identity

package

v0.9.2 Latest Latest Go to latest Published: May 1, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nugget/thane-ai-agent

Links

Open Source Insights

Documentation ¶

Overview ¶

Package identity bootstraps Thane instance identity material.

Index ¶

Constants
func ParseCACertificate(data []byte) (*x509.Certificate, error)
type BootstrapResult
- func BootstrapCore(ctx context.Context, coreDir, instanceName string, logger *slog.Logger) (*BootstrapResult, error)
type CertificateAuthority
- func GenerateCertificateAuthority(commonName string, now time.Time) (*CertificateAuthority, error)
type SigningKeyPair
- func GenerateSigningKeyPair(comment string) (*SigningKeyPair, error)

Constants ¶

View Source

const (
	// CoreConfigFile is the policy document committed into the core root.
	CoreConfigFile = "config.yaml"
	// SigningPrivateKeyFile is the private Ed25519 signing key path.
	SigningPrivateKeyFile = "identity/signing_ed25519"
	// SigningPublicKeyFile is the public Ed25519 signing key path.
	SigningPublicKeyFile = "identity/signing_ed25519.pub"
	// ChannelCAKeyFile is the private channel CA key path.
	ChannelCAKeyFile = "ca/channel_root.key"
	// ChannelCACertFile is the public channel CA certificate path.
	ChannelCACertFile = "ca/channel_root.crt"
)

Variables ¶

This section is empty.

Functions ¶

func ParseCACertificate ¶

func ParseCACertificate(data []byte) (*x509.Certificate, error)

ParseCACertificate decodes a generated CA certificate from PEM. It is exported for tests and future identity loaders.

Types ¶

type BootstrapResult ¶

type BootstrapResult struct {
	Created               bool
	CoreDir               string
	SigningKeyFingerprint string
	ChannelCAFingerprint  string
}

BootstrapResult describes the outcome of a core identity bootstrap.

func BootstrapCore ¶

func BootstrapCore(ctx context.Context, coreDir, instanceName string, logger *slog.Logger) (*BootstrapResult, error)

BootstrapCore initializes the core trust root for a Thane instance. Private key material is written under core/ with 0600 permissions and ignored by git. Public key material, the channel CA certificate, and core/config.yaml are committed together as the signed birth commit.

type CertificateAuthority ¶

type CertificateAuthority struct {
	PrivateKey  ed25519.PrivateKey
	PrivatePEM  []byte
	Certificate []byte
	Fingerprint string
	NotBefore   time.Time
	NotAfter    time.Time
}

CertificateAuthority contains a generated self-signed X.509 CA.

func GenerateCertificateAuthority ¶

func GenerateCertificateAuthority(commonName string, now time.Time) (*CertificateAuthority, error)

GenerateCertificateAuthority creates a self-signed Ed25519 root CA.

type SigningKeyPair ¶

type SigningKeyPair struct {
	PrivateKey  ed25519.PrivateKey
	PrivatePEM  []byte
	Public      string
	Fingerprint string
}

SigningKeyPair contains a generated Ed25519 SSH signing key pair.

func GenerateSigningKeyPair ¶

func GenerateSigningKeyPair(comment string) (*SigningKeyPair, error)

GenerateSigningKeyPair creates a new Ed25519 SSH signing key pair.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL