agents

func CalculateHealth ¶

func CalculateHealth(lastSeen *time.Time, status types.AgentStatus) types.AgentHealthStatus

CalculateHealth determines agent health status

func CleanupExpiredDeviceCodes ¶

func CleanupExpiredDeviceCodes(app core.App)

CleanupExpiredDeviceCodes removes old device codes

func HandleAgentHealth ¶

func HandleAgentHealth(app core.App, c *core.RequestEvent) error

HandleAgentHealth - get agent health & latest metrics

func HandleAuthorize ¶

func HandleAuthorize(app core.App, c *core.RequestEvent) error

HandleAuthorize - user authorizes device code

func HandleCreateStaticToken ¶ added in v0.0.6

func HandleCreateStaticToken(app core.App, c *core.RequestEvent) error

HandleCreateStaticToken creates a new long-lived static API token for the authenticated user. The plaintext token is returned exactly once.

func HandleDeviceAuthStart ¶

func HandleDeviceAuthStart(app core.App, c *core.RequestEvent, frontendURL string) error

HandleDeviceAuthStart - anonymous agent requests device code

func HandleIngestMetrics ¶

func HandleIngestMetrics(app core.App, c *core.RequestEvent) error

HandleIngestMetrics - agent sends metrics every 30s

func HandleListAgents ¶

func HandleListAgents(app core.App, c *core.RequestEvent) error

HandleListAgents - list user's agents

func HandleListStaticTokens ¶ added in v0.0.6

func HandleListStaticTokens(app core.App, c *core.RequestEvent) error

HandleListStaticTokens returns all static tokens owned by the authenticated user. The plaintext token values are never returned.

func HandleRefreshToken ¶

func HandleRefreshToken(app core.App, c *core.RequestEvent) error

HandleRefreshToken - issues a NEW ACCESS TOKEN using a still-valid refresh token. The refresh token itself is NOT rotated here; clients keep using the same refresh token until it is close to expiry, at which point they must call the "renew-refresh-token" action to obtain a new one.

This is the standard OAuth2-style refresh flow: short-lived access tokens are obtained often, long-lived refresh tokens rotate rarely.

func HandleRegister ¶

func HandleRegister(app core.App, c *core.RequestEvent) error

HandleRegister - agent registers using authorized device code

func HandleRenewRefreshToken ¶ added in v0.0.6

func HandleRenewRefreshToken(app core.App, c *core.RequestEvent) error

HandleRenewRefreshToken - rotates the agent's refresh token. The previous refresh token is invalidated immediately; the response contains the NEW refresh token which the client MUST persist before discarding the old one.

This endpoint is intended to be called sparingly — typically when the current refresh token is nearing expiry — NOT on every access-token refresh. Rotating on every call would defeat the purpose of the short-lived access / long-lived refresh token split.

func HandleRevokeAgent ¶

func HandleRevokeAgent(app core.App, c *core.RequestEvent) error

HandleRevokeAgent - revoke agent access

func HandleRevokeStaticToken ¶ added in v0.0.6

func HandleRevokeStaticToken(app core.App, c *core.RequestEvent) error

HandleRevokeStaticToken marks a static token as revoked; once revoked it can no longer be used to authenticate.

func HashToken ¶

func HashToken(token string) string

HashToken creates SHA-256 hash of token

func IsStaticToken ¶ added in v0.0.6

func IsStaticToken(token string) bool

IsStaticToken returns true if the given bearer value looks like one of our static tokens (by prefix). The prefix check is cheap and allows the middleware to skip the regular auth-token lookup when resolving static tokens.

func ResolveStaticToken ¶ added in v0.0.6

func ResolveStaticToken(app core.App, token string) (*core.Record, error)

ResolveStaticToken looks up a static token by plaintext value, validating expiry and revocation. On success it returns the owning user record. The token record is also updated with last_used_at.