"provider"`
	Token     string            `json:"token"`
	Scopes    []string          `json:"scopes,omitempty"`
	ExpiresAt time.Time         `json:"expires_at,omitempty"`
	CreatedAt time.Time         `json:"created_at"`
	Metadata  map[string]string `json:"metadata,omitempty"`
}

Credential represents a stored credential.

func FromLegacy 

func FromLegacy(cred LegacyCredential) *Credential

FromLegacy converts a LegacyCredential (like credential.Credential) to provider.Credential.

type CredentialProvider 

type CredentialProvider interface {
	// Name returns the provider identifier (e.g., "github", "claude").
	Name() string

	// Grant acquires credentials interactively or from environment.
	Grant(ctx context.Context) (*Credential, error)

	// ConfigureProxy sets up proxy headers for this credential.
	ConfigureProxy(p ProxyConfigurer, cred *Credential)

	// ContainerEnv returns environment variables to set in the container.
	ContainerEnv(cred *Credential) []string

	// ContainerMounts returns mounts needed for this credential.
	// Also returns an optional cleanup path that should be passed to Cleanup()
	// when the run ends.
	ContainerMounts(cred *Credential, containerHome string) ([]MountConfig, string, error)

	// Cleanup is called when the run ends to clean up any resources.
	Cleanup(cleanupPath string)

	// ImpliedDependencies returns dependencies implied by this provider.
	// For example, github implies ["gh", "git"].
	ImpliedDependencies() []string
}

CredentialProvider is implemented by all providers. Handles credential acquisition, proxy configuration, and container setup.

func All 

func All() []CredentialProvider

All returns all registered providers.

func Get 

func Get(name string) CredentialProvider

Get returns a provider by name or alias, or nil if not found.

type DescribableProvider added in v0.3.0 

type DescribableProvider interface {
	Description() string
	Source() string // "builtin" or "custom"
}

DescribableProvider is an optional interface for providers that describe themselves in listings like 'moat grant providers'.

type EndpointProvider 

type EndpointProvider interface {
	CredentialProvider

	// RegisterEndpoints registers HTTP handlers on the proxy mux.
	RegisterEndpoints(mux *http.ServeMux, cred *Credential)
}

EndpointProvider exposes HTTP endpoints to containers. Implemented by aws for the credential endpoint.

func GetEndpoint 

func GetEndpoint(name string) EndpointProvider

GetEndpoint returns an EndpointProvider by name. Returns nil if not found or not an endpoint provider.

type GrantError 

type GrantError struct {
	Provider string
	Cause    error
	Hint     string
}

GrantError wraps provider-specific grant failures with actionable guidance.

func (*GrantError) Error 

func (e *GrantError) Error() string

func (*GrantError) Unwrap 

func (e *GrantError) Unwrap() error

type LegacyCredential 

type LegacyCredential interface {
	GetProvider() string
	GetToken() string
	GetScopes() []string
	GetExpiresAt() time.Time
	GetCreatedAt() time.Time
	GetMetadata() map[string]string
}

LegacyCredential is an interface for converting from credential.Credential. This avoids import cycles between provider and credential packages.

type MCPServerConfig 

type MCPServerConfig struct {
	URL     string
	Headers map[string]string
}

MCPServerConfig defines an MCP server configuration.

type MountConfig 

type MountConfig = container.MountConfig

MountConfig re-exports container.MountConfig for provider use.

type PrepareOpts 

type PrepareOpts struct {
	Credential     *Credential
	ContainerHome  string
	MCPServers     map[string]MCPServerConfig
	HostConfig     map[string]interface{}
	RuntimeContext string // Rendered markdown context for agent instruction file
}

PrepareOpts contains options for AgentProvider.PrepareContainer.

type ProxyConfigurer 

type ProxyConfigurer = credential.ProxyConfigurer

ProxyConfigurer configures proxy credentials and response transformations. This is an alias for credential.ProxyConfigurer to ensure type compatibility.

type RefreshableProvider 

type RefreshableProvider interface {
	CanRefresh(cred *Credential) bool
	RefreshInterval() time.Duration
	Refresh(ctx context.Context, p ProxyConfigurer, cred *Credential) (*Credential, error)
}

RefreshableProvider is an optional interface for providers that support background credential refresh. Providers with static credentials (API keys, role ARNs) do not implement this.

type ResponseTransformer 

type ResponseTransformer = credential.ResponseTransformer

ResponseTransformer modifies HTTP responses for a host. This is an alias for credential.ResponseTransformer to ensure type compatibility.

type RunStoppedContext added in v0.3.0 

type RunStoppedContext struct {
	Workspace string
	StartedAt time.Time
}

RunStoppedContext provides run information to shutdown hooks.

type RunStoppedHook added in v0.3.0 

type RunStoppedHook interface {
	// OnRunStopped is called after the container exits and logs are captured.
	// It receives run context and returns metadata key-value pairs to persist.
	// Returned metadata is stored in the run's metadata.json under "provider_meta".
	OnRunStopped(ctx RunStoppedContext) map[string]string
}

RunStoppedHook is an optional interface for providers that need to perform actions after a run stops. The manager calls OnRunStopped for each grant provider that implements this interface.

Source Files

View all Source files

Directories

Path Synopsis
Package util provides shared utilities for provider implementations.
 Package util provides shared utilities for provider implementations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.