postgres

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: GPL-3.0 Imports: 64 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// MaxLicensesPerComponent limits the number of licenses that can be linked to a single component
	MaxLicensesPerComponent = 50
	// MaxLicenseNameLength limits the length of a license name
	MaxLicenseNameLength = 255
)
View Source 
const DefaultBatchChunkSize = 100

DefaultBatchChunkSize is the default number of findings per chunk for batch operations.

Variables

View Source 
var ErrAccountLocked = errors.New("account is locked due to too many failed login attempts")

ErrAccountLocked is returned when the admin account is locked due to too many failed login attempts.

Functions

This section is empty.

Types

type AITriageRepository 

type AITriageRepository struct {
	// contains filtered or unexported fields
}

AITriageRepository implements aitriage.Repository using PostgreSQL.

func NewAITriageRepository 

func NewAITriageRepository(db *DB) *AITriageRepository

NewAITriageRepository creates a new AITriageRepository.

func (*AITriageRepository) AcquireTriageSlot 

func (r *AITriageRepository) AcquireTriageSlot(ctx context.Context, tenantID, resultID shared.ID) (*aitriage.TriageContext, error)

AcquireTriageSlot atomically checks token limit and reserves a slot for processing. Uses SELECT FOR UPDATE to prevent race conditions when multiple workers process concurrently. This method: 1. Locks the triage result row with FOR UPDATE 2. Checks if status is 'pending' (not already processing) 3. Calculates current token usage with locking 4. Checks against monthly token limit 5. Updates status to 'processing' atomically Returns the triage context if slot acquired, or appropriate error.

func (*AITriageRepository) CountByTenantThisMonth 

func (r *AITriageRepository) CountByTenantThisMonth(ctx context.Context, tenantID shared.ID) (int, error)

CountByTenantThisMonth counts triage jobs for token usage tracking. Uses UTC timezone for consistent month boundaries across all regions.

func (*AITriageRepository) Create 

func (r *AITriageRepository) Create(ctx context.Context, result *aitriage.TriageResult) error

Create creates a new triage result.

func (*AITriageRepository) FindStuckJobs 

func (r *AITriageRepository) FindStuckJobs(ctx context.Context, stuckDuration time.Duration, limit int) ([]*aitriage.TriageResult, error)

FindStuckJobs finds triage jobs that have been in pending/processing state for too long. Used by recovery job to mark them as failed. stuckDuration: how long a job must be stuck before being considered for recovery.

func (*AITriageRepository) GetByFindingID 

func (r *AITriageRepository) GetByFindingID(ctx context.Context, tenantID, findingID shared.ID) (*aitriage.TriageResult, error)

GetByFindingID retrieves the latest triage result for a finding.

func (*AITriageRepository) GetByID 

func (r *AITriageRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*aitriage.TriageResult, error)

GetByID retrieves a triage result by ID.

func (*AITriageRepository) GetPendingJobs 

func (r *AITriageRepository) GetPendingJobs(ctx context.Context, limit int) ([]*aitriage.TriageResult, error)

GetPendingJobs retrieves pending triage jobs for processing. SECURITY: Orders by tenant_id to group jobs by tenant for proper isolation. Workers should process results grouped by tenant_id to prevent cross-tenant leakage. Consider using GetPendingJobsByTenant for better isolation.

func (*AITriageRepository) GetPendingJobsByTenant 

func (r *AITriageRepository) GetPendingJobsByTenant(ctx context.Context, tenantID shared.ID, limit int) ([]*aitriage.TriageResult, error)

GetPendingJobsByTenant retrieves pending triage jobs for a specific tenant. SECURITY: This is the preferred method - ensures proper tenant isolation.

func (*AITriageRepository) GetTenantsWithPendingJobs 

func (r *AITriageRepository) GetTenantsWithPendingJobs(ctx context.Context, limit int) ([]shared.ID, error)

GetTenantsWithPendingJobs returns tenant IDs that have pending triage jobs. SECURITY: Use this to iterate tenants, then call GetPendingJobsByTenant for each.

func (*AITriageRepository) GetTriageContext 

func (r *AITriageRepository) GetTriageContext(ctx context.Context, tenantID, resultID shared.ID) (*aitriage.TriageContext, error)

GetTriageContext retrieves triage result with tenant settings and token usage in one optimized query. Uses UTC timezone for consistent month boundaries across all regions.

func (*AITriageRepository) HasPendingOrProcessing 

func (r *AITriageRepository) HasPendingOrProcessing(ctx context.Context, tenantID, findingID shared.ID) (bool, error)

HasPendingOrProcessing checks if a finding has a pending or processing triage job. Used for deduplication to prevent multiple concurrent triage requests for the same finding.

func (*AITriageRepository) ListByFindingID 

func (r *AITriageRepository) ListByFindingID(ctx context.Context, tenantID, findingID shared.ID, limit, offset int) ([]*aitriage.TriageResult, int, error)

ListByFindingID retrieves all triage results for a finding (history).

func (*AITriageRepository) MarkStuckAsFailed 

func (r *AITriageRepository) MarkStuckAsFailed(ctx context.Context, id shared.ID, errorMessage string) (bool, error)

MarkStuckAsFailed marks a stuck triage job as failed. Returns true if the job was updated, false if it was already in a terminal state.

func (*AITriageRepository) SumTokensByTenantThisMonth 

func (r *AITriageRepository) SumTokensByTenantThisMonth(ctx context.Context, tenantID shared.ID) (int, error)

SumTokensByTenantThisMonth sums tokens used this month. Uses UTC timezone for consistent month boundaries across all regions.

func (*AITriageRepository) Update 

func (r *AITriageRepository) Update(ctx context.Context, result *aitriage.TriageResult) error

Update updates an existing triage result.

type APIKeyRepository 

type APIKeyRepository struct {
	// contains filtered or unexported fields
}

APIKeyRepository is the PostgreSQL implementation of apikey.Repository.

func NewAPIKeyRepository 

func NewAPIKeyRepository(db *DB) *APIKeyRepository

NewAPIKeyRepository creates a new APIKeyRepository.

func (*APIKeyRepository) Create 

func (r *APIKeyRepository) Create(ctx context.Context, key *apikey.APIKey) error

Create inserts a new API key.

func (*APIKeyRepository) Delete 

func (r *APIKeyRepository) Delete(ctx context.Context, id, tenantID apikey.ID) error

Delete deletes an API key by ID and tenant.

func (*APIKeyRepository) GetByHash 

func (r *APIKeyRepository) GetByHash(ctx context.Context, hash string) (*apikey.APIKey, error)

GetByHash retrieves an API key by its hash.

func (*APIKeyRepository) GetByID 

func (r *APIKeyRepository) GetByID(ctx context.Context, id, tenantID apikey.ID) (*apikey.APIKey, error)

GetByID retrieves an API key by ID and tenant.

func (*APIKeyRepository) List 

func (r *APIKeyRepository) List(ctx context.Context, filter apikey.Filter) (apikey.ListResult, error)

List retrieves a paginated list of API keys.

func (*APIKeyRepository) Update 

func (r *APIKeyRepository) Update(ctx context.Context, key *apikey.APIKey) error

Update updates an API key.

type AccessControlRepository 

type AccessControlRepository struct {
	// contains filtered or unexported fields
}

AccessControlRepository implements accesscontrol.Repository using PostgreSQL.

func NewAccessControlRepository 

func NewAccessControlRepository(db *DB) *AccessControlRepository

NewAccessControlRepository creates a new AccessControlRepository.

func (*AccessControlRepository) BatchListFindingGroupIDs added in v0.1.3 

func (r *AccessControlRepository) BatchListFindingGroupIDs(ctx context.Context, tenantID shared.ID, findingIDs []shared.ID) (map[shared.ID][]shared.ID, error)

BatchListFindingGroupIDs returns group IDs for multiple findings in a single query. Avoids N+1 when checking group membership for bulk operations.

func (*AccessControlRepository) BulkCreateAssetOwners added in v0.1.2 

func (r *AccessControlRepository) BulkCreateAssetOwners(ctx context.Context, owners []*accesscontrol.AssetOwner) (int, error)

BulkCreateAssetOwners inserts multiple asset owners in batches. Returns the number of rows successfully inserted.

func (*AccessControlRepository) BulkCreateAssetOwnersWithSource added in v0.1.2 

func (r *AccessControlRepository) BulkCreateAssetOwnersWithSource(ctx context.Context, owners []*accesscontrol.AssetOwner, source string, ruleID *shared.ID) (int, error)

BulkCreateAssetOwnersWithSource creates multiple asset owner records with source tracking. Automatically chunks large batches to stay within PostgreSQL parameter limits.

func (*AccessControlRepository) BulkCreateFindingGroupAssignments added in v0.1.2 

func (r *AccessControlRepository) BulkCreateFindingGroupAssignments(ctx context.Context, fgas []*accesscontrol.FindingGroupAssignment) (int, error)

BulkCreateFindingGroupAssignments inserts multiple finding-group assignments. Uses ON CONFLICT DO NOTHING for idempotency (same finding+group pair is ignored).

func (*AccessControlRepository) BulkDeleteAutoAssignedForAssets added in v0.1.2 

func (r *AccessControlRepository) BulkDeleteAutoAssignedForAssets(ctx context.Context, assetIDs []shared.ID, groupID shared.ID) (int, error)

BulkDeleteAutoAssignedForAssets removes auto-assigned ownership for multiple assets in a group. Processes in chunks to avoid exceeding PostgreSQL's parameter limit.

func (*AccessControlRepository) CanAccessAsset 

func (r *AccessControlRepository) CanAccessAsset(ctx context.Context, userID, assetID shared.ID) (bool, error)

CanAccessAsset checks if a user can access a specific asset.

func (*AccessControlRepository) CountAssetOwners 

func (r *AccessControlRepository) CountAssetOwners(ctx context.Context, assetID shared.ID) (int64, error)

CountAssetOwners counts the number of owners for an asset.

func (*AccessControlRepository) CountAssetsByGroups added in v0.1.2 

func (r *AccessControlRepository) CountAssetsByGroups(ctx context.Context, groupIDs []shared.ID) (map[shared.ID]int, error)

CountAssetsByGroups counts assets owned by multiple groups in a single query.

func (*AccessControlRepository) CountAssignmentRules 

func (r *AccessControlRepository) CountAssignmentRules(ctx context.Context, tenantID shared.ID, filter accesscontrol.AssignmentRuleFilter) (int64, error)

CountAssignmentRules counts assignment rules with filtering.

func (*AccessControlRepository) CountFindingsByGroupFromRules added in v0.1.2 

func (r *AccessControlRepository) CountFindingsByGroupFromRules(ctx context.Context, tenantID, groupID shared.ID) (int64, error)

CountFindingsByGroupFromRules counts findings assigned to a group via assignment rules.

func (*AccessControlRepository) CountScopeRules added in v0.1.2 

func (r *AccessControlRepository) CountScopeRules(ctx context.Context, tenantID, groupID shared.ID, filter accesscontrol.ScopeRuleFilter) (int64, error)

CountScopeRules counts scope rules for a group with tenant isolation, respecting the same filter as ListScopeRules.

func (*AccessControlRepository) CreateAssetOwner 

func (r *AccessControlRepository) CreateAssetOwner(ctx context.Context, ao *accesscontrol.AssetOwner) error

CreateAssetOwner creates a new asset ownership relationship. Supports both group-level and user-level (direct) ownership.

func (*AccessControlRepository) CreateAssetOwnerWithSource added in v0.1.2 

func (r *AccessControlRepository) CreateAssetOwnerWithSource(ctx context.Context, ao *accesscontrol.AssetOwner, source string, ruleID *shared.ID) error

CreateAssetOwnerWithSource creates an asset owner record with source tracking.

func (*AccessControlRepository) CreateAssignmentRule 

func (r *AccessControlRepository) CreateAssignmentRule(ctx context.Context, rule *accesscontrol.AssignmentRule) error

CreateAssignmentRule creates a new assignment rule.

func (*AccessControlRepository) CreateGroupPermission 

func (r *AccessControlRepository) CreateGroupPermission(ctx context.Context, gp *accesscontrol.GroupPermission) error

CreateGroupPermission creates a new group permission override.

func (*AccessControlRepository) CreateScopeRule added in v0.1.2 

func (r *AccessControlRepository) CreateScopeRule(ctx context.Context, rule *accesscontrol.ScopeRule) error

CreateScopeRule creates a new scope rule.

func (*AccessControlRepository) DeleteAssetOwner 

func (r *AccessControlRepository) DeleteAssetOwner(ctx context.Context, assetID, groupID shared.ID) error

DeleteAssetOwner removes an asset ownership by asset and group ID.

func (*AccessControlRepository) DeleteAssetOwnerByID 

func (r *AccessControlRepository) DeleteAssetOwnerByID(ctx context.Context, id shared.ID) error

DeleteAssetOwnerByID removes an asset ownership by its ID.

func (*AccessControlRepository) DeleteAssetOwnerByUser 

func (r *AccessControlRepository) DeleteAssetOwnerByUser(ctx context.Context, assetID, userID shared.ID) error

DeleteAssetOwnerByUser removes an asset ownership by asset and user ID (direct ownership).

func (*AccessControlRepository) DeleteAssignmentRule 

func (r *AccessControlRepository) DeleteAssignmentRule(ctx context.Context, tenantID, id shared.ID) error

DeleteAssignmentRule removes an assignment rule.

func (*AccessControlRepository) DeleteAutoAssignedByRule added in v0.1.2 

func (r *AccessControlRepository) DeleteAutoAssignedByRule(ctx context.Context, tenantID, ruleID shared.ID) (int, error)

DeleteAutoAssignedByRule removes all auto-assigned asset owners created by a specific rule. Uses subquery to enforce tenant isolation via the scope rule's tenant.

func (*AccessControlRepository) DeleteAutoAssignedForAsset added in v0.1.2 

func (r *AccessControlRepository) DeleteAutoAssignedForAsset(ctx context.Context, assetID, groupID shared.ID) error

DeleteAutoAssignedForAsset removes auto-assigned ownership for an asset in a specific group.

func (*AccessControlRepository) DeleteGroupPermission 

func (r *AccessControlRepository) DeleteGroupPermission(ctx context.Context, groupID shared.ID, permissionID string) error

DeleteGroupPermission removes a group permission.

func (*AccessControlRepository) DeleteScopeRule added in v0.1.2 

func (r *AccessControlRepository) DeleteScopeRule(ctx context.Context, tenantID, id shared.ID) error

DeleteScopeRule deletes a scope rule by ID with tenant isolation.

func (*AccessControlRepository) DeleteScopeRuleWithCleanup added in v0.1.2 

func (r *AccessControlRepository) DeleteScopeRuleWithCleanup(ctx context.Context, tenantID, ruleID shared.ID) (int, error)

DeleteScopeRuleWithCleanup atomically removes auto-assigned assets and deletes the scope rule within a single transaction. This prevents the inconsistent state where assets are unassigned but the rule still exists (if rule deletion fails).

func (*AccessControlRepository) FindAssetsByAssetGroupMatch added in v0.1.2 

func (r *AccessControlRepository) FindAssetsByAssetGroupMatch(ctx context.Context, tenantID shared.ID, assetGroupIDs []shared.ID) ([]shared.ID, error)

FindAssetsByAssetGroupMatch finds assets that belong to any of the specified asset groups.

func (*AccessControlRepository) FindAssetsByTagMatch added in v0.1.2 

func (r *AccessControlRepository) FindAssetsByTagMatch(ctx context.Context, tenantID shared.ID, tags []string, logic accesscontrol.MatchLogic) ([]shared.ID, error)

FindAssetsByTagMatch finds assets matching tag criteria.

func (*AccessControlRepository) GetAssetOwner 

func (r *AccessControlRepository) GetAssetOwner(ctx context.Context, assetID, groupID shared.ID) (*accesscontrol.AssetOwner, error)

GetAssetOwner retrieves an asset ownership by asset and group ID.

func (*AccessControlRepository) GetAssetOwnerByID 

func (r *AccessControlRepository) GetAssetOwnerByID(ctx context.Context, id shared.ID) (*accesscontrol.AssetOwner, error)

GetAssetOwnerByID retrieves an asset ownership by its ID.

func (*AccessControlRepository) GetAssetOwnerByUser 

func (r *AccessControlRepository) GetAssetOwnerByUser(ctx context.Context, assetID, userID shared.ID) (*accesscontrol.AssetOwner, error)

GetAssetOwnerByUser retrieves an asset ownership by asset and user ID (direct ownership).

func (*AccessControlRepository) GetAssignmentRule 

func (r *AccessControlRepository) GetAssignmentRule(ctx context.Context, tenantID, id shared.ID) (*accesscontrol.AssignmentRule, error)

GetAssignmentRule retrieves an assignment rule by ID.

func (*AccessControlRepository) GetGroupPermission 

func (r *AccessControlRepository) GetGroupPermission(ctx context.Context, groupID shared.ID, permissionID string) (*accesscontrol.GroupPermission, error)

GetGroupPermission retrieves a group permission by group ID and permission ID.

func (*AccessControlRepository) GetPrimaryOwnerBrief added in v0.1.2 

func (r *AccessControlRepository) GetPrimaryOwnerBrief(ctx context.Context, tenantID, assetID shared.ID) (*accesscontrol.OwnerBrief, error)

GetPrimaryOwnerBrief returns a lightweight representation of the primary owner for an asset.

func (*AccessControlRepository) GetPrimaryOwnersByAssetIDs added in v0.1.2 

func (r *AccessControlRepository) GetPrimaryOwnersByAssetIDs(ctx context.Context, tenantID shared.ID, assetIDs []shared.ID) (map[string]*accesscontrol.OwnerBrief, error)

GetPrimaryOwnersByAssetIDs returns primary owners for multiple assets in a single query. Returns a map of assetID (string) → OwnerBrief.

func (*AccessControlRepository) GetScopeRule added in v0.1.2 

func (r *AccessControlRepository) GetScopeRule(ctx context.Context, tenantID, id shared.ID) (*accesscontrol.ScopeRule, error)

GetScopeRule retrieves a scope rule by ID with tenant isolation.

func (*AccessControlRepository) GetUserAssetAccess 

func (r *AccessControlRepository) GetUserAssetAccess(ctx context.Context, userID, assetID shared.ID) (*accesscontrol.UserAssetAccess, error)

GetUserAssetAccess gets the user's access details for an asset.

func (*AccessControlRepository) HasAnyScopeAssignment added in v0.1.2 

func (r *AccessControlRepository) HasAnyScopeAssignment(ctx context.Context, tenantID, userID shared.ID) (bool, error)

HasAnyScopeAssignment checks if a user has any rows in user_accessible_assets. Returns true if the user has at least one group-based asset assignment. Used for backward compat: if false, user sees all data (no groups configured yet).

func (*AccessControlRepository) HasPrimaryOwner 

func (r *AccessControlRepository) HasPrimaryOwner(ctx context.Context, assetID shared.ID) (bool, error)

HasPrimaryOwner checks if an asset has at least one primary owner.

func (*AccessControlRepository) ListAccessibleAssets 

func (r *AccessControlRepository) ListAccessibleAssets(ctx context.Context, tenantID, userID shared.ID) ([]shared.ID, error)

ListAccessibleAssets returns all asset IDs a user can access within a tenant.

func (*AccessControlRepository) ListActiveRulesByPriority 

func (r *AccessControlRepository) ListActiveRulesByPriority(ctx context.Context, tenantID shared.ID) ([]*accesscontrol.AssignmentRule, error)

ListActiveRulesByPriority lists active assignment rules ordered by priority (descending).

func (*AccessControlRepository) ListActiveScopeRulesByGroup added in v0.1.2 

func (r *AccessControlRepository) ListActiveScopeRulesByGroup(ctx context.Context, tenantID, groupID shared.ID) ([]*accesscontrol.ScopeRule, error)

ListActiveScopeRulesByGroup returns all active scope rules for a group with tenant isolation.

func (*AccessControlRepository) ListActiveScopeRulesByTenant added in v0.1.2 

func (r *AccessControlRepository) ListActiveScopeRulesByTenant(ctx context.Context, tenantID shared.ID) ([]*accesscontrol.ScopeRule, error)

ListActiveScopeRulesByTenant returns all active scope rules for a tenant.

func (*AccessControlRepository) ListAssetOwners 

func (r *AccessControlRepository) ListAssetOwners(ctx context.Context, assetID shared.ID) ([]*accesscontrol.AssetOwner, error)

ListAssetOwners lists all owners of an asset (both group and user ownership).

func (*AccessControlRepository) ListAssetOwnersByGroupWithDetails added in v0.1.2 

func (r *AccessControlRepository) ListAssetOwnersByGroupWithDetails(ctx context.Context, groupID shared.ID, limit, offset int) ([]*accesscontrol.AssetOwnerWithAsset, int64, error)

ListAssetOwnersByGroupWithDetails lists asset owners for a group with asset name/type/status, with pagination.

func (*AccessControlRepository) ListAssetOwnersWithNames added in v0.1.2 

func (r *AccessControlRepository) ListAssetOwnersWithNames(ctx context.Context, tenantID, assetID shared.ID) ([]*accesscontrol.AssetOwnerWithNames, error)

ListAssetOwnersWithNames returns asset owners with resolved user/group names.

func (*AccessControlRepository) ListAssetsByGroup 

func (r *AccessControlRepository) ListAssetsByGroup(ctx context.Context, groupID shared.ID) ([]shared.ID, error)

ListAssetsByGroup lists all asset IDs owned by a group.

func (*AccessControlRepository) ListAssetsByUser 

func (r *AccessControlRepository) ListAssetsByUser(ctx context.Context, userID shared.ID) ([]shared.ID, error)

ListAssetsByUser lists all asset IDs directly owned by a user.

func (*AccessControlRepository) ListAssignmentRules 

func (r *AccessControlRepository) ListAssignmentRules(ctx context.Context, tenantID shared.ID, filter accesscontrol.AssignmentRuleFilter) ([]*accesscontrol.AssignmentRule, error)

ListAssignmentRules lists assignment rules with filtering.

func (*AccessControlRepository) ListAutoAssignedAssets added in v0.1.2 

func (r *AccessControlRepository) ListAutoAssignedAssets(ctx context.Context, tenantID, groupID shared.ID) ([]shared.ID, error)

ListAutoAssignedAssets lists asset IDs that are auto-assigned to a group via scope rules. Uses JOIN to enforce tenant isolation through the scope rule.

func (*AccessControlRepository) ListAutoAssignedGroupsForAsset added in v0.1.2 

func (r *AccessControlRepository) ListAutoAssignedGroupsForAsset(ctx context.Context, assetID shared.ID) ([]shared.ID, error)

ListAutoAssignedGroupsForAsset lists group IDs that an asset is auto-assigned to via scope rules.

func (*AccessControlRepository) ListFindingGroupAssignments added in v0.1.2 

func (r *AccessControlRepository) ListFindingGroupAssignments(ctx context.Context, tenantID, findingID shared.ID) ([]*accesscontrol.FindingGroupAssignment, error)

ListFindingGroupAssignments lists all group assignments for a finding.

func (*AccessControlRepository) ListGroupPermissions 

func (r *AccessControlRepository) ListGroupPermissions(ctx context.Context, groupID shared.ID) ([]*accesscontrol.GroupPermission, error)

ListGroupPermissions lists all custom permissions for a group.

func (*AccessControlRepository) ListGroupPermissionsByEffect 

func (r *AccessControlRepository) ListGroupPermissionsByEffect(ctx context.Context, groupID shared.ID, effect accesscontrol.PermissionEffect) ([]*accesscontrol.GroupPermission, error)

ListGroupPermissionsByEffect lists group permissions filtered by effect.

func (*AccessControlRepository) ListGroupsByAsset 

func (r *AccessControlRepository) ListGroupsByAsset(ctx context.Context, assetID shared.ID) ([]shared.ID, error)

ListGroupsByAsset lists all group IDs that own an asset (excludes direct user ownership).

func (*AccessControlRepository) ListGroupsWithActiveScopeRules added in v0.1.2 

func (r *AccessControlRepository) ListGroupsWithActiveScopeRules(ctx context.Context, tenantID shared.ID) ([]shared.ID, error)

ListGroupsWithActiveScopeRules returns distinct group IDs that have active scope rules for a tenant.

func (*AccessControlRepository) ListGroupsWithAssetGroupMatchRule added in v0.1.2 

func (r *AccessControlRepository) ListGroupsWithAssetGroupMatchRule(ctx context.Context, assetGroupID shared.ID) ([]shared.ID, error)

ListGroupsWithAssetGroupMatchRule returns distinct access control group IDs that have active scope rules referencing the given asset group ID in match_asset_group_ids.

func (*AccessControlRepository) ListScopeRules added in v0.1.2 

func (r *AccessControlRepository) ListScopeRules(ctx context.Context, tenantID, groupID shared.ID, filter accesscontrol.ScopeRuleFilter) ([]*accesscontrol.ScopeRule, error)

ListScopeRules lists scope rules for a group.

func (*AccessControlRepository) ListTenantsWithActiveScopeRules added in v0.1.2 

func (r *AccessControlRepository) ListTenantsWithActiveScopeRules(ctx context.Context) ([]shared.ID, error)

ListTenantsWithActiveScopeRules returns all tenants that have at least one active scope rule.

func (*AccessControlRepository) ListUsersByAsset 

func (r *AccessControlRepository) ListUsersByAsset(ctx context.Context, assetID shared.ID) ([]shared.ID, error)

ListUsersByAsset lists all user IDs that directly own an asset.

func (*AccessControlRepository) RefreshAccessForAssetAssign added in v0.1.2 

func (r *AccessControlRepository) RefreshAccessForAssetAssign(ctx context.Context, groupID, assetID shared.ID, ownershipType string) error

RefreshAccessForAssetAssign incrementally updates access when an asset is assigned to a group.

func (*AccessControlRepository) RefreshAccessForAssetUnassign added in v0.1.2 

func (r *AccessControlRepository) RefreshAccessForAssetUnassign(ctx context.Context, groupID, assetID shared.ID) error

RefreshAccessForAssetUnassign incrementally updates access when an asset is removed from a group.

func (*AccessControlRepository) RefreshAccessForDirectOwnerAdd added in v0.1.2 

func (r *AccessControlRepository) RefreshAccessForDirectOwnerAdd(ctx context.Context, assetID, userID shared.ID, ownershipType string) error

RefreshAccessForDirectOwnerAdd updates the user_accessible_assets materialized view when a user is directly added as an asset owner.

func (*AccessControlRepository) RefreshAccessForDirectOwnerRemove added in v0.1.2 

func (r *AccessControlRepository) RefreshAccessForDirectOwnerRemove(ctx context.Context, assetID, userID shared.ID) error

RefreshAccessForDirectOwnerRemove updates the user_accessible_assets materialized view when a user is removed as a direct asset owner.

func (*AccessControlRepository) RefreshAccessForMemberAdd added in v0.1.2 

func (r *AccessControlRepository) RefreshAccessForMemberAdd(ctx context.Context, groupID, userID shared.ID) error

RefreshAccessForMemberAdd incrementally updates access when a user is added to a group.

func (*AccessControlRepository) RefreshAccessForMemberRemove added in v0.1.2 

func (r *AccessControlRepository) RefreshAccessForMemberRemove(ctx context.Context, groupID, userID shared.ID) error

RefreshAccessForMemberRemove incrementally updates access when a user is removed from a group.

func (*AccessControlRepository) RefreshUserAccessibleAssets 

func (r *AccessControlRepository) RefreshUserAccessibleAssets(ctx context.Context) error

RefreshUserAccessibleAssets refreshes the materialized view for user-asset access.

func (*AccessControlRepository) UpdateAssetOwner 

func (r *AccessControlRepository) UpdateAssetOwner(ctx context.Context, ao *accesscontrol.AssetOwner) error

UpdateAssetOwner updates an existing asset ownership.

func (*AccessControlRepository) UpdateAssignmentRule 

func (r *AccessControlRepository) UpdateAssignmentRule(ctx context.Context, tenantID shared.ID, rule *accesscontrol.AssignmentRule) error

UpdateAssignmentRule updates an existing assignment rule.

func (*AccessControlRepository) UpdateGroupPermission 

func (r *AccessControlRepository) UpdateGroupPermission(ctx context.Context, gp *accesscontrol.GroupPermission) error

UpdateGroupPermission updates an existing group permission.

func (*AccessControlRepository) UpdateScopeRule added in v0.1.2 

func (r *AccessControlRepository) UpdateScopeRule(ctx context.Context, tenantID shared.ID, rule *accesscontrol.ScopeRule) error

UpdateScopeRule updates an existing scope rule with tenant isolation.

func (*AccessControlRepository) ValidateAssetGroupsBelongToTenant added in v0.1.2 

func (r *AccessControlRepository) ValidateAssetGroupsBelongToTenant(ctx context.Context, tenantID shared.ID, assetGroupIDs []shared.ID) error

ValidateAssetGroupsBelongToTenant checks that all given asset group IDs belong to the specified tenant. Returns an error if any asset group doesn't exist or belongs to a different tenant.

type AdminRepository 

type AdminRepository struct {
	// contains filtered or unexported fields
}

AdminRepository implements admin.Repository using PostgreSQL.

func NewAdminRepository 

func NewAdminRepository(db *DB) *AdminRepository

NewAdminRepository creates a new AdminRepository.

func (*AdminRepository) AuthenticateByAPIKey 

func (r *AdminRepository) AuthenticateByAPIKey(ctx context.Context, rawKey string) (*admin.AdminUser, error)

AuthenticateByAPIKey authenticates an admin user by raw API key. Implements SEC-H01: Rate limiting via account lockout after failed attempts.

func (*AdminRepository) Count 

func (r *AdminRepository) Count(ctx context.Context, filter admin.Filter) (int, error)

Count counts admin users with optional filter.

func (*AdminRepository) CountByRole 

func (r *AdminRepository) CountByRole(ctx context.Context, role admin.AdminRole) (int, error)

CountByRole counts admin users by role.

func (*AdminRepository) Create 

func (r *AdminRepository) Create(ctx context.Context, a *admin.AdminUser) error

Create creates a new admin user.

func (*AdminRepository) Delete 

func (r *AdminRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes an admin user.

func (*AdminRepository) GetByAPIKeyPrefix 

func (r *AdminRepository) GetByAPIKeyPrefix(ctx context.Context, prefix string) (*admin.AdminUser, error)

GetByAPIKeyPrefix retrieves an admin user by API key prefix.

func (*AdminRepository) GetByEmail 

func (r *AdminRepository) GetByEmail(ctx context.Context, email string) (*admin.AdminUser, error)

GetByEmail retrieves an admin user by email.

func (*AdminRepository) GetByID 

func (r *AdminRepository) GetByID(ctx context.Context, id shared.ID) (*admin.AdminUser, error)

GetByID retrieves an admin user by ID.

func (*AdminRepository) List 

func (r *AdminRepository) List(ctx context.Context, filter admin.Filter, page pagination.Pagination) (pagination.Result[*admin.AdminUser], error)

List lists admin users with filters and pagination.

func (*AdminRepository) RecordUsage 

func (r *AdminRepository) RecordUsage(ctx context.Context, id shared.ID, ip string) error

RecordUsage records API key usage (IP and timestamp).

func (*AdminRepository) Update 

func (r *AdminRepository) Update(ctx context.Context, a *admin.AdminUser) error

Update updates an admin user.

type AgentRepository 

type AgentRepository struct {
	// contains filtered or unexported fields
}

AgentRepository implements agent.Repository using PostgreSQL.

func NewAgentRepository 

func NewAgentRepository(db *DB) *AgentRepository

NewAgentRepository creates a new AgentRepository.

func (*AgentRepository) ClaimJob 

func (r *AgentRepository) ClaimJob(ctx context.Context, id shared.ID) error

ClaimJob atomically increments the current_jobs counter for an agent. Returns error if the agent is at capacity or not available.

func (*AgentRepository) CountByTenant 

func (r *AgentRepository) CountByTenant(ctx context.Context, tenantID shared.ID) (int, error)

CountByTenant counts the number of tenant-owned agents (excluding platform agents). Used for enforcing agent limits per plan.

func (*AgentRepository) Create 

func (r *AgentRepository) Create(ctx context.Context, a *agent.Agent) error

Create persists a new agent.

func (*AgentRepository) Delete 

func (r *AgentRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes an agent.

func (*AgentRepository) FindAvailable 

func (r *AgentRepository) FindAvailable(ctx context.Context, tenantID shared.ID, capabilities []string, tool string) ([]*agent.Agent, error)

FindAvailable finds available agents for a task.

func (*AgentRepository) FindAvailableWithCapacity 

func (r *AgentRepository) FindAvailableWithCapacity(ctx context.Context, tenantID shared.ID, capabilities []string, tool string) ([]*agent.Agent, error)

FindAvailableWithCapacity finds daemon agents with available job capacity. Used for load balancing - returns agents sorted by load factor (least loaded first). Only returns agents that can receive jobs from server (daemon mode or worker/collector type). Only considers agents with health='online' (have sent heartbeat recently). Agents with health='unknown' are excluded as they have never sent a heartbeat.

func (*AgentRepository) FindAvailableWithTool 

func (r *AgentRepository) FindAvailableWithTool(ctx context.Context, tenantID shared.ID, tool string) (*agent.Agent, error)

FindAvailableWithTool finds the best available agent for a tool. Returns the least-loaded agent that has the required tool.

func (*AgentRepository) FindByCapabilities 

func (r *AgentRepository) FindByCapabilities(ctx context.Context, tenantID shared.ID, capabilities []string, tool string) ([]*agent.Agent, error)

FindByCapabilities finds agents with the given capabilities.

func (*AgentRepository) GetAgentsOfflineSince 

func (r *AgentRepository) GetAgentsOfflineSince(ctx context.Context, since time.Time) ([]*agent.Agent, error)

GetAgentsOfflineSince returns agents that went offline after the given timestamp. Used for historical queries like "which agents went offline in the last hour?"

func (*AgentRepository) GetAvailableCapabilitiesForTenant 

func (r *AgentRepository) GetAvailableCapabilitiesForTenant(ctx context.Context, tenantID shared.ID) ([]string, error)

GetAvailableCapabilitiesForTenant returns all unique capability names from all agents accessible to the tenant. Only agents with health='online' are considered.

func (*AgentRepository) GetAvailableToolsForTenant 

func (r *AgentRepository) GetAvailableToolsForTenant(ctx context.Context, tenantID shared.ID) ([]string, error)

GetAvailableToolsForTenant returns all unique tool names that have at least one ONLINE agent. Only agents with health='online' are considered - meaning daemon is running and recently sent heartbeat.

func (*AgentRepository) GetByAPIKeyHash 

func (r *AgentRepository) GetByAPIKeyHash(ctx context.Context, hash string) (*agent.Agent, error)

GetByAPIKeyHash retrieves an agent by API key hash.

func (*AgentRepository) GetByID 

func (r *AgentRepository) GetByID(ctx context.Context, id shared.ID) (*agent.Agent, error)

GetByID retrieves an agent by its ID.

func (*AgentRepository) GetByTenantAndID 

func (r *AgentRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*agent.Agent, error)

GetByTenantAndID retrieves an agent by tenant and ID.

func (*AgentRepository) GetPlatformAgentStats added in v0.1.2 

func (r *AgentRepository) GetPlatformAgentStats(ctx context.Context, tenantID shared.ID) (*agent.PlatformAgentStatsResult, error)

GetPlatformAgentStats returns aggregate statistics for platform agents. NOTE: Cross-tenant access is intentional — platform agents are shared infrastructure managed by OpenCTEM, not scoped to individual tenants. The queued jobs count is tenant-scoped via the tenantID parameter.

func (*AgentRepository) GetTenantAgentStats added in v0.1.5 

func (r *AgentRepository) GetTenantAgentStats(ctx context.Context, tenantID shared.ID) (*agent.TenantAgentStats, error)

GetTenantAgentStats returns aggregate statistics for a tenant's agents. Computes status / health / type / execution_mode breakdowns plus active job count in a SINGLE query using UNION ALL of grouped subqueries — replaces client-side .filter().length over a paginated list.

func (*AgentRepository) HasAgentForCapability 

func (r *AgentRepository) HasAgentForCapability(ctx context.Context, tenantID shared.ID, capability string) (bool, error)

HasAgentForCapability checks if there's at least one ONLINE agent that supports the given capability.

func (*AgentRepository) HasAgentForTool 

func (r *AgentRepository) HasAgentForTool(ctx context.Context, tenantID shared.ID, tool string) (bool, error)

HasAgentForTool checks if there's at least one ONLINE agent that supports the given tool. Only agents with health='online' are considered - meaning daemon is running and recently sent heartbeat.

func (*AgentRepository) IncrementStats 

func (r *AgentRepository) IncrementStats(ctx context.Context, id shared.ID, findings, scans, errors int64) error

IncrementStats increments agent statistics.

func (*AgentRepository) List 

func (r *AgentRepository) List(ctx context.Context, filter agent.Filter, page pagination.Pagination) (pagination.Result[*agent.Agent], error)

List lists agents with filters and pagination.

func (*AgentRepository) MarkStaleAgentsOffline 

func (r *AgentRepository) MarkStaleAgentsOffline(ctx context.Context, timeout time.Duration) ([]shared.ID, error)

MarkStaleAgentsOffline finds agents that haven't sent heartbeat within timeout and marks them offline. Returns the list of agent IDs that were marked offline (for audit logging). This is used by the health monitor worker.

func (*AgentRepository) MarkStaleAsOffline 

func (r *AgentRepository) MarkStaleAsOffline(ctx context.Context, timeout time.Duration) (int64, error)

MarkStaleAsOffline marks agents as offline (health) if they haven't sent heartbeat within the timeout. Note: This updates Health (automatic), not Status (admin-controlled). Agents can still authenticate if their Status is 'active', regardless of Health. Returns the number of agents marked as offline.

func (*AgentRepository) ReleaseJob 

func (r *AgentRepository) ReleaseJob(ctx context.Context, id shared.ID) error

ReleaseJob atomically decrements the current_jobs counter for an agent.

func (*AgentRepository) Update 

func (r *AgentRepository) Update(ctx context.Context, a *agent.Agent) error

Update updates an agent.

func (*AgentRepository) UpdateLastSeen 

func (r *AgentRepository) UpdateLastSeen(ctx context.Context, id shared.ID) error

UpdateLastSeen updates the last seen timestamp and sets health to online. Note: This updates Health (automatic), not Status (admin-controlled).

func (*AgentRepository) UpdateOfflineTimestamp 

func (r *AgentRepository) UpdateOfflineTimestamp(ctx context.Context, id shared.ID) error

UpdateOfflineTimestamp marks an agent as offline with the current timestamp. Called when a health monitor detects heartbeat timeout (agent hasn't sent heartbeat within threshold). Preserves last_seen_at as the time of the last successful heartbeat.

type AssetGroupRepository 

type AssetGroupRepository struct {
	// contains filtered or unexported fields
}

AssetGroupRepository implements assetgroup.Repository using PostgreSQL.

func NewAssetGroupRepository 

func NewAssetGroupRepository(db *DB) *AssetGroupRepository

NewAssetGroupRepository creates a new asset group repository.

func (*AssetGroupRepository) AddAssets 

func (r *AssetGroupRepository) AddAssets(ctx context.Context, groupID shared.ID, assetIDs []shared.ID) error

AddAssets adds assets to a group using multi-row INSERT for performance.

func (*AssetGroupRepository) Count 

func (r *AssetGroupRepository) Count(ctx context.Context, filter assetgroup.Filter) (int64, error)

Count counts asset groups.

func (*AssetGroupRepository) CountAssetsByType 

func (r *AssetGroupRepository) CountAssetsByType(ctx context.Context, groupID shared.ID) (map[string]int64, error)

CountAssetsByType returns count of assets per type in a group.

func (*AssetGroupRepository) Create 

func (r *AssetGroupRepository) Create(ctx context.Context, g *assetgroup.AssetGroup) error

Create creates a new asset group.

func (*AssetGroupRepository) Delete 

func (r *AssetGroupRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes an asset group.

func (*AssetGroupRepository) ExistsByName 

func (r *AssetGroupRepository) ExistsByName(ctx context.Context, tenantID shared.ID, name string) (bool, error)

ExistsByName checks if a group with the name exists.

func (*AssetGroupRepository) GetByID 

func (r *AssetGroupRepository) GetByID(ctx context.Context, id shared.ID) (*assetgroup.AssetGroup, error)

GetByID retrieves an asset group by ID.

func (*AssetGroupRepository) GetByTenantAndID added in v0.1.3 

func (r *AssetGroupRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*assetgroup.AssetGroup, error)

GetByTenantAndID retrieves an asset group by tenant and ID (tenant-scoped).

func (*AssetGroupRepository) GetDistinctAssetTypes 

func (r *AssetGroupRepository) GetDistinctAssetTypes(ctx context.Context, groupID shared.ID) ([]string, error)

GetDistinctAssetTypes returns all unique asset types in a group.

func (*AssetGroupRepository) GetDistinctAssetTypesMultiple 

func (r *AssetGroupRepository) GetDistinctAssetTypesMultiple(ctx context.Context, groupIDs []shared.ID) ([]string, error)

GetDistinctAssetTypesMultiple returns all unique asset types across multiple groups.

func (*AssetGroupRepository) GetGroupAssets 

func (r *AssetGroupRepository) GetGroupAssets(ctx context.Context, groupID shared.ID, page pagination.Pagination) (pagination.Result[*assetgroup.GroupAsset], error)

GetGroupAssets returns assets belonging to a group.

func (*AssetGroupRepository) GetGroupFindings 

func (r *AssetGroupRepository) GetGroupFindings(ctx context.Context, groupID shared.ID, page pagination.Pagination) (pagination.Result[*assetgroup.GroupFinding], error)

GetGroupFindings returns findings for assets belonging to a group.

func (*AssetGroupRepository) GetGroupIDsByAssetID 

func (r *AssetGroupRepository) GetGroupIDsByAssetID(ctx context.Context, assetID shared.ID) ([]shared.ID, error)

GetGroupIDsByAssetID returns IDs of groups containing a specific asset.

func (*AssetGroupRepository) GetStats 

func (r *AssetGroupRepository) GetStats(ctx context.Context, tenantID shared.ID) (*assetgroup.Stats, error)

GetStats returns aggregated statistics.

func (*AssetGroupRepository) List 

func (r *AssetGroupRepository) List(
	ctx context.Context,
	filter assetgroup.Filter,
	opts assetgroup.ListOptions,
	page pagination.Pagination,
) (pagination.Result[*assetgroup.AssetGroup], error)

List lists asset groups with filtering and pagination.

func (*AssetGroupRepository) RecalculateCounts 

func (r *AssetGroupRepository) RecalculateCounts(ctx context.Context, groupID shared.ID) error

RecalculateCounts recalculates asset counts for a group. Note: finding_count is computed in real-time during SELECT queries.

func (*AssetGroupRepository) RemoveAssets 

func (r *AssetGroupRepository) RemoveAssets(ctx context.Context, groupID shared.ID, assetIDs []shared.ID) error

RemoveAssets removes assets from a group.

func (*AssetGroupRepository) Update 

func (r *AssetGroupRepository) Update(ctx context.Context, g *assetgroup.AssetGroup) error

Update updates an asset group.

type AssetRelationshipRepository 

type AssetRelationshipRepository struct {
	// contains filtered or unexported fields
}

AssetRelationshipRepository implements asset.RelationshipRepository using PostgreSQL.

func NewAssetRelationshipRepository 

func NewAssetRelationshipRepository(db *DB) *AssetRelationshipRepository

NewAssetRelationshipRepository creates a new AssetRelationshipRepository.

func (*AssetRelationshipRepository) CountByAsset 

func (r *AssetRelationshipRepository) CountByAsset(ctx context.Context, tenantID, assetID shared.ID) (int64, error)

CountByAsset returns the count of relationships for an asset.

func (*AssetRelationshipRepository) CountByType added in v0.1.5 

func (r *AssetRelationshipRepository) CountByType(ctx context.Context, tenantID shared.ID) (map[asset.RelationshipType]int64, error)

CountByType returns relationship counts grouped by type for a tenant. Used by the usage-stats endpoint so admins can see which relationship types are actually being used and prune the registry based on real data instead of guessing.

func (*AssetRelationshipRepository) Create 

func (r *AssetRelationshipRepository) Create(ctx context.Context, rel *asset.Relationship) error

Create persists a new relationship.

func (*AssetRelationshipRepository) CreateBatchIgnoreConflicts added in v0.1.2 

func (r *AssetRelationshipRepository) CreateBatchIgnoreConflicts(ctx context.Context, rels []*asset.Relationship) (int, error)

CreateBatchIgnoreConflicts inserts multiple relationships, silently skipping duplicates.

func (*AssetRelationshipRepository) Delete 

func (r *AssetRelationshipRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a relationship by ID within a tenant.

func (*AssetRelationshipRepository) Exists 

func (r *AssetRelationshipRepository) Exists(
	ctx context.Context,
	tenantID, sourceID, targetID shared.ID,
	relType asset.RelationshipType,
) (bool, error)

Exists checks if a specific relationship already exists.

func (*AssetRelationshipRepository) GetByID 

func (r *AssetRelationshipRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*asset.RelationshipWithAssets, error)

GetByID retrieves a relationship by ID within a tenant.

func (*AssetRelationshipRepository) ListByAsset 

func (r *AssetRelationshipRepository) ListByAsset(
	ctx context.Context,
	tenantID, assetID shared.ID,
	filter asset.RelationshipFilter,
) ([]*asset.RelationshipWithAssets, int64, error)

ListByAsset retrieves all relationships for an asset (both directions). Uses UNION ALL of two indexed queries for performance instead of OR.

func (*AssetRelationshipRepository) Update 

func (r *AssetRelationshipRepository) Update(ctx context.Context, rel *asset.Relationship) error

Update updates an existing relationship.

type AssetRepository 

type AssetRepository struct {
	// contains filtered or unexported fields
}

AssetRepository implements asset.Repository using PostgreSQL.

func NewAssetRepository 

func NewAssetRepository(db *DB) *AssetRepository

NewAssetRepository creates a new AssetRepository.

func (*AssetRepository) BatchUpdateRiskScores added in v0.1.2 

func (r *AssetRepository) BatchUpdateRiskScores(ctx context.Context, tenantID shared.ID, assets []*asset.Asset) error

BatchUpdateRiskScores updates risk_score for multiple assets in a single query.

func (*AssetRepository) BulkUpdateStatus added in v0.1.3 

func (r *AssetRepository) BulkUpdateStatus(ctx context.Context, tenantID shared.ID, assetIDs []shared.ID, status asset.Status) (int64, error)

BulkUpdateStatus atomically updates the status of multiple assets in a single SQL statement.

func (*AssetRepository) Count 

func (r *AssetRepository) Count(ctx context.Context, filter asset.Filter) (int64, error)

Count returns the total number of assets matching the filter.

func (*AssetRepository) Create 

func (r *AssetRepository) Create(ctx context.Context, a *asset.Asset) error

Create persists a new asset.

func (*AssetRepository) Delete 

func (r *AssetRepository) Delete(ctx context.Context, tenantID, assetID shared.ID) error

Delete removes an asset by its ID within a tenant. Security: Requires tenantID to prevent cross-tenant deletion.

func (*AssetRepository) ExistsByName 

func (r *AssetRepository) ExistsByName(ctx context.Context, tenantID shared.ID, name string) (bool, error)

ExistsByName checks if an asset with the given name exists within a tenant. Security: Requires tenantID to prevent cross-tenant enumeration.

func (*AssetRepository) FindRepositoryByFullName 

func (r *AssetRepository) FindRepositoryByFullName(ctx context.Context, tenantID shared.ID, fullName string) (*asset.Asset, error)

FindRepositoryByFullName finds a repository asset that matches the given full name (org/repo format). It searches for assets whose name or external_id ends with the full org/repo pattern. This is more precise than FindRepositoryByRepoName as it considers the organization.

func (*AssetRepository) FindRepositoryByRepoName 

func (r *AssetRepository) FindRepositoryByRepoName(ctx context.Context, tenantID shared.ID, repoName string) (*asset.Asset, error)

FindRepositoryByRepoName finds a repository asset whose name ends with the given repo name. This handles matching agent-created assets like "github.com-org/suborg/repo" with repo name "repo". NOTE: This only matches by repo name, use FindRepositoryByFullName for more precise matching.

func (*AssetRepository) GetAggregateStats added in v0.1.3 

func (r *AssetRepository) GetAggregateStats(ctx context.Context, tenantID shared.ID, types []string, tags []string) (*asset.AggregateStats, error)

GetAggregateStats computes all asset statistics in a SINGLE round-trip. Filters: types (asset_type ANY), tags (tags && — overlap, matches List semantics).

The previous implementation issued 6 queries (1 totals + 5 GROUP BY breakdowns). This version collapses everything into one query using a CTE + UNION ALL, trading slightly more complex SQL for an 83% reduction in DB round-trips. PostgreSQL plans a single scan of the filtered CTE for all aggregates.

func (*AssetRepository) GetAssetTypeBreakdown added in v0.1.2 

func (r *AssetRepository) GetAssetTypeBreakdown(ctx context.Context, tenantID shared.ID) (map[string]asset.AssetTypeStats, error)

GetAssetTypeBreakdown returns total and exposed counts per asset_type in a single query.

func (*AssetRepository) GetAverageRiskScore added in v0.1.2 

func (r *AssetRepository) GetAverageRiskScore(ctx context.Context, tenantID shared.ID) (float64, error)

GetAverageRiskScore returns the average risk_score for all assets in a tenant.

func (*AssetRepository) GetByExternalID 

func (r *AssetRepository) GetByExternalID(ctx context.Context, tenantID shared.ID, provider asset.Provider, externalID string) (*asset.Asset, error)

GetByExternalID retrieves an asset by external ID and provider.

func (*AssetRepository) GetByID 

func (r *AssetRepository) GetByID(ctx context.Context, tenantID, assetID shared.ID) (*asset.Asset, error)

GetByID retrieves an asset by its ID within a tenant. Security: Requires tenantID to prevent cross-tenant data access.

func (*AssetRepository) GetByName 

func (r *AssetRepository) GetByName(ctx context.Context, tenantID shared.ID, name string) (*asset.Asset, error)

GetByName retrieves an asset by name within a tenant.

func (*AssetRepository) GetByNames 

func (r *AssetRepository) GetByNames(ctx context.Context, tenantID shared.ID, names []string) (map[string]*asset.Asset, error)

GetByNames retrieves multiple assets by their names within a tenant. Returns a map of name -> Asset for found assets.

func (*AssetRepository) List 

func (r *AssetRepository) List(
	ctx context.Context,
	filter asset.Filter,
	opts asset.ListOptions,
	page pagination.Pagination,
) (pagination.Result[*asset.Asset], error)

List retrieves assets with filtering, sorting, and pagination.

func (*AssetRepository) ListDistinctTags added in v0.1.2 

func (r *AssetRepository) ListDistinctTags(ctx context.Context, tenantID shared.ID, prefix string, limit int) ([]string, error)

ListDistinctTags returns distinct tags across all assets for a tenant. Supports prefix filtering for autocomplete and a limit for result size.

func (*AssetRepository) Update 

func (r *AssetRepository) Update(ctx context.Context, a *asset.Asset) error

Update updates an existing asset.

func (*AssetRepository) UpdateFindingCounts 

func (r *AssetRepository) UpdateFindingCounts(ctx context.Context, tenantID shared.ID, assetIDs []shared.ID) error

UpdateFindingCounts updates finding counts for multiple assets in batch. This recalculates the finding_count from the findings table.

func (*AssetRepository) UpsertBatch 

func (r *AssetRepository) UpsertBatch(ctx context.Context, assets []*asset.Asset) (created int, updated int, err error)

UpsertBatch creates or updates multiple assets in a single operation. Uses PostgreSQL ON CONFLICT for atomic upsert behavior. Conflict is detected on (tenant_id, name) unique constraint.

type AssetServiceRepository 

type AssetServiceRepository struct {
	// contains filtered or unexported fields
}

AssetServiceRepository implements asset.AssetServiceRepository using PostgreSQL.

func NewAssetServiceRepository 

func NewAssetServiceRepository(db *DB) *AssetServiceRepository

NewAssetServiceRepository creates a new AssetServiceRepository.

func (*AssetServiceRepository) CountByAsset 

func (r *AssetServiceRepository) CountByAsset(ctx context.Context, tenantID, assetID shared.ID) (int, error)

CountByAsset returns the number of services for an asset.

func (*AssetServiceRepository) CountByTenant 

func (r *AssetServiceRepository) CountByTenant(ctx context.Context, tenantID shared.ID) (int64, error)

CountByTenant returns the total number of services for a tenant.

func (*AssetServiceRepository) CountPublic 

func (r *AssetServiceRepository) CountPublic(ctx context.Context, tenantID shared.ID) (int64, error)

CountPublic returns the number of public services for a tenant.

func (*AssetServiceRepository) Create 

func (r *AssetServiceRepository) Create(ctx context.Context, service *asset.AssetService) error

Create persists a new asset service.

func (*AssetServiceRepository) Delete 

func (r *AssetServiceRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes an asset service by its ID.

func (*AssetServiceRepository) DeleteByAssetID 

func (r *AssetServiceRepository) DeleteByAssetID(ctx context.Context, tenantID, assetID shared.ID) error

DeleteByAssetID removes all services for an asset.

func (*AssetServiceRepository) GetByAssetAndPort 

func (r *AssetServiceRepository) GetByAssetAndPort(ctx context.Context, tenantID, assetID shared.ID, port int, protocol asset.Protocol) (*asset.AssetService, error)

GetByAssetAndPort retrieves a service by asset ID and port.

func (*AssetServiceRepository) GetByAssetID 

func (r *AssetServiceRepository) GetByAssetID(ctx context.Context, tenantID, assetID shared.ID) ([]*asset.AssetService, error)

GetByAssetID retrieves all services for an asset.

func (*AssetServiceRepository) GetByID 

func (r *AssetServiceRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*asset.AssetService, error)

GetByID retrieves an asset service by its ID.

func (*AssetServiceRepository) GetPortCounts 

func (r *AssetServiceRepository) GetPortCounts(ctx context.Context, tenantID shared.ID, topN int) (map[int]int, error)

GetPortCounts returns count of services grouped by port (top N).

func (*AssetServiceRepository) GetServiceTypeCounts 

func (r *AssetServiceRepository) GetServiceTypeCounts(ctx context.Context, tenantID shared.ID) (map[asset.ServiceType]int, error)

GetServiceTypeCounts returns count of services grouped by service type.

func (*AssetServiceRepository) List 

func (r *AssetServiceRepository) List(ctx context.Context, tenantID shared.ID, opts asset.ListAssetServicesOptions) ([]*asset.AssetService, int, error)

List retrieves services with filtering and pagination.

func (*AssetServiceRepository) ListByServiceType 

func (r *AssetServiceRepository) ListByServiceType(ctx context.Context, tenantID shared.ID, serviceType asset.ServiceType, limit, offset int) ([]*asset.AssetService, int, error)

ListByServiceType retrieves services of a specific type.

func (*AssetServiceRepository) ListHighRisk 

func (r *AssetServiceRepository) ListHighRisk(ctx context.Context, tenantID shared.ID, minRiskScore int, limit, offset int) ([]*asset.AssetService, int, error)

ListHighRisk retrieves services with risk score above threshold.

func (*AssetServiceRepository) ListPublic 

func (r *AssetServiceRepository) ListPublic(ctx context.Context, tenantID shared.ID, limit, offset int) ([]*asset.AssetService, int, error)

ListPublic retrieves all public (internet-exposed) services for a tenant.

func (*AssetServiceRepository) SearchByCPE 

func (r *AssetServiceRepository) SearchByCPE(ctx context.Context, tenantID shared.ID, cpe string, limit int) ([]*asset.AssetService, error)

SearchByCPE searches services by CPE (partial match).

func (*AssetServiceRepository) SearchByProduct 

func (r *AssetServiceRepository) SearchByProduct(ctx context.Context, tenantID shared.ID, product string, limit int) ([]*asset.AssetService, error)

SearchByProduct searches services by product name (partial match).

func (*AssetServiceRepository) SearchByVersion 

func (r *AssetServiceRepository) SearchByVersion(ctx context.Context, tenantID shared.ID, version string, limit int) ([]*asset.AssetService, error)

SearchByVersion searches services by version (partial match).

func (*AssetServiceRepository) Update 

func (r *AssetServiceRepository) Update(ctx context.Context, service *asset.AssetService) error

Update updates an existing asset service.

func (*AssetServiceRepository) UpdateFindingCounts 

func (r *AssetServiceRepository) UpdateFindingCounts(ctx context.Context, counts map[shared.ID]int) error

UpdateFindingCounts updates finding counts for multiple services.

func (*AssetServiceRepository) UpsertBatch 

func (r *AssetServiceRepository) UpsertBatch(ctx context.Context, services []*asset.AssetService) (created int, updated int, err error)

UpsertBatch creates or updates multiple services in a single operation.

type AssetSourceRepository 

type AssetSourceRepository struct {
	// contains filtered or unexported fields
}

AssetSourceRepository implements datasource.AssetSourceRepository using PostgreSQL.

func NewAssetSourceRepository 

func NewAssetSourceRepository(db *DB) *AssetSourceRepository

NewAssetSourceRepository creates a new AssetSourceRepository.

func (*AssetSourceRepository) CountBySource 

func (r *AssetSourceRepository) CountBySource(ctx context.Context, sourceID shared.ID) (int64, error)

CountBySource returns the number of assets for a data source.

func (*AssetSourceRepository) Create 

func (r *AssetSourceRepository) Create(ctx context.Context, as *datasource.AssetSource) error

Create creates a new asset source record.

func (*AssetSourceRepository) Delete 

func (r *AssetSourceRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes an asset source by ID.

func (*AssetSourceRepository) DeleteByAsset 

func (r *AssetSourceRepository) DeleteByAsset(ctx context.Context, assetID shared.ID) error

DeleteByAsset deletes all asset sources for an asset.

func (*AssetSourceRepository) DeleteBySource 

func (r *AssetSourceRepository) DeleteBySource(ctx context.Context, sourceID shared.ID) error

DeleteBySource deletes all asset sources for a data source.

func (*AssetSourceRepository) GetByAsset 

func (r *AssetSourceRepository) GetByAsset(ctx context.Context, assetID shared.ID) ([]*datasource.AssetSource, error)

GetByAsset retrieves all sources for an asset.

func (*AssetSourceRepository) GetByAssetAndSource 

func (r *AssetSourceRepository) GetByAssetAndSource(ctx context.Context, assetID shared.ID, sourceType datasource.SourceType, sourceID *shared.ID) (*datasource.AssetSource, error)

GetByAssetAndSource retrieves an asset source by asset ID, source type, and source ID.

func (*AssetSourceRepository) GetByID 

func (r *AssetSourceRepository) GetByID(ctx context.Context, id shared.ID) (*datasource.AssetSource, error)

GetByID retrieves an asset source by ID.

func (*AssetSourceRepository) GetPrimaryByAsset 

func (r *AssetSourceRepository) GetPrimaryByAsset(ctx context.Context, assetID shared.ID) (*datasource.AssetSource, error)

GetPrimaryByAsset retrieves the primary source for an asset.

func (*AssetSourceRepository) List 

func (r *AssetSourceRepository) List(ctx context.Context, filter datasource.AssetSourceFilter, opts datasource.AssetSourceListOptions) (datasource.AssetSourceListResult, error)

List lists asset sources with filtering and pagination. nolint:dupl // Similar pattern to FindingDataSourceRepository.List - intentional for type safety

func (*AssetSourceRepository) SetPrimary 

func (r *AssetSourceRepository) SetPrimary(ctx context.Context, assetSourceID shared.ID) error

SetPrimary sets a source as the primary source for an asset.

func (*AssetSourceRepository) Update 

func (r *AssetSourceRepository) Update(ctx context.Context, as *datasource.AssetSource) error

Update updates an existing asset source.

func (*AssetSourceRepository) Upsert 

func (r *AssetSourceRepository) Upsert(ctx context.Context, as *datasource.AssetSource) error

Upsert creates or updates an asset source.

type AssetStateHistoryRepository 

type AssetStateHistoryRepository struct {
	// contains filtered or unexported fields
}

AssetStateHistoryRepository implements asset.StateHistoryRepository using PostgreSQL.

func NewAssetStateHistoryRepository 

func NewAssetStateHistoryRepository(db *DB) *AssetStateHistoryRepository

NewAssetStateHistoryRepository creates a new AssetStateHistoryRepository.

func (*AssetStateHistoryRepository) CountBySource 

func (r *AssetStateHistoryRepository) CountBySource(ctx context.Context, tenantID shared.ID, since time.Time) (map[asset.ChangeSource]int, error)

CountBySource returns count of changes grouped by source.

func (*AssetStateHistoryRepository) CountByType 

func (r *AssetStateHistoryRepository) CountByType(ctx context.Context, tenantID shared.ID, since time.Time) (map[asset.StateChangeType]int, error)

CountByType returns count of changes grouped by change type.

func (*AssetStateHistoryRepository) Create 

func (r *AssetStateHistoryRepository) Create(ctx context.Context, change *asset.AssetStateChange) error

Create appends a new state change record.

func (*AssetStateHistoryRepository) CreateBatch 

func (r *AssetStateHistoryRepository) CreateBatch(ctx context.Context, changes []*asset.AssetStateChange) error

CreateBatch appends multiple state change records in a single operation.

func (*AssetStateHistoryRepository) GetActivityTimeline 

func (r *AssetStateHistoryRepository) GetActivityTimeline(ctx context.Context, tenantID shared.ID, from, to time.Time) ([]asset.DailyActivityCount, error)

GetActivityTimeline returns daily counts of changes over a time period.

func (*AssetStateHistoryRepository) GetByAssetID 

func (r *AssetStateHistoryRepository) GetByAssetID(ctx context.Context, tenantID, assetID shared.ID, opts asset.ListStateHistoryOptions) ([]*asset.AssetStateChange, int, error)

GetByAssetID retrieves all state changes for an asset.

func (*AssetStateHistoryRepository) GetByID 

func (r *AssetStateHistoryRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*asset.AssetStateChange, error)

GetByID retrieves a state change by its ID.

func (*AssetStateHistoryRepository) GetChangesByUser 

func (r *AssetStateHistoryRepository) GetChangesByUser(ctx context.Context, tenantID, userID shared.ID, opts asset.ListStateHistoryOptions) ([]*asset.AssetStateChange, int, error)

GetChangesByUser retrieves all changes made by a specific user.

func (*AssetStateHistoryRepository) GetComplianceChanges 

func (r *AssetStateHistoryRepository) GetComplianceChanges(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*asset.AssetStateChange, error)

GetComplianceChanges retrieves compliance-related changes within a time window.

func (*AssetStateHistoryRepository) GetExposureChanges 

func (r *AssetStateHistoryRepository) GetExposureChanges(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*asset.AssetStateChange, error)

GetExposureChanges retrieves all exposure-related changes within a time window.

func (*AssetStateHistoryRepository) GetLatestByAsset 

func (r *AssetStateHistoryRepository) GetLatestByAsset(ctx context.Context, tenantID shared.ID, changeTypes []asset.StateChangeType) (map[shared.ID]*asset.AssetStateChange, error)

GetLatestByAsset retrieves the most recent state change for each asset.

func (*AssetStateHistoryRepository) GetNewlyExposedAssets 

func (r *AssetStateHistoryRepository) GetNewlyExposedAssets(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*asset.AssetStateChange, error)

GetNewlyExposedAssets retrieves assets that became internet-accessible.

func (*AssetStateHistoryRepository) GetRecentAppearances 

func (r *AssetStateHistoryRepository) GetRecentAppearances(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*asset.AssetStateChange, error)

GetRecentAppearances retrieves assets that appeared within the time window.

func (*AssetStateHistoryRepository) GetRecentDisappearances 

func (r *AssetStateHistoryRepository) GetRecentDisappearances(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*asset.AssetStateChange, error)

GetRecentDisappearances retrieves assets that disappeared within the time window.

func (*AssetStateHistoryRepository) GetShadowITCandidates 

func (r *AssetStateHistoryRepository) GetShadowITCandidates(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*asset.AssetStateChange, error)

GetShadowITCandidates retrieves assets that appeared but have unknown/shadow scope.

func (*AssetStateHistoryRepository) List 

func (r *AssetStateHistoryRepository) List(ctx context.Context, tenantID shared.ID, opts asset.ListStateHistoryOptions) ([]*asset.AssetStateChange, int, error)

List retrieves state changes with filtering and pagination.

type AssetTypeCategoryRepository 

type AssetTypeCategoryRepository struct {
	// contains filtered or unexported fields
}

AssetTypeCategoryRepository implements assettype.CategoryRepository using PostgreSQL.

func NewAssetTypeCategoryRepository 

func NewAssetTypeCategoryRepository(db *DB) *AssetTypeCategoryRepository

NewAssetTypeCategoryRepository creates a new category repository.

func (*AssetTypeCategoryRepository) Create 

func (r *AssetTypeCategoryRepository) Create(ctx context.Context, c *assettype.Category) error

Create creates a new category.

func (*AssetTypeCategoryRepository) Delete 

func (r *AssetTypeCategoryRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a category.

func (*AssetTypeCategoryRepository) GetByCode 

func (r *AssetTypeCategoryRepository) GetByCode(ctx context.Context, code string) (*assettype.Category, error)

GetByCode retrieves a category by code.

func (*AssetTypeCategoryRepository) GetByID 

func (r *AssetTypeCategoryRepository) GetByID(ctx context.Context, id shared.ID) (*assettype.Category, error)

GetByID retrieves a category by ID.

func (*AssetTypeCategoryRepository) List 

func (r *AssetTypeCategoryRepository) List(
	ctx context.Context,
	filter assettype.CategoryFilter,
	page pagination.Pagination,
) (pagination.Result[*assettype.Category], error)

List lists categories with pagination.

func (*AssetTypeCategoryRepository) ListActive 

func (r *AssetTypeCategoryRepository) ListActive(ctx context.Context) ([]*assettype.Category, error)

ListActive lists all active categories.

func (*AssetTypeCategoryRepository) Update 

func (r *AssetTypeCategoryRepository) Update(ctx context.Context, c *assettype.Category) error

Update updates an existing category.

type AssetTypeRepository 

type AssetTypeRepository struct {
	// contains filtered or unexported fields
}

AssetTypeRepository implements assettype.Repository using PostgreSQL.

func NewAssetTypeRepository 

func NewAssetTypeRepository(db *DB) *AssetTypeRepository

NewAssetTypeRepository creates a new asset type repository.

func (*AssetTypeRepository) ExistsByCode 

func (r *AssetTypeRepository) ExistsByCode(ctx context.Context, code string) (bool, error)

ExistsByCode checks if an asset type with the given code exists.

func (*AssetTypeRepository) GetByCode 

func (r *AssetTypeRepository) GetByCode(ctx context.Context, code string) (*assettype.AssetType, error)

GetByCode retrieves an asset type by its code.

func (*AssetTypeRepository) GetByID 

func (r *AssetTypeRepository) GetByID(ctx context.Context, id shared.ID) (*assettype.AssetType, error)

GetByID retrieves an asset type by ID.

func (*AssetTypeRepository) List 

func (r *AssetTypeRepository) List(
	ctx context.Context,
	filter assettype.Filter,
	opts assettype.ListOptions,
	page pagination.Pagination,
) (pagination.Result[*assettype.AssetType], error)

List lists asset types with filtering and pagination.

func (*AssetTypeRepository) ListActive 

func (r *AssetTypeRepository) ListActive(ctx context.Context) ([]*assettype.AssetType, error)

ListActive lists all active asset types.

func (*AssetTypeRepository) ListActiveByCategory 

func (r *AssetTypeRepository) ListActiveByCategory(ctx context.Context, categoryID shared.ID) ([]*assettype.AssetType, error)

ListActiveByCategory lists active asset types by category.

func (*AssetTypeRepository) ListWithCategory 

func (r *AssetTypeRepository) ListWithCategory(
	ctx context.Context,
	filter assettype.Filter,
	opts assettype.ListOptions,
	page pagination.Pagination,
) (pagination.Result[*assettype.AssetTypeWithCategory], error)

ListWithCategory lists asset types with their categories.

type AuditLogRepository 

type AuditLogRepository struct {
	// contains filtered or unexported fields
}

AuditLogRepository implements admin.AuditLogRepository using PostgreSQL.

func NewAuditLogRepository 

func NewAuditLogRepository(db *DB) *AuditLogRepository

NewAuditLogRepository creates a new AuditLogRepository.

func (*AuditLogRepository) Count 

func (r *AuditLogRepository) Count(ctx context.Context, filter admin.AuditLogFilter) (int64, error)

Count counts audit logs with optional filter.

func (*AuditLogRepository) CountOlderThan 

func (r *AuditLogRepository) CountOlderThan(ctx context.Context, olderThan time.Time) (int64, error)

CountOlderThan counts audit logs older than the specified time.

func (*AuditLogRepository) Create 

func (r *AuditLogRepository) Create(ctx context.Context, log *admin.AuditLog) error

Create creates a new audit log entry.

func (*AuditLogRepository) DeleteOlderThan 

func (r *AuditLogRepository) DeleteOlderThan(ctx context.Context, olderThan time.Time) (int64, error)

DeleteOlderThan deletes audit logs older than the specified time.

func (*AuditLogRepository) GetByID 

func (r *AuditLogRepository) GetByID(ctx context.Context, id shared.ID) (*admin.AuditLog, error)

GetByID retrieves an audit log by ID.

func (*AuditLogRepository) GetFailedActions 

func (r *AuditLogRepository) GetFailedActions(ctx context.Context, since time.Duration, limit int) ([]*admin.AuditLog, error)

GetFailedActions returns recent failed actions (for monitoring).

func (*AuditLogRepository) GetRecentActions 

func (r *AuditLogRepository) GetRecentActions(ctx context.Context, limit int) ([]*admin.AuditLog, error)

GetRecentActions returns the most recent actions (for dashboard).

func (*AuditLogRepository) List 

func (r *AuditLogRepository) List(ctx context.Context, filter admin.AuditLogFilter, page pagination.Pagination) (pagination.Result[*admin.AuditLog], error)

List lists audit logs with filters and pagination.

func (*AuditLogRepository) ListByAdmin 

func (r *AuditLogRepository) ListByAdmin(ctx context.Context, adminID shared.ID, page pagination.Pagination) (pagination.Result[*admin.AuditLog], error)

ListByAdmin lists audit logs for a specific admin.

func (*AuditLogRepository) ListByResource 

func (r *AuditLogRepository) ListByResource(ctx context.Context, resourceType string, resourceID shared.ID, page pagination.Pagination) (pagination.Result[*admin.AuditLog], error)

ListByResource lists audit logs for a specific resource.

type AuditRepository 

type AuditRepository struct {
	// contains filtered or unexported fields
}

AuditRepository implements audit.Repository using PostgreSQL.

func NewAuditRepository 

func NewAuditRepository(db *DB) *AuditRepository

NewAuditRepository creates a new AuditRepository.

func (*AuditRepository) Count 

func (r *AuditRepository) Count(ctx context.Context, filter audit.Filter) (int64, error)

Count returns the count of audit logs matching the filter.

func (*AuditRepository) CountByAction 

func (r *AuditRepository) CountByAction(ctx context.Context, tenantID *shared.ID, action audit.Action, since time.Time) (int64, error)

CountByAction counts occurrences of an action within a time range.

func (*AuditRepository) Create 

func (r *AuditRepository) Create(ctx context.Context, log *audit.AuditLog) error

Create persists a new audit log entry.

func (*AuditRepository) CreateBatch 

func (r *AuditRepository) CreateBatch(ctx context.Context, logs []*audit.AuditLog) error

CreateBatch persists multiple audit log entries.

func (*AuditRepository) DeleteOlderThan 

func (r *AuditRepository) DeleteOlderThan(ctx context.Context, before time.Time) (int64, error)

DeleteOlderThan deletes audit logs older than the specified time.

func (*AuditRepository) GetByID 

func (r *AuditRepository) GetByID(ctx context.Context, id shared.ID) (*audit.AuditLog, error)

GetByID retrieves an audit log by ID.

func (*AuditRepository) GetByTenantAndID added in v0.1.3 

func (r *AuditRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*audit.AuditLog, error)

GetByTenantAndID retrieves an audit log by tenant and ID (tenant-scoped).

func (*AuditRepository) GetLatestByResource 

func (r *AuditRepository) GetLatestByResource(ctx context.Context, resourceType audit.ResourceType, resourceID string) (*audit.AuditLog, error)

GetLatestByResource retrieves the latest audit log for a resource.

func (*AuditRepository) List 

func (r *AuditRepository) List(ctx context.Context, filter audit.Filter, page pagination.Pagination) (pagination.Result[*audit.AuditLog], error)

List retrieves audit logs matching the filter with pagination.

func (*AuditRepository) ListByActor 

func (r *AuditRepository) ListByActor(ctx context.Context, actorID shared.ID, page pagination.Pagination) (pagination.Result[*audit.AuditLog], error)

ListByActor retrieves audit logs for a specific actor.

func (*AuditRepository) ListByResource 

func (r *AuditRepository) ListByResource(ctx context.Context, resourceType audit.ResourceType, resourceID string, page pagination.Pagination) (pagination.Result[*audit.AuditLog], error)

ListByResource retrieves audit logs for a specific resource.

type BranchRepository 

type BranchRepository struct {
	// contains filtered or unexported fields
}

BranchRepository implements branch.Repository using PostgreSQL.

func NewBranchRepository 

func NewBranchRepository(db *DB) *BranchRepository

NewBranchRepository creates a new BranchRepository.

func (*BranchRepository) Count 

func (r *BranchRepository) Count(ctx context.Context, filter branch.Filter) (int64, error)

Count returns the number of branches matching the filter.

func (*BranchRepository) Create 

func (r *BranchRepository) Create(ctx context.Context, b *branch.Branch) error

Create persists a new branch.

func (*BranchRepository) Delete 

func (r *BranchRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a branch.

func (*BranchRepository) ExistsByName 

func (r *BranchRepository) ExistsByName(ctx context.Context, repositoryID shared.ID, name string) (bool, error)

ExistsByName checks if a branch exists by repository ID and name.

func (*BranchRepository) GetByID 

func (r *BranchRepository) GetByID(ctx context.Context, id shared.ID) (*branch.Branch, error)

GetByID retrieves a branch by ID.

func (*BranchRepository) GetByName 

func (r *BranchRepository) GetByName(ctx context.Context, repositoryID shared.ID, name string) (*branch.Branch, error)

GetByName retrieves a branch by repository ID and name.

func (*BranchRepository) GetDefaultBranch 

func (r *BranchRepository) GetDefaultBranch(ctx context.Context, repositoryID shared.ID) (*branch.Branch, error)

GetDefaultBranch returns the default branch for a repository.

func (*BranchRepository) List 

func (r *BranchRepository) List(ctx context.Context, filter branch.Filter, opts branch.ListOptions, page pagination.Pagination) (pagination.Result[*branch.Branch], error)

List returns branches matching the filter.

func (*BranchRepository) ListByRepository 

func (r *BranchRepository) ListByRepository(ctx context.Context, repositoryID shared.ID) ([]*branch.Branch, error)

ListByRepository returns all branches for a repository.

func (*BranchRepository) SetDefaultBranch 

func (r *BranchRepository) SetDefaultBranch(ctx context.Context, repositoryID shared.ID, branchID shared.ID) error

SetDefaultBranch sets a branch as the default for a repository.

func (*BranchRepository) Update 

func (r *BranchRepository) Update(ctx context.Context, b *branch.Branch) error

Update updates an existing branch.

type CapabilityRepository 

type CapabilityRepository struct {
	// contains filtered or unexported fields
}

CapabilityRepository implements capability.Repository using PostgreSQL.

func NewCapabilityRepository 

func NewCapabilityRepository(db *DB) *CapabilityRepository

NewCapabilityRepository creates a new CapabilityRepository.

func (*CapabilityRepository) CountByTenant 

func (r *CapabilityRepository) CountByTenant(ctx context.Context, tenantID shared.ID) (int64, error)

CountByTenant returns the number of custom capabilities for a tenant.

func (*CapabilityRepository) Create 

func (r *CapabilityRepository) Create(ctx context.Context, c *capability.Capability) error

Create persists a new capability.

func (*CapabilityRepository) Delete 

func (r *CapabilityRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a capability by ID.

func (*CapabilityRepository) ExistsByName 

func (r *CapabilityRepository) ExistsByName(ctx context.Context, tenantID *shared.ID, name string) (bool, error)

ExistsByName checks if a capability with the given name exists in the scope.

func (*CapabilityRepository) GetByID 

func (r *CapabilityRepository) GetByID(ctx context.Context, id shared.ID) (*capability.Capability, error)

GetByID returns a capability by ID.

func (*CapabilityRepository) GetByName 

func (r *CapabilityRepository) GetByName(ctx context.Context, tenantID *shared.ID, name string) (*capability.Capability, error)

GetByName returns a capability by name within a scope.

func (*CapabilityRepository) GetByTenantAndID added in v0.1.3 

func (r *CapabilityRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*capability.Capability, error)

GetByTenantAndID returns a capability by tenant and ID (tenant-scoped).

func (*CapabilityRepository) GetCategories 

func (r *CapabilityRepository) GetCategories(ctx context.Context) ([]string, error)

GetCategories returns all unique capability categories.

func (*CapabilityRepository) GetUsageStats 

func (r *CapabilityRepository) GetUsageStats(ctx context.Context, capabilityID shared.ID) (*capability.CapabilityUsageStats, error)

GetUsageStats returns usage statistics for a capability. Checks both the tool_capabilities junction table AND tools.capabilities array Also checks agents.capabilities array for agent counts.

func (*CapabilityRepository) GetUsageStatsBatch 

func (r *CapabilityRepository) GetUsageStatsBatch(ctx context.Context, capabilityIDs []shared.ID) (map[shared.ID]*capability.CapabilityUsageStats, error)

GetUsageStatsBatch returns usage statistics for multiple capabilities. Performance: Uses single queries with UNNEST to avoid N+1 problem. Total queries: 3 (names, tools, agents) regardless of batch size.

func (*CapabilityRepository) List 

func (r *CapabilityRepository) List(ctx context.Context, filter capability.Filter, page pagination.Pagination) (pagination.Result[*capability.Capability], error)

List returns capabilities matching the filter with pagination.

func (*CapabilityRepository) ListAll 

func (r *CapabilityRepository) ListAll(ctx context.Context, tenantID *shared.ID) ([]*capability.Capability, error)

ListAll returns all capabilities for a tenant context.

func (*CapabilityRepository) ListByCategory 

func (r *CapabilityRepository) ListByCategory(ctx context.Context, tenantID *shared.ID, category string) ([]*capability.Capability, error)

ListByCategory returns all capabilities in a category.

func (*CapabilityRepository) ListByNames 

func (r *CapabilityRepository) ListByNames(ctx context.Context, tenantID *shared.ID, names []string) ([]*capability.Capability, error)

ListByNames returns capabilities by their names.

func (*CapabilityRepository) Update 

func (r *CapabilityRepository) Update(ctx context.Context, c *capability.Capability) error

Update updates an existing capability.

type CommandRepository 

type CommandRepository struct {
	// contains filtered or unexported fields
}

CommandRepository implements command.Repository using PostgreSQL.

func NewCommandRepository 

func NewCommandRepository(db *DB) *CommandRepository

NewCommandRepository creates a new CommandRepository.

func (*CommandRepository) CancelByPipelineRunID added in v0.1.5 

func (r *CommandRepository) CancelByPipelineRunID(ctx context.Context, tenantID, runID shared.ID) (int64, error)

CancelByPipelineRunID marks all non-terminal commands for a pipeline run as canceled. A command is "non-terminal" if its status is one of: pending, acknowledged, running. Terminal statuses (completed, failed, canceled, expired) are left untouched.

Tenant scoping is enforced — only commands belonging to the given tenant are affected. Returns the number of commands canceled.

func (*CommandRepository) CountActivePlatformJobsByTenant 

func (r *CommandRepository) CountActivePlatformJobsByTenant(ctx context.Context, tenantID shared.ID) (int, error)

CountActivePlatformJobsByTenant counts active platform jobs for a tenant.

func (*CommandRepository) CountQueuedPlatformJobs 

func (r *CommandRepository) CountQueuedPlatformJobs(ctx context.Context) (int, error)

CountQueuedPlatformJobs counts all queued platform jobs across all tenants.

func (*CommandRepository) CountQueuedPlatformJobsByTenant 

func (r *CommandRepository) CountQueuedPlatformJobsByTenant(ctx context.Context, tenantID shared.ID) (int, error)

CountQueuedPlatformJobsByTenant counts queued (pending, not dispatched) platform jobs for a tenant.

func (*CommandRepository) Create 

func (r *CommandRepository) Create(ctx context.Context, cmd *command.Command) error

Create persists a new command.

func (*CommandRepository) Delete 

func (r *CommandRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a command.

func (*CommandRepository) ExpireOldCommands 

func (r *CommandRepository) ExpireOldCommands(ctx context.Context) (int64, error)

ExpireOldCommands expires commands that have passed their expiration time.

func (*CommandRepository) ExpireOldPlatformJobs 

func (r *CommandRepository) ExpireOldPlatformJobs(ctx context.Context, maxQueueMinutes int) (int64, error)

ExpireOldPlatformJobs expires platform jobs that have been in queue too long.

func (*CommandRepository) FailExhaustedCommands 

func (r *CommandRepository) FailExhaustedCommands(ctx context.Context, maxRetries int) (int64, error)

FailExhaustedCommands marks commands that exceeded max retries as failed. Uses a database function for atomic operation. Returns the number of commands failed.

func (*CommandRepository) FindExpired 

func (r *CommandRepository) FindExpired(ctx context.Context) ([]*command.Command, error)

FindExpired finds commands that have expired but not yet marked as expired.

func (*CommandRepository) GetByAuthTokenHash 

func (r *CommandRepository) GetByAuthTokenHash(ctx context.Context, hash string) (*command.Command, error)

GetByAuthTokenHash retrieves a command by auth token hash.

func (*CommandRepository) GetByID 

func (r *CommandRepository) GetByID(ctx context.Context, id shared.ID) (*command.Command, error)

GetByID retrieves a command by its ID.

func (*CommandRepository) GetByTenantAndID 

func (r *CommandRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*command.Command, error)

GetByTenantAndID retrieves a command by tenant and ID.

func (*CommandRepository) GetNextPlatformJob 

func (r *CommandRepository) GetNextPlatformJob(ctx context.Context, agentID shared.ID, capabilities []string, tools []string) (*command.Command, error)

GetNextPlatformJob atomically claims the next job from the queue for an agent. Uses database function get_next_platform_job for atomic operation with FOR UPDATE SKIP LOCKED.

func (*CommandRepository) GetPendingForAgent 

func (r *CommandRepository) GetPendingForAgent(ctx context.Context, tenantID shared.ID, agentID *shared.ID, limit int) ([]*command.Command, error)

GetPendingForAgent retrieves pending commands for an agent.

func (*CommandRepository) GetPlatformJobsByAgent 

func (r *CommandRepository) GetPlatformJobsByAgent(ctx context.Context, agentID shared.ID, status *command.CommandStatus) ([]*command.Command, error)

GetPlatformJobsByAgent lists platform jobs assigned to an agent.

func (*CommandRepository) GetQueuePosition 

func (r *CommandRepository) GetQueuePosition(ctx context.Context, commandID shared.ID) (*command.QueuePosition, error)

GetQueuePosition gets the queue position for a specific command.

func (*CommandRepository) GetQueuedPlatformJobs 

func (r *CommandRepository) GetQueuedPlatformJobs(ctx context.Context, limit int) ([]*command.Command, error)

GetQueuedPlatformJobs retrieves queued platform jobs ordered by priority.

func (*CommandRepository) GetStatsByTenant 

func (r *CommandRepository) GetStatsByTenant(ctx context.Context, tenantID shared.ID) (command.CommandStats, error)

GetStatsByTenant returns aggregated command statistics for a tenant in a single query. This is optimized to avoid N queries when fetching stats.

func (*CommandRepository) List 

func (r *CommandRepository) List(ctx context.Context, filter command.Filter, page pagination.Pagination) (pagination.Result[*command.Command], error)

List lists commands with filters and pagination.

func (*CommandRepository) ListPlatformJobsAdmin 

func (r *CommandRepository) ListPlatformJobsAdmin(ctx context.Context, agentID, tenantID *shared.ID, status *command.CommandStatus, page pagination.Pagination) (pagination.Result[*command.Command], error)

ListPlatformJobsAdmin lists platform jobs across all tenants (admin only).

func (*CommandRepository) ListPlatformJobsByTenant 

func (r *CommandRepository) ListPlatformJobsByTenant(ctx context.Context, tenantID shared.ID, page pagination.Pagination) (pagination.Result[*command.Command], error)

ListPlatformJobsByTenant lists platform jobs for a tenant with pagination.

func (*CommandRepository) RecoverStuckJobs 

func (r *CommandRepository) RecoverStuckJobs(ctx context.Context, stuckThresholdMinutes int, maxRetries int) (int64, error)

RecoverStuckJobs returns stuck platform jobs to the queue. Uses a database function for atomic recovery.

func (*CommandRepository) RecoverStuckTenantCommands 

func (r *CommandRepository) RecoverStuckTenantCommands(ctx context.Context, stuckThresholdMinutes int, maxRetries int) (int64, error)

RecoverStuckTenantCommands returns stuck tenant commands to the pool. A command is stuck if it's assigned to an offline agent or hasn't been picked up. Uses a database function for atomic recovery. Returns the number of commands recovered.

func (*CommandRepository) Update 

func (r *CommandRepository) Update(ctx context.Context, cmd *command.Command) error

Update updates a command.

func (*CommandRepository) UpdateQueuePriorities 

func (r *CommandRepository) UpdateQueuePriorities(ctx context.Context) (int64, error)

UpdateQueuePriorities recalculates queue priorities for all pending platform jobs.

type ComplianceAssessmentRepository added in v0.1.2 

type ComplianceAssessmentRepository struct {
	// contains filtered or unexported fields
}

ComplianceAssessmentRepository handles compliance assessment persistence.

func NewComplianceAssessmentRepository added in v0.1.2 

func NewComplianceAssessmentRepository(db *DB) *ComplianceAssessmentRepository

NewComplianceAssessmentRepository creates a new ComplianceAssessmentRepository.

func (*ComplianceAssessmentRepository) GetByTenantAndControl added in v0.1.2 

func (r *ComplianceAssessmentRepository) GetByTenantAndControl(ctx context.Context, tenantID, controlID shared.ID) (*compliance.Assessment, error)

GetByTenantAndControl retrieves an assessment by tenant and control.

func (*ComplianceAssessmentRepository) GetOverdueCount added in v0.1.2 

func (r *ComplianceAssessmentRepository) GetOverdueCount(ctx context.Context, tenantID shared.ID) (int64, error)

GetOverdueCount returns count of overdue assessments.

func (*ComplianceAssessmentRepository) GetStatsByFramework added in v0.1.2 

func (r *ComplianceAssessmentRepository) GetStatsByFramework(ctx context.Context, tenantID, frameworkID shared.ID) (*compliance.FrameworkStats, error)

GetStatsByFramework returns compliance stats for a framework.

func (*ComplianceAssessmentRepository) ListByFramework added in v0.1.2 

func (r *ComplianceAssessmentRepository) ListByFramework(ctx context.Context, tenantID, frameworkID shared.ID, page pagination.Pagination) (pagination.Result[*compliance.Assessment], error)

ListByFramework lists assessments for a framework.

func (*ComplianceAssessmentRepository) Upsert added in v0.1.2 

func (r *ComplianceAssessmentRepository) Upsert(ctx context.Context, a *compliance.Assessment) error

Upsert creates or updates an assessment.

type ComplianceControlRepository added in v0.1.2 

type ComplianceControlRepository struct {
	// contains filtered or unexported fields
}

ComplianceControlRepository handles compliance control persistence.

func NewComplianceControlRepository added in v0.1.2 

func NewComplianceControlRepository(db *DB) *ComplianceControlRepository

NewComplianceControlRepository creates a new ComplianceControlRepository.

func (*ComplianceControlRepository) CountByFramework added in v0.1.2 

func (r *ComplianceControlRepository) CountByFramework(ctx context.Context, frameworkID shared.ID) (int64, error)

CountByFramework returns the number of controls in a framework.

func (*ComplianceControlRepository) Create added in v0.1.2 

func (r *ComplianceControlRepository) Create(ctx context.Context, c *compliance.Control) error

Create persists a new control.

func (*ComplianceControlRepository) GetByID added in v0.1.2 

func (r *ComplianceControlRepository) GetByID(ctx context.Context, id shared.ID) (*compliance.Control, error)

GetByID retrieves a control by ID.

func (*ComplianceControlRepository) ListByFramework added in v0.1.2 

func (r *ComplianceControlRepository) ListByFramework(ctx context.Context, frameworkID shared.ID, page pagination.Pagination) (pagination.Result[*compliance.Control], error)

ListByFramework retrieves controls for a framework.

type ComplianceFrameworkRepository added in v0.1.2 

type ComplianceFrameworkRepository struct {
	// contains filtered or unexported fields
}

ComplianceFrameworkRepository handles compliance framework persistence.

func NewComplianceFrameworkRepository added in v0.1.2 

func NewComplianceFrameworkRepository(db *DB) *ComplianceFrameworkRepository

NewComplianceFrameworkRepository creates a new ComplianceFrameworkRepository.

func (*ComplianceFrameworkRepository) Create added in v0.1.2 

func (r *ComplianceFrameworkRepository) Create(ctx context.Context, f *compliance.Framework) error

Create persists a new framework.

func (*ComplianceFrameworkRepository) Delete added in v0.1.2 

func (r *ComplianceFrameworkRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a framework with tenant isolation.

func (*ComplianceFrameworkRepository) GetByID added in v0.1.2 

func (r *ComplianceFrameworkRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*compliance.Framework, error)

GetByID retrieves a framework by ID with tenant isolation.

func (*ComplianceFrameworkRepository) GetBySlug added in v0.1.2 

func (r *ComplianceFrameworkRepository) GetBySlug(ctx context.Context, slug string) (*compliance.Framework, error)

GetBySlug retrieves a system framework by slug.

func (*ComplianceFrameworkRepository) List added in v0.1.2 

func (r *ComplianceFrameworkRepository) List(ctx context.Context, filter compliance.FrameworkFilter, page pagination.Pagination) (pagination.Result[*compliance.Framework], error)

List retrieves frameworks with filtering.

func (*ComplianceFrameworkRepository) Update added in v0.1.2 

func (r *ComplianceFrameworkRepository) Update(ctx context.Context, tenantID shared.ID, f *compliance.Framework) error

Update persists framework changes with tenant isolation.

type ComplianceMappingRepository added in v0.1.2 

type ComplianceMappingRepository struct {
	// contains filtered or unexported fields
}

ComplianceMappingRepository handles finding-to-control mapping persistence.

func NewComplianceMappingRepository added in v0.1.2 

func NewComplianceMappingRepository(db *DB) *ComplianceMappingRepository

NewComplianceMappingRepository creates a new ComplianceMappingRepository.

func (*ComplianceMappingRepository) Create added in v0.1.2 

func (r *ComplianceMappingRepository) Create(ctx context.Context, m *compliance.FindingControlMapping) error

Create persists a new mapping.

func (*ComplianceMappingRepository) Delete added in v0.1.2 

func (r *ComplianceMappingRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a mapping by ID with tenant isolation.

func (*ComplianceMappingRepository) ListByControl added in v0.1.2 

func (r *ComplianceMappingRepository) ListByControl(ctx context.Context, tenantID, controlID shared.ID) ([]*compliance.FindingControlMapping, error)

ListByControl lists all finding mappings for a control.

func (*ComplianceMappingRepository) ListByFinding added in v0.1.2 

func (r *ComplianceMappingRepository) ListByFinding(ctx context.Context, tenantID, findingID shared.ID) ([]*compliance.FindingControlMapping, error)

ListByFinding lists all control mappings for a finding.

type ComponentRepository 

type ComponentRepository struct {
	// contains filtered or unexported fields
}

ComponentRepository implements component.Repository using PostgreSQL.

func NewComponentRepository 

func NewComponentRepository(db *DB) *ComponentRepository

NewComponentRepository creates a new ComponentRepository.

func (*ComponentRepository) DeleteByAssetID 

func (r *ComponentRepository) DeleteByAssetID(ctx context.Context, assetID shared.ID) error

DeleteByAssetID removes all dependencies for an asset.

func (*ComponentRepository) DeleteDependency 

func (r *ComponentRepository) DeleteDependency(ctx context.Context, id shared.ID) error

DeleteDependency removes a specific dependency link.

func (*ComponentRepository) GetByID 

func (r *ComponentRepository) GetByID(ctx context.Context, id shared.ID) (*component.Component, error)

GetByID retrieves a component by ID.

func (*ComponentRepository) GetByPURL 

func (r *ComponentRepository) GetByPURL(ctx context.Context, purl string) (*component.Component, error)

GetByPURL retrieves a global component by PURL.

func (*ComponentRepository) GetDependency 

func (r *ComponentRepository) GetDependency(ctx context.Context, id shared.ID) (*component.AssetDependency, error)

GetDependency retrieves a dependency by ID.

func (*ComponentRepository) GetEcosystemStats 

func (r *ComponentRepository) GetEcosystemStats(ctx context.Context, tenantID shared.ID) ([]component.EcosystemStats, error)

GetEcosystemStats returns per-ecosystem statistics for a tenant.

func (*ComponentRepository) GetExistingDependencyByComponentID 

func (r *ComponentRepository) GetExistingDependencyByComponentID(ctx context.Context, assetID shared.ID, componentID shared.ID, path string) (*component.AssetDependency, error)

GetExistingDependencyByComponentID retrieves an existing asset_component by asset, component ID, and path.

func (*ComponentRepository) GetExistingDependencyByPURL 

func (r *ComponentRepository) GetExistingDependencyByPURL(ctx context.Context, assetID shared.ID, purl string) (*component.AssetDependency, error)

GetExistingDependencyByPURL retrieves an existing asset_component by asset and component PURL. Used for parent lookup during rescan when parent component exists from previous scan. Returns nil, nil if not found.

func (*ComponentRepository) GetLicenseStats 

func (r *ComponentRepository) GetLicenseStats(ctx context.Context, tenantID shared.ID) ([]component.LicenseStats, error)

GetLicenseStats returns license statistics for a tenant.

func (*ComponentRepository) GetStats 

func (r *ComponentRepository) GetStats(ctx context.Context, tenantID shared.ID) (*component.ComponentStats, error)

GetStats returns aggregated component statistics for a tenant.

func (*ComponentRepository) GetVulnerableComponents 

func (r *ComponentRepository) GetVulnerableComponents(ctx context.Context, tenantID shared.ID, limit int) ([]component.VulnerableComponent, error)

GetVulnerableComponents returns components with vulnerability details for a tenant.

func (*ComponentRepository) LinkAsset 

func (r *ComponentRepository) LinkAsset(ctx context.Context, dep *component.AssetDependency) error

LinkAsset creates a record in asset_components table. Uses a subquery to pull name/version/ecosystem/purl from the global components table.

func (*ComponentRepository) LinkLicenses 

func (r *ComponentRepository) LinkLicenses(ctx context.Context, componentID shared.ID, licenses []string) (int, error)

LinkLicenses links licenses to a component. It upserts licenses into the licenses table and creates links in component_licenses. Returns the count of successfully linked licenses. Security: Validates license names and limits the number of licenses per component.

func (*ComponentRepository) ListComponents 

func (r *ComponentRepository) ListComponents(ctx context.Context, filter component.Filter, page pagination.Pagination) (pagination.Result[*component.Component], error)

ListComponents retrieves global components.

func (*ComponentRepository) ListDependencies 

func (r *ComponentRepository) ListDependencies(ctx context.Context, assetID shared.ID, page pagination.Pagination) (pagination.Result[*component.AssetDependency], error)

ListDependencies retrieves dependencies for an asset.

func (*ComponentRepository) UpdateAssetDependencyParent 

func (r *ComponentRepository) UpdateAssetDependencyParent(ctx context.Context, id shared.ID, parentID shared.ID, depth int) error

UpdateAssetDependencyParent updates the parent_component_id and depth of an asset_component.

func (*ComponentRepository) UpdateDependency 

func (r *ComponentRepository) UpdateDependency(ctx context.Context, dep *component.AssetDependency) error

UpdateDependency updates a dependency (e.g. type or path).

func (*ComponentRepository) Upsert 

func (r *ComponentRepository) Upsert(ctx context.Context, comp *component.Component) (shared.ID, error)

Upsert persists a global component.

type DB 

type DB struct {
	*sql.DB
}

DB wraps sql.DB with additional functionality.

func New 

func New(cfg *config.DatabaseConfig) (*DB, error)

New creates a new database connection.

func (*DB) Close 

func (db *DB) Close() error

Close closes the database connection.

func (*DB) HealthCheck 

func (db *DB) HealthCheck(ctx context.Context) error

HealthCheck performs a health check on the database.

func (*DB) Ping 

func (db *DB) Ping(ctx context.Context) error

Ping implements the Pinger interface for health checks.

func (*DB) Transaction 

func (db *DB) Transaction(ctx context.Context, fn func(tx *sql.Tx) error) error

Transaction executes a function within a database transaction.

type DashboardRepository 

type DashboardRepository struct {
	// contains filtered or unexported fields
}

DashboardRepository implements app.DashboardStatsRepository using PostgreSQL.

func NewDashboardRepository 

func NewDashboardRepository(db *sql.DB) *DashboardRepository

NewDashboardRepository creates a new DashboardRepository.

func (*DashboardRepository) GetAllStats added in v0.1.2 

func (r *DashboardRepository) GetAllStats(ctx context.Context, tenantID shared.ID) (*app.DashboardAllStats, error)

GetAllStats returns all dashboard statistics for a tenant in 2 optimized queries instead of 10+ separate queries. This is used by the main dashboard endpoint.

func (*DashboardRepository) GetAssetStats 

func (r *DashboardRepository) GetAssetStats(ctx context.Context, tenantID shared.ID) (app.AssetStatsData, error)

GetAssetStats returns asset statistics for a tenant.

func (*DashboardRepository) GetFilteredAssetStats 

func (r *DashboardRepository) GetFilteredAssetStats(ctx context.Context, tenantIDs []string) (app.AssetStatsData, error)

GetFilteredAssetStats returns asset statistics filtered by tenant IDs.

func (*DashboardRepository) GetFilteredFindingStats 

func (r *DashboardRepository) GetFilteredFindingStats(ctx context.Context, tenantIDs []string) (app.FindingStatsData, error)

GetFilteredFindingStats returns finding statistics filtered by tenant IDs.

func (*DashboardRepository) GetFilteredRecentActivity 

func (r *DashboardRepository) GetFilteredRecentActivity(ctx context.Context, tenantIDs []string, limit int) ([]app.ActivityItem, error)

GetFilteredRecentActivity returns recent activity filtered by tenant IDs.

func (*DashboardRepository) GetFilteredRepositoryStats 

func (r *DashboardRepository) GetFilteredRepositoryStats(ctx context.Context, tenantIDs []string) (app.RepositoryStatsData, error)

GetFilteredRepositoryStats returns repository statistics filtered by tenant IDs.

func (*DashboardRepository) GetFindingStats 

func (r *DashboardRepository) GetFindingStats(ctx context.Context, tenantID shared.ID) (app.FindingStatsData, error)

GetFindingStats returns finding statistics for a tenant.

func (*DashboardRepository) GetFindingTrend added in v0.1.2 

func (r *DashboardRepository) GetFindingTrend(ctx context.Context, tenantID shared.ID, months int) ([]app.FindingTrendPoint, error)

GetFindingTrend returns monthly finding counts by severity for a tenant. Uses a single query with date_trunc and FILTER to pivot severity counts.

func (*DashboardRepository) GetGlobalAssetStats 

func (r *DashboardRepository) GetGlobalAssetStats(ctx context.Context) (app.AssetStatsData, error)

GetGlobalAssetStats returns global asset statistics.

func (*DashboardRepository) GetGlobalFindingStats 

func (r *DashboardRepository) GetGlobalFindingStats(ctx context.Context) (app.FindingStatsData, error)

GetGlobalFindingStats returns global finding statistics.

func (*DashboardRepository) GetGlobalRecentActivity 

func (r *DashboardRepository) GetGlobalRecentActivity(ctx context.Context, limit int) ([]app.ActivityItem, error)

GetGlobalRecentActivity returns global recent activity.

func (*DashboardRepository) GetGlobalRepositoryStats 

func (r *DashboardRepository) GetGlobalRepositoryStats(ctx context.Context) (app.RepositoryStatsData, error)

GetGlobalRepositoryStats returns global repository statistics.

func (*DashboardRepository) GetRecentActivity 

func (r *DashboardRepository) GetRecentActivity(ctx context.Context, tenantID shared.ID, limit int) ([]app.ActivityItem, error)

GetRecentActivity returns recent activity for a tenant.

func (*DashboardRepository) GetRepositoryStats 

func (r *DashboardRepository) GetRepositoryStats(ctx context.Context, tenantID shared.ID) (app.RepositoryStatsData, error)

GetRepositoryStats returns repository statistics for a tenant.

type DataFlowRepository 

type DataFlowRepository struct {
	// contains filtered or unexported fields
}

DataFlowRepository implements vulnerability.DataFlowRepository using PostgreSQL.

func NewDataFlowRepository 

func NewDataFlowRepository(db *DB) *DataFlowRepository

NewDataFlowRepository creates a new DataFlowRepository.

func (*DataFlowRepository) CreateDataFlow 

func (r *DataFlowRepository) CreateDataFlow(ctx context.Context, flow *vulnerability.FindingDataFlow) error

CreateDataFlow persists a new data flow.

func (*DataFlowRepository) CreateDataFlowBatch 

func (r *DataFlowRepository) CreateDataFlowBatch(ctx context.Context, flows []*vulnerability.FindingDataFlow) error

CreateDataFlowBatch persists multiple data flows.

func (*DataFlowRepository) CreateFlowLocation 

func (r *DataFlowRepository) CreateFlowLocation(ctx context.Context, location *vulnerability.FindingFlowLocation) error

CreateFlowLocation persists a new flow location.

func (*DataFlowRepository) CreateFlowLocationBatch 

func (r *DataFlowRepository) CreateFlowLocationBatch(ctx context.Context, locations []*vulnerability.FindingFlowLocation) error

CreateFlowLocationBatch persists multiple flow locations.

func (*DataFlowRepository) DeleteDataFlowsByFinding 

func (r *DataFlowRepository) DeleteDataFlowsByFinding(ctx context.Context, findingID shared.ID) error

DeleteDataFlowsByFinding removes all data flows for a finding.

func (*DataFlowRepository) DeleteFlowLocationsByDataFlow 

func (r *DataFlowRepository) DeleteFlowLocationsByDataFlow(ctx context.Context, dataFlowID shared.ID) error

DeleteFlowLocationsByDataFlow removes all locations for a data flow.

func (*DataFlowRepository) GetDataFlowByID 

func (r *DataFlowRepository) GetDataFlowByID(ctx context.Context, id shared.ID) (*vulnerability.FindingDataFlow, error)

GetDataFlowByID retrieves a data flow by ID.

func (*DataFlowRepository) GetDataFlowsWithLocations 

func (r *DataFlowRepository) GetDataFlowsWithLocations(ctx context.Context, findingID shared.ID) ([]*vulnerability.FindingDataFlow, map[string][]*vulnerability.FindingFlowLocation, error)

GetDataFlowsWithLocations retrieves all data flows for a finding with their locations in optimized queries. This optimizes the N+1 query problem by: 1. One query to get all data flows 2. One query to get all locations for all data flows (using ANY clause) Total: 2 queries instead of 1 + N queries

func (*DataFlowRepository) GetDataFlowsWithLocationsByTenant 

func (r *DataFlowRepository) GetDataFlowsWithLocationsByTenant(ctx context.Context, findingID, tenantID shared.ID) ([]*vulnerability.FindingDataFlow, map[string][]*vulnerability.FindingFlowLocation, error)

GetDataFlowsWithLocationsByTenant retrieves data flows with tenant verification. SECURITY: This method provides defense-in-depth by verifying the finding belongs to the specified tenant before returning data flows. Use this when tenant context is available to prevent IDOR attacks.

func (*DataFlowRepository) GetFlowLocationByID 

func (r *DataFlowRepository) GetFlowLocationByID(ctx context.Context, id shared.ID) (*vulnerability.FindingFlowLocation, error)

GetFlowLocationByID retrieves a flow location by ID.

func (*DataFlowRepository) ListDataFlowsByFinding 

func (r *DataFlowRepository) ListDataFlowsByFinding(ctx context.Context, findingID shared.ID) ([]*vulnerability.FindingDataFlow, error)

ListDataFlowsByFinding retrieves all data flows for a finding.

func (*DataFlowRepository) ListFlowLocationsByDataFlow 

func (r *DataFlowRepository) ListFlowLocationsByDataFlow(ctx context.Context, dataFlowID shared.ID) ([]*vulnerability.FindingFlowLocation, error)

ListFlowLocationsByDataFlow retrieves all locations for a data flow.

func (*DataFlowRepository) ListFlowLocationsByFile 

func (r *DataFlowRepository) ListFlowLocationsByFile(ctx context.Context, tenantID shared.ID, filePath string, page pagination.Pagination) (pagination.Result[*vulnerability.FindingFlowLocation], error)

ListFlowLocationsByFile retrieves all flow locations in a file for a specific tenant. SECURITY: Always requires tenantID to prevent cross-tenant data access.

func (*DataFlowRepository) ListFlowLocationsByFunction 

func (r *DataFlowRepository) ListFlowLocationsByFunction(ctx context.Context, tenantID shared.ID, functionName string, page pagination.Pagination) (pagination.Result[*vulnerability.FindingFlowLocation], error)

ListFlowLocationsByFunction retrieves all flow locations in a function for a specific tenant. SECURITY: Always requires tenantID to prevent cross-tenant data access.

func (*DataFlowRepository) ListSourcesAndSinks 

func (r *DataFlowRepository) ListSourcesAndSinks(ctx context.Context, findingID shared.ID) ([]*vulnerability.FindingFlowLocation, error)

ListSourcesAndSinks retrieves all source and sink locations for a finding.

type DataSourceRepository 

type DataSourceRepository struct {
	// contains filtered or unexported fields
}

DataSourceRepository implements datasource.Repository using PostgreSQL.

func NewDataSourceRepository 

func NewDataSourceRepository(db *DB) *DataSourceRepository

NewDataSourceRepository creates a new DataSourceRepository.

func (*DataSourceRepository) Count 

func (r *DataSourceRepository) Count(ctx context.Context, filter datasource.Filter) (int64, error)

Count returns the total number of data sources matching the filter.

func (*DataSourceRepository) Create 

func (r *DataSourceRepository) Create(ctx context.Context, ds *datasource.DataSource) error

Create creates a new data source.

func (*DataSourceRepository) Delete 

func (r *DataSourceRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a data source by ID.

func (*DataSourceRepository) GetActiveByTenant 

func (r *DataSourceRepository) GetActiveByTenant(ctx context.Context, tenantID shared.ID) ([]*datasource.DataSource, error)

GetActiveByTenant retrieves all active data sources for a tenant.

func (*DataSourceRepository) GetByAPIKeyPrefix 

func (r *DataSourceRepository) GetByAPIKeyPrefix(ctx context.Context, prefix string) (*datasource.DataSource, error)

GetByAPIKeyPrefix retrieves a data source by API key prefix.

func (*DataSourceRepository) GetByID 

func (r *DataSourceRepository) GetByID(ctx context.Context, id shared.ID) (*datasource.DataSource, error)

GetByID retrieves a data source by ID.

func (*DataSourceRepository) GetByTenantAndName 

func (r *DataSourceRepository) GetByTenantAndName(ctx context.Context, tenantID shared.ID, name string) (*datasource.DataSource, error)

GetByTenantAndName retrieves a data source by tenant ID and name.

func (*DataSourceRepository) List 

func (r *DataSourceRepository) List(ctx context.Context, filter datasource.Filter, opts datasource.ListOptions) (datasource.ListResult, error)

List lists data sources with filtering and pagination.

func (*DataSourceRepository) MarkStaleAsInactive 

func (r *DataSourceRepository) MarkStaleAsInactive(ctx context.Context, tenantID shared.ID, staleThresholdMinutes int) (int, error)

MarkStaleAsInactive marks data sources that haven't been seen recently as inactive.

func (*DataSourceRepository) Update 

func (r *DataSourceRepository) Update(ctx context.Context, ds *datasource.DataSource) error

Update updates an existing data source.

type EPSSRepository 

type EPSSRepository struct {
	// contains filtered or unexported fields
}

EPSSRepository implements threatintel.EPSSRepository.

func (*EPSSRepository) Count 

func (r *EPSSRepository) Count(ctx context.Context) (int64, error)

Count returns the total number of EPSS scores.

func (*EPSSRepository) DeleteAll 

func (r *EPSSRepository) DeleteAll(ctx context.Context) error

DeleteAll removes all EPSS scores.

func (*EPSSRepository) GetByCVEID 

func (r *EPSSRepository) GetByCVEID(ctx context.Context, cveID string) (*threatintel.EPSSScore, error)

GetByCVEID retrieves an EPSS score by CVE ID.

func (*EPSSRepository) GetByCVEIDs 

func (r *EPSSRepository) GetByCVEIDs(ctx context.Context, cveIDs []string) ([]*threatintel.EPSSScore, error)

GetByCVEIDs retrieves EPSS scores for multiple CVE IDs.

func (*EPSSRepository) GetHighRisk 

func (r *EPSSRepository) GetHighRisk(ctx context.Context, threshold float64, limit int) ([]*threatintel.EPSSScore, error)

GetHighRisk retrieves all high-risk EPSS scores (score > threshold).

func (*EPSSRepository) GetTopPercentile 

func (r *EPSSRepository) GetTopPercentile(ctx context.Context, percentile float64, limit int) ([]*threatintel.EPSSScore, error)

GetTopPercentile retrieves scores in top N percentile.

func (*EPSSRepository) Upsert 

func (r *EPSSRepository) Upsert(ctx context.Context, score *threatintel.EPSSScore) error

Upsert creates or updates an EPSS score.

func (*EPSSRepository) UpsertBatch 

func (r *EPSSRepository) UpsertBatch(ctx context.Context, scores []*threatintel.EPSSScore) error

UpsertBatch creates or updates multiple EPSS scores efficiently.

type ExposureRepository 

type ExposureRepository struct {
	// contains filtered or unexported fields
}

ExposureRepository implements exposure.Repository using PostgreSQL.

func NewExposureRepository 

func NewExposureRepository(db *DB) *ExposureRepository

NewExposureRepository creates a new ExposureRepository.

func (*ExposureRepository) BulkUpsert 

func (r *ExposureRepository) BulkUpsert(ctx context.Context, events []*exposure.ExposureEvent) error

BulkUpsert creates or updates multiple exposure events based on fingerprint. OPTIMIZED: Uses batch INSERT with ON CONFLICT for better performance than individual upserts.

func (*ExposureRepository) Count 

func (r *ExposureRepository) Count(ctx context.Context, filter exposure.Filter) (int64, error)

Count returns the total number of exposure events matching the filter.

func (*ExposureRepository) CountBySeverity 

func (r *ExposureRepository) CountBySeverity(ctx context.Context, tenantID shared.ID) (map[exposure.Severity]int64, error)

CountBySeverity returns counts grouped by severity for a tenant.

func (*ExposureRepository) CountByState 

func (r *ExposureRepository) CountByState(ctx context.Context, tenantID shared.ID) (map[exposure.State]int64, error)

CountByState returns counts grouped by state for a tenant.

func (*ExposureRepository) Create 

func (r *ExposureRepository) Create(ctx context.Context, event *exposure.ExposureEvent) error

Create persists a new exposure event.

func (*ExposureRepository) CreateInTx 

func (r *ExposureRepository) CreateInTx(ctx context.Context, tx *sql.Tx, event *exposure.ExposureEvent) error

CreateInTx persists a new exposure event within an existing transaction.

func (*ExposureRepository) Delete 

func (r *ExposureRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes an exposure event by its ID.

func (*ExposureRepository) ExistsByFingerprint 

func (r *ExposureRepository) ExistsByFingerprint(ctx context.Context, tenantID shared.ID, fingerprint string) (bool, error)

ExistsByFingerprint checks if an exposure event with the given fingerprint exists.

func (*ExposureRepository) GetByFingerprint 

func (r *ExposureRepository) GetByFingerprint(ctx context.Context, tenantID shared.ID, fingerprint string) (*exposure.ExposureEvent, error)

GetByFingerprint retrieves an exposure event by fingerprint within a tenant.

func (*ExposureRepository) GetByID 

func (r *ExposureRepository) GetByID(ctx context.Context, id shared.ID) (*exposure.ExposureEvent, error)

GetByID retrieves an exposure event by its ID.

func (*ExposureRepository) GetByTenantAndID added in v0.1.3 

func (r *ExposureRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*exposure.ExposureEvent, error)

GetByTenantAndID retrieves an exposure event by tenant and ID.

func (*ExposureRepository) List 

func (r *ExposureRepository) List(
	ctx context.Context,
	filter exposure.Filter,
	opts exposure.ListOptions,
	page pagination.Pagination,
) (pagination.Result[*exposure.ExposureEvent], error)

List retrieves exposure events with filtering, sorting, and pagination.

func (*ExposureRepository) ListByAsset 

func (r *ExposureRepository) ListByAsset(ctx context.Context, assetID shared.ID, page pagination.Pagination) (pagination.Result[*exposure.ExposureEvent], error)

ListByAsset retrieves all exposure events for an asset.

func (*ExposureRepository) Update 

func (r *ExposureRepository) Update(ctx context.Context, event *exposure.ExposureEvent) error

Update updates an existing exposure event.

func (*ExposureRepository) Upsert 

func (r *ExposureRepository) Upsert(ctx context.Context, event *exposure.ExposureEvent) error

Upsert creates or updates an exposure event based on fingerprint.

type ExposureStateHistoryRepository 

type ExposureStateHistoryRepository struct {
	// contains filtered or unexported fields
}

ExposureStateHistoryRepository implements exposure.StateHistoryRepository using PostgreSQL.

func NewExposureStateHistoryRepository 

func NewExposureStateHistoryRepository(db *DB) *ExposureStateHistoryRepository

NewExposureStateHistoryRepository creates a new ExposureStateHistoryRepository.

func (*ExposureStateHistoryRepository) Create 

func (r *ExposureStateHistoryRepository) Create(ctx context.Context, history *exposure.StateHistory) error

Create persists a new state history entry.

func (*ExposureStateHistoryRepository) GetLatest 

func (r *ExposureStateHistoryRepository) GetLatest(ctx context.Context, exposureEventID shared.ID) (*exposure.StateHistory, error)

GetLatest retrieves the most recent state change for an exposure event.

func (*ExposureStateHistoryRepository) ListByExposureEvent 

func (r *ExposureStateHistoryRepository) ListByExposureEvent(ctx context.Context, exposureEventID shared.ID) ([]*exposure.StateHistory, error)

ListByExposureEvent retrieves all state history for an exposure event.

type FindingActivityRepository 

type FindingActivityRepository struct {
	// contains filtered or unexported fields
}

FindingActivityRepository handles finding activity persistence. This repository is APPEND-ONLY - it does not support Update or Delete operations.

func NewFindingActivityRepository 

func NewFindingActivityRepository(db *DB) *FindingActivityRepository

NewFindingActivityRepository creates a new FindingActivityRepository.

func (*FindingActivityRepository) CountByFinding 

func (r *FindingActivityRepository) CountByFinding(
	ctx context.Context,
	findingID shared.ID,
	tenantID shared.ID,
	filter vulnerability.FindingActivityFilter,
) (int64, error)

CountByFinding counts activities for a finding. Security: tenantID is required to ensure tenant isolation.

func (*FindingActivityRepository) Create 

func (r *FindingActivityRepository) Create(ctx context.Context, activity *vulnerability.FindingActivity) error

Create persists a new finding activity.

func (*FindingActivityRepository) CreateBatch added in v0.1.2 

func (r *FindingActivityRepository) CreateBatch(ctx context.Context, activities []*vulnerability.FindingActivity) error

CreateBatch persists multiple finding activities in chunked INSERTs for performance. This is used for bulk operations like auto-resolve and auto-reopen during ingestion.

func (*FindingActivityRepository) DeleteByCommentID added in v0.1.2 

func (r *FindingActivityRepository) DeleteByCommentID(ctx context.Context, tenantID shared.ID, commentID string) error

DeleteByCommentID removes the comment_added activity for a given comment ID. Exception to append-only: user comment content is not an audit event. Security: tenantID is required to prevent cross-tenant data modification.

func (*FindingActivityRepository) GetByID 

func (r *FindingActivityRepository) GetByID(ctx context.Context, id shared.ID) (*vulnerability.FindingActivity, error)

GetByID retrieves an activity by ID.

func (*FindingActivityRepository) ListByFinding 

func (r *FindingActivityRepository) ListByFinding(
	ctx context.Context,
	findingID shared.ID,
	tenantID shared.ID,
	filter vulnerability.FindingActivityFilter,
	page pagination.Pagination,
) (pagination.Result[*vulnerability.FindingActivity], error)

ListByFinding retrieves activities for a finding with pagination. Security: tenantID is required to prevent cross-tenant data access.

func (*FindingActivityRepository) ListByTenant 

func (r *FindingActivityRepository) ListByTenant(
	ctx context.Context,
	tenantID shared.ID,
	filter vulnerability.FindingActivityFilter,
	page pagination.Pagination,
) (pagination.Result[*vulnerability.FindingActivity], error)

ListByTenant retrieves activities for a tenant with pagination.

func (*FindingActivityRepository) UpdateContentByCommentID added in v0.1.2 

func (r *FindingActivityRepository) UpdateContentByCommentID(ctx context.Context, tenantID shared.ID, commentID string, content string) error

UpdateContentByCommentID updates the content in the comment_added activity for a given comment ID. Security: tenantID is required to prevent cross-tenant data modification.

type FindingApprovalRepository added in v0.1.2 

type FindingApprovalRepository struct {
	// contains filtered or unexported fields
}

FindingApprovalRepository implements vulnerability.ApprovalRepository using PostgreSQL.

func NewFindingApprovalRepository added in v0.1.2 

func NewFindingApprovalRepository(db *DB) *FindingApprovalRepository

NewFindingApprovalRepository creates a new FindingApprovalRepository.

func (*FindingApprovalRepository) Create added in v0.1.2 

func (r *FindingApprovalRepository) Create(ctx context.Context, a *vulnerability.Approval) error

Create persists a new approval request.

func (*FindingApprovalRepository) GetByTenantAndID added in v0.1.2 

func (r *FindingApprovalRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*vulnerability.Approval, error)

GetByTenantAndID retrieves an approval by tenant and ID.

func (*FindingApprovalRepository) ListByFinding added in v0.1.2 

func (r *FindingApprovalRepository) ListByFinding(ctx context.Context, tenantID, findingID shared.ID) ([]*vulnerability.Approval, error)

ListByFinding retrieves all approvals for a finding.

func (*FindingApprovalRepository) ListExpiredApproved added in v0.1.2 

func (r *FindingApprovalRepository) ListExpiredApproved(ctx context.Context, limit int) ([]*vulnerability.Approval, error)

ListExpiredApproved retrieves all approved approvals that have expired. Cross-tenant query for the background expiration controller.

func (*FindingApprovalRepository) ListPending added in v0.1.2 

func (r *FindingApprovalRepository) ListPending(ctx context.Context, tenantID shared.ID, page pagination.Pagination) (pagination.Result[*vulnerability.Approval], error)

ListPending retrieves all pending approvals for a tenant.

func (*FindingApprovalRepository) Update added in v0.1.2 

func (r *FindingApprovalRepository) Update(ctx context.Context, a *vulnerability.Approval) error

Update updates an approval.

type FindingCommentRepository 

type FindingCommentRepository struct {
	// contains filtered or unexported fields
}

FindingCommentRepository handles finding comment persistence.

func NewFindingCommentRepository 

func NewFindingCommentRepository(db *DB) *FindingCommentRepository

NewFindingCommentRepository creates a new FindingCommentRepository.

func (*FindingCommentRepository) CountByFinding 

func (r *FindingCommentRepository) CountByFinding(ctx context.Context, findingID shared.ID) (int, error)

CountByFinding returns the comment count for a finding.

func (*FindingCommentRepository) Create 

func (r *FindingCommentRepository) Create(ctx context.Context, comment *vulnerability.FindingComment) error

Create persists a new finding comment.

func (*FindingCommentRepository) Delete 

func (r *FindingCommentRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a comment.

func (*FindingCommentRepository) GetByID 

func (r *FindingCommentRepository) GetByID(ctx context.Context, id shared.ID) (*vulnerability.FindingComment, error)

GetByID retrieves a comment by ID.

func (*FindingCommentRepository) ListByFinding 

func (r *FindingCommentRepository) ListByFinding(ctx context.Context, findingID shared.ID) ([]*vulnerability.FindingComment, error)

ListByFinding returns all comments for a finding.

func (*FindingCommentRepository) Update 

func (r *FindingCommentRepository) Update(ctx context.Context, comment *vulnerability.FindingComment) error

Update updates an existing comment.

type FindingDataSourceRepository 

type FindingDataSourceRepository struct {
	// contains filtered or unexported fields
}

FindingDataSourceRepository implements datasource.FindingDataSourceRepository using PostgreSQL.

func NewFindingDataSourceRepository 

func NewFindingDataSourceRepository(db *DB) *FindingDataSourceRepository

NewFindingDataSourceRepository creates a new FindingDataSourceRepository.

func (*FindingDataSourceRepository) CountBySource 

func (r *FindingDataSourceRepository) CountBySource(ctx context.Context, sourceID shared.ID) (int64, error)

CountBySource returns the number of findings for a data source.

func (*FindingDataSourceRepository) Create 

func (r *FindingDataSourceRepository) Create(ctx context.Context, fs *datasource.FindingDataSource) error

Create creates a new finding data source record.

func (*FindingDataSourceRepository) Delete 

func (r *FindingDataSourceRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a finding data source by ID.

func (*FindingDataSourceRepository) DeleteByFinding 

func (r *FindingDataSourceRepository) DeleteByFinding(ctx context.Context, findingID shared.ID) error

DeleteByFinding deletes all data sources for a finding.

func (*FindingDataSourceRepository) DeleteBySource 

func (r *FindingDataSourceRepository) DeleteBySource(ctx context.Context, sourceID shared.ID) error

DeleteBySource deletes all finding data sources for a data source.

func (*FindingDataSourceRepository) GetByFinding 

func (r *FindingDataSourceRepository) GetByFinding(ctx context.Context, findingID shared.ID) ([]*datasource.FindingDataSource, error)

GetByFinding retrieves all data sources for a finding.

func (*FindingDataSourceRepository) GetByFindingAndSource 

func (r *FindingDataSourceRepository) GetByFindingAndSource(ctx context.Context, findingID shared.ID, sourceType datasource.SourceType, sourceID *shared.ID) (*datasource.FindingDataSource, error)

GetByFindingAndSource retrieves a finding data source by finding ID, source type, and source ID.

func (*FindingDataSourceRepository) GetByID 

func (r *FindingDataSourceRepository) GetByID(ctx context.Context, id shared.ID) (*datasource.FindingDataSource, error)

GetByID retrieves a finding data source by ID.

func (*FindingDataSourceRepository) GetPrimaryByFinding 

func (r *FindingDataSourceRepository) GetPrimaryByFinding(ctx context.Context, findingID shared.ID) (*datasource.FindingDataSource, error)

GetPrimaryByFinding retrieves the primary data source for a finding.

func (*FindingDataSourceRepository) List 

func (r *FindingDataSourceRepository) List(
	ctx context.Context,
	filter datasource.FindingDataSourceFilter,
	opts datasource.FindingDataSourceListOptions,
) (datasource.FindingDataSourceListResult, error)

List lists finding data sources with filtering and pagination. nolint:dupl // Similar pattern to AssetSourceRepository.List - intentional for type safety

func (*FindingDataSourceRepository) SetPrimary 

func (r *FindingDataSourceRepository) SetPrimary(ctx context.Context, findingDataSourceID shared.ID) error

SetPrimary sets a data source as the primary source for a finding.

func (*FindingDataSourceRepository) Update 

func (r *FindingDataSourceRepository) Update(ctx context.Context, fs *datasource.FindingDataSource) error

Update updates an existing finding data source.

func (*FindingDataSourceRepository) Upsert 

func (r *FindingDataSourceRepository) Upsert(ctx context.Context, fs *datasource.FindingDataSource) error

Upsert creates or updates a finding data source.

type FindingRepository 

type FindingRepository struct {
	// contains filtered or unexported fields
}

FindingRepository implements vulnerability.FindingRepository using PostgreSQL.

func NewFindingRepository 

func NewFindingRepository(db *DB) *FindingRepository

NewFindingRepository creates a new FindingRepository.

func (*FindingRepository) AutoReopenByFingerprint 

func (r *FindingRepository) AutoReopenByFingerprint(ctx context.Context, tenantID shared.ID, fingerprint string) (*shared.ID, error)

AutoReopenByFingerprint reopens a previously auto-resolved finding if it reappears. Only reopens findings with resolution = 'auto_fixed'. Protected resolutions (false_positive, accepted_risk) are never reopened. Returns the finding ID if reopened, nil if not found or protected.

func (*FindingRepository) AutoReopenByFingerprintsBatch 

func (r *FindingRepository) AutoReopenByFingerprintsBatch(ctx context.Context, tenantID shared.ID, fingerprints []string) (map[string]shared.ID, error)

AutoReopenByFingerprintsBatch reopens multiple previously auto-resolved findings in a single query. This is the batch version of AutoReopenByFingerprint for better performance. Only reopens findings with resolution = 'auto_fixed'. Protected resolutions (false_positive, accepted_risk) are never reopened. Returns a map of fingerprint -> reopened finding ID.

func (*FindingRepository) AutoResolveStale 

func (r *FindingRepository) AutoResolveStale(ctx context.Context, tenantID shared.ID, assetID shared.ID, toolName string, currentScanID string, branchID *shared.ID) ([]shared.ID, error)

AutoResolveStale marks findings as resolved when not found in current full scan. Only affects findings on the default branch (via branch_id FK to repository_branches.is_default). Only affects active statuses (new, open, confirmed, in_progress). Protected statuses (false_positive, accepted, duplicate) are never auto-resolved. If branchID is provided, only auto-resolves findings on that specific branch (if it's default). If branchID is nil, auto-resolves findings where branch_id points to any default branch. Returns the IDs of auto-resolved findings for activity logging.

func (*FindingRepository) BatchCountByAssetIDs 

func (r *FindingRepository) BatchCountByAssetIDs(ctx context.Context, tenantID shared.ID, assetIDs []shared.ID) (map[shared.ID]int64, error)

BatchCountByAssetIDs returns the count of findings for multiple assets in one query. Security: Requires tenantID to prevent cross-tenant data access. Returns a map of assetID -> count.

func (*FindingRepository) BulkUpdateStatusByFilter added in v0.1.3 

func (r *FindingRepository) BulkUpdateStatusByFilter(
	ctx context.Context, tenantID shared.ID,
	filter vulnerability.FindingFilter, status vulnerability.FindingStatus,
	resolution string, resolvedBy *shared.ID,
) (int64, error)

BulkUpdateStatusByFilter updates status for all findings matching filter. Excludes pentest findings. Uses single UPDATE (no per-finding iteration).

func (*FindingRepository) CheckFingerprintsExist 

func (r *FindingRepository) CheckFingerprintsExist(ctx context.Context, tenantID shared.ID, fingerprints []string) (map[string]bool, error)

CheckFingerprintsExist checks which fingerprints already exist in the database. Returns a map of fingerprint -> exists boolean.

func (*FindingRepository) Count 

func (r *FindingRepository) Count(ctx context.Context, filter vulnerability.FindingFilter) (int64, error)

Count returns the count of findings matching the filter.

func (*FindingRepository) CountByAssetID 

func (r *FindingRepository) CountByAssetID(ctx context.Context, tenantID, assetID shared.ID) (int64, error)

CountByAssetID returns the count of findings for an asset. Security: Requires tenantID to prevent cross-tenant data access.

func (*FindingRepository) CountBySeverityForScan 

func (r *FindingRepository) CountBySeverityForScan(ctx context.Context, tenantID shared.ID, scanID string) (vulnerability.SeverityCounts, error)

CountBySeverityForScan returns the count of findings grouped by severity for a scan. Used for quality gate evaluation.

func (*FindingRepository) CountOpenByAssetID 

func (r *FindingRepository) CountOpenByAssetID(ctx context.Context, tenantID, assetID shared.ID) (int64, error)

CountOpenByAssetID returns the count of open findings for an asset. Security: Requires tenantID to prevent cross-tenant data access.

func (*FindingRepository) Create 

func (r *FindingRepository) Create(ctx context.Context, finding *vulnerability.Finding) error

Create persists a new finding.

func (*FindingRepository) CreateBatch 

func (r *FindingRepository) CreateBatch(ctx context.Context, findings []*vulnerability.Finding) error

CreateBatch persists multiple findings. Deprecated: Use CreateBatchWithResult for better error handling.

func (*FindingRepository) CreateBatchWithResult 

func (r *FindingRepository) CreateBatchWithResult(ctx context.Context, findings []*vulnerability.Finding) (*vulnerability.BatchCreateResult, error)

CreateBatchWithResult persists multiple findings with partial success support. Uses chunked transactions to isolate failures - if one chunk fails, only that chunk is retried individually to identify the bad finding.

func (*FindingRepository) CreateInTx 

func (r *FindingRepository) CreateInTx(ctx context.Context, tx *sql.Tx, finding *vulnerability.Finding) error

CreateInTx persists a new finding within an existing transaction.

func (*FindingRepository) Delete 

func (r *FindingRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a finding by ID. Security: Requires tenantID to prevent cross-tenant deletion (IDOR prevention).

func (*FindingRepository) DeleteByAssetID 

func (r *FindingRepository) DeleteByAssetID(ctx context.Context, tenantID, assetID shared.ID) error

DeleteByAssetID removes all findings for an asset. Security: Requires tenantID to prevent cross-tenant deletion.

func (*FindingRepository) DeleteByScanID 

func (r *FindingRepository) DeleteByScanID(ctx context.Context, tenantID shared.ID, scanID string) error

DeleteByScanID removes all findings for a scan.

func (*FindingRepository) EnrichBatchByFingerprints added in v0.1.2 

func (r *FindingRepository) EnrichBatchByFingerprints(ctx context.Context, tenantID shared.ID, newFindings []*vulnerability.Finding, scanID string) (int64, error)

EnrichBatchByFingerprints enriches existing findings with new scan data using domain EnrichFrom() rules. It loads existing findings by fingerprint, applies enrichment, and batch updates enrichable columns using a chunked VALUES-based UPDATE (1 query per chunk instead of N individual UPDATEs). Protected fields (status, resolution, assigned_to, etc.) are never modified. Returns the count of enriched findings.

func (*FindingRepository) ExistsByFingerprint 

func (r *FindingRepository) ExistsByFingerprint(ctx context.Context, tenantID shared.ID, fingerprint string) (bool, error)

ExistsByFingerprint checks if a finding with the given fingerprint exists.

func (*FindingRepository) ExistsByIDs 

func (r *FindingRepository) ExistsByIDs(ctx context.Context, tenantID shared.ID, ids []shared.ID) (map[shared.ID]bool, error)

ExistsByIDs checks which finding IDs exist in the database. Returns a map of finding ID -> exists boolean. Security: Requires tenantID to prevent cross-tenant data access. Used for batch validation in bulk operations (e.g., bulk AI triage).

func (*FindingRepository) ExpireFeatureBranchFindings 

func (r *FindingRepository) ExpireFeatureBranchFindings(ctx context.Context, tenantID shared.ID, defaultExpiryDays int) (int64, error)

ExpireFeatureBranchFindings marks stale feature branch findings as resolved. This is called by a background job to clean up findings on non-default branches that have not been seen for a configurable period. Uses JOIN with repository_branches to determine default branch status.

func (*FindingRepository) FindRelatedCVEs added in v0.1.3 

func (r *FindingRepository) FindRelatedCVEs(
	ctx context.Context, tenantID shared.ID,
	cveID string, filter vulnerability.FindingFilter,
) ([]vulnerability.RelatedCVE, error)

FindRelatedCVEs finds CVEs sharing the same component, optimized 2-step CTE.

func (*FindingRepository) GetByFingerprint 

func (r *FindingRepository) GetByFingerprint(ctx context.Context, tenantID shared.ID, fingerprint string) (*vulnerability.Finding, error)

GetByFingerprint retrieves a finding by fingerprint.

func (*FindingRepository) GetByFingerprintsBatch added in v0.1.2 

func (r *FindingRepository) GetByFingerprintsBatch(ctx context.Context, tenantID shared.ID, fingerprints []string) (map[string]*vulnerability.Finding, error)

GetByFingerprintsBatch retrieves multiple findings by their fingerprints in a single query. Returns a map of fingerprint -> *Finding for all found findings. Security: Requires tenantID to enforce tenant isolation.

func (*FindingRepository) GetByID 

func (r *FindingRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*vulnerability.Finding, error)

GetByID retrieves a finding by ID. Security: Requires tenantID to prevent cross-tenant data access (IDOR prevention).

func (*FindingRepository) GetByIDs added in v0.1.3 

func (r *FindingRepository) GetByIDs(ctx context.Context, tenantID shared.ID, ids []shared.ID) ([]*vulnerability.Finding, error)

GetByIDs retrieves multiple findings by IDs within a tenant (batch fetch).

func (*FindingRepository) GetStats 

func (r *FindingRepository) GetStats(ctx context.Context, tenantID shared.ID, dataScopeUserID *shared.ID, assetID *shared.ID) (*vulnerability.FindingStats, error)

GetStats returns aggregated statistics for findings of a tenant. dataScopeUserID: if non-nil, only count findings for assets accessible to this user. assetID: if non-nil, only count findings for that specific asset.

func (*FindingRepository) List 

func (r *FindingRepository) List(ctx context.Context, filter vulnerability.FindingFilter, opts vulnerability.FindingListOptions, page pagination.Pagination) (pagination.Result[*vulnerability.Finding], error)

List retrieves findings matching the filter with pagination.

func (*FindingRepository) ListByAssetID 

func (r *FindingRepository) ListByAssetID(ctx context.Context, tenantID, assetID shared.ID, opts vulnerability.FindingListOptions, page pagination.Pagination) (pagination.Result[*vulnerability.Finding], error)

ListByAssetID retrieves findings for an asset. Security: Requires tenantID to prevent cross-tenant data access.

func (*FindingRepository) ListByComponentID 

func (r *FindingRepository) ListByComponentID(ctx context.Context, tenantID, compID shared.ID, opts vulnerability.FindingListOptions, page pagination.Pagination) (pagination.Result[*vulnerability.Finding], error)

ListByComponentID retrieves findings for a component. Security: Requires tenantID to prevent cross-tenant data access.

func (*FindingRepository) ListByStatusAndAssets added in v0.1.3 

func (r *FindingRepository) ListByStatusAndAssets(
	ctx context.Context, tenantID shared.ID,
	status vulnerability.FindingStatus, assetIDs []shared.ID,
) ([]*vulnerability.Finding, error)

ListByStatusAndAssets returns findings with a specific status on specific assets.

func (*FindingRepository) ListByVulnerabilityID 

func (r *FindingRepository) ListByVulnerabilityID(ctx context.Context, tenantID, vulnID shared.ID, opts vulnerability.FindingListOptions, page pagination.Pagination) (pagination.Result[*vulnerability.Finding], error)

ListByVulnerabilityID retrieves findings for a vulnerability. Security: Requires tenantID to prevent cross-tenant data access.

func (*FindingRepository) ListFindingGroups added in v0.1.3 

func (r *FindingRepository) ListFindingGroups(
	ctx context.Context,
	tenantID shared.ID,
	groupBy string,
	filter vulnerability.FindingFilter,
	page pagination.Pagination,
) (pagination.Result[*vulnerability.FindingGroup], error)

ListFindingGroups returns findings grouped by a dimension. Supported dimensions: cve_id, asset_id, owner_id, component_id, severity, source, finding_type.

func (*FindingRepository) Update 

func (r *FindingRepository) Update(ctx context.Context, finding *vulnerability.Finding) error

Update updates an existing finding. Security: Uses finding.TenantID() to ensure tenant isolation in SQL WHERE clause.

func (*FindingRepository) UpdateScanIDBatchByFingerprints 

func (r *FindingRepository) UpdateScanIDBatchByFingerprints(ctx context.Context, tenantID shared.ID, fingerprints []string, scanID string) (int64, error)

UpdateScanIDBatchByFingerprints updates scan metadata for existing findings by their fingerprints. This preserves user-set status (false_positive, accepted, etc.) while updating scan tracking. Returns the count of updated findings.

func (*FindingRepository) UpdateSnippetBatchByFingerprints 

func (r *FindingRepository) UpdateSnippetBatchByFingerprints(ctx context.Context, tenantID shared.ID, snippets map[string]string) (int64, error)

UpdateSnippetBatchByFingerprints updates snippet for findings that have invalid snippets ("requires login" or empty). Only updates if new snippet is valid and non-empty. snippets is a map of fingerprint -> new snippet

func (*FindingRepository) UpdateStatusBatch 

func (r *FindingRepository) UpdateStatusBatch(ctx context.Context, tenantID shared.ID, ids []shared.ID, status vulnerability.FindingStatus, resolution string, resolvedBy *shared.ID) error

UpdateStatusBatch updates the status of multiple findings. Security: Requires tenantID to prevent cross-tenant status modification.

type FindingSourceCategoryRepository 

type FindingSourceCategoryRepository struct {
	// contains filtered or unexported fields
}

FindingSourceCategoryRepository implements findingsource.CategoryRepository using PostgreSQL.

func NewFindingSourceCategoryRepository 

func NewFindingSourceCategoryRepository(db *DB) *FindingSourceCategoryRepository

NewFindingSourceCategoryRepository creates a new category repository.

func (*FindingSourceCategoryRepository) Create 

func (r *FindingSourceCategoryRepository) Create(ctx context.Context, c *findingsource.Category) error

Create creates a new category.

func (*FindingSourceCategoryRepository) Delete 

func (r *FindingSourceCategoryRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a category.

func (*FindingSourceCategoryRepository) GetByCode 

func (r *FindingSourceCategoryRepository) GetByCode(ctx context.Context, code string) (*findingsource.Category, error)

GetByCode retrieves a category by code.

func (*FindingSourceCategoryRepository) GetByID 

func (r *FindingSourceCategoryRepository) GetByID(ctx context.Context, id shared.ID) (*findingsource.Category, error)

GetByID retrieves a category by ID.

func (*FindingSourceCategoryRepository) List 

func (r *FindingSourceCategoryRepository) List(
	ctx context.Context,
	filter findingsource.CategoryFilter,
	page pagination.Pagination,
) (pagination.Result[*findingsource.Category], error)

List lists categories with pagination.

func (*FindingSourceCategoryRepository) ListActive 

func (r *FindingSourceCategoryRepository) ListActive(ctx context.Context) ([]*findingsource.Category, error)

ListActive lists all active categories.

func (*FindingSourceCategoryRepository) Update 

func (r *FindingSourceCategoryRepository) Update(ctx context.Context, c *findingsource.Category) error

Update updates an existing category.

type FindingSourceRepository 

type FindingSourceRepository struct {
	// contains filtered or unexported fields
}

FindingSourceRepository implements findingsource.Repository using PostgreSQL.

func NewFindingSourceRepository 

func NewFindingSourceRepository(db *DB) *FindingSourceRepository

NewFindingSourceRepository creates a new finding source repository.

func (*FindingSourceRepository) ExistsByCode 

func (r *FindingSourceRepository) ExistsByCode(ctx context.Context, code string) (bool, error)

ExistsByCode checks if a finding source with the given code exists.

func (*FindingSourceRepository) GetByCode 

func (r *FindingSourceRepository) GetByCode(ctx context.Context, code string) (*findingsource.FindingSource, error)

GetByCode retrieves a finding source by its code.

func (*FindingSourceRepository) GetByID 

func (r *FindingSourceRepository) GetByID(ctx context.Context, id shared.ID) (*findingsource.FindingSource, error)

GetByID retrieves a finding source by ID.

func (*FindingSourceRepository) IsValidCode 

func (r *FindingSourceRepository) IsValidCode(ctx context.Context, code string) (bool, error)

IsValidCode checks if the code is a valid active finding source.

func (*FindingSourceRepository) List 

func (r *FindingSourceRepository) List(
	ctx context.Context,
	filter findingsource.Filter,
	opts findingsource.ListOptions,
	page pagination.Pagination,
) (pagination.Result[*findingsource.FindingSource], error)

List lists finding sources with filtering and pagination.

func (*FindingSourceRepository) ListActive 

func (r *FindingSourceRepository) ListActive(ctx context.Context) ([]*findingsource.FindingSource, error)

ListActive lists all active finding sources.

func (*FindingSourceRepository) ListActiveByCategory 

func (r *FindingSourceRepository) ListActiveByCategory(ctx context.Context, categoryID shared.ID) ([]*findingsource.FindingSource, error)

ListActiveByCategory lists active finding sources by category.

func (*FindingSourceRepository) ListActiveWithCategory 

func (r *FindingSourceRepository) ListActiveWithCategory(ctx context.Context) ([]*findingsource.FindingSourceWithCategory, error)

ListActiveWithCategory lists all active finding sources with their categories.

func (*FindingSourceRepository) ListWithCategory 

func (r *FindingSourceRepository) ListWithCategory(
	ctx context.Context,
	filter findingsource.Filter,
	opts findingsource.ListOptions,
	page pagination.Pagination,
) (pagination.Result[*findingsource.FindingSourceWithCategory], error)

ListWithCategory lists finding sources with their categories.

type GroupRepository 

type GroupRepository struct {
	// contains filtered or unexported fields
}

GroupRepository implements group.Repository using PostgreSQL.

func NewGroupRepository 

func NewGroupRepository(db *DB) *GroupRepository

NewGroupRepository creates a new GroupRepository.

func (*GroupRepository) AddMember 

func (r *GroupRepository) AddMember(ctx context.Context, member *group.Member) error

AddMember adds a member to a group.

func (*GroupRepository) AssignPermissionSet 

func (r *GroupRepository) AssignPermissionSet(ctx context.Context, groupID, permissionSetID shared.ID, assignedBy *shared.ID) error

AssignPermissionSet assigns a permission set to a group.

func (*GroupRepository) Count 

func (r *GroupRepository) Count(ctx context.Context, tenantID shared.ID, filter group.ListFilter) (int64, error)

Count counts groups with filtering.

func (*GroupRepository) CountMembers 

func (r *GroupRepository) CountMembers(ctx context.Context, groupID shared.ID) (int64, error)

CountMembers counts members in a group.

func (*GroupRepository) CountMembersByGroups added in v0.1.2 

func (r *GroupRepository) CountMembersByGroups(ctx context.Context, groupIDs []shared.ID) (map[shared.ID]int, error)

CountMembersByGroups counts members for multiple groups in a single query.

func (*GroupRepository) CountUniqueMembers added in v0.1.2 

func (r *GroupRepository) CountUniqueMembers(ctx context.Context, groupIDs []shared.ID) (int, error)

CountUniqueMembers counts distinct users across multiple groups.

func (*GroupRepository) Create 

func (r *GroupRepository) Create(ctx context.Context, g *group.Group) error

Create persists a new group.

func (*GroupRepository) Delete 

func (r *GroupRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a group.

func (*GroupRepository) ExistsBySlug 

func (r *GroupRepository) ExistsBySlug(ctx context.Context, tenantID shared.ID, slug string) (bool, error)

ExistsBySlug checks if a group with the given slug exists.

func (*GroupRepository) GetByExternalID 

func (r *GroupRepository) GetByExternalID(ctx context.Context, tenantID shared.ID, source group.ExternalSource, externalID string) (*group.Group, error)

GetByExternalID retrieves a group by external sync ID.

func (*GroupRepository) GetByID 

func (r *GroupRepository) GetByID(ctx context.Context, id shared.ID) (*group.Group, error)

GetByID retrieves a group by ID.

func (*GroupRepository) GetBySlug 

func (r *GroupRepository) GetBySlug(ctx context.Context, tenantID shared.ID, slug string) (*group.Group, error)

GetBySlug retrieves a group by tenant and slug.

func (*GroupRepository) GetByTenantAndID added in v0.1.3 

func (r *GroupRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*group.Group, error)

GetByTenantAndID retrieves a group by tenant and ID.

func (*GroupRepository) GetMember 

func (r *GroupRepository) GetMember(ctx context.Context, groupID, userID shared.ID) (*group.Member, error)

GetMember retrieves a member by group and user ID.

func (*GroupRepository) GetMemberStats 

func (r *GroupRepository) GetMemberStats(ctx context.Context, groupID shared.ID) (*group.MemberStats, error)

GetMemberStats retrieves member statistics for a group.

func (*GroupRepository) IsMember 

func (r *GroupRepository) IsMember(ctx context.Context, groupID, userID shared.ID) (bool, error)

IsMember checks if a user is a member of a group.

func (*GroupRepository) List 

func (r *GroupRepository) List(ctx context.Context, tenantID shared.ID, filter group.ListFilter) ([]*group.Group, error)

List lists groups with filtering.

func (*GroupRepository) ListByIDs 

func (r *GroupRepository) ListByIDs(ctx context.Context, ids []shared.ID) ([]*group.Group, error)

ListByIDs retrieves multiple groups by their IDs.

func (*GroupRepository) ListGroupIDsByUser 

func (r *GroupRepository) ListGroupIDsByUser(ctx context.Context, tenantID, userID shared.ID) ([]shared.ID, error)

ListGroupIDsByUser returns group IDs for a user in a tenant.

func (*GroupRepository) ListGroupsByUser 

func (r *GroupRepository) ListGroupsByUser(ctx context.Context, tenantID, userID shared.ID) ([]*group.GroupWithRole, error)

ListGroupsByUser lists all groups a user belongs to.

func (*GroupRepository) ListGroupsWithPermissionSet 

func (r *GroupRepository) ListGroupsWithPermissionSet(ctx context.Context, permissionSetID shared.ID) ([]*group.Group, error)

ListGroupsWithPermissionSet lists groups that have a specific permission set.

func (*GroupRepository) ListMembers 

func (r *GroupRepository) ListMembers(ctx context.Context, groupID shared.ID) ([]*group.Member, error)

ListMembers lists all members of a group.

func (*GroupRepository) ListMembersWithUserInfo 

func (r *GroupRepository) ListMembersWithUserInfo(ctx context.Context, groupID shared.ID, limit, offset int) ([]*group.MemberWithUser, int64, error)

ListMembersWithUserInfo lists members with user details, with pagination.

func (*GroupRepository) ListPermissionSetIDs 

func (r *GroupRepository) ListPermissionSetIDs(ctx context.Context, groupID shared.ID) ([]shared.ID, error)

ListPermissionSetIDs lists permission set IDs assigned to a group.

func (*GroupRepository) RemoveMember 

func (r *GroupRepository) RemoveMember(ctx context.Context, groupID, userID shared.ID) error

RemoveMember removes a member from a group.

func (*GroupRepository) RemovePermissionSet 

func (r *GroupRepository) RemovePermissionSet(ctx context.Context, groupID, permissionSetID shared.ID) error

RemovePermissionSet removes a permission set from a group.

func (*GroupRepository) Update 

func (r *GroupRepository) Update(ctx context.Context, g *group.Group) error

Update updates an existing group.

func (*GroupRepository) UpdateMember 

func (r *GroupRepository) UpdateMember(ctx context.Context, member *group.Member) error

UpdateMember updates a member's role.

type IdentityProviderRepository added in v0.1.2 

type IdentityProviderRepository struct {
	// contains filtered or unexported fields
}

IdentityProviderRepository implements identityprovider.Repository.

func NewIdentityProviderRepository added in v0.1.2 

func NewIdentityProviderRepository(db *DB) *IdentityProviderRepository

NewIdentityProviderRepository creates a new repository.

func (*IdentityProviderRepository) Create added in v0.1.2 

func (r *IdentityProviderRepository) Create(ctx context.Context, ip *identityprovider.IdentityProvider) error

func (*IdentityProviderRepository) Delete added in v0.1.2 

func (r *IdentityProviderRepository) Delete(ctx context.Context, tenantID, id string) error

func (*IdentityProviderRepository) GetByID added in v0.1.2 

func (r *IdentityProviderRepository) GetByID(ctx context.Context, tenantID, id string) (*identityprovider.IdentityProvider, error)

func (*IdentityProviderRepository) GetByTenantAndProvider added in v0.1.2 

func (r *IdentityProviderRepository) GetByTenantAndProvider(ctx context.Context, tenantID string, provider identityprovider.Provider) (*identityprovider.IdentityProvider, error)

func (*IdentityProviderRepository) ListActiveByTenant added in v0.1.2 

func (r *IdentityProviderRepository) ListActiveByTenant(ctx context.Context, tenantID string) ([]*identityprovider.IdentityProvider, error)

func (*IdentityProviderRepository) ListByTenant added in v0.1.2 

func (r *IdentityProviderRepository) ListByTenant(ctx context.Context, tenantID string) ([]*identityprovider.IdentityProvider, error)

func (*IdentityProviderRepository) Update added in v0.1.2 

func (r *IdentityProviderRepository) Update(ctx context.Context, ip *identityprovider.IdentityProvider) error

type IntegrationNotificationExtensionRepository 

type IntegrationNotificationExtensionRepository struct {
	// contains filtered or unexported fields
}

IntegrationNotificationExtensionRepository implements integration.NotificationExtensionRepository using PostgreSQL.

func NewIntegrationNotificationExtensionRepository 

func NewIntegrationNotificationExtensionRepository(db *DB, integrationRepo *IntegrationRepository) *IntegrationNotificationExtensionRepository

NewIntegrationNotificationExtensionRepository creates a new IntegrationNotificationExtensionRepository.

func (*IntegrationNotificationExtensionRepository) Create 

func (r *IntegrationNotificationExtensionRepository) Create(ctx context.Context, ext *integration.NotificationExtension) error

Create creates a new notification extension.

func (*IntegrationNotificationExtensionRepository) Delete 

func (r *IntegrationNotificationExtensionRepository) Delete(ctx context.Context, integrationID integration.ID) error

Delete deletes a notification extension by integration ID.

func (*IntegrationNotificationExtensionRepository) GetByIntegrationID 

func (r *IntegrationNotificationExtensionRepository) GetByIntegrationID(ctx context.Context, integrationID integration.ID) (*integration.NotificationExtension, error)

GetByIntegrationID retrieves a notification extension by integration ID. Note: channel_id and channel_name are now stored in integrations.metadata.

func (*IntegrationNotificationExtensionRepository) GetIntegrationWithNotification 

func (r *IntegrationNotificationExtensionRepository) GetIntegrationWithNotification(ctx context.Context, id integration.ID) (*integration.IntegrationWithNotification, error)

GetIntegrationWithNotification retrieves an integration with its notification extension.

func (*IntegrationNotificationExtensionRepository) ListIntegrationsWithNotification 

func (r *IntegrationNotificationExtensionRepository) ListIntegrationsWithNotification(ctx context.Context, tenantID integration.ID) ([]*integration.IntegrationWithNotification, error)

ListIntegrationsWithNotification lists all notification integrations with their extensions. Note: channel_id and channel_name are now stored in integrations.metadata.

func (*IntegrationNotificationExtensionRepository) Update 

func (r *IntegrationNotificationExtensionRepository) Update(ctx context.Context, ext *integration.NotificationExtension) error

Update updates an existing notification extension.

type IntegrationRepository 

type IntegrationRepository struct {
	// contains filtered or unexported fields
}

IntegrationRepository implements integration.Repository using PostgreSQL.

func NewIntegrationRepository 

func NewIntegrationRepository(db *DB) *IntegrationRepository

NewIntegrationRepository creates a new IntegrationRepository.

func (*IntegrationRepository) Count 

func (r *IntegrationRepository) Count(ctx context.Context, filter integration.Filter) (int64, error)

Count returns the total number of integrations matching the filter.

func (*IntegrationRepository) Create 

func (r *IntegrationRepository) Create(ctx context.Context, i *integration.Integration) error

Create creates a new integration.

func (*IntegrationRepository) Delete 

func (r *IntegrationRepository) Delete(ctx context.Context, id integration.ID) error

Delete deletes an integration by ID.

func (*IntegrationRepository) GetByID 

func (r *IntegrationRepository) GetByID(ctx context.Context, id integration.ID) (*integration.Integration, error)

GetByID retrieves an integration by ID.

func (*IntegrationRepository) GetByTenantAndName 

func (r *IntegrationRepository) GetByTenantAndName(ctx context.Context, tenantID integration.ID, name string) (*integration.Integration, error)

GetByTenantAndName retrieves an integration by tenant ID and name.

func (*IntegrationRepository) List 

func (r *IntegrationRepository) List(ctx context.Context, filter integration.Filter) (integration.ListResult, error)

List lists integrations with filtering and pagination.

func (*IntegrationRepository) ListByCategory 

func (r *IntegrationRepository) ListByCategory(ctx context.Context, tenantID integration.ID, category integration.Category) ([]*integration.Integration, error)

ListByCategory lists integrations by category.

func (*IntegrationRepository) ListByProvider 

func (r *IntegrationRepository) ListByProvider(ctx context.Context, tenantID integration.ID, provider integration.Provider) ([]*integration.Integration, error)

ListByProvider lists integrations by provider.

func (*IntegrationRepository) ListByTenant 

func (r *IntegrationRepository) ListByTenant(ctx context.Context, tenantID integration.ID) ([]*integration.Integration, error)

ListByTenant lists all integrations for a tenant.

func (*IntegrationRepository) Update 

func (r *IntegrationRepository) Update(ctx context.Context, i *integration.Integration) error

Update updates an existing integration.

type IntegrationSCMExtensionRepository 

type IntegrationSCMExtensionRepository struct {
	// contains filtered or unexported fields
}

IntegrationSCMExtensionRepository implements integration.SCMExtensionRepository using PostgreSQL.

func NewIntegrationSCMExtensionRepository 

func NewIntegrationSCMExtensionRepository(db *DB, integrationRepo *IntegrationRepository) *IntegrationSCMExtensionRepository

NewIntegrationSCMExtensionRepository creates a new IntegrationSCMExtensionRepository.

func (*IntegrationSCMExtensionRepository) Create 

func (r *IntegrationSCMExtensionRepository) Create(ctx context.Context, ext *integration.SCMExtension) error

Create creates a new SCM extension.

func (*IntegrationSCMExtensionRepository) Delete 

func (r *IntegrationSCMExtensionRepository) Delete(ctx context.Context, integrationID integration.ID) error

Delete deletes an SCM extension by integration ID.

func (*IntegrationSCMExtensionRepository) GetByIntegrationID 

func (r *IntegrationSCMExtensionRepository) GetByIntegrationID(ctx context.Context, integrationID integration.ID) (*integration.SCMExtension, error)

GetByIntegrationID retrieves an SCM extension by integration ID.

func (*IntegrationSCMExtensionRepository) GetIntegrationWithSCM 

func (r *IntegrationSCMExtensionRepository) GetIntegrationWithSCM(ctx context.Context, id integration.ID) (*integration.IntegrationWithSCM, error)

GetIntegrationWithSCM retrieves an integration with its SCM extension.

func (*IntegrationSCMExtensionRepository) ListIntegrationsWithSCM 

func (r *IntegrationSCMExtensionRepository) ListIntegrationsWithSCM(ctx context.Context, tenantID integration.ID) ([]*integration.IntegrationWithSCM, error)

ListIntegrationsWithSCM lists all SCM integrations with their extensions.

func (*IntegrationSCMExtensionRepository) Update 

func (r *IntegrationSCMExtensionRepository) Update(ctx context.Context, ext *integration.SCMExtension) error

Update updates an existing SCM extension.

type KEVRepository 

type KEVRepository struct {
	// contains filtered or unexported fields
}

KEVRepository implements threatintel.KEVRepository.

func (*KEVRepository) Count 

func (r *KEVRepository) Count(ctx context.Context) (int64, error)

Count returns the total number of KEV entries.

func (*KEVRepository) DeleteAll 

func (r *KEVRepository) DeleteAll(ctx context.Context) error

DeleteAll removes all KEV entries.

func (*KEVRepository) ExistsByCVEID 

func (r *KEVRepository) ExistsByCVEID(ctx context.Context, cveID string) (bool, error)

ExistsByCVEID checks if a CVE is in KEV.

func (*KEVRepository) ExistsByCVEIDs 

func (r *KEVRepository) ExistsByCVEIDs(ctx context.Context, cveIDs []string) (map[string]bool, error)

ExistsByCVEIDs checks which CVEs are in KEV.

func (*KEVRepository) GetByCVEID 

func (r *KEVRepository) GetByCVEID(ctx context.Context, cveID string) (*threatintel.KEVEntry, error)

GetByCVEID retrieves a KEV entry by CVE ID.

func (*KEVRepository) GetByCVEIDs 

func (r *KEVRepository) GetByCVEIDs(ctx context.Context, cveIDs []string) ([]*threatintel.KEVEntry, error)

GetByCVEIDs retrieves KEV entries for multiple CVE IDs.

func (*KEVRepository) GetPastDue 

func (r *KEVRepository) GetPastDue(ctx context.Context, limit int) ([]*threatintel.KEVEntry, error)

GetPastDue retrieves KEV entries past their due date.

func (*KEVRepository) GetRansomwareRelated 

func (r *KEVRepository) GetRansomwareRelated(ctx context.Context, limit int) ([]*threatintel.KEVEntry, error)

GetRansomwareRelated retrieves KEV entries with known ransomware use.

func (*KEVRepository) GetRecentlyAdded 

func (r *KEVRepository) GetRecentlyAdded(ctx context.Context, days, limit int) ([]*threatintel.KEVEntry, error)

GetRecentlyAdded retrieves recently added KEV entries.

func (*KEVRepository) Upsert 

func (r *KEVRepository) Upsert(ctx context.Context, entry *threatintel.KEVEntry) error

Upsert creates or updates a KEV entry.

func (*KEVRepository) UpsertBatch 

func (r *KEVRepository) UpsertBatch(ctx context.Context, entries []*threatintel.KEVEntry) error

UpsertBatch creates or updates multiple KEV entries.

type ModuleRepository 

type ModuleRepository struct {
	// contains filtered or unexported fields
}

ModuleRepository handles database operations for modules.

func NewModuleRepository 

func NewModuleRepository(db *DB) *ModuleRepository

NewModuleRepository creates a new ModuleRepository.

func (*ModuleRepository) GetModuleByID 

func (r *ModuleRepository) GetModuleByID(ctx context.Context, id string) (*module.Module, error)

GetModuleByID retrieves a module by its ID.

func (*ModuleRepository) GetSubModules 

func (r *ModuleRepository) GetSubModules(ctx context.Context, parentModuleID string) ([]*module.Module, error)

GetSubModules returns sub-modules for a parent module.

func (*ModuleRepository) ListActiveModules 

func (r *ModuleRepository) ListActiveModules(ctx context.Context) ([]*module.Module, error)

ListActiveModules returns all active modules.

func (*ModuleRepository) ListAllModules 

func (r *ModuleRepository) ListAllModules(ctx context.Context) ([]*module.Module, error)

ListAllModules returns all modules from the database.

func (*ModuleRepository) ListAllSubModules added in v0.1.2 

func (r *ModuleRepository) ListAllSubModules(ctx context.Context) (map[string][]*module.Module, error)

ListAllSubModules returns all active sub-modules grouped by parent module ID. This avoids N+1 queries when loading sub-modules for multiple parents.

type NotificationRepository added in v0.1.2 

type NotificationRepository struct {
	// contains filtered or unexported fields
}

NotificationRepository implements notification.Repository.

func NewNotificationRepository added in v0.1.2 

func NewNotificationRepository(db *DB) *NotificationRepository

NewNotificationRepository creates a new notification repository.

func (*NotificationRepository) Create added in v0.1.2 

func (r *NotificationRepository) Create(ctx context.Context, n *notification.Notification) error

Create inserts a new notification.

func (*NotificationRepository) DeleteOlderThan added in v0.1.2 

func (r *NotificationRepository) DeleteOlderThan(ctx context.Context, age time.Duration) (int64, error)

DeleteOlderThan removes old notifications.

func (*NotificationRepository) GetPreferences added in v0.1.2 

func (r *NotificationRepository) GetPreferences(ctx context.Context, tenantID, userID shared.ID) (*notification.Preferences, error)

GetPreferences returns user notification preferences.

func (*NotificationRepository) List added in v0.1.2 

func (r *NotificationRepository) List(
	ctx context.Context,
	tenantID, userID shared.ID,
	filter notification.ListFilter,
	page pagination.Pagination,
) (pagination.Result[*notification.Notification], error)

List returns notifications visible to a user with audience filtering and read status. Uses COUNT(*) OVER() window function to get total count in a single query. Group membership is resolved via subquery to avoid an extra DB roundtrip.

func (*NotificationRepository) MarkAllAsRead added in v0.1.2 

func (r *NotificationRepository) MarkAllAsRead(ctx context.Context, tenantID, userID shared.ID) error

MarkAllAsRead updates the watermark for a user.

func (*NotificationRepository) MarkAsRead added in v0.1.2 

func (r *NotificationRepository) MarkAsRead(ctx context.Context, tenantID shared.ID, notificationID notification.ID, userID shared.ID) error

MarkAsRead marks a single notification as read, verifying tenant ownership.

func (*NotificationRepository) UnreadCount added in v0.1.2 

func (r *NotificationRepository) UnreadCount(
	ctx context.Context,
	tenantID, userID shared.ID,
) (int, error)

UnreadCount returns the count of unread notifications for a user. Group membership is resolved via subquery to avoid an extra DB roundtrip.

func (*NotificationRepository) UpsertPreferences added in v0.1.2 

func (r *NotificationRepository) UpsertPreferences(
	ctx context.Context,
	tenantID, userID shared.ID,
	params notification.PreferencesParams,
) (*notification.Preferences, error)

UpsertPreferences creates or updates notification preferences.

type NullableJSON 

type NullableJSON []byte

NullableJSON implements driver.Valuer for nullable JSON columns. When the underlying data is empty/nil, it returns NULL to the database.

func (NullableJSON) Value 

func (n NullableJSON) Value() (driver.Value, error)

Value implements driver.Valuer interface.

type OutboxEventRepository added in v0.1.2 

type OutboxEventRepository struct {
	// contains filtered or unexported fields
}

OutboxEventRepository implements the outbox.EventRepository interface.

func NewOutboxEventRepository added in v0.1.2 

func NewOutboxEventRepository(db *DB) *OutboxEventRepository

NewOutboxEventRepository creates a new OutboxEventRepository.

func (*OutboxEventRepository) Create added in v0.1.2 

func (r *OutboxEventRepository) Create(ctx context.Context, event *outbox.Event) error

Create inserts a new event.

func (*OutboxEventRepository) Delete added in v0.1.2 

func (r *OutboxEventRepository) Delete(ctx context.Context, id outbox.ID) error

Delete removes an event.

func (*OutboxEventRepository) DeleteOldEvents added in v0.1.2 

func (r *OutboxEventRepository) DeleteOldEvents(ctx context.Context, retentionDays int) (int64, error)

DeleteOldEvents removes events older than the specified days.

func (*OutboxEventRepository) GetByID added in v0.1.2 

func (r *OutboxEventRepository) GetByID(ctx context.Context, id outbox.ID) (*outbox.Event, error)

GetByID retrieves an event by ID.

func (*OutboxEventRepository) GetStats added in v0.1.2 

func (r *OutboxEventRepository) GetStats(ctx context.Context, tenantID *shared.ID) (*outbox.EventStats, error)

GetStats returns aggregated statistics for events.

func (*OutboxEventRepository) ListByIntegration added in v0.1.2 

func (r *OutboxEventRepository) ListByIntegration(ctx context.Context, integrationID string, limit, offset int) ([]*outbox.Event, int64, error)

ListByIntegration retrieves events that were sent to a specific integration.

func (*OutboxEventRepository) ListByTenant added in v0.1.2 

func (r *OutboxEventRepository) ListByTenant(ctx context.Context, tenantID shared.ID, filter outbox.EventFilter) ([]*outbox.Event, int64, error)

ListByTenant retrieves events for a tenant with pagination.

type OutboxRepository added in v0.1.2 

type OutboxRepository struct {
	// contains filtered or unexported fields
}

OutboxRepository implements the outbox.OutboxRepository interface.

func NewOutboxRepository added in v0.1.2 

func NewOutboxRepository(db *DB) *OutboxRepository

NewOutboxRepository creates a new OutboxRepository.

func (*OutboxRepository) CountByStatus added in v0.1.2 

func (r *OutboxRepository) CountByStatus(ctx context.Context, tenantID shared.ID) (map[outbox.OutboxStatus]int64, error)

CountByStatus returns counts grouped by status for a tenant.

func (*OutboxRepository) Create added in v0.1.2 

func (r *OutboxRepository) Create(ctx context.Context, entry *outbox.Outbox) error

Create inserts a new outbox entry.

func (*OutboxRepository) CreateInTx added in v0.1.2 

func (r *OutboxRepository) CreateInTx(ctx context.Context, tx *sql.Tx, entry *outbox.Outbox) error

CreateInTx inserts a new outbox entry within an existing transaction.

func (*OutboxRepository) Delete added in v0.1.2 

func (r *OutboxRepository) Delete(ctx context.Context, id outbox.ID) error

Delete removes an outbox entry.

func (*OutboxRepository) DeleteOldCompleted added in v0.1.2 

func (r *OutboxRepository) DeleteOldCompleted(ctx context.Context, olderThanDays int) (int64, error)

DeleteOldCompleted removes completed entries older than the specified days.

func (*OutboxRepository) DeleteOldFailed added in v0.1.2 

func (r *OutboxRepository) DeleteOldFailed(ctx context.Context, olderThanDays int) (int64, error)

DeleteOldFailed removes failed/dead entries older than the specified days.

func (*OutboxRepository) FetchPendingBatch added in v0.1.2 

func (r *OutboxRepository) FetchPendingBatch(ctx context.Context, workerID string, batchSize int) ([]*outbox.Outbox, error)

FetchPendingBatch retrieves and locks a batch of pending outbox entries. Uses FOR UPDATE SKIP LOCKED for concurrent worker safety.

func (*OutboxRepository) GetByAggregateID added in v0.1.2 

func (r *OutboxRepository) GetByAggregateID(ctx context.Context, aggregateType string, aggregateID string) ([]*outbox.Outbox, error)

GetByAggregateID retrieves outbox entries for a specific aggregate.

func (*OutboxRepository) GetByID added in v0.1.2 

func (r *OutboxRepository) GetByID(ctx context.Context, id outbox.ID) (*outbox.Outbox, error)

GetByID retrieves an outbox entry by ID.

func (*OutboxRepository) GetStats added in v0.1.2 

func (r *OutboxRepository) GetStats(ctx context.Context, tenantID *shared.ID) (*outbox.OutboxStats, error)

GetStats returns aggregated statistics for outbox entries.

func (*OutboxRepository) List added in v0.1.2 

func (r *OutboxRepository) List(ctx context.Context, filter outbox.OutboxFilter, page pagination.Pagination) (pagination.Result[*outbox.Outbox], error)

List retrieves outbox entries with filtering and pagination.

func (*OutboxRepository) ListByTenant added in v0.1.2 

func (r *OutboxRepository) ListByTenant(ctx context.Context, tenantID shared.ID, filter outbox.OutboxFilter) ([]*outbox.Outbox, int64, error)

ListByTenant retrieves outbox entries for a tenant with pagination.

func (*OutboxRepository) UnlockStale added in v0.1.2 

func (r *OutboxRepository) UnlockStale(ctx context.Context, olderThanMinutes int) (int64, error)

UnlockStale releases locks on entries that have been processing for too long.

func (*OutboxRepository) Update added in v0.1.2 

func (r *OutboxRepository) Update(ctx context.Context, entry *outbox.Outbox) error

Update updates an outbox entry.

type PentestCampaignMemberRepository added in v0.1.3 

type PentestCampaignMemberRepository struct {
	// contains filtered or unexported fields
}

PentestCampaignMemberRepository handles campaign member persistence.

func NewPentestCampaignMemberRepository added in v0.1.3 

func NewPentestCampaignMemberRepository(db *DB) *PentestCampaignMemberRepository

NewPentestCampaignMemberRepository creates a new repository.

func (*PentestCampaignMemberRepository) BatchListByCampaignIDs added in v0.1.3 

func (r *PentestCampaignMemberRepository) BatchListByCampaignIDs(ctx context.Context, tenantID string, campaignIDs []string) (map[string][]*pentest.CampaignMember, error)

BatchListByCampaignIDs returns members grouped by campaign ID.

func (*PentestCampaignMemberRepository) CountByRoleInTx added in v0.1.3 

func (r *PentestCampaignMemberRepository) CountByRoleInTx(ctx context.Context, tx *sql.Tx, tenantID, campaignID string, role pentest.CampaignRole) (int64, error)

CountByRoleInTx counts members with a specific role in a campaign (within a transaction).

func (*PentestCampaignMemberRepository) Create added in v0.1.3 

func (r *PentestCampaignMemberRepository) Create(ctx context.Context, m *pentest.CampaignMember) error

Create persists a new campaign member.

func (*PentestCampaignMemberRepository) Delete added in v0.1.3 

func (r *PentestCampaignMemberRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a member by ID.

func (*PentestCampaignMemberRepository) DeleteByUserID added in v0.1.3 

func (r *PentestCampaignMemberRepository) DeleteByUserID(ctx context.Context, tenantID, campaignID, userID string) error

DeleteByUserID removes a member by campaign + user.

func (*PentestCampaignMemberRepository) GetByID added in v0.1.3 

func (r *PentestCampaignMemberRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*pentest.CampaignMember, error)

GetByID retrieves a member by ID.

func (*PentestCampaignMemberRepository) GetUserRole added in v0.1.3 

func (r *PentestCampaignMemberRepository) GetUserRole(ctx context.Context, tenantID, campaignID, userID string) (pentest.CampaignRole, error)

GetUserRole retrieves a user's role in a specific campaign.

func (*PentestCampaignMemberRepository) ListByCampaign added in v0.1.3 

func (r *PentestCampaignMemberRepository) ListByCampaign(ctx context.Context, tenantID, campaignID string) ([]*pentest.CampaignMember, error)

ListByCampaign returns all members of a campaign.

func (*PentestCampaignMemberRepository) ListByUser added in v0.1.3 

func (r *PentestCampaignMemberRepository) ListByUser(ctx context.Context, tenantID, userID string) ([]*pentest.CampaignMember, error)

ListByUser returns all campaigns the user is a member of.

func (*PentestCampaignMemberRepository) UpdateRole added in v0.1.3 

func (r *PentestCampaignMemberRepository) UpdateRole(ctx context.Context, tenantID, id shared.ID, role pentest.CampaignRole) error

UpdateRole changes a member's role.

type PentestCampaignRepository added in v0.1.2 

type PentestCampaignRepository struct {
	// contains filtered or unexported fields
}

PentestCampaignRepository handles pentest campaign persistence.

func NewPentestCampaignRepository added in v0.1.2 

func NewPentestCampaignRepository(db *DB) *PentestCampaignRepository

NewPentestCampaignRepository creates a new PentestCampaignRepository.

func (*PentestCampaignRepository) Create added in v0.1.2 

func (r *PentestCampaignRepository) Create(ctx context.Context, c *pentest.Campaign) error

Create persists a new campaign.

func (*PentestCampaignRepository) Delete added in v0.1.2 

func (r *PentestCampaignRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a campaign by ID.

func (*PentestCampaignRepository) GetByID added in v0.1.2 

func (r *PentestCampaignRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*pentest.Campaign, error)

GetByID retrieves a campaign by ID with tenant isolation.

func (*PentestCampaignRepository) List added in v0.1.2 

func (r *PentestCampaignRepository) List(ctx context.Context, filter pentest.CampaignFilter, page pagination.Pagination) (pagination.Result[*pentest.Campaign], error)

List retrieves campaigns with filtering and pagination.

func (*PentestCampaignRepository) Update added in v0.1.2 

func (r *PentestCampaignRepository) Update(ctx context.Context, c *pentest.Campaign) error

Update persists campaign changes.

type PentestFindingRepository added in v0.1.2 

type PentestFindingRepository struct {
	// contains filtered or unexported fields
}

PentestFindingRepository handles pentest finding persistence.

func NewPentestFindingRepository added in v0.1.2 

func NewPentestFindingRepository(db *DB) *PentestFindingRepository

NewPentestFindingRepository creates a new PentestFindingRepository.

func (*PentestFindingRepository) CountByCampaign added in v0.1.2 

func (r *PentestFindingRepository) CountByCampaign(ctx context.Context, tenantID, campaignID shared.ID) (int64, error)

CountByCampaign returns the number of findings for a campaign.

func (*PentestFindingRepository) Create added in v0.1.2 

func (r *PentestFindingRepository) Create(ctx context.Context, f *pentest.Finding) error

Create persists a new pentest finding.

func (*PentestFindingRepository) Delete added in v0.1.2 

func (r *PentestFindingRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a finding by ID.

func (*PentestFindingRepository) GetByID added in v0.1.2 

func (r *PentestFindingRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*pentest.Finding, error)

GetByID retrieves a finding by ID with tenant isolation.

func (*PentestFindingRepository) GetStatsByCampaign added in v0.1.2 

func (r *PentestFindingRepository) GetStatsByCampaign(ctx context.Context, tenantID, campaignID shared.ID) (*pentest.CampaignStats, error)

GetStatsByCampaign returns finding stats for a campaign from the unified findings table.

func (*PentestFindingRepository) GetStatsByCampaignIDs added in v0.1.2 

func (r *PentestFindingRepository) GetStatsByCampaignIDs(ctx context.Context, tenantID shared.ID, campaignIDs []shared.ID) (map[string]*pentest.CampaignStats, error)

GetStatsByCampaignIDs returns finding stats for multiple campaigns in a single query. This avoids N+1 queries when listing campaigns.

func (*PentestFindingRepository) List added in v0.1.2 

func (r *PentestFindingRepository) List(ctx context.Context, filter pentest.FindingFilter, page pagination.Pagination) (pagination.Result[*pentest.Finding], error)

List retrieves findings with filtering and pagination.

func (*PentestFindingRepository) Update added in v0.1.2 

func (r *PentestFindingRepository) Update(ctx context.Context, f *pentest.Finding) error

Update persists finding changes.

type PentestReportRepository added in v0.1.2 

type PentestReportRepository struct {
	// contains filtered or unexported fields
}

PentestReportRepository handles pentest report persistence.

func NewPentestReportRepository added in v0.1.2 

func NewPentestReportRepository(db *DB) *PentestReportRepository

NewPentestReportRepository creates a new PentestReportRepository.

func (*PentestReportRepository) Create added in v0.1.2 

func (r *PentestReportRepository) Create(ctx context.Context, rpt *pentest.Report) error

Create persists a new report.

func (*PentestReportRepository) Delete added in v0.1.2 

func (r *PentestReportRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a report.

func (*PentestReportRepository) GetByID added in v0.1.2 

func (r *PentestReportRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*pentest.Report, error)

GetByID retrieves a report by ID with tenant isolation.

func (*PentestReportRepository) List added in v0.1.2 

func (r *PentestReportRepository) List(ctx context.Context, filter pentest.ReportFilter, page pagination.Pagination) (pagination.Result[*pentest.Report], error)

List retrieves reports with filtering.

func (*PentestReportRepository) Update added in v0.1.2 

func (r *PentestReportRepository) Update(ctx context.Context, rpt *pentest.Report) error

Update persists report changes.

type PentestRetestRepository added in v0.1.2 

type PentestRetestRepository struct {
	// contains filtered or unexported fields
}

PentestRetestRepository handles pentest retest persistence.

func NewPentestRetestRepository added in v0.1.2 

func NewPentestRetestRepository(db *DB) *PentestRetestRepository

NewPentestRetestRepository creates a new PentestRetestRepository.

func (*PentestRetestRepository) CountByFinding added in v0.1.2 

func (r *PentestRetestRepository) CountByFinding(ctx context.Context, tenantID, findingID shared.ID) (int64, error)

CountByFinding counts retests for a finding.

func (*PentestRetestRepository) Create added in v0.1.2 

func (r *PentestRetestRepository) Create(ctx context.Context, rt *pentest.Retest) error

Create persists a new retest.

func (*PentestRetestRepository) GetByID added in v0.1.2 

func (r *PentestRetestRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*pentest.Retest, error)

GetByID retrieves a retest by ID with tenant isolation.

func (*PentestRetestRepository) ListByFinding added in v0.1.2 

func (r *PentestRetestRepository) ListByFinding(ctx context.Context, tenantID, findingID shared.ID) ([]*pentest.Retest, error)

ListByFinding retrieves all retests for a finding.

func (*PentestRetestRepository) Update added in v0.1.2 

func (r *PentestRetestRepository) Update(ctx context.Context, rt *pentest.Retest) error

Update persists retest changes.

type PentestTemplateRepository added in v0.1.2 

type PentestTemplateRepository struct {
	// contains filtered or unexported fields
}

PentestTemplateRepository handles pentest finding template persistence.

func NewPentestTemplateRepository added in v0.1.2 

func NewPentestTemplateRepository(db *DB) *PentestTemplateRepository

NewPentestTemplateRepository creates a new PentestTemplateRepository.

func (*PentestTemplateRepository) Create added in v0.1.2 

func (r *PentestTemplateRepository) Create(ctx context.Context, t *pentest.Template) error

Create persists a new template.

func (*PentestTemplateRepository) Delete added in v0.1.2 

func (r *PentestTemplateRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a template with tenant isolation. System templates cannot be deleted.

func (*PentestTemplateRepository) GetByID added in v0.1.2 

func (r *PentestTemplateRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*pentest.Template, error)

GetByID retrieves a template by ID with tenant isolation.

func (*PentestTemplateRepository) IncrementUsageCount added in v0.1.2 

func (r *PentestTemplateRepository) IncrementUsageCount(ctx context.Context, tenantID, id shared.ID) error

IncrementUsageCount increments the usage counter with tenant isolation.

func (*PentestTemplateRepository) List added in v0.1.2 

func (r *PentestTemplateRepository) List(ctx context.Context, filter pentest.TemplateFilter, page pagination.Pagination) (pagination.Result[*pentest.Template], error)

List retrieves templates with filtering.

func (*PentestTemplateRepository) Update added in v0.1.2 

func (r *PentestTemplateRepository) Update(ctx context.Context, tenantID shared.ID, t *pentest.Template) error

Update persists template changes. Only tenant-owned non-system templates can be updated.

type PermissionRepository 

type PermissionRepository struct {
	// contains filtered or unexported fields
}

PermissionRepository implements role.PermissionRepository using PostgreSQL.

func NewPermissionRepository 

func NewPermissionRepository(db *DB) *PermissionRepository

NewPermissionRepository creates a new PermissionRepository.

func (*PermissionRepository) Exists 

func (r *PermissionRepository) Exists(ctx context.Context, id string) (bool, error)

Exists checks if a permission exists.

func (*PermissionRepository) GetByID 

func (r *PermissionRepository) GetByID(ctx context.Context, id string) (*role.Permission, error)

GetByID retrieves a permission by its ID.

func (*PermissionRepository) ListModulesWithPermissions 

func (r *PermissionRepository) ListModulesWithPermissions(ctx context.Context) ([]*role.Module, error)

ListModulesWithPermissions returns all modules with their permissions.

func (*PermissionRepository) ListPermissions 

func (r *PermissionRepository) ListPermissions(ctx context.Context) ([]*role.Permission, error)

ListPermissions returns all permissions.

func (*PermissionRepository) ValidatePermissions 

func (r *PermissionRepository) ValidatePermissions(ctx context.Context, ids []string) (bool, []string, error)

ValidatePermissions validates multiple permissions.

type PermissionSetRepository 

type PermissionSetRepository struct {
	// contains filtered or unexported fields
}

PermissionSetRepository implements permissionset.Repository using PostgreSQL.

func NewPermissionSetRepository 

func NewPermissionSetRepository(db *DB) *PermissionSetRepository

NewPermissionSetRepository creates a new PermissionSetRepository.

func (*PermissionSetRepository) AddItem 

func (r *PermissionSetRepository) AddItem(ctx context.Context, item *permissionset.Item) error

AddItem adds a permission to a permission set.

func (*PermissionSetRepository) BatchAddItems 

func (r *PermissionSetRepository) BatchAddItems(ctx context.Context, items []*permissionset.Item) error

BatchAddItems adds multiple items to a permission set using multi-row INSERT.

func (*PermissionSetRepository) Count 

func (r *PermissionSetRepository) Count(ctx context.Context, filter permissionset.ListFilter) (int64, error)

Count counts permission sets with filtering.

func (*PermissionSetRepository) CountGroupsUsing 

func (r *PermissionSetRepository) CountGroupsUsing(ctx context.Context, permissionSetID shared.ID) (int64, error)

CountGroupsUsing counts groups using a permission set.

func (*PermissionSetRepository) Create 

func (r *PermissionSetRepository) Create(ctx context.Context, ps *permissionset.PermissionSet) error

Create persists a new permission set.

func (*PermissionSetRepository) CreateVersion 

func (r *PermissionSetRepository) CreateVersion(ctx context.Context, version *permissionset.Version) error

CreateVersion creates a new version record.

func (*PermissionSetRepository) Delete 

func (r *PermissionSetRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a permission set.

func (*PermissionSetRepository) ExistsBySlug 

func (r *PermissionSetRepository) ExistsBySlug(ctx context.Context, tenantID *shared.ID, slug string) (bool, error)

ExistsBySlug checks if a permission set with the given slug exists.

func (*PermissionSetRepository) GetByID 

func (r *PermissionSetRepository) GetByID(ctx context.Context, id shared.ID) (*permissionset.PermissionSet, error)

GetByID retrieves a permission set by ID.

func (*PermissionSetRepository) GetBySlug 

func (r *PermissionSetRepository) GetBySlug(ctx context.Context, tenantID *shared.ID, slug string) (*permissionset.PermissionSet, error)

GetBySlug retrieves a permission set by tenant and slug.

func (*PermissionSetRepository) GetByTenantAndID added in v0.1.3 

func (r *PermissionSetRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*permissionset.PermissionSet, error)

GetByTenantAndID retrieves a permission set by tenant and ID (tenant-scoped).

func (*PermissionSetRepository) GetInheritanceChain 

func (r *PermissionSetRepository) GetInheritanceChain(ctx context.Context, permissionSetID shared.ID) ([]*permissionset.PermissionSet, error)

GetInheritanceChain retrieves the full inheritance chain for a permission set.

func (*PermissionSetRepository) GetLatestVersion 

func (r *PermissionSetRepository) GetLatestVersion(ctx context.Context, permissionSetID shared.ID) (*permissionset.Version, error)

GetLatestVersion retrieves the latest version for a permission set.

func (*PermissionSetRepository) GetParent 

func (r *PermissionSetRepository) GetParent(ctx context.Context, permissionSetID shared.ID) (*permissionset.PermissionSet, error)

GetParent retrieves the parent of a permission set.

func (*PermissionSetRepository) GetWithItems 

func (r *PermissionSetRepository) GetWithItems(ctx context.Context, id shared.ID) (*permissionset.PermissionSetWithItems, error)

GetWithItems retrieves a permission set with its items.

func (*PermissionSetRepository) List 

func (r *PermissionSetRepository) List(ctx context.Context, filter permissionset.ListFilter) ([]*permissionset.PermissionSet, error)

List lists permission sets with filtering.

func (*PermissionSetRepository) ListByIDs 

func (r *PermissionSetRepository) ListByIDs(ctx context.Context, ids []shared.ID) ([]*permissionset.PermissionSet, error)

ListByIDs retrieves multiple permission sets by their IDs.

func (*PermissionSetRepository) ListByTenant 

func (r *PermissionSetRepository) ListByTenant(ctx context.Context, tenantID shared.ID, includeSystem bool) ([]*permissionset.PermissionSet, error)

ListByTenant returns permission sets for a tenant, optionally including system sets.

func (*PermissionSetRepository) ListChildren 

func (r *PermissionSetRepository) ListChildren(ctx context.Context, parentSetID shared.ID) ([]*permissionset.PermissionSet, error)

ListChildren retrieves all children of a permission set.

func (*PermissionSetRepository) ListGroupIDsUsing 

func (r *PermissionSetRepository) ListGroupIDsUsing(ctx context.Context, permissionSetID shared.ID) ([]shared.ID, error)

ListGroupIDsUsing lists group IDs using a permission set.

func (*PermissionSetRepository) ListItems 

func (r *PermissionSetRepository) ListItems(ctx context.Context, permissionSetID shared.ID) ([]*permissionset.Item, error)

ListItems lists all items in a permission set.

func (*PermissionSetRepository) ListSystemSets 

func (r *PermissionSetRepository) ListSystemSets(ctx context.Context) ([]*permissionset.PermissionSet, error)

ListSystemSets returns all system permission sets.

func (*PermissionSetRepository) ListVersions 

func (r *PermissionSetRepository) ListVersions(ctx context.Context, permissionSetID shared.ID) ([]*permissionset.Version, error)

ListVersions lists all versions for a permission set.

func (*PermissionSetRepository) RemoveItem 

func (r *PermissionSetRepository) RemoveItem(ctx context.Context, permissionSetID shared.ID, permissionID string) error

RemoveItem removes a permission from a permission set.

func (*PermissionSetRepository) ReplaceItems 

func (r *PermissionSetRepository) ReplaceItems(ctx context.Context, permissionSetID shared.ID, items []*permissionset.Item) error

ReplaceItems replaces all items in a permission set.

func (*PermissionSetRepository) Update 

func (r *PermissionSetRepository) Update(ctx context.Context, ps *permissionset.PermissionSet) error

Update updates an existing permission set.

type PipelineRunRepository 

type PipelineRunRepository struct {
	// contains filtered or unexported fields
}

PipelineRunRepository implements pipeline.RunRepository using PostgreSQL.

func NewPipelineRunRepository 

func NewPipelineRunRepository(db *DB) *PipelineRunRepository

NewPipelineRunRepository creates a new PipelineRunRepository.

func (*PipelineRunRepository) CountActiveByPipelineID 

func (r *PipelineRunRepository) CountActiveByPipelineID(ctx context.Context, pipelineID shared.ID) (int, error)

CountActiveByPipelineID counts active runs (pending/running) for a pipeline.

func (*PipelineRunRepository) CountActiveByScanID 

func (r *PipelineRunRepository) CountActiveByScanID(ctx context.Context, scanID shared.ID) (int, error)

CountActiveByScanID counts active runs (pending/running) for a scan config.

func (*PipelineRunRepository) CountActiveByTenantID 

func (r *PipelineRunRepository) CountActiveByTenantID(ctx context.Context, tenantID shared.ID) (int, error)

CountActiveByTenantID counts active runs (pending/running) for a tenant.

func (*PipelineRunRepository) Create 

func (r *PipelineRunRepository) Create(ctx context.Context, run *pipeline.Run) error

Create persists a new pipeline run.

func (*PipelineRunRepository) CreateRunIfUnderLimit 

func (r *PipelineRunRepository) CreateRunIfUnderLimit(ctx context.Context, run *pipeline.Run, maxPerScan, maxPerTenant int) error

CreateRunIfUnderLimit atomically checks concurrent run limits and creates run if under limit. Uses a transaction with row-level locking to prevent race conditions.

func (*PipelineRunRepository) Delete 

func (r *PipelineRunRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a run.

func (*PipelineRunRepository) GetActiveByAssetID 

func (r *PipelineRunRepository) GetActiveByAssetID(ctx context.Context, assetID shared.ID) ([]*pipeline.Run, error)

GetActiveByAssetID retrieves active runs for an asset.

func (*PipelineRunRepository) GetActiveByPipelineID 

func (r *PipelineRunRepository) GetActiveByPipelineID(ctx context.Context, pipelineID shared.ID) ([]*pipeline.Run, error)

GetActiveByPipelineID retrieves active runs for a pipeline.

func (*PipelineRunRepository) GetByID 

func (r *PipelineRunRepository) GetByID(ctx context.Context, id shared.ID) (*pipeline.Run, error)

GetByID retrieves a run by ID.

func (*PipelineRunRepository) GetByTenantAndID 

func (r *PipelineRunRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*pipeline.Run, error)

GetByTenantAndID retrieves a run by tenant and ID.

func (*PipelineRunRepository) GetStatsByTenant 

func (r *PipelineRunRepository) GetStatsByTenant(ctx context.Context, tenantID shared.ID) (pipeline.RunStats, error)

GetStatsByTenant returns aggregated run statistics for a tenant in a single query. This is optimized to avoid N+1 queries when fetching stats.

func (*PipelineRunRepository) GetWithStepRuns 

func (r *PipelineRunRepository) GetWithStepRuns(ctx context.Context, id shared.ID) (*pipeline.Run, error)

GetWithStepRuns retrieves a run with its step runs.

func (*PipelineRunRepository) List 

func (r *PipelineRunRepository) List(ctx context.Context, filter pipeline.RunFilter, page pagination.Pagination) (pagination.Result[*pipeline.Run], error)

List lists runs with filters and pagination.

func (*PipelineRunRepository) ListByScanID 

func (r *PipelineRunRepository) ListByScanID(ctx context.Context, scanID shared.ID, page, perPage int) ([]*pipeline.Run, int64, error)

ListByScanID lists runs for a specific scan with pagination.

func (*PipelineRunRepository) ListPendingRetries added in v0.1.5 

func (r *PipelineRunRepository) ListPendingRetries(ctx context.Context, limit int) ([]pipeline.RetryCandidate, error)

ListPendingRetries atomically claims failed pipeline_runs eligible for automatic retry.

The query finds failed runs whose:

  • parent scan is active and has max_retries > 0
  • retry_attempt < scan.max_retries (still has retry budget)
  • retry_dispatched_at IS NULL (not already claimed by another controller)
  • exponential backoff window has elapsed (retry_backoff * 2^retry_attempt seconds)

It uses FOR UPDATE SKIP LOCKED + atomic UPDATE to set retry_dispatched_at = NOW(), ensuring each failed run is claimed at most once even with concurrent controllers or repeated polling cycles. The claim marker is permanent (we never reset it), since each retry creates a NEW pipeline_run that becomes the new "latest".

func (*PipelineRunRepository) MarkTimedOutRuns added in v0.1.5 

func (r *PipelineRunRepository) MarkTimedOutRuns(ctx context.Context) (int64, error)

MarkTimedOutRuns marks pipeline_runs as timed out if they have been running longer than their scan's timeout_seconds. Uses a single SQL UPDATE joining pipeline_runs and scans for efficiency.

A run is considered timed out when:

  • status = 'running' OR 'pending'
  • started_at IS NOT NULL
  • now() - started_at > scan.timeout_seconds

Returns the number of runs marked as timeout.

func (*PipelineRunRepository) Update 

func (r *PipelineRunRepository) Update(ctx context.Context, run *pipeline.Run) error

Update updates a run.

func (*PipelineRunRepository) UpdateStats 

func (r *PipelineRunRepository) UpdateStats(ctx context.Context, id shared.ID, completed, failed, skipped, findings int) error

UpdateStats updates run statistics.

func (*PipelineRunRepository) UpdateStatus 

func (r *PipelineRunRepository) UpdateStatus(ctx context.Context, id shared.ID, status pipeline.RunStatus, errorMessage string) error

UpdateStatus updates run status.

type PipelineStepRepository 

type PipelineStepRepository struct {
	// contains filtered or unexported fields
}

PipelineStepRepository implements pipeline.StepRepository using PostgreSQL.

func NewPipelineStepRepository 

func NewPipelineStepRepository(db *DB) *PipelineStepRepository

NewPipelineStepRepository creates a new PipelineStepRepository.

func (*PipelineStepRepository) Create 

func (r *PipelineStepRepository) Create(ctx context.Context, s *pipeline.Step) error

Create persists a new step.

func (*PipelineStepRepository) CreateBatch 

func (r *PipelineStepRepository) CreateBatch(ctx context.Context, steps []*pipeline.Step) error

CreateBatch creates multiple steps. OPTIMIZED: Uses batch INSERT instead of individual inserts for better performance.

func (*PipelineStepRepository) Delete 

func (r *PipelineStepRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a step.

func (*PipelineStepRepository) DeleteByPipelineID 

func (r *PipelineStepRepository) DeleteByPipelineID(ctx context.Context, pipelineID shared.ID) error

DeleteByPipelineID deletes all steps for a pipeline.

func (*PipelineStepRepository) DeleteByPipelineIDInTx 

func (r *PipelineStepRepository) DeleteByPipelineIDInTx(ctx context.Context, tx *sql.Tx, pipelineID shared.ID) error

DeleteByPipelineIDInTx deletes all steps for a pipeline within a transaction.

func (*PipelineStepRepository) FindPipelineIDsByToolName 

func (r *PipelineStepRepository) FindPipelineIDsByToolName(ctx context.Context, toolName string) ([]shared.ID, error)

FindPipelineIDsByToolName finds all active pipeline IDs that use a specific tool. Used for cascade deactivation when a tool is deactivated or deleted.

func (*PipelineStepRepository) GetByID 

func (r *PipelineStepRepository) GetByID(ctx context.Context, id shared.ID) (*pipeline.Step, error)

GetByID retrieves a step by ID.

func (*PipelineStepRepository) GetByKey 

func (r *PipelineStepRepository) GetByKey(ctx context.Context, pipelineID shared.ID, stepKey string) (*pipeline.Step, error)

GetByKey retrieves a step by pipeline ID and step key.

func (*PipelineStepRepository) GetByPipelineID 

func (r *PipelineStepRepository) GetByPipelineID(ctx context.Context, pipelineID shared.ID) ([]*pipeline.Step, error)

GetByPipelineID retrieves all steps for a pipeline.

func (*PipelineStepRepository) Reorder 

func (r *PipelineStepRepository) Reorder(ctx context.Context, pipelineID shared.ID, stepOrders map[string]int) error

Reorder updates the order of steps.

func (*PipelineStepRepository) Update 

func (r *PipelineStepRepository) Update(ctx context.Context, s *pipeline.Step) error

Update updates a step.

type PipelineTemplateRepository 

type PipelineTemplateRepository struct {
	// contains filtered or unexported fields
}

PipelineTemplateRepository implements pipeline.TemplateRepository using PostgreSQL.

func NewPipelineTemplateRepository 

func NewPipelineTemplateRepository(db *DB) *PipelineTemplateRepository

NewPipelineTemplateRepository creates a new PipelineTemplateRepository.

func (*PipelineTemplateRepository) Create 

func (r *PipelineTemplateRepository) Create(ctx context.Context, t *pipeline.Template) error

Create persists a new pipeline template.

func (*PipelineTemplateRepository) Delete 

func (r *PipelineTemplateRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a template.

func (*PipelineTemplateRepository) DeleteInTx 

func (r *PipelineTemplateRepository) DeleteInTx(ctx context.Context, tx *sql.Tx, id shared.ID) error

DeleteInTx deletes a template within a transaction.

func (*PipelineTemplateRepository) GetByID 

func (r *PipelineTemplateRepository) GetByID(ctx context.Context, id shared.ID) (*pipeline.Template, error)

GetByID retrieves a template by its ID.

func (*PipelineTemplateRepository) GetByName 

func (r *PipelineTemplateRepository) GetByName(ctx context.Context, tenantID shared.ID, name string, version int) (*pipeline.Template, error)

GetByName retrieves a template by name and version.

func (*PipelineTemplateRepository) GetByTenantAndID 

func (r *PipelineTemplateRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*pipeline.Template, error)

GetByTenantAndID retrieves a template by tenant and ID.

func (*PipelineTemplateRepository) GetSystemTemplateByID 

func (r *PipelineTemplateRepository) GetSystemTemplateByID(ctx context.Context, id shared.ID) (*pipeline.Template, error)

GetSystemTemplateByID retrieves a system template by ID (for copy-on-use).

func (*PipelineTemplateRepository) GetWithSteps 

func (r *PipelineTemplateRepository) GetWithSteps(ctx context.Context, id shared.ID) (*pipeline.Template, error)

GetWithSteps retrieves a template with its steps.

func (*PipelineTemplateRepository) List 

func (r *PipelineTemplateRepository) List(ctx context.Context, filter pipeline.TemplateFilter, page pagination.Pagination) (pagination.Result[*pipeline.Template], error)

List lists templates with filters and pagination.

func (*PipelineTemplateRepository) ListWithSystemTemplates 

func (r *PipelineTemplateRepository) ListWithSystemTemplates(ctx context.Context, tenantID shared.ID, filter pipeline.TemplateFilter, page pagination.Pagination) (pagination.Result[*pipeline.Template], error)

ListWithSystemTemplates lists tenant templates + system templates. Returns both tenant-specific templates and system templates (marked with is_system_template=true).

func (*PipelineTemplateRepository) Update 

func (r *PipelineTemplateRepository) Update(ctx context.Context, t *pipeline.Template) error

Update updates a template.

type RefreshTokenRepository 

type RefreshTokenRepository struct {
	// contains filtered or unexported fields
}

RefreshTokenRepository implements session.RefreshTokenRepository using PostgreSQL.

func NewRefreshTokenRepository 

func NewRefreshTokenRepository(db *sql.DB) *RefreshTokenRepository

NewRefreshTokenRepository creates a new PostgreSQL refresh token repository.

func (*RefreshTokenRepository) Create 

func (r *RefreshTokenRepository) Create(ctx context.Context, token *session.RefreshToken) error

Create creates a new refresh token.

func (*RefreshTokenRepository) Delete 

func (r *RefreshTokenRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a refresh token.

func (*RefreshTokenRepository) DeleteExpired 

func (r *RefreshTokenRepository) DeleteExpired(ctx context.Context) (int64, error)

DeleteExpired deletes all expired tokens.

func (*RefreshTokenRepository) GetByFamily 

func (r *RefreshTokenRepository) GetByFamily(ctx context.Context, family shared.ID) ([]*session.RefreshToken, error)

GetByFamily retrieves all refresh tokens in a family.

func (*RefreshTokenRepository) GetByID 

func (r *RefreshTokenRepository) GetByID(ctx context.Context, id shared.ID) (*session.RefreshToken, error)

GetByID retrieves a refresh token by its ID.

func (*RefreshTokenRepository) GetByTokenHash 

func (r *RefreshTokenRepository) GetByTokenHash(ctx context.Context, hash string) (*session.RefreshToken, error)

GetByTokenHash retrieves a refresh token by its hash.

func (*RefreshTokenRepository) RevokeByFamily 

func (r *RefreshTokenRepository) RevokeByFamily(ctx context.Context, family shared.ID) error

RevokeByFamily revokes all tokens in a family (for replay attack detection).

func (*RefreshTokenRepository) RevokeBySessionID 

func (r *RefreshTokenRepository) RevokeBySessionID(ctx context.Context, sessionID shared.ID) error

RevokeBySessionID revokes all tokens for a session.

func (*RefreshTokenRepository) RevokeByUserID 

func (r *RefreshTokenRepository) RevokeByUserID(ctx context.Context, userID shared.ID) error

RevokeByUserID revokes all tokens for a user.

func (*RefreshTokenRepository) Update 

func (r *RefreshTokenRepository) Update(ctx context.Context, token *session.RefreshToken) error

Update updates a refresh token.

type RepositoryExtensionRepository 

type RepositoryExtensionRepository struct {
	// contains filtered or unexported fields
}

RepositoryExtensionRepository implements asset.RepositoryExtensionRepository using PostgreSQL.

func NewRepositoryExtensionRepository 

func NewRepositoryExtensionRepository(db *DB) *RepositoryExtensionRepository

NewRepositoryExtensionRepository creates a new RepositoryExtensionRepository.

func (*RepositoryExtensionRepository) Create 

func (r *RepositoryExtensionRepository) Create(ctx context.Context, repo *asset.RepositoryExtension) error

Create persists a new repository extension.

func (*RepositoryExtensionRepository) Delete 

func (r *RepositoryExtensionRepository) Delete(ctx context.Context, assetID shared.ID) error

Delete removes a repository extension by asset ID.

func (*RepositoryExtensionRepository) GetByAssetID 

func (r *RepositoryExtensionRepository) GetByAssetID(ctx context.Context, assetID shared.ID) (*asset.RepositoryExtension, error)

GetByAssetID retrieves a repository extension by asset ID.

func (*RepositoryExtensionRepository) GetByAssetIDs added in v0.1.2 

func (r *RepositoryExtensionRepository) GetByAssetIDs(ctx context.Context, assetIDs []shared.ID) (map[shared.ID]*asset.RepositoryExtension, error)

GetByAssetIDs retrieves repository extensions for multiple asset IDs in a single query.

func (*RepositoryExtensionRepository) GetByFullName 

func (r *RepositoryExtensionRepository) GetByFullName(ctx context.Context, tenantID shared.ID, fullName string) (*asset.RepositoryExtension, error)

GetByFullName retrieves a repository by full name.

func (*RepositoryExtensionRepository) ListByTenant 

func (r *RepositoryExtensionRepository) ListByTenant(ctx context.Context, tenantID shared.ID, opts asset.ListOptions, page pagination.Pagination) (pagination.Result[*asset.RepositoryExtension], error)

ListByTenant retrieves all repositories for a tenant.

func (*RepositoryExtensionRepository) Update 

func (r *RepositoryExtensionRepository) Update(ctx context.Context, repo *asset.RepositoryExtension) error

Update updates an existing repository extension.

type RoleRepository 

type RoleRepository struct {
	// contains filtered or unexported fields
}

RoleRepository implements role.Repository using PostgreSQL.

func NewRoleRepository 

func NewRoleRepository(db *DB) *RoleRepository

NewRoleRepository creates a new RoleRepository.

func (*RoleRepository) AssignRole 

func (r *RoleRepository) AssignRole(ctx context.Context, tenantID, userID, roleID role.ID, assignedBy *role.ID) error

AssignRole assigns a role to a user.

func (*RoleRepository) BulkAssignRoleToUsers 

func (r *RoleRepository) BulkAssignRoleToUsers(ctx context.Context, tenantID, roleID role.ID, userIDs []role.ID, assignedBy *role.ID) error

BulkAssignRoleToUsers assigns a role to multiple users at once. OPTIMIZED: Uses batch insert instead of inserting one by one.

func (*RoleRepository) CountUsersWithRole 

func (r *RoleRepository) CountUsersWithRole(ctx context.Context, roleID role.ID) (int, error)

CountUsersWithRole returns the count of users with a specific role.

func (*RoleRepository) Create 

func (r *RoleRepository) Create(ctx context.Context, ro *role.Role) error

Create persists a new role.

func (*RoleRepository) Delete 

func (r *RoleRepository) Delete(ctx context.Context, id role.ID) error

Delete deletes a role.

func (*RoleRepository) GetByID 

func (r *RoleRepository) GetByID(ctx context.Context, id role.ID) (*role.Role, error)

GetByID retrieves a role by its ID.

func (*RoleRepository) GetBySlug 

func (r *RoleRepository) GetBySlug(ctx context.Context, tenantID *role.ID, slug string) (*role.Role, error)

GetBySlug retrieves a role by slug.

func (*RoleRepository) GetUserPermissions 

func (r *RoleRepository) GetUserPermissions(ctx context.Context, tenantID, userID role.ID) ([]string, error)

GetUserPermissions returns all permissions for a user (UNION of all roles).

func (*RoleRepository) GetUserRoles 

func (r *RoleRepository) GetUserRoles(ctx context.Context, tenantID, userID role.ID) ([]*role.Role, error)

GetUserRoles returns all roles for a user in a tenant. OPTIMIZED: Uses batch permission loading to avoid N+1 queries.

func (*RoleRepository) HasFullDataAccess 

func (r *RoleRepository) HasFullDataAccess(ctx context.Context, tenantID, userID role.ID) (bool, error)

HasFullDataAccess checks if user has full data access.

func (*RoleRepository) ListForTenant 

func (r *RoleRepository) ListForTenant(ctx context.Context, tenantID role.ID) ([]*role.Role, error)

ListForTenant returns all roles available for a tenant. OPTIMIZED: Uses batch permission loading to avoid N+1 queries.

func (*RoleRepository) ListRoleMembers 

func (r *RoleRepository) ListRoleMembers(ctx context.Context, tenantID, roleID role.ID) ([]*role.UserRole, error)

ListRoleMembers returns all users who have a specific role.

func (*RoleRepository) ListSystemRoles 

func (r *RoleRepository) ListSystemRoles(ctx context.Context) ([]*role.Role, error)

ListSystemRoles returns only system roles. OPTIMIZED: Uses batch permission loading to avoid N+1 queries.

func (*RoleRepository) RemoveRole 

func (r *RoleRepository) RemoveRole(ctx context.Context, tenantID, userID, roleID role.ID) error

RemoveRole removes a role from a user.

func (*RoleRepository) SetUserRoles 

func (r *RoleRepository) SetUserRoles(ctx context.Context, tenantID, userID role.ID, roleIDs []role.ID, assignedBy *role.ID) error

SetUserRoles replaces all roles for a user. OPTIMIZED: Uses batch insert instead of inserting one by one.

func (*RoleRepository) Update 

func (r *RoleRepository) Update(ctx context.Context, ro *role.Role) error

Update updates a role.

type RuleBundleRepository 

type RuleBundleRepository struct {
	// contains filtered or unexported fields
}

RuleBundleRepository implements rule.BundleRepository using PostgreSQL.

func NewRuleBundleRepository 

func NewRuleBundleRepository(db *DB) *RuleBundleRepository

NewRuleBundleRepository creates a new RuleBundleRepository.

func (*RuleBundleRepository) Create 

func (r *RuleBundleRepository) Create(ctx context.Context, bundle *rule.Bundle) error

Create persists a new bundle.

func (*RuleBundleRepository) Delete 

func (r *RuleBundleRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a bundle.

func (*RuleBundleRepository) DeleteExpired 

func (r *RuleBundleRepository) DeleteExpired(ctx context.Context) (int64, error)

DeleteExpired deletes all expired bundles.

func (*RuleBundleRepository) GetByContentHash 

func (r *RuleBundleRepository) GetByContentHash(ctx context.Context, hash string) (*rule.Bundle, error)

GetByContentHash retrieves a bundle by content hash.

func (*RuleBundleRepository) GetByID 

func (r *RuleBundleRepository) GetByID(ctx context.Context, id shared.ID) (*rule.Bundle, error)

GetByID retrieves a bundle by ID.

func (*RuleBundleRepository) GetByTenantAndID added in v0.1.3 

func (r *RuleBundleRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*rule.Bundle, error)

GetByTenantAndID retrieves a bundle by tenant and ID (tenant-scoped).

func (*RuleBundleRepository) GetLatest 

func (r *RuleBundleRepository) GetLatest(ctx context.Context, tenantID, toolID shared.ID) (*rule.Bundle, error)

GetLatest retrieves the latest ready bundle for a tenant and tool.

func (*RuleBundleRepository) List 

func (r *RuleBundleRepository) List(ctx context.Context, filter rule.BundleFilter) ([]*rule.Bundle, error)

List lists bundles with filters.

func (*RuleBundleRepository) Update 

func (r *RuleBundleRepository) Update(ctx context.Context, bundle *rule.Bundle) error

Update updates a bundle.

type RuleOverrideRepository 

type RuleOverrideRepository struct {
	// contains filtered or unexported fields
}

RuleOverrideRepository implements rule.OverrideRepository using PostgreSQL.

func NewRuleOverrideRepository 

func NewRuleOverrideRepository(db *DB) *RuleOverrideRepository

NewRuleOverrideRepository creates a new RuleOverrideRepository.

func (*RuleOverrideRepository) Create 

func (r *RuleOverrideRepository) Create(ctx context.Context, override *rule.Override) error

Create persists a new rule override.

func (*RuleOverrideRepository) Delete 

func (r *RuleOverrideRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes an override.

func (*RuleOverrideRepository) DeleteExpired 

func (r *RuleOverrideRepository) DeleteExpired(ctx context.Context) (int64, error)

DeleteExpired deletes all expired overrides.

func (*RuleOverrideRepository) GetByID 

func (r *RuleOverrideRepository) GetByID(ctx context.Context, id shared.ID) (*rule.Override, error)

GetByID retrieves an override by ID.

func (*RuleOverrideRepository) GetByTenantAndID 

func (r *RuleOverrideRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*rule.Override, error)

GetByTenantAndID retrieves an override by tenant and ID.

func (*RuleOverrideRepository) List 

func (r *RuleOverrideRepository) List(ctx context.Context, filter rule.OverrideFilter, page pagination.Pagination) (pagination.Result[*rule.Override], error)

List lists overrides with filters and pagination.

func (*RuleOverrideRepository) ListByTenantAndTool 

func (r *RuleOverrideRepository) ListByTenantAndTool(ctx context.Context, tenantID shared.ID, toolID *shared.ID) ([]*rule.Override, error)

ListByTenantAndTool lists all overrides for a tenant and tool.

func (*RuleOverrideRepository) Update 

func (r *RuleOverrideRepository) Update(ctx context.Context, override *rule.Override) error

Update updates an override.

type RuleRepository 

type RuleRepository struct {
	// contains filtered or unexported fields
}

RuleRepository implements rule.RuleRepository using PostgreSQL.

func NewRuleRepository 

func NewRuleRepository(db *DB) *RuleRepository

NewRuleRepository creates a new RuleRepository.

func (*RuleRepository) CountBySource 

func (r *RuleRepository) CountBySource(ctx context.Context, sourceID shared.ID) (int, error)

CountBySource counts rules for a source.

func (*RuleRepository) CountByTenantAndTool 

func (r *RuleRepository) CountByTenantAndTool(ctx context.Context, tenantID shared.ID, toolID *shared.ID) (int, error)

CountByTenantAndTool counts rules for a tenant and tool.

func (*RuleRepository) Create 

func (r *RuleRepository) Create(ctx context.Context, rl *rule.Rule) error

Create persists a new rule.

func (*RuleRepository) CreateBatch 

func (r *RuleRepository) CreateBatch(ctx context.Context, rules []*rule.Rule) error

CreateBatch creates multiple rules in batch.

func (*RuleRepository) Delete 

func (r *RuleRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a rule.

func (*RuleRepository) DeleteBySource 

func (r *RuleRepository) DeleteBySource(ctx context.Context, sourceID shared.ID) error

DeleteBySource deletes all rules for a source.

func (*RuleRepository) GetByID 

func (r *RuleRepository) GetByID(ctx context.Context, id shared.ID) (*rule.Rule, error)

GetByID retrieves a rule by ID.

func (*RuleRepository) GetBySourceAndRuleID 

func (r *RuleRepository) GetBySourceAndRuleID(ctx context.Context, sourceID shared.ID, ruleID string) (*rule.Rule, error)

GetBySourceAndRuleID retrieves a rule by source and rule ID.

func (*RuleRepository) GetByTenantAndID added in v0.1.3 

func (r *RuleRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*rule.Rule, error)

GetByTenantAndID retrieves a rule by tenant and ID (tenant-scoped).

func (*RuleRepository) List 

func (r *RuleRepository) List(ctx context.Context, filter rule.RuleFilter, page pagination.Pagination) (pagination.Result[*rule.Rule], error)

List lists rules with filters and pagination.

func (*RuleRepository) ListBySource 

func (r *RuleRepository) ListBySource(ctx context.Context, sourceID shared.ID) ([]*rule.Rule, error)

ListBySource lists all rules for a source.

func (*RuleRepository) Update 

func (r *RuleRepository) Update(ctx context.Context, rl *rule.Rule) error

Update updates a rule.

func (*RuleRepository) UpsertBatch 

func (r *RuleRepository) UpsertBatch(ctx context.Context, rules []*rule.Rule) error

UpsertBatch upserts multiple rules.

type RuleSourceRepository 

type RuleSourceRepository struct {
	// contains filtered or unexported fields
}

RuleSourceRepository implements rule.SourceRepository using PostgreSQL.

func NewRuleSourceRepository 

func NewRuleSourceRepository(db *DB) *RuleSourceRepository

NewRuleSourceRepository creates a new RuleSourceRepository.

func (*RuleSourceRepository) Create 

func (r *RuleSourceRepository) Create(ctx context.Context, source *rule.Source) error

Create persists a new rule source.

func (*RuleSourceRepository) Delete 

func (r *RuleSourceRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a source.

func (*RuleSourceRepository) GetByID 

func (r *RuleSourceRepository) GetByID(ctx context.Context, id shared.ID) (*rule.Source, error)

GetByID retrieves a source by ID.

func (*RuleSourceRepository) GetByTenantAndID 

func (r *RuleSourceRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*rule.Source, error)

GetByTenantAndID retrieves a source by tenant and ID.

func (*RuleSourceRepository) List 

func (r *RuleSourceRepository) List(ctx context.Context, filter rule.SourceFilter, page pagination.Pagination) (pagination.Result[*rule.Source], error)

List lists sources with filters and pagination.

func (*RuleSourceRepository) ListByTenantAndTool 

func (r *RuleSourceRepository) ListByTenantAndTool(ctx context.Context, tenantID shared.ID, toolID *shared.ID) ([]*rule.Source, error)

ListByTenantAndTool lists all sources for a tenant and tool.

func (*RuleSourceRepository) ListNeedingSync 

func (r *RuleSourceRepository) ListNeedingSync(ctx context.Context, limit int) ([]*rule.Source, error)

ListNeedingSync lists sources that need synchronization.

func (*RuleSourceRepository) Update 

func (r *RuleSourceRepository) Update(ctx context.Context, source *rule.Source) error

Update updates a source.

type RuleSyncHistoryRepository 

type RuleSyncHistoryRepository struct {
	// contains filtered or unexported fields
}

RuleSyncHistoryRepository implements rule.SyncHistoryRepository using PostgreSQL.

func NewRuleSyncHistoryRepository 

func NewRuleSyncHistoryRepository(db *DB) *RuleSyncHistoryRepository

NewRuleSyncHistoryRepository creates a new RuleSyncHistoryRepository.

func (*RuleSyncHistoryRepository) Create 

func (r *RuleSyncHistoryRepository) Create(ctx context.Context, history *rule.SyncHistory) error

Create persists a new sync history record.

func (*RuleSyncHistoryRepository) ListBySource 

func (r *RuleSyncHistoryRepository) ListBySource(ctx context.Context, sourceID shared.ID, limit int) ([]*rule.SyncHistory, error)

ListBySource lists sync history for a source.

type SLAPolicyRepository 

type SLAPolicyRepository struct {
	// contains filtered or unexported fields
}

SLAPolicyRepository implements sla.Repository using PostgreSQL.

func NewSLAPolicyRepository 

func NewSLAPolicyRepository(db *DB) *SLAPolicyRepository

NewSLAPolicyRepository creates a new SLAPolicyRepository.

func (*SLAPolicyRepository) Create 

func (r *SLAPolicyRepository) Create(ctx context.Context, policy *sla.Policy) error

Create persists a new SLA policy.

func (*SLAPolicyRepository) Delete 

func (r *SLAPolicyRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a policy.

func (*SLAPolicyRepository) ExistsByAsset 

func (r *SLAPolicyRepository) ExistsByAsset(ctx context.Context, assetID shared.ID) (bool, error)

ExistsByAsset checks if an asset-specific policy exists.

func (*SLAPolicyRepository) GetByAsset 

func (r *SLAPolicyRepository) GetByAsset(ctx context.Context, tenantID, assetID shared.ID) (*sla.Policy, error)

GetByAsset retrieves the policy for a specific asset. Returns the asset-specific policy if exists, otherwise the tenant default.

func (*SLAPolicyRepository) GetByID 

func (r *SLAPolicyRepository) GetByID(ctx context.Context, id shared.ID) (*sla.Policy, error)

GetByID retrieves a policy by ID.

func (*SLAPolicyRepository) GetByTenantAndID added in v0.1.3 

func (r *SLAPolicyRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*sla.Policy, error)

GetByTenantAndID retrieves a policy by tenant and ID (tenant-scoped).

func (*SLAPolicyRepository) GetTenantDefault 

func (r *SLAPolicyRepository) GetTenantDefault(ctx context.Context, tenantID shared.ID) (*sla.Policy, error)

GetTenantDefault retrieves the default policy for a tenant.

func (*SLAPolicyRepository) ListByTenant 

func (r *SLAPolicyRepository) ListByTenant(ctx context.Context, tenantID shared.ID) ([]*sla.Policy, error)

ListByTenant returns all policies for a tenant.

func (*SLAPolicyRepository) Update 

func (r *SLAPolicyRepository) Update(ctx context.Context, policy *sla.Policy) error

Update updates an existing policy.

type ScanProfileRepository 

type ScanProfileRepository struct {
	// contains filtered or unexported fields
}

ScanProfileRepository implements scanprofile.Repository using PostgreSQL.

func NewScanProfileRepository 

func NewScanProfileRepository(db *DB) *ScanProfileRepository

NewScanProfileRepository creates a new ScanProfileRepository.

func (*ScanProfileRepository) ClearDefaultForTenant 

func (r *ScanProfileRepository) ClearDefaultForTenant(ctx context.Context, tenantID shared.ID) error

ClearDefaultForTenant clears the default flag for all profiles in a tenant.

func (*ScanProfileRepository) CountByTenant 

func (r *ScanProfileRepository) CountByTenant(ctx context.Context, tenantID shared.ID) (int64, error)

CountByTenant counts the number of profiles for a tenant.

func (*ScanProfileRepository) Create 

func (r *ScanProfileRepository) Create(ctx context.Context, p *scanprofile.ScanProfile) error

Create persists a new scan profile.

func (*ScanProfileRepository) Delete 

func (r *ScanProfileRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a scan profile.

func (*ScanProfileRepository) GetAccessibleByID added in v0.1.5 

func (r *ScanProfileRepository) GetAccessibleByID(ctx context.Context, tenantID, id shared.ID) (*scanprofile.ScanProfile, error)

GetAccessibleByID retrieves a scan profile by ID if it belongs to the tenant or is a system profile (tenant_id IS NULL). Enforces tenant scoping at SQL layer.

func (*ScanProfileRepository) GetByID 

func (r *ScanProfileRepository) GetByID(ctx context.Context, id shared.ID) (*scanprofile.ScanProfile, error)

GetByID retrieves a scan profile by its ID.

func (*ScanProfileRepository) GetByIDWithSystemFallback 

func (r *ScanProfileRepository) GetByIDWithSystemFallback(ctx context.Context, tenantID, id shared.ID) (*scanprofile.ScanProfile, error)

GetByIDWithSystemFallback retrieves a profile by ID, checking both tenant and system profiles. This allows tenants to reference system profiles for use in scans.

func (*ScanProfileRepository) GetByTenantAndID 

func (r *ScanProfileRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*scanprofile.ScanProfile, error)

GetByTenantAndID retrieves a scan profile by tenant and ID.

func (*ScanProfileRepository) GetByTenantAndName 

func (r *ScanProfileRepository) GetByTenantAndName(ctx context.Context, tenantID shared.ID, name string) (*scanprofile.ScanProfile, error)

GetByTenantAndName retrieves a scan profile by tenant and name.

func (*ScanProfileRepository) GetDefaultByTenant 

func (r *ScanProfileRepository) GetDefaultByTenant(ctx context.Context, tenantID shared.ID) (*scanprofile.ScanProfile, error)

GetDefaultByTenant retrieves the default scan profile for a tenant.

func (*ScanProfileRepository) List 

func (r *ScanProfileRepository) List(ctx context.Context, filter scanprofile.Filter, page pagination.Pagination) (pagination.Result[*scanprofile.ScanProfile], error)

List lists scan profiles with filters and pagination.

func (*ScanProfileRepository) ListWithSystemProfiles 

func (r *ScanProfileRepository) ListWithSystemProfiles(ctx context.Context, tenantID shared.ID, filter scanprofile.Filter, page pagination.Pagination) (pagination.Result[*scanprofile.ScanProfile], error)

ListWithSystemProfiles lists tenant profiles AND system profiles. Returns both tenant-specific profiles and system profiles (marked with is_system=true).

func (*ScanProfileRepository) Update 

func (r *ScanProfileRepository) Update(ctx context.Context, p *scanprofile.ScanProfile) error

Update updates a scan profile.

type ScanRepository 

type ScanRepository struct {
	// contains filtered or unexported fields
}

ScanRepository implements scan.Repository using PostgreSQL.

func NewScanRepository 

func NewScanRepository(db *DB) *ScanRepository

NewScanRepository creates a new ScanRepository.

func (*ScanRepository) Count 

func (r *ScanRepository) Count(ctx context.Context, filter scan.Filter) (int64, error)

Count counts scans matching the filter.

func (*ScanRepository) Create 

func (r *ScanRepository) Create(ctx context.Context, s *scan.Scan) error

Create persists a new scan.

func (*ScanRepository) Delete 

func (r *ScanRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a scan.

func (*ScanRepository) GetByID 

func (r *ScanRepository) GetByID(ctx context.Context, id shared.ID) (*scan.Scan, error)

GetByID retrieves a scan by ID.

func (*ScanRepository) GetByName 

func (r *ScanRepository) GetByName(ctx context.Context, tenantID shared.ID, name string) (*scan.Scan, error)

GetByName retrieves a scan by tenant and name.

func (*ScanRepository) GetByTenantAndID 

func (r *ScanRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*scan.Scan, error)

GetByTenantAndID retrieves a scan by tenant and ID.

func (*ScanRepository) GetStats 

func (r *ScanRepository) GetStats(ctx context.Context, tenantID shared.ID) (*scan.Stats, error)

GetStats returns aggregated statistics for scans.

func (*ScanRepository) List 

func (r *ScanRepository) List(ctx context.Context, filter scan.Filter, page pagination.Pagination) (pagination.Result[*scan.Scan], error)

List lists scans with filters and pagination.

func (*ScanRepository) ListByAssetGroupID 

func (r *ScanRepository) ListByAssetGroupID(ctx context.Context, assetGroupID shared.ID) ([]*scan.Scan, error)

ListByAssetGroupID lists all scans for an asset group.

func (*ScanRepository) ListByPipelineID 

func (r *ScanRepository) ListByPipelineID(ctx context.Context, pipelineID shared.ID) ([]*scan.Scan, error)

ListByPipelineID lists all scans using a pipeline.

func (*ScanRepository) ListDueForExecution 

func (r *ScanRepository) ListDueForExecution(ctx context.Context, now time.Time) ([]*scan.Scan, error)

ListDueForExecution lists scans that are due for scheduled execution.

func (*ScanRepository) RecordRun 

func (r *ScanRepository) RecordRun(ctx context.Context, id shared.ID, runID shared.ID, status string) error

RecordRun records a run result for a scan.

func (*ScanRepository) TryLockScanForScheduler added in v0.1.5 

func (r *ScanRepository) TryLockScanForScheduler(ctx context.Context, id shared.ID) (bool, error)

TryLockScanForScheduler attempts to acquire a session-level advisory lock for the given scan ID. Uses pg_try_advisory_lock(int4, int4) — the first arg namespaces this lock to the scan scheduler, the second arg is a 32-bit hash of the scan UUID.

func (*ScanRepository) UnlockScanForScheduler added in v0.1.5 

func (r *ScanRepository) UnlockScanForScheduler(ctx context.Context, id shared.ID) error

UnlockScanForScheduler releases a previously acquired session-level scheduler lock.

func (*ScanRepository) Update 

func (r *ScanRepository) Update(ctx context.Context, s *scan.Scan) error

Update updates a scan.

func (*ScanRepository) UpdateNextRunAt 

func (r *ScanRepository) UpdateNextRunAt(ctx context.Context, id shared.ID, nextRunAt *time.Time) error

UpdateNextRunAt updates the next run time for a scan.

func (*ScanRepository) UpdateStatusByAssetGroupID 

func (r *ScanRepository) UpdateStatusByAssetGroupID(ctx context.Context, assetGroupID shared.ID, status scan.Status) error

UpdateStatusByAssetGroupID updates status for all scans in an asset group.

type ScanSessionRepository 

type ScanSessionRepository struct {
	// contains filtered or unexported fields
}

ScanSessionRepository implements scansession.Repository using PostgreSQL.

func NewScanSessionRepository 

func NewScanSessionRepository(db *DB) *ScanSessionRepository

NewScanSessionRepository creates a new ScanSessionRepository.

func (*ScanSessionRepository) Create 

func (r *ScanSessionRepository) Create(ctx context.Context, s *scansession.ScanSession) error

Create persists a new scan session.

func (*ScanSessionRepository) Delete 

func (r *ScanSessionRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a scan session by ID.

func (*ScanSessionRepository) FindBaseline 

func (r *ScanSessionRepository) FindBaseline(ctx context.Context, tenantID shared.ID, assetType, assetValue, branch string) (string, error)

FindBaseline finds the baseline commit SHA for incremental scanning.

func (*ScanSessionRepository) GetByID 

func (r *ScanSessionRepository) GetByID(ctx context.Context, id shared.ID) (*scansession.ScanSession, error)

GetByID retrieves a scan session by ID.

func (*ScanSessionRepository) GetByTenantAndID 

func (r *ScanSessionRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*scansession.ScanSession, error)

GetByTenantAndID retrieves a scan session by tenant and ID.

func (*ScanSessionRepository) GetStats 

func (r *ScanSessionRepository) GetStats(ctx context.Context, tenantID shared.ID, since time.Time) (*scansession.Stats, error)

GetStats returns scan session statistics.

func (*ScanSessionRepository) List 

func (r *ScanSessionRepository) List(ctx context.Context, filter scansession.Filter, page pagination.Pagination) (pagination.Result[*scansession.ScanSession], error)

List lists scan sessions with filtering and pagination.

func (*ScanSessionRepository) ListRunning 

func (r *ScanSessionRepository) ListRunning(ctx context.Context, tenantID shared.ID) ([]*scansession.ScanSession, error)

ListRunning lists all running scans for a tenant.

func (*ScanSessionRepository) Update 

func (r *ScanSessionRepository) Update(ctx context.Context, s *scansession.ScanSession) error

Update updates a scan session.

type ScannerTemplateRepository 

type ScannerTemplateRepository struct {
	// contains filtered or unexported fields
}

ScannerTemplateRepository implements scannertemplate.Repository using PostgreSQL.

func NewScannerTemplateRepository 

func NewScannerTemplateRepository(db *DB) *ScannerTemplateRepository

NewScannerTemplateRepository creates a new ScannerTemplateRepository.

func (*ScannerTemplateRepository) CountByTenant 

func (r *ScannerTemplateRepository) CountByTenant(ctx context.Context, tenantID shared.ID) (int64, error)

CountByTenant counts the number of templates for a tenant.

func (*ScannerTemplateRepository) CountByType 

func (r *ScannerTemplateRepository) CountByType(ctx context.Context, tenantID shared.ID, templateType scannertemplate.TemplateType) (int64, error)

CountByType counts the number of templates by type for a tenant.

func (*ScannerTemplateRepository) Create 

func (r *ScannerTemplateRepository) Create(ctx context.Context, t *scannertemplate.ScannerTemplate) error

Create persists a new scanner template.

func (*ScannerTemplateRepository) Delete 

func (r *ScannerTemplateRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete deletes a scanner template (tenant-scoped).

func (*ScannerTemplateRepository) ExistsByName 

func (r *ScannerTemplateRepository) ExistsByName(ctx context.Context, tenantID shared.ID, templateType scannertemplate.TemplateType, name string) (bool, error)

ExistsByName checks if a template with the given name exists.

func (*ScannerTemplateRepository) GetByTenantAndID 

func (r *ScannerTemplateRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*scannertemplate.ScannerTemplate, error)

GetByTenantAndID retrieves a scanner template by tenant and ID.

func (*ScannerTemplateRepository) GetByTenantAndName 

func (r *ScannerTemplateRepository) GetByTenantAndName(ctx context.Context, tenantID shared.ID, templateType scannertemplate.TemplateType, name string) (*scannertemplate.ScannerTemplate, error)

GetByTenantAndName retrieves a scanner template by tenant, type, and name.

func (*ScannerTemplateRepository) GetUsage 

func (r *ScannerTemplateRepository) GetUsage(ctx context.Context, tenantID shared.ID) (*scannertemplate.TemplateUsage, error)

GetUsage returns the current template usage for a tenant.

func (*ScannerTemplateRepository) List 

func (r *ScannerTemplateRepository) List(ctx context.Context, filter scannertemplate.Filter, page pagination.Pagination) (pagination.Result[*scannertemplate.ScannerTemplate], error)

List lists scanner templates with filters and pagination.

func (*ScannerTemplateRepository) ListByIDs 

func (r *ScannerTemplateRepository) ListByIDs(ctx context.Context, tenantID shared.ID, ids []shared.ID) ([]*scannertemplate.ScannerTemplate, error)

ListByIDs retrieves multiple templates by their IDs.

func (*ScannerTemplateRepository) Update 

func (r *ScannerTemplateRepository) Update(ctx context.Context, t *scannertemplate.ScannerTemplate) error

Update updates a scanner template.

type ScopeExclusionRepository 

type ScopeExclusionRepository struct {
	// contains filtered or unexported fields
}

ScopeExclusionRepository implements scope.ExclusionRepository using PostgreSQL.

func NewScopeExclusionRepository 

func NewScopeExclusionRepository(db *DB) *ScopeExclusionRepository

NewScopeExclusionRepository creates a new ScopeExclusionRepository.

func (*ScopeExclusionRepository) Count 

func (r *ScopeExclusionRepository) Count(ctx context.Context, filter scope.ExclusionFilter) (int64, error)

Count returns the total number of scope exclusions matching the filter.

func (*ScopeExclusionRepository) Create 

func (r *ScopeExclusionRepository) Create(ctx context.Context, exclusion *scope.Exclusion) error

Create persists a new scope exclusion.

func (*ScopeExclusionRepository) Delete 

func (r *ScopeExclusionRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a scope exclusion by its tenant ID and ID.

func (*ScopeExclusionRepository) ExpireOld 

func (r *ScopeExclusionRepository) ExpireOld(ctx context.Context) error

ExpireOld marks expired exclusions as expired.

func (*ScopeExclusionRepository) GetByID 

func (r *ScopeExclusionRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*scope.Exclusion, error)

GetByID retrieves a scope exclusion by its tenant ID and ID.

func (*ScopeExclusionRepository) List 

func (r *ScopeExclusionRepository) List(ctx context.Context, filter scope.ExclusionFilter, page pagination.Pagination) (pagination.Result[*scope.Exclusion], error)

List retrieves scope exclusions with filtering and pagination.

func (*ScopeExclusionRepository) ListActive 

func (r *ScopeExclusionRepository) ListActive(ctx context.Context, tenantID shared.ID) ([]*scope.Exclusion, error)

ListActive retrieves all active scope exclusions for a tenant.

func (*ScopeExclusionRepository) Update 

func (r *ScopeExclusionRepository) Update(ctx context.Context, exclusion *scope.Exclusion) error

Update updates an existing scope exclusion.

type ScopeScheduleRepository 

type ScopeScheduleRepository struct {
	// contains filtered or unexported fields
}

ScopeScheduleRepository implements scope.ScheduleRepository using PostgreSQL.

func NewScopeScheduleRepository 

func NewScopeScheduleRepository(db *DB) *ScopeScheduleRepository

NewScopeScheduleRepository creates a new ScopeScheduleRepository.

func (*ScopeScheduleRepository) Count 

func (r *ScopeScheduleRepository) Count(ctx context.Context, filter scope.ScheduleFilter) (int64, error)

Count returns the total number of scan schedules matching the filter.

func (*ScopeScheduleRepository) Create 

func (r *ScopeScheduleRepository) Create(ctx context.Context, schedule *scope.Schedule) error

Create persists a new scan schedule.

func (*ScopeScheduleRepository) Delete 

func (r *ScopeScheduleRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a scan schedule by its tenant ID and ID.

func (*ScopeScheduleRepository) GetByID 

func (r *ScopeScheduleRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*scope.Schedule, error)

GetByID retrieves a scan schedule by its tenant ID and ID.

func (*ScopeScheduleRepository) List 

func (r *ScopeScheduleRepository) List(ctx context.Context, filter scope.ScheduleFilter, page pagination.Pagination) (pagination.Result[*scope.Schedule], error)

List retrieves scan schedules with filtering and pagination.

func (*ScopeScheduleRepository) ListDue 

func (r *ScopeScheduleRepository) ListDue(ctx context.Context) ([]*scope.Schedule, error)

ListDue retrieves all enabled schedules that are due to run.

func (*ScopeScheduleRepository) Update 

func (r *ScopeScheduleRepository) Update(ctx context.Context, schedule *scope.Schedule) error

Update updates an existing scan schedule.

type ScopeTargetRepository 

type ScopeTargetRepository struct {
	// contains filtered or unexported fields
}

ScopeTargetRepository implements scope.TargetRepository using PostgreSQL.

func NewScopeTargetRepository 

func NewScopeTargetRepository(db *DB) *ScopeTargetRepository

NewScopeTargetRepository creates a new ScopeTargetRepository.

func (*ScopeTargetRepository) Count 

func (r *ScopeTargetRepository) Count(ctx context.Context, filter scope.TargetFilter) (int64, error)

Count returns the total number of scope targets matching the filter.

func (*ScopeTargetRepository) Create 

func (r *ScopeTargetRepository) Create(ctx context.Context, target *scope.Target) error

Create persists a new scope target.

func (*ScopeTargetRepository) Delete 

func (r *ScopeTargetRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a scope target by its tenant ID and ID.

func (*ScopeTargetRepository) ExistsByPattern 

func (r *ScopeTargetRepository) ExistsByPattern(ctx context.Context, tenantID shared.ID, targetType scope.TargetType, pattern string) (bool, error)

ExistsByPattern checks if a target with the given pattern exists.

func (*ScopeTargetRepository) GetByID 

func (r *ScopeTargetRepository) GetByID(ctx context.Context, tenantID, id shared.ID) (*scope.Target, error)

GetByID retrieves a scope target by its tenant ID and ID.

func (*ScopeTargetRepository) List 

func (r *ScopeTargetRepository) List(ctx context.Context, filter scope.TargetFilter, page pagination.Pagination) (pagination.Result[*scope.Target], error)

List retrieves scope targets with filtering and pagination.

func (*ScopeTargetRepository) ListActive 

func (r *ScopeTargetRepository) ListActive(ctx context.Context, tenantID shared.ID) ([]*scope.Target, error)

ListActive retrieves all active scope targets for a tenant.

func (*ScopeTargetRepository) Update 

func (r *ScopeTargetRepository) Update(ctx context.Context, target *scope.Target) error

Update updates an existing scope target.

type SecretStoreRepository 

type SecretStoreRepository struct {
	// contains filtered or unexported fields
}

SecretStoreRepository implements secretstore.Repository using PostgreSQL.

func NewSecretStoreRepository 

func NewSecretStoreRepository(db *DB) *SecretStoreRepository

NewSecretStoreRepository creates a new SecretStoreRepository.

func (*SecretStoreRepository) CountByTenant 

func (r *SecretStoreRepository) CountByTenant(ctx context.Context, tenantID shared.ID) (int, error)

CountByTenant counts credentials for a tenant.

func (*SecretStoreRepository) Create 

func (r *SecretStoreRepository) Create(ctx context.Context, c *secretstore.Credential) error

Create persists a new secretstore.

func (*SecretStoreRepository) DeleteByTenantAndID 

func (r *SecretStoreRepository) DeleteByTenantAndID(ctx context.Context, tenantID, id shared.ID) error

DeleteByTenantAndID deletes a credential with tenant validation.

func (*SecretStoreRepository) GetByTenantAndID 

func (r *SecretStoreRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*secretstore.Credential, error)

GetByTenantAndID retrieves a credential by tenant and ID.

func (*SecretStoreRepository) GetByTenantAndName 

func (r *SecretStoreRepository) GetByTenantAndName(ctx context.Context, tenantID shared.ID, name string) (*secretstore.Credential, error)

GetByTenantAndName retrieves a credential by tenant and name.

func (*SecretStoreRepository) List 

func (r *SecretStoreRepository) List(ctx context.Context, input secretstore.ListInput) (*secretstore.ListOutput, error)

List lists credentials with pagination and filtering.

func (*SecretStoreRepository) Update 

func (r *SecretStoreRepository) Update(ctx context.Context, c *secretstore.Credential) error

Update updates a secretstore.

func (*SecretStoreRepository) UpdateLastUsedByTenantAndID 

func (r *SecretStoreRepository) UpdateLastUsedByTenantAndID(ctx context.Context, tenantID, id shared.ID) error

UpdateLastUsedByTenantAndID updates only the last_used_at field with tenant validation.

type SessionRepository 

type SessionRepository struct {
	// contains filtered or unexported fields
}

SessionRepository implements session.Repository using PostgreSQL.

func NewSessionRepository 

func NewSessionRepository(db *sql.DB) *SessionRepository

NewSessionRepository creates a new PostgreSQL session repository.

func (*SessionRepository) CountActiveByUserID 

func (r *SessionRepository) CountActiveByUserID(ctx context.Context, userID shared.ID) (int, error)

CountActiveByUserID counts active sessions for a user.

func (*SessionRepository) Create 

func (r *SessionRepository) Create(ctx context.Context, s *session.Session) error

Create creates a new session.

func (*SessionRepository) Delete 

func (r *SessionRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a session.

func (*SessionRepository) DeleteExpired 

func (r *SessionRepository) DeleteExpired(ctx context.Context) (int64, error)

DeleteExpired deletes all expired sessions.

func (*SessionRepository) GetActiveByUserID 

func (r *SessionRepository) GetActiveByUserID(ctx context.Context, userID shared.ID) ([]*session.Session, error)

GetActiveByUserID retrieves all active sessions for a user.

func (*SessionRepository) GetByAccessTokenHash 

func (r *SessionRepository) GetByAccessTokenHash(ctx context.Context, hash string) (*session.Session, error)

GetByAccessTokenHash retrieves a session by access token hash.

func (*SessionRepository) GetByID 

func (r *SessionRepository) GetByID(ctx context.Context, id shared.ID) (*session.Session, error)

GetByID retrieves a session by its ID.

func (*SessionRepository) GetOldestActiveByUserID 

func (r *SessionRepository) GetOldestActiveByUserID(ctx context.Context, userID shared.ID) (*session.Session, error)

GetOldestActiveByUserID retrieves the oldest active session for a user.

func (*SessionRepository) RevokeAllByUserID 

func (r *SessionRepository) RevokeAllByUserID(ctx context.Context, userID shared.ID) error

RevokeAllByUserID revokes all sessions for a user.

func (*SessionRepository) RevokeAllByUserIDExcept 

func (r *SessionRepository) RevokeAllByUserIDExcept(ctx context.Context, userID shared.ID, exceptSessionID shared.ID) error

RevokeAllByUserIDExcept revokes all sessions for a user except the specified session.

func (*SessionRepository) Update 

func (r *SessionRepository) Update(ctx context.Context, s *session.Session) error

Update updates an existing session.

type StepRunRepository 

type StepRunRepository struct {
	// contains filtered or unexported fields
}

StepRunRepository implements pipeline.StepRunRepository using PostgreSQL.

func NewStepRunRepository 

func NewStepRunRepository(db *DB) *StepRunRepository

NewStepRunRepository creates a new StepRunRepository.

func (*StepRunRepository) AssignAgent 

func (r *StepRunRepository) AssignAgent(ctx context.Context, id shared.ID, agentID, commandID shared.ID) error

AssignAgent assigns an agent and command to a step run.

func (*StepRunRepository) Complete 

func (r *StepRunRepository) Complete(ctx context.Context, id shared.ID, findingsCount int, output map[string]any) error

Complete marks a step run as completed.

func (*StepRunRepository) Create 

func (r *StepRunRepository) Create(ctx context.Context, sr *pipeline.StepRun) error

Create persists a new step run.

func (*StepRunRepository) CreateBatch 

func (r *StepRunRepository) CreateBatch(ctx context.Context, stepRuns []*pipeline.StepRun) error

CreateBatch creates multiple step runs.

func (*StepRunRepository) Delete 

func (r *StepRunRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a step run.

func (*StepRunRepository) GetByID 

func (r *StepRunRepository) GetByID(ctx context.Context, id shared.ID) (*pipeline.StepRun, error)

GetByID retrieves a step run by ID.

func (*StepRunRepository) GetByPipelineRunID 

func (r *StepRunRepository) GetByPipelineRunID(ctx context.Context, pipelineRunID shared.ID) ([]*pipeline.StepRun, error)

GetByPipelineRunID retrieves all step runs for a pipeline run.

func (*StepRunRepository) GetByStepKey 

func (r *StepRunRepository) GetByStepKey(ctx context.Context, pipelineRunID shared.ID, stepKey string) (*pipeline.StepRun, error)

GetByStepKey retrieves a step run by pipeline run ID and step key.

func (*StepRunRepository) GetPendingByDependencies 

func (r *StepRunRepository) GetPendingByDependencies(ctx context.Context, pipelineRunID shared.ID, completedStepKeys []string) ([]*pipeline.StepRun, error)

GetPendingByDependencies gets step runs that are pending and have their dependencies completed.

func (*StepRunRepository) GetStatsByTenant 

func (r *StepRunRepository) GetStatsByTenant(ctx context.Context, tenantID shared.ID) (pipeline.RunStats, error)

GetStatsByTenant returns aggregated step run statistics for a tenant in a single query. Uses a JOIN to filter by tenant through the pipeline_runs table.

func (*StepRunRepository) List 

func (r *StepRunRepository) List(ctx context.Context, filter pipeline.StepRunFilter) ([]*pipeline.StepRun, error)

List lists step runs with filters.

func (*StepRunRepository) Update 

func (r *StepRunRepository) Update(ctx context.Context, sr *pipeline.StepRun) error

Update updates a step run.

func (*StepRunRepository) UpdateStatus 

func (r *StepRunRepository) UpdateStatus(ctx context.Context, id shared.ID, status pipeline.StepRunStatus, errorMessage, errorCode string) error

UpdateStatus updates step run status.

type SuppressionRepository 

type SuppressionRepository struct {
	// contains filtered or unexported fields
}

SuppressionRepository handles suppression rule persistence.

func NewSuppressionRepository 

func NewSuppressionRepository(db *DB) *SuppressionRepository

NewSuppressionRepository creates a new SuppressionRepository.

func (*SuppressionRepository) Delete 

func (r *SuppressionRepository) Delete(ctx context.Context, tenantID, id shared.ID) error

Delete removes a suppression rule.

func (*SuppressionRepository) ExpireRules 

func (r *SuppressionRepository) ExpireRules(ctx context.Context) (int64, error)

ExpireRules marks expired rules as expired.

func (*SuppressionRepository) FindActiveByTenant 

func (r *SuppressionRepository) FindActiveByTenant(ctx context.Context, tenantID shared.ID) ([]*suppression.Rule, error)

FindActiveByTenant retrieves all active (approved, not expired) rules.

func (*SuppressionRepository) FindByID 

func (r *SuppressionRepository) FindByID(ctx context.Context, tenantID, id shared.ID) (*suppression.Rule, error)

FindByID retrieves a suppression rule by ID.

func (*SuppressionRepository) FindByTenant 

func (r *SuppressionRepository) FindByTenant(ctx context.Context, tenantID shared.ID, filter suppression.RuleFilter) ([]*suppression.Rule, error)

FindByTenant retrieves suppression rules for a tenant with filters.

func (*SuppressionRepository) FindMatchingRules 

func (r *SuppressionRepository) FindMatchingRules(ctx context.Context, tenantID shared.ID, match suppression.FindingMatch) ([]*suppression.Rule, error)

FindMatchingRules finds rules that match a given finding.

func (*SuppressionRepository) FindPendingByTenant 

func (r *SuppressionRepository) FindPendingByTenant(ctx context.Context, tenantID shared.ID) ([]*suppression.Rule, error)

FindPendingByTenant retrieves all pending rules.

func (*SuppressionRepository) FindSuppressionsByFinding 

func (r *SuppressionRepository) FindSuppressionsByFinding(ctx context.Context, findingID shared.ID) ([]*suppression.FindingSuppression, error)

FindSuppressionsByFinding retrieves suppressions for a finding.

func (*SuppressionRepository) RecordAudit 

func (r *SuppressionRepository) RecordAudit(ctx context.Context, ruleID shared.ID, action string, actorID *shared.ID, details map[string]any) error

RecordAudit records an audit log entry for a suppression rule.

func (*SuppressionRepository) RecordSuppression 

func (r *SuppressionRepository) RecordSuppression(ctx context.Context, findingID, ruleID shared.ID, appliedBy string) error

RecordSuppression records that a finding was suppressed by a rule.

func (*SuppressionRepository) RemoveSuppression 

func (r *SuppressionRepository) RemoveSuppression(ctx context.Context, findingID, ruleID shared.ID) error

RemoveSuppression removes a suppression from a finding.

func (*SuppressionRepository) Save 

func (r *SuppressionRepository) Save(ctx context.Context, rule *suppression.Rule) error

Save persists a suppression rule.

type SyncStatusRepository 

type SyncStatusRepository struct {
	// contains filtered or unexported fields
}

SyncStatusRepository implements threatintel.SyncStatusRepository.

func (*SyncStatusRepository) GetAll 

func (r *SyncStatusRepository) GetAll(ctx context.Context) ([]*threatintel.SyncStatus, error)

GetAll retrieves all sync statuses.

func (*SyncStatusRepository) GetBySource 

func (r *SyncStatusRepository) GetBySource(ctx context.Context, source string) (*threatintel.SyncStatus, error)

GetBySource retrieves sync status by source name.

func (*SyncStatusRepository) GetDueForSync 

func (r *SyncStatusRepository) GetDueForSync(ctx context.Context) ([]*threatintel.SyncStatus, error)

GetDueForSync retrieves sources due for sync.

func (*SyncStatusRepository) GetEnabled 

func (r *SyncStatusRepository) GetEnabled(ctx context.Context) ([]*threatintel.SyncStatus, error)

GetEnabled retrieves enabled sync statuses.

func (*SyncStatusRepository) Update 

func (r *SyncStatusRepository) Update(ctx context.Context, status *threatintel.SyncStatus) error

Update updates a sync status.

type TargetMappingRepository 

type TargetMappingRepository struct {
	// contains filtered or unexported fields
}

TargetMappingRepository implements tool.TargetMappingRepository using PostgreSQL.

func NewTargetMappingRepository 

func NewTargetMappingRepository(db *DB) *TargetMappingRepository

NewTargetMappingRepository creates a new TargetMappingRepository.

func (*TargetMappingRepository) CanToolScanAssetType 

func (r *TargetMappingRepository) CanToolScanAssetType(ctx context.Context, targetTypes []string, assetType asset.AssetType) (bool, error)

CanToolScanAssetType checks if a tool (via its supported_targets) can scan a specific asset type.

func (*TargetMappingRepository) Create 

func (r *TargetMappingRepository) Create(ctx context.Context, m *tool.TargetAssetTypeMapping) error

Create persists a new target mapping.

func (*TargetMappingRepository) Delete 

func (r *TargetMappingRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a target mapping by ID.

func (*TargetMappingRepository) GetAssetTypesForTargets 

func (r *TargetMappingRepository) GetAssetTypesForTargets(ctx context.Context, targetTypes []string) ([]asset.AssetType, error)

GetAssetTypesForTargets returns all asset types that can be scanned by the given target types.

func (*TargetMappingRepository) GetByID 

func (r *TargetMappingRepository) GetByID(ctx context.Context, id shared.ID) (*tool.TargetAssetTypeMapping, error)

GetByID retrieves a target mapping by ID.

func (*TargetMappingRepository) GetCompatibleAssetTypes 

func (r *TargetMappingRepository) GetCompatibleAssetTypes(ctx context.Context, targetTypes []string, assetTypes []asset.AssetType) ([]asset.AssetType, error)

GetCompatibleAssetTypes returns asset types from the list that CAN be scanned by at least one of the given target types.

func (*TargetMappingRepository) GetIncompatibleAssetTypes 

func (r *TargetMappingRepository) GetIncompatibleAssetTypes(ctx context.Context, targetTypes []string, assetTypes []asset.AssetType) ([]asset.AssetType, error)

GetIncompatibleAssetTypes returns asset types from the list that CANNOT be scanned by any of the given target types.

func (*TargetMappingRepository) GetTargetsForAssetType 

func (r *TargetMappingRepository) GetTargetsForAssetType(ctx context.Context, assetType asset.AssetType) ([]string, error)

GetTargetsForAssetType returns all target types that can scan the given asset type.

func (*TargetMappingRepository) List 

func (r *TargetMappingRepository) List(ctx context.Context, filter tool.TargetMappingFilter, page pagination.Pagination) (pagination.Result[*tool.TargetAssetTypeMapping], error)

List retrieves target mappings with filtering and pagination.

func (*TargetMappingRepository) Update 

func (r *TargetMappingRepository) Update(ctx context.Context, m *tool.TargetAssetTypeMapping) error

Update updates an existing target mapping.

type TemplateSourceRepository 

type TemplateSourceRepository struct {
	// contains filtered or unexported fields
}

TemplateSourceRepository implements template_source.Repository using PostgreSQL.

func NewTemplateSourceRepository 

func NewTemplateSourceRepository(db *DB) *TemplateSourceRepository

NewTemplateSourceRepository creates a new TemplateSourceRepository.

func (*TemplateSourceRepository) CountByTenant 

func (r *TemplateSourceRepository) CountByTenant(ctx context.Context, tenantID shared.ID) (int, error)

CountByTenant counts the total sources for a tenant.

func (*TemplateSourceRepository) Create 

func (r *TemplateSourceRepository) Create(ctx context.Context, s *ts.TemplateSource) error

Create persists a new template source.

func (*TemplateSourceRepository) Delete 

func (r *TemplateSourceRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a template source.

func (*TemplateSourceRepository) GetByID 

func (r *TemplateSourceRepository) GetByID(ctx context.Context, id shared.ID) (*ts.TemplateSource, error)

GetByID retrieves a template source by ID.

func (*TemplateSourceRepository) GetByTenantAndID 

func (r *TemplateSourceRepository) GetByTenantAndID(ctx context.Context, tenantID, sourceID shared.ID) (*ts.TemplateSource, error)

GetByTenantAndID retrieves a template source by tenant ID and source ID.

func (*TemplateSourceRepository) GetByTenantAndName 

func (r *TemplateSourceRepository) GetByTenantAndName(ctx context.Context, tenantID shared.ID, name string) (*ts.TemplateSource, error)

GetByTenantAndName retrieves a template source by tenant and name.

func (*TemplateSourceRepository) List 

func (r *TemplateSourceRepository) List(ctx context.Context, input ts.ListInput) (*ts.ListOutput, error)

List lists template sources with pagination and filtering.

func (*TemplateSourceRepository) ListAllNeedingSync 

func (r *TemplateSourceRepository) ListAllNeedingSync(ctx context.Context) ([]*ts.TemplateSource, error)

ListAllNeedingSync lists all enabled sources across all tenants that need syncing. A source needs sync if: - It is enabled - auto_sync_on_scan is true (background sync enabled) - Either never synced OR cache has expired (last_sync_at + cache_ttl_minutes < now) - Not currently syncing (last_sync_status != 'in_progress')

func (*TemplateSourceRepository) ListByTenantAndTemplateType 

func (r *TemplateSourceRepository) ListByTenantAndTemplateType(ctx context.Context, tenantID shared.ID, templateType scannertemplate.TemplateType) ([]*ts.TemplateSource, error)

ListByTenantAndTemplateType lists sources for a tenant and template type.

func (*TemplateSourceRepository) ListEnabledForSync 

func (r *TemplateSourceRepository) ListEnabledForSync(ctx context.Context, tenantID shared.ID) ([]*ts.TemplateSource, error)

ListEnabledForSync lists enabled sources that need syncing for a tenant.

func (*TemplateSourceRepository) Update 

func (r *TemplateSourceRepository) Update(ctx context.Context, s *ts.TemplateSource) error

Update updates a template source.

func (*TemplateSourceRepository) UpdateSyncStatus 

func (r *TemplateSourceRepository) UpdateSyncStatus(ctx context.Context, s *ts.TemplateSource) error

UpdateSyncStatus updates only the sync-related fields.

type TenantModuleRepository added in v0.1.2 

type TenantModuleRepository struct {
	// contains filtered or unexported fields
}

TenantModuleRepository handles per-tenant module configuration.

func NewTenantModuleRepository added in v0.1.2 

func NewTenantModuleRepository(db *DB) *TenantModuleRepository

NewTenantModuleRepository creates a new TenantModuleRepository.

func (*TenantModuleRepository) DeleteByTenant added in v0.1.2 

func (r *TenantModuleRepository) DeleteByTenant(ctx context.Context, tenantID shared.ID) error

DeleteByTenant removes all module overrides for a tenant (reset to defaults).

func (*TenantModuleRepository) ListByTenant added in v0.1.2 

func (r *TenantModuleRepository) ListByTenant(ctx context.Context, tenantID shared.ID) ([]*module.TenantModuleOverride, error)

ListByTenant returns all module overrides for a tenant.

func (*TenantModuleRepository) UpsertBatch added in v0.1.2 

func (r *TenantModuleRepository) UpsertBatch(ctx context.Context, tenantID shared.ID, updates []module.TenantModuleUpdate, updatedBy *shared.ID) error

UpsertBatch creates or updates multiple module overrides for a tenant. Optimized: single multi-row INSERT instead of N individual queries.

type TenantRepository 

type TenantRepository struct {
	// contains filtered or unexported fields
}

TenantRepository implements tenant.Repository using PostgreSQL.

func NewTenantRepository 

func NewTenantRepository(db *DB) *TenantRepository

NewTenantRepository creates a new TenantRepository.

func (*TenantRepository) AcceptInvitationTx 

func (r *TenantRepository) AcceptInvitationTx(ctx context.Context, inv *tenant.Invitation, m *tenant.Membership) error

AcceptInvitationTx atomically updates the invitation and creates the membership in a single transaction. Creates membership in tenant_members and role assignment in user_roles.

func (*TenantRepository) CountMembersByTenant 

func (r *TenantRepository) CountMembersByTenant(ctx context.Context, tenantID shared.ID) (int64, error)

CountMembersByTenant counts members in a tenant.

func (*TenantRepository) Create 

func (r *TenantRepository) Create(ctx context.Context, t *tenant.Tenant) error

Create persists a new tenant.

func (*TenantRepository) CreateInvitation 

func (r *TenantRepository) CreateInvitation(ctx context.Context, inv *tenant.Invitation) error

CreateInvitation creates a new invitation.

func (*TenantRepository) CreateMembership 

func (r *TenantRepository) CreateMembership(ctx context.Context, m *tenant.Membership) error

CreateMembership creates a new membership. Inserts into tenant_members (membership record) and user_roles (role assignment).

func (*TenantRepository) Delete 

func (r *TenantRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a tenant.

func (*TenantRepository) DeleteExpiredInvitations 

func (r *TenantRepository) DeleteExpiredInvitations(ctx context.Context) (int64, error)

DeleteExpiredInvitations removes all expired invitations.

func (*TenantRepository) DeleteInvitation 

func (r *TenantRepository) DeleteInvitation(ctx context.Context, id shared.ID) error

DeleteInvitation removes an invitation.

func (*TenantRepository) DeleteMembership 

func (r *TenantRepository) DeleteMembership(ctx context.Context, id shared.ID) error

DeleteMembership removes a membership. Also removes all user_roles for this user in this tenant.

func (*TenantRepository) DeletePendingInvitationsByUserID added in v0.1.5 

func (r *TenantRepository) DeletePendingInvitationsByUserID(
	ctx context.Context,
	tenantID, userID shared.ID,
) (int64, error)

DeletePendingInvitationsByUserID removes EVERY pending (unaccepted) invitation for the user's email address in the given tenant. Used when a member is removed from a tenant — we want to make sure they can't rejoin via a stale invitation token still sitting in their inbox.

The user's email is looked up via JOIN so the caller doesn't need to fetch it first. Email matching is case-insensitive (LOWER) to match the acceptance flow's strings.EqualFold semantics.

Already-accepted invitations are NOT deleted because they are a historical audit record. Only unaccepted rows (where the token is still potentially usable) get wiped.

Returns the number of rows deleted (0 is not an error — it just means the user had no pending invitations to clean up).

func (*TenantRepository) ExistsBySlug 

func (r *TenantRepository) ExistsBySlug(ctx context.Context, slug string) (bool, error)

ExistsBySlug checks if a tenant with the given slug exists.

func (*TenantRepository) GetByID 

func (r *TenantRepository) GetByID(ctx context.Context, id shared.ID) (*tenant.Tenant, error)

GetByID retrieves a tenant by ID.

func (*TenantRepository) GetBySlug 

func (r *TenantRepository) GetBySlug(ctx context.Context, slug string) (*tenant.Tenant, error)

GetBySlug retrieves a tenant by slug.

func (*TenantRepository) GetInvitationByID 

func (r *TenantRepository) GetInvitationByID(ctx context.Context, id shared.ID) (*tenant.Invitation, error)

GetInvitationByID retrieves an invitation by ID.

func (*TenantRepository) GetInvitationByToken 

func (r *TenantRepository) GetInvitationByToken(ctx context.Context, token string) (*tenant.Invitation, error)

GetInvitationByToken retrieves an invitation by token.

func (*TenantRepository) GetMemberByEmail 

func (r *TenantRepository) GetMemberByEmail(ctx context.Context, tenantID shared.ID, email string) (*tenant.MemberWithUser, error)

GetMemberByEmail retrieves a member by email address within a tenant. Role is fetched from v_user_effective_role view. Status is the MEMBERSHIP status (tenant_members.status), see GetMemberStats.

func (*TenantRepository) GetMemberStats 

func (r *TenantRepository) GetMemberStats(ctx context.Context, tenantID shared.ID) (*tenant.MemberStats, error)

GetMemberStats retrieves member statistics for a tenant. Role counts are fetched from v_user_effective_role view.

"Active" here means the MEMBERSHIP is active (tenant_members.status='active'). We deliberately do NOT use users.status — that field is a global, platform- wide state that has no tenant context and no UI to manage it. The tenant admin only cares whether a member's access to *this* tenant is active or suspended; that information lives on tenant_members.status.

func (*TenantRepository) GetMembership 

func (r *TenantRepository) GetMembership(ctx context.Context, userID shared.ID, tenantID shared.ID) (*tenant.Membership, error)

GetMembership retrieves a membership by user and tenant. Role is fetched from v_user_effective_role view. Status fields are populated so callers (e.g. RequireMembership middleware) can enforce suspension on every request.

func (*TenantRepository) GetMembershipByID 

func (r *TenantRepository) GetMembershipByID(ctx context.Context, id shared.ID) (*tenant.Membership, error)

GetMembershipByID retrieves a membership by ID. Role is fetched from v_user_effective_role view. Status fields are populated so the service layer can branch on suspension.

func (*TenantRepository) GetPendingInvitationByEmail 

func (r *TenantRepository) GetPendingInvitationByEmail(ctx context.Context, tenantID shared.ID, email string) (*tenant.Invitation, error)

GetPendingInvitationByEmail gets a pending invitation by email for a tenant.

func (*TenantRepository) GetUserMemberships 

func (r *TenantRepository) GetUserMemberships(ctx context.Context, userID shared.ID) ([]tenant.UserMembership, error)

GetUserMemberships returns lightweight membership data for JWT tokens. Uses v_user_effective_role view to get the highest-priority role from user_roles table. SECURITY: Suspended memberships are excluded so suspended users cannot exchange refresh tokens for tenant-scoped access tokens.

func (*TenantRepository) GetUserSuspendedMemberships added in v0.1.5 

func (r *TenantRepository) GetUserSuspendedMemberships(ctx context.Context, userID shared.ID) ([]tenant.UserMembership, error)

GetUserSuspendedMemberships returns the suspended memberships for a user. Mirrors GetUserMemberships but with the inverted status filter. Used by the login flow so the UI can surface "your access to {tenant} is suspended" instead of routing the user to onboarding when they have only-suspended memberships left.

func (*TenantRepository) ListActiveTenantIDs 

func (r *TenantRepository) ListActiveTenantIDs(ctx context.Context) ([]shared.ID, error)

ListActiveTenantIDs returns all active tenant IDs. Used by background jobs that need to process data across all tenants.

func (*TenantRepository) ListMembersByTenant 

func (r *TenantRepository) ListMembersByTenant(ctx context.Context, tenantID shared.ID) ([]*tenant.Membership, error)

ListMembersByTenant lists all members of a tenant. Role is fetched from v_user_effective_role view.

func (*TenantRepository) ListMembersWithUserInfo 

func (r *TenantRepository) ListMembersWithUserInfo(ctx context.Context, tenantID shared.ID) ([]*tenant.MemberWithUser, error)

ListMembersWithUserInfo lists all members of a tenant with user details. Role is fetched from v_user_effective_role view. Status is the MEMBERSHIP status (tenant_members.status), not the user-level status — see the comment on GetMemberStats for the rationale.

func (*TenantRepository) ListPendingInvitationsByTenant 

func (r *TenantRepository) ListPendingInvitationsByTenant(ctx context.Context, tenantID shared.ID) ([]*tenant.Invitation, error)

ListPendingInvitationsByTenant lists pending invitations for a tenant.

func (*TenantRepository) ListTenantsByUser 

func (r *TenantRepository) ListTenantsByUser(ctx context.Context, userID shared.ID) ([]*tenant.TenantWithRole, error)

ListTenantsByUser lists all tenants a user belongs to. Role is fetched from v_user_effective_role view.

func (*TenantRepository) SearchMembersWithUserInfo 

func (r *TenantRepository) SearchMembersWithUserInfo(ctx context.Context, tenantID shared.ID, filters tenant.MemberSearchFilters) (*tenant.MemberSearchResult, error)

SearchMembersWithUserInfo searches members with filtering and pagination. Search is case-insensitive and matches name or email. Uses COUNT(*) OVER() window function to get total count in a single query (optimization).

func (*TenantRepository) Update 

func (r *TenantRepository) Update(ctx context.Context, t *tenant.Tenant) error

Update updates an existing tenant.

func (*TenantRepository) UpdateInvitation 

func (r *TenantRepository) UpdateInvitation(ctx context.Context, inv *tenant.Invitation) error

UpdateInvitation updates an invitation.

func (*TenantRepository) UpdateMembership 

func (r *TenantRepository) UpdateMembership(ctx context.Context, m *tenant.Membership) error

UpdateMembership updates a membership's role. Role is updated in user_roles table (tenant_members no longer has role column).

func (*TenantRepository) UpdateMembershipStatus added in v0.1.5 

func (r *TenantRepository) UpdateMembershipStatus(ctx context.Context, m *tenant.Membership) error

UpdateMembershipStatus persists the status / suspended_at / suspended_by fields on a membership. Called by SuspendMember and ReactivateMember in the service layer.

type TenantToolConfigRepository 

type TenantToolConfigRepository struct {
	// contains filtered or unexported fields
}

TenantToolConfigRepository implements tool.TenantToolConfigRepository using PostgreSQL.

func NewTenantToolConfigRepository 

func NewTenantToolConfigRepository(db *DB) *TenantToolConfigRepository

NewTenantToolConfigRepository creates a new TenantToolConfigRepository.

func (*TenantToolConfigRepository) BulkDisable 

func (r *TenantToolConfigRepository) BulkDisable(ctx context.Context, tenantID shared.ID, toolIDs []shared.ID) error

BulkDisable disables multiple tools for a tenant.

func (*TenantToolConfigRepository) BulkEnable 

func (r *TenantToolConfigRepository) BulkEnable(ctx context.Context, tenantID shared.ID, toolIDs []shared.ID) error

BulkEnable enables multiple tools for a tenant.

func (*TenantToolConfigRepository) Create 

func (r *TenantToolConfigRepository) Create(ctx context.Context, c *tool.TenantToolConfig) error

Create persists a new tenant tool configuration.

func (*TenantToolConfigRepository) Delete 

func (r *TenantToolConfigRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a tenant tool config.

func (*TenantToolConfigRepository) GetByID 

func (r *TenantToolConfigRepository) GetByID(ctx context.Context, id shared.ID) (*tool.TenantToolConfig, error)

GetByID retrieves a tenant tool config by its ID.

func (*TenantToolConfigRepository) GetByTenantAndTool 

func (r *TenantToolConfigRepository) GetByTenantAndTool(ctx context.Context, tenantID, toolID shared.ID) (*tool.TenantToolConfig, error)

GetByTenantAndTool retrieves a tenant tool config by tenant and tool.

func (*TenantToolConfigRepository) GetEffectiveConfig 

func (r *TenantToolConfigRepository) GetEffectiveConfig(ctx context.Context, tenantID, toolID shared.ID) (map[string]any, error)

GetEffectiveConfig returns the merged config (default + tenant override).

func (*TenantToolConfigRepository) List 

func (r *TenantToolConfigRepository) List(ctx context.Context, filter tool.TenantToolConfigFilter, page pagination.Pagination) (pagination.Result[*tool.TenantToolConfig], error)

List lists tenant tool configs with filters and pagination.

func (*TenantToolConfigRepository) ListEnabledTools 

func (r *TenantToolConfigRepository) ListEnabledTools(ctx context.Context, tenantID shared.ID) ([]*tool.TenantToolConfig, error)

ListEnabledTools lists all enabled tool configs for a tenant.

func (*TenantToolConfigRepository) ListToolsWithConfig 

func (r *TenantToolConfigRepository) ListToolsWithConfig(
	ctx context.Context,
	tenantID shared.ID,
	filter tool.ToolFilter,
	page pagination.Pagination,
) (pagination.Result[*tool.ToolWithConfig], error)

ListToolsWithConfig returns all tools with their tenant-specific enabled status. If a tenant config doesn't exist for a tool, is_enabled defaults to true. Only returns platform tools (tenant_id IS NULL) and the tenant's own custom tools.

func (*TenantToolConfigRepository) Update 

func (r *TenantToolConfigRepository) Update(ctx context.Context, c *tool.TenantToolConfig) error

Update updates a tenant tool config.

func (*TenantToolConfigRepository) Upsert 

func (r *TenantToolConfigRepository) Upsert(ctx context.Context, c *tool.TenantToolConfig) error

Upsert creates or updates a tenant tool config.

type ThreatIntelRepository 

type ThreatIntelRepository struct {
	// contains filtered or unexported fields
}

ThreatIntelRepository implements threatintel.ThreatIntelRepository using PostgreSQL.

func NewThreatIntelRepository 

func NewThreatIntelRepository(db *DB) *ThreatIntelRepository

NewThreatIntelRepository creates a new ThreatIntelRepository.

func (*ThreatIntelRepository) EPSS 

func (r *ThreatIntelRepository) EPSS() threatintel.EPSSRepository

EPSS returns the EPSS repository.

func (*ThreatIntelRepository) EnrichCVE 

func (r *ThreatIntelRepository) EnrichCVE(ctx context.Context, cveID string) (*threatintel.ThreatIntelEnrichment, error)

EnrichCVE enriches a single CVE with threat intel data.

func (*ThreatIntelRepository) EnrichCVEs 

func (r *ThreatIntelRepository) EnrichCVEs(ctx context.Context, cveIDs []string) (map[string]*threatintel.ThreatIntelEnrichment, error)

EnrichCVEs enriches multiple CVEs with threat intel data.

func (*ThreatIntelRepository) KEV 

func (r *ThreatIntelRepository) KEV() threatintel.KEVRepository

KEV returns the KEV repository.

func (*ThreatIntelRepository) SyncStatus 

func (r *ThreatIntelRepository) SyncStatus() threatintel.SyncStatusRepository

SyncStatus returns the sync status repository.

type ToolCapabilityRepository 

type ToolCapabilityRepository struct {
	// contains filtered or unexported fields
}

ToolCapabilityRepository implements the junction table operations.

func NewToolCapabilityRepository 

func NewToolCapabilityRepository(db *DB) *ToolCapabilityRepository

NewToolCapabilityRepository creates a new ToolCapabilityRepository.

func (*ToolCapabilityRepository) AddCapabilityToTool 

func (r *ToolCapabilityRepository) AddCapabilityToTool(ctx context.Context, tenantID *shared.ID, toolID, capabilityID shared.ID) error

AddCapabilityToTool adds a capability to a tool. Security: Validates that the tool belongs to the tenant (or is a platform tool for admins).

func (*ToolCapabilityRepository) GetToolCapabilities 

func (r *ToolCapabilityRepository) GetToolCapabilities(ctx context.Context, toolID shared.ID) ([]*capability.Capability, error)

GetToolCapabilities returns all capabilities for a tool.

func (*ToolCapabilityRepository) GetToolsByCapability 

func (r *ToolCapabilityRepository) GetToolsByCapability(ctx context.Context, capabilityID shared.ID) ([]shared.ID, error)

GetToolsByCapability returns all tool IDs that have a specific capability.

func (*ToolCapabilityRepository) GetToolsByCapabilityName 

func (r *ToolCapabilityRepository) GetToolsByCapabilityName(ctx context.Context, capabilityName string) ([]shared.ID, error)

GetToolsByCapabilityName returns all tool IDs that have a specific capability by name.

func (*ToolCapabilityRepository) RemoveCapabilityFromTool 

func (r *ToolCapabilityRepository) RemoveCapabilityFromTool(ctx context.Context, tenantID *shared.ID, toolID, capabilityID shared.ID) error

RemoveCapabilityFromTool removes a capability from a tool. Security: Validates that the tool belongs to the tenant.

func (*ToolCapabilityRepository) SetToolCapabilities 

func (r *ToolCapabilityRepository) SetToolCapabilities(ctx context.Context, tenantID *shared.ID, toolID shared.ID, capabilityIDs []shared.ID) error

SetToolCapabilities replaces all capabilities for a tool. Security: Validates that the tool belongs to the tenant and all capabilities are accessible.

func (*ToolCapabilityRepository) ValidateCapabilitiesAccessible 

func (r *ToolCapabilityRepository) ValidateCapabilitiesAccessible(ctx context.Context, tenantID *shared.ID, capabilityIDs []shared.ID) error

ValidateCapabilitiesAccessible checks if all capability IDs are accessible by the tenant. A capability is accessible if it's a platform capability (tenant_id IS NULL) or belongs to the tenant.

type ToolCategoryRepository 

type ToolCategoryRepository struct {
	// contains filtered or unexported fields
}

ToolCategoryRepository implements toolcategory.Repository using PostgreSQL.

func NewToolCategoryRepository 

func NewToolCategoryRepository(db *DB) *ToolCategoryRepository

NewToolCategoryRepository creates a new ToolCategoryRepository.

func (*ToolCategoryRepository) CountByTenant 

func (r *ToolCategoryRepository) CountByTenant(ctx context.Context, tenantID shared.ID) (int64, error)

CountByTenant returns the number of custom categories for a tenant.

func (*ToolCategoryRepository) Create 

func (r *ToolCategoryRepository) Create(ctx context.Context, tc *toolcategory.ToolCategory) error

Create persists a new tool category.

func (*ToolCategoryRepository) Delete 

func (r *ToolCategoryRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a category by ID.

func (*ToolCategoryRepository) ExistsByName 

func (r *ToolCategoryRepository) ExistsByName(ctx context.Context, tenantID *shared.ID, name string) (bool, error)

ExistsByName checks if a category with the given name exists in the scope.

func (*ToolCategoryRepository) GetByID 

func (r *ToolCategoryRepository) GetByID(ctx context.Context, id shared.ID) (*toolcategory.ToolCategory, error)

GetByID returns a category by ID.

func (*ToolCategoryRepository) GetByName 

func (r *ToolCategoryRepository) GetByName(ctx context.Context, tenantID *shared.ID, name string) (*toolcategory.ToolCategory, error)

GetByName returns a category by name within a scope.

func (*ToolCategoryRepository) List 

func (r *ToolCategoryRepository) List(ctx context.Context, filter toolcategory.Filter, page pagination.Pagination) (pagination.Result[*toolcategory.ToolCategory], error)

List returns categories matching the filter with pagination.

func (*ToolCategoryRepository) ListAll 

func (r *ToolCategoryRepository) ListAll(ctx context.Context, tenantID *shared.ID) ([]*toolcategory.ToolCategory, error)

ListAll returns all categories for a tenant context.

func (*ToolCategoryRepository) Update 

func (r *ToolCategoryRepository) Update(ctx context.Context, tc *toolcategory.ToolCategory) error

Update updates an existing category.

type ToolExecutionRepository 

type ToolExecutionRepository struct {
	// contains filtered or unexported fields
}

ToolExecutionRepository implements tool.ToolExecutionRepository.

func NewToolExecutionRepository 

func NewToolExecutionRepository(db *DB) *ToolExecutionRepository

NewToolExecutionRepository creates a new ToolExecutionRepository.

func (*ToolExecutionRepository) Create 

func (r *ToolExecutionRepository) Create(ctx context.Context, execution *tool.ToolExecution) error

Create creates a new tool execution record.

func (*ToolExecutionRepository) GetByID 

func (r *ToolExecutionRepository) GetByID(ctx context.Context, id shared.ID) (*tool.ToolExecution, error)

GetByID retrieves a tool execution by ID.

func (*ToolExecutionRepository) GetTenantStats 

func (r *ToolExecutionRepository) GetTenantStats(
	ctx context.Context,
	tenantID shared.ID,
	days int,
) (*tool.TenantToolStats, error)

GetTenantStats retrieves aggregated tool statistics for a tenant.

func (*ToolExecutionRepository) GetToolStats 

func (r *ToolExecutionRepository) GetToolStats(
	ctx context.Context,
	tenantID, toolID shared.ID,
	days int,
) (*tool.ToolStats, error)

GetToolStats retrieves statistics for a specific tool.

func (*ToolExecutionRepository) List 

func (r *ToolExecutionRepository) List(
	ctx context.Context,
	filter tool.ToolExecutionFilter,
	page pagination.Pagination,
) (pagination.Result[*tool.ToolExecution], error)

List retrieves tool executions with filters.

func (*ToolExecutionRepository) Update 

func (r *ToolExecutionRepository) Update(ctx context.Context, execution *tool.ToolExecution) error

Update updates a tool execution.

type ToolRepository 

type ToolRepository struct {
	// contains filtered or unexported fields
}

ToolRepository implements tool.Repository using PostgreSQL.

func NewToolRepository 

func NewToolRepository(db *DB) *ToolRepository

NewToolRepository creates a new ToolRepository.

func (*ToolRepository) BulkCreate 

func (r *ToolRepository) BulkCreate(ctx context.Context, tools []*tool.Tool) error

BulkCreate creates multiple tools at once.

func (*ToolRepository) BulkUpdateVersions 

func (r *ToolRepository) BulkUpdateVersions(ctx context.Context, versions map[shared.ID]tool.VersionInfo) error

BulkUpdateVersions updates version information for multiple tools.

func (*ToolRepository) Count 

func (r *ToolRepository) Count(ctx context.Context, filter tool.ToolFilter) (int64, error)

Count counts tools matching the filter.

func (*ToolRepository) Create 

func (r *ToolRepository) Create(ctx context.Context, t *tool.Tool) error

Create persists a new tool.

func (*ToolRepository) Delete 

func (r *ToolRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a tool (only non-builtin tools can be deleted).

func (*ToolRepository) DeleteTenantTool 

func (r *ToolRepository) DeleteTenantTool(ctx context.Context, tenantID, id shared.ID) error

DeleteTenantTool deletes a tenant's custom tool.

func (*ToolRepository) FindByCapabilities 

func (r *ToolRepository) FindByCapabilities(ctx context.Context, tenantID shared.ID, capabilities []string) (*tool.Tool, error)

FindByCapabilities finds an active tool that matches all required capabilities. Searches platform tools first, then tenant-specific tools. Returns nil if no matching active tool is found.

func (*ToolRepository) GetAllCapabilities 

func (r *ToolRepository) GetAllCapabilities(ctx context.Context) ([]string, error)

GetAllCapabilities returns all unique capabilities from all active tools.

func (*ToolRepository) GetByID 

func (r *ToolRepository) GetByID(ctx context.Context, id shared.ID) (*tool.Tool, error)

GetByID retrieves a tool by its ID.

func (*ToolRepository) GetByName 

func (r *ToolRepository) GetByName(ctx context.Context, name string) (*tool.Tool, error)

GetByName retrieves a tool by its name.

func (*ToolRepository) GetByTenantAndID 

func (r *ToolRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*tool.Tool, error)

GetByTenantAndID retrieves a tenant custom tool by tenant ID and tool ID.

func (*ToolRepository) GetByTenantAndName 

func (r *ToolRepository) GetByTenantAndName(ctx context.Context, tenantID shared.ID, name string) (*tool.Tool, error)

GetByTenantAndName retrieves a tenant custom tool by tenant ID and name.

func (*ToolRepository) GetPlatformToolByName 

func (r *ToolRepository) GetPlatformToolByName(ctx context.Context, name string) (*tool.Tool, error)

GetPlatformToolByName retrieves a platform tool by name.

func (*ToolRepository) List 

func (r *ToolRepository) List(ctx context.Context, filter tool.ToolFilter, page pagination.Pagination) (pagination.Result[*tool.Tool], error)

List lists tools with filters and pagination.

func (*ToolRepository) ListAvailableTools 

func (r *ToolRepository) ListAvailableTools(ctx context.Context, tenantID shared.ID, filter tool.ToolFilter, page pagination.Pagination) (pagination.Result[*tool.Tool], error)

ListAvailableTools lists all tools available to a tenant (platform + tenant's custom).

func (*ToolRepository) ListByCapability 

func (r *ToolRepository) ListByCapability(ctx context.Context, capability string) ([]*tool.Tool, error)

ListByCapability retrieves tools by capability.

func (*ToolRepository) ListByCategoryID 

func (r *ToolRepository) ListByCategoryID(ctx context.Context, categoryID shared.ID) ([]*tool.Tool, error)

ListByCategoryID retrieves tools by category_id.

func (*ToolRepository) ListByCategoryName 

func (r *ToolRepository) ListByCategoryName(ctx context.Context, categoryName string) ([]*tool.Tool, error)

ListByCategoryName retrieves tools by category name (via join with tool_categories).

func (*ToolRepository) ListByNames 

func (r *ToolRepository) ListByNames(ctx context.Context, names []string) ([]*tool.Tool, error)

ListByNames retrieves tools by their names.

func (*ToolRepository) ListPlatformTools 

func (r *ToolRepository) ListPlatformTools(ctx context.Context, filter tool.ToolFilter, page pagination.Pagination) (pagination.Result[*tool.Tool], error)

ListPlatformTools lists all platform tools (tenant_id IS NULL).

func (*ToolRepository) ListTenantCustomTools 

func (r *ToolRepository) ListTenantCustomTools(ctx context.Context, tenantID shared.ID, filter tool.ToolFilter, page pagination.Pagination) (pagination.Result[*tool.Tool], error)

ListTenantCustomTools lists a tenant's custom tools.

func (*ToolRepository) Update 

func (r *ToolRepository) Update(ctx context.Context, t *tool.Tool) error

Update updates a tool.

type UserRepository 

type UserRepository struct {
	// contains filtered or unexported fields
}

UserRepository implements user.Repository using PostgreSQL.

func NewUserRepository 

func NewUserRepository(db *DB) *UserRepository

NewUserRepository creates a new UserRepository.

func (*UserRepository) Count 

func (r *UserRepository) Count(ctx context.Context, filter user.Filter) (int64, error)

Count returns the total number of users matching the filter.

func (*UserRepository) Create 

func (r *UserRepository) Create(ctx context.Context, u *user.User) error

Create persists a new user.

func (*UserRepository) Delete 

func (r *UserRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a user by ID.

func (*UserRepository) ExistsByEmail 

func (r *UserRepository) ExistsByEmail(ctx context.Context, email string) (bool, error)

ExistsByEmail checks if a user with the given email exists.

func (*UserRepository) ExistsByKeycloakID 

func (r *UserRepository) ExistsByKeycloakID(ctx context.Context, keycloakID string) (bool, error)

ExistsByKeycloakID checks if a user with the given Keycloak ID exists.

func (*UserRepository) GetByEmail 

func (r *UserRepository) GetByEmail(ctx context.Context, email string) (*user.User, error)

GetByEmail retrieves a user by email.

func (*UserRepository) GetByEmailForAuth 

func (r *UserRepository) GetByEmailForAuth(ctx context.Context, email string) (*user.User, error)

GetByEmailForAuth retrieves a local user by email for authentication.

func (*UserRepository) GetByEmailVerificationToken 

func (r *UserRepository) GetByEmailVerificationToken(ctx context.Context, token string) (*user.User, error)

GetByEmailVerificationToken retrieves a user by email verification token.

func (*UserRepository) GetByID 

func (r *UserRepository) GetByID(ctx context.Context, id shared.ID) (*user.User, error)

GetByID retrieves a user by ID.

func (*UserRepository) GetByIDs 

func (r *UserRepository) GetByIDs(ctx context.Context, ids []shared.ID) ([]*user.User, error)

GetByIDs retrieves multiple users by their IDs.

func (*UserRepository) GetByKeycloakID 

func (r *UserRepository) GetByKeycloakID(ctx context.Context, keycloakID string) (*user.User, error)

GetByKeycloakID retrieves a user by Keycloak ID.

func (*UserRepository) GetByPasswordResetToken 

func (r *UserRepository) GetByPasswordResetToken(ctx context.Context, token string) (*user.User, error)

GetByPasswordResetToken retrieves a user by password reset token.

func (*UserRepository) Update 

func (r *UserRepository) Update(ctx context.Context, u *user.User) error

Update updates an existing user.

func (*UserRepository) UpsertFromKeycloak 

func (r *UserRepository) UpsertFromKeycloak(ctx context.Context, keycloakID, email, name string) (*user.User, error)

UpsertFromKeycloak creates or updates a user from Keycloak claims. This is the primary method used for syncing users on login. It handles email conflicts by keeping the existing email if conflict occurs.

type VulnerabilityRepository 

type VulnerabilityRepository struct {
	// contains filtered or unexported fields
}

VulnerabilityRepository implements vulnerability.VulnerabilityRepository using PostgreSQL.

func NewVulnerabilityRepository 

func NewVulnerabilityRepository(db *DB) *VulnerabilityRepository

NewVulnerabilityRepository creates a new VulnerabilityRepository.

func (*VulnerabilityRepository) Count 

func (r *VulnerabilityRepository) Count(ctx context.Context, filter vulnerability.VulnerabilityFilter) (int64, error)

Count returns the count of vulnerabilities matching the filter.

func (*VulnerabilityRepository) Create 

func (r *VulnerabilityRepository) Create(ctx context.Context, vuln *vulnerability.Vulnerability) error

Create persists a new vulnerability.

func (*VulnerabilityRepository) Delete 

func (r *VulnerabilityRepository) Delete(ctx context.Context, id shared.ID) error

Delete removes a vulnerability by ID.

func (*VulnerabilityRepository) ExistsByCVE 

func (r *VulnerabilityRepository) ExistsByCVE(ctx context.Context, cveID string) (bool, error)

ExistsByCVE checks if a vulnerability with the given CVE ID exists.

func (*VulnerabilityRepository) GetByCVE 

func (r *VulnerabilityRepository) GetByCVE(ctx context.Context, cveID string) (*vulnerability.Vulnerability, error)

GetByCVE retrieves a vulnerability by CVE ID.

func (*VulnerabilityRepository) GetByID 

func (r *VulnerabilityRepository) GetByID(ctx context.Context, id shared.ID) (*vulnerability.Vulnerability, error)

GetByID retrieves a vulnerability by ID.

func (*VulnerabilityRepository) List 

func (r *VulnerabilityRepository) List(ctx context.Context, filter vulnerability.VulnerabilityFilter, opts vulnerability.VulnerabilityListOptions, page pagination.Pagination) (pagination.Result[*vulnerability.Vulnerability], error)

List retrieves vulnerabilities matching the filter with pagination.

func (*VulnerabilityRepository) Update 

func (r *VulnerabilityRepository) Update(ctx context.Context, vuln *vulnerability.Vulnerability) error

Update updates an existing vulnerability.

func (*VulnerabilityRepository) UpsertByCVE 

func (r *VulnerabilityRepository) UpsertByCVE(ctx context.Context, vuln *vulnerability.Vulnerability) error

UpsertByCVE creates or updates a vulnerability by CVE ID.

type WebhookRepository 

type WebhookRepository struct {
	// contains filtered or unexported fields
}

WebhookRepository is the PostgreSQL implementation of webhook.Repository.

func NewWebhookRepository 

func NewWebhookRepository(db *DB) *WebhookRepository

NewWebhookRepository creates a new WebhookRepository.

func (*WebhookRepository) Create 

func (r *WebhookRepository) Create(ctx context.Context, w *webhook.Webhook) error

Create inserts a new webhook.

func (*WebhookRepository) Delete 

func (r *WebhookRepository) Delete(ctx context.Context, id, tenantID webhook.ID) error

Delete deletes a webhook by ID and tenant.

func (*WebhookRepository) GetByID 

func (r *WebhookRepository) GetByID(ctx context.Context, id, tenantID webhook.ID) (*webhook.Webhook, error)

GetByID retrieves a webhook by ID and tenant.

func (*WebhookRepository) List 

func (r *WebhookRepository) List(ctx context.Context, filter webhook.Filter) (webhook.ListResult, error)

List retrieves a paginated list of webhooks.

func (*WebhookRepository) ListDeliveries 

func (r *WebhookRepository) ListDeliveries(ctx context.Context, filter webhook.DeliveryFilter) (webhook.DeliveryListResult, error)

ListDeliveries retrieves a paginated list of webhook deliveries.

func (*WebhookRepository) Update 

func (r *WebhookRepository) Update(ctx context.Context, w *webhook.Webhook) error

Update updates a webhook.

type WorkflowEdgeRepository 

type WorkflowEdgeRepository struct {
	// contains filtered or unexported fields
}

WorkflowEdgeRepository implements workflow.EdgeRepository using PostgreSQL.

func NewWorkflowEdgeRepository 

func NewWorkflowEdgeRepository(db *DB) *WorkflowEdgeRepository

NewWorkflowEdgeRepository creates a new WorkflowEdgeRepository.

func (*WorkflowEdgeRepository) Create 

func (r *WorkflowEdgeRepository) Create(ctx context.Context, e *workflow.Edge) error

Create creates a new workflow edge.

func (*WorkflowEdgeRepository) CreateBatch 

func (r *WorkflowEdgeRepository) CreateBatch(ctx context.Context, edges []*workflow.Edge) error

CreateBatch creates multiple workflow edges.

func (*WorkflowEdgeRepository) Delete 

func (r *WorkflowEdgeRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a workflow edge.

func (*WorkflowEdgeRepository) DeleteByWorkflowID 

func (r *WorkflowEdgeRepository) DeleteByWorkflowID(ctx context.Context, workflowID shared.ID) error

DeleteByWorkflowID deletes all edges for a workflow.

func (*WorkflowEdgeRepository) GetByID 

func (r *WorkflowEdgeRepository) GetByID(ctx context.Context, id shared.ID) (*workflow.Edge, error)

GetByID retrieves an edge by ID.

func (*WorkflowEdgeRepository) GetByWorkflowID 

func (r *WorkflowEdgeRepository) GetByWorkflowID(ctx context.Context, workflowID shared.ID) ([]*workflow.Edge, error)

GetByWorkflowID retrieves all edges for a workflow.

type WorkflowNodeRepository 

type WorkflowNodeRepository struct {
	// contains filtered or unexported fields
}

WorkflowNodeRepository implements workflow.NodeRepository using PostgreSQL.

func NewWorkflowNodeRepository 

func NewWorkflowNodeRepository(db *DB) *WorkflowNodeRepository

NewWorkflowNodeRepository creates a new WorkflowNodeRepository.

func (*WorkflowNodeRepository) Create 

func (r *WorkflowNodeRepository) Create(ctx context.Context, n *workflow.Node) error

Create creates a new workflow node.

func (*WorkflowNodeRepository) CreateBatch 

func (r *WorkflowNodeRepository) CreateBatch(ctx context.Context, nodes []*workflow.Node) error

CreateBatch creates multiple workflow nodes.

func (*WorkflowNodeRepository) Delete 

func (r *WorkflowNodeRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a workflow node.

func (*WorkflowNodeRepository) DeleteByWorkflowID 

func (r *WorkflowNodeRepository) DeleteByWorkflowID(ctx context.Context, workflowID shared.ID) error

DeleteByWorkflowID deletes all nodes for a workflow.

func (*WorkflowNodeRepository) GetByID 

func (r *WorkflowNodeRepository) GetByID(ctx context.Context, id shared.ID) (*workflow.Node, error)

GetByID retrieves a node by ID.

func (*WorkflowNodeRepository) GetByKey 

func (r *WorkflowNodeRepository) GetByKey(ctx context.Context, workflowID shared.ID, nodeKey string) (*workflow.Node, error)

GetByKey retrieves a node by workflow ID and node key.

func (*WorkflowNodeRepository) GetByWorkflowID 

func (r *WorkflowNodeRepository) GetByWorkflowID(ctx context.Context, workflowID shared.ID) ([]*workflow.Node, error)

GetByWorkflowID retrieves all nodes for a workflow.

func (*WorkflowNodeRepository) Update 

func (r *WorkflowNodeRepository) Update(ctx context.Context, n *workflow.Node) error

Update updates a workflow node.

type WorkflowNodeRunRepository 

type WorkflowNodeRunRepository struct {
	// contains filtered or unexported fields
}

WorkflowNodeRunRepository implements workflow.NodeRunRepository using PostgreSQL.

func NewWorkflowNodeRunRepository 

func NewWorkflowNodeRunRepository(db *DB) *WorkflowNodeRunRepository

NewWorkflowNodeRunRepository creates a new WorkflowNodeRunRepository.

func (*WorkflowNodeRunRepository) Complete 

func (r *WorkflowNodeRunRepository) Complete(ctx context.Context, id shared.ID, output map[string]any) error

Complete marks a node run as completed.

func (*WorkflowNodeRunRepository) Create 

func (r *WorkflowNodeRunRepository) Create(ctx context.Context, nr *workflow.NodeRun) error

Create creates a new node run.

func (*WorkflowNodeRunRepository) CreateBatch 

func (r *WorkflowNodeRunRepository) CreateBatch(ctx context.Context, nodeRuns []*workflow.NodeRun) error

CreateBatch creates multiple node runs.

func (*WorkflowNodeRunRepository) Delete 

func (r *WorkflowNodeRunRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a node run.

func (*WorkflowNodeRunRepository) GetByID 

func (r *WorkflowNodeRunRepository) GetByID(ctx context.Context, id shared.ID) (*workflow.NodeRun, error)

GetByID retrieves a node run by ID.

func (*WorkflowNodeRunRepository) GetByNodeKey 

func (r *WorkflowNodeRunRepository) GetByNodeKey(ctx context.Context, workflowRunID shared.ID, nodeKey string) (*workflow.NodeRun, error)

GetByNodeKey retrieves a node run by workflow run ID and node key.

func (*WorkflowNodeRunRepository) GetByWorkflowRunID 

func (r *WorkflowNodeRunRepository) GetByWorkflowRunID(ctx context.Context, workflowRunID shared.ID) ([]*workflow.NodeRun, error)

GetByWorkflowRunID retrieves all node runs for a workflow run.

func (*WorkflowNodeRunRepository) GetPendingByDependencies 

func (r *WorkflowNodeRunRepository) GetPendingByDependencies(ctx context.Context, workflowRunID shared.ID, completedNodeKeys []string) ([]*workflow.NodeRun, error)

GetPendingByDependencies gets node runs that are pending and have their dependencies completed.

func (*WorkflowNodeRunRepository) List 

func (r *WorkflowNodeRunRepository) List(ctx context.Context, filter workflow.NodeRunFilter) ([]*workflow.NodeRun, error)

List lists node runs with filters.

func (*WorkflowNodeRunRepository) Update 

func (r *WorkflowNodeRunRepository) Update(ctx context.Context, nr *workflow.NodeRun) error

Update updates a node run.

func (*WorkflowNodeRunRepository) UpdateStatus 

func (r *WorkflowNodeRunRepository) UpdateStatus(ctx context.Context, id shared.ID, status workflow.NodeRunStatus, errorMessage, errorCode string) error

UpdateStatus updates node run status.

type WorkflowRepository 

type WorkflowRepository struct {
	// contains filtered or unexported fields
}

WorkflowRepository implements workflow.WorkflowRepository using PostgreSQL.

func NewWorkflowRepository 

func NewWorkflowRepository(db *DB) *WorkflowRepository

NewWorkflowRepository creates a new WorkflowRepository.

func (*WorkflowRepository) Create 

func (r *WorkflowRepository) Create(ctx context.Context, w *workflow.Workflow) error

Create persists a new workflow.

func (*WorkflowRepository) Delete 

func (r *WorkflowRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a workflow.

func (*WorkflowRepository) GetByID 

func (r *WorkflowRepository) GetByID(ctx context.Context, id shared.ID) (*workflow.Workflow, error)

GetByID retrieves a workflow by its ID.

func (*WorkflowRepository) GetByName 

func (r *WorkflowRepository) GetByName(ctx context.Context, tenantID shared.ID, name string) (*workflow.Workflow, error)

GetByName retrieves a workflow by name.

func (*WorkflowRepository) GetByTenantAndID 

func (r *WorkflowRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*workflow.Workflow, error)

GetByTenantAndID retrieves a workflow by tenant and ID.

func (*WorkflowRepository) GetWithGraph 

func (r *WorkflowRepository) GetWithGraph(ctx context.Context, id shared.ID) (*workflow.Workflow, error)

GetWithGraph retrieves a workflow with its nodes and edges.

func (*WorkflowRepository) List 

func (r *WorkflowRepository) List(ctx context.Context, filter workflow.WorkflowFilter, page pagination.Pagination) (pagination.Result[*workflow.Workflow], error)

List lists workflows with filters and pagination.

func (*WorkflowRepository) ListActiveWithTriggerType 

func (r *WorkflowRepository) ListActiveWithTriggerType(ctx context.Context, tenantID shared.ID, triggerType workflow.TriggerType) ([]*workflow.Workflow, error)

ListActiveWithTriggerType lists active workflows that have a trigger node with the specified trigger type. Returns workflows with their full graph. Uses a single optimized query with JOINs instead of N+1 queries.

func (*WorkflowRepository) Update 

func (r *WorkflowRepository) Update(ctx context.Context, w *workflow.Workflow) error

Update updates a workflow.

type WorkflowRunRepository 

type WorkflowRunRepository struct {
	// contains filtered or unexported fields
}

WorkflowRunRepository implements workflow.RunRepository using PostgreSQL.

func NewWorkflowRunRepository 

func NewWorkflowRunRepository(db *DB) *WorkflowRunRepository

NewWorkflowRunRepository creates a new WorkflowRunRepository.

func (*WorkflowRunRepository) CountActiveByTenantID 

func (r *WorkflowRunRepository) CountActiveByTenantID(ctx context.Context, tenantID shared.ID) (int, error)

CountActiveByTenantID counts active runs for a tenant.

func (*WorkflowRunRepository) CountActiveByWorkflowID 

func (r *WorkflowRunRepository) CountActiveByWorkflowID(ctx context.Context, workflowID shared.ID) (int, error)

CountActiveByWorkflowID counts active runs for a workflow.

func (*WorkflowRunRepository) Create 

func (r *WorkflowRunRepository) Create(ctx context.Context, run *workflow.Run) error

Create creates a new workflow run.

func (*WorkflowRunRepository) CreateRunIfUnderLimit 

func (r *WorkflowRunRepository) CreateRunIfUnderLimit(ctx context.Context, run *workflow.Run, maxPerWorkflow, maxPerTenant int) error

CreateRunIfUnderLimit atomically checks concurrent run limits and creates run if under limit. Uses a transaction with row-level locking to prevent race conditions. This prevents TOCTOU (time-of-check-time-of-use) vulnerabilities where multiple concurrent triggers could bypass the limits.

func (*WorkflowRunRepository) Delete 

func (r *WorkflowRunRepository) Delete(ctx context.Context, id shared.ID) error

Delete deletes a run.

func (*WorkflowRunRepository) GetActiveByWorkflowID 

func (r *WorkflowRunRepository) GetActiveByWorkflowID(ctx context.Context, workflowID shared.ID) ([]*workflow.Run, error)

GetActiveByWorkflowID retrieves active runs for a workflow.

func (*WorkflowRunRepository) GetByID 

func (r *WorkflowRunRepository) GetByID(ctx context.Context, id shared.ID) (*workflow.Run, error)

GetByID retrieves a run by ID.

func (*WorkflowRunRepository) GetByTenantAndID 

func (r *WorkflowRunRepository) GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*workflow.Run, error)

GetByTenantAndID retrieves a run by tenant and ID.

func (*WorkflowRunRepository) GetWithNodeRuns 

func (r *WorkflowRunRepository) GetWithNodeRuns(ctx context.Context, id shared.ID) (*workflow.Run, error)

GetWithNodeRuns retrieves a run with its node runs.

func (*WorkflowRunRepository) List 

func (r *WorkflowRunRepository) List(ctx context.Context, filter workflow.RunFilter, page pagination.Pagination) (pagination.Result[*workflow.Run], error)

List lists runs with filters and pagination.

func (*WorkflowRunRepository) ListByWorkflowID 

func (r *WorkflowRunRepository) ListByWorkflowID(ctx context.Context, workflowID shared.ID, pageNum, perPage int) ([]*workflow.Run, int64, error)

ListByWorkflowID lists runs for a specific workflow.

func (*WorkflowRunRepository) Update 

func (r *WorkflowRunRepository) Update(ctx context.Context, run *workflow.Run) error

Update updates a run.

func (*WorkflowRunRepository) UpdateStats 

func (r *WorkflowRunRepository) UpdateStats(ctx context.Context, id shared.ID, completed, failed int) error

UpdateStats updates run statistics.

func (*WorkflowRunRepository) UpdateStatus 

func (r *WorkflowRunRepository) UpdateStatus(ctx context.Context, id shared.ID, status workflow.RunStatus, errorMessage string) error

UpdateStatus updates run status.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.