store

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 28, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package store provides storage abstractions for agent authorization.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNotFound      = errors.New("not found")
	ErrAlreadyExists = errors.New("already exists")
	ErrInvalidInput  = errors.New("invalid input")
)

Store errors.

Functions

func JoinScopes

func JoinScopes(scopes []string) string

JoinScopes joins scopes into a space-separated string.

func SplitScopes

func SplitScopes(scopes string) []string

SplitScopes splits a space-separated scope string.

Types

type Agent

type Agent struct {
	ID          string    `json:"id" db:"id"`
	Name        string    `json:"name" db:"name"`
	Description string    `json:"description,omitempty" db:"description"`
	PublicKey   string    `json:"public_key" db:"public_key"`
	RedirectURI string    `json:"redirect_uri,omitempty" db:"redirect_uri"`
	Trusted     bool      `json:"trusted" db:"trusted"`
	CreatedAt   time.Time `json:"created_at" db:"created_at"`
	UpdatedAt   time.Time `json:"updated_at" db:"updated_at"`
}

Agent represents a registered agent that can request authorization.

type AuthzServerAdapter

type AuthzServerAdapter struct {
	// contains filtered or unexported fields
}

AuthzServerAdapter adapts a Storer implementation to the authzserver.Store interface. This allows using SQLiteStore, DynamoDBStore, or any other Storer with the authzserver package.

func NewAuthzServerAdapter

func NewAuthzServerAdapter(store Storer) *AuthzServerAdapter

NewAuthzServerAdapter creates a new adapter for the given store.

func (*AuthzServerAdapter) Close

func (a *AuthzServerAdapter) Close() error

Close closes the underlying store.

func (*AuthzServerAdapter) CreateScopePolicy

func (a *AuthzServerAdapter) CreateScopePolicy(ctx context.Context, policy *authzserver.ScopePolicy) error

func (*AuthzServerAdapter) CreateToken

func (a *AuthzServerAdapter) CreateToken(ctx context.Context, token *authzserver.Token) error

func (*AuthzServerAdapter) DeleteScopePolicy

func (a *AuthzServerAdapter) DeleteScopePolicy(ctx context.Context, id string) error

func (*AuthzServerAdapter) GetScopePolicy

func (a *AuthzServerAdapter) GetScopePolicy(ctx context.Context, id string) (*authzserver.ScopePolicy, error)

func (*AuthzServerAdapter) GetToken

func (a *AuthzServerAdapter) GetToken(ctx context.Context, id string) (*authzserver.Token, error)

func (*AuthzServerAdapter) ListScopePolicies

func (a *AuthzServerAdapter) ListScopePolicies(ctx context.Context) ([]*authzserver.ScopePolicy, error)

func (*AuthzServerAdapter) ListTokens

func (a *AuthzServerAdapter) ListTokens(ctx context.Context) ([]*authzserver.Token, error)

func (*AuthzServerAdapter) RevokeToken

func (a *AuthzServerAdapter) RevokeToken(ctx context.Context, id string) error

type Mission

type Mission struct {
	ID              string        `json:"id" db:"id"`
	AgentID         string        `json:"agent_id" db:"agent_id"`
	UserID          string        `json:"user_id" db:"user_id"`
	Name            string        `json:"name" db:"name"`
	Description     string        `json:"description,omitempty" db:"description"`
	Scopes          string        `json:"scopes" db:"scopes"`
	InteractionType string        `json:"interaction_type" db:"interaction_type"`
	Status          MissionStatus `json:"status" db:"status"`
	Duration        int64         `json:"duration" db:"duration"`
	ExpiresAt       *time.Time    `json:"expires_at,omitempty" db:"expires_at"`
	ApprovedAt      *time.Time    `json:"approved_at,omitempty" db:"approved_at"`
	DeniedAt        *time.Time    `json:"denied_at,omitempty" db:"denied_at"`
	DenialReason    string        `json:"denial_reason,omitempty" db:"denial_reason"`
	CreatedAt       time.Time     `json:"created_at" db:"created_at"`
	UpdatedAt       time.Time     `json:"updated_at" db:"updated_at"`
}

Mission represents an agent's request to act on behalf of a user.

func (*Mission) IsActive

func (m *Mission) IsActive() bool

IsActive returns true if the mission is currently active.

type MissionStatus

type MissionStatus string

MissionStatus represents the status of a mission request.

const (
	MissionStatusPending  MissionStatus = "pending"
	MissionStatusApproved MissionStatus = "approved"
	MissionStatusDenied   MissionStatus = "denied"
	MissionStatusExpired  MissionStatus = "expired"
	MissionStatusRevoked  MissionStatus = "revoked"
)

Mission statuses.

type PersonServerAdapter

type PersonServerAdapter struct {
	// contains filtered or unexported fields
}

PersonServerAdapter adapts a Storer implementation to the personserver.Store interface. This allows using SQLiteStore, DynamoDBStore, or any other Storer with the personserver package.

func NewPersonServerAdapter

func NewPersonServerAdapter(store Storer) *PersonServerAdapter

NewPersonServerAdapter creates a new adapter for the given store.

func (*PersonServerAdapter) ApproveMission

func (a *PersonServerAdapter) ApproveMission(ctx context.Context, id string, duration time.Duration) error

func (*PersonServerAdapter) Close

func (a *PersonServerAdapter) Close() error

Close closes the underlying store.

func (*PersonServerAdapter) CreateAgent

func (a *PersonServerAdapter) CreateAgent(ctx context.Context, agent *personserver.Agent) error

func (*PersonServerAdapter) CreateMission

func (a *PersonServerAdapter) CreateMission(ctx context.Context, mission *personserver.Mission) error

func (*PersonServerAdapter) CreateToken

func (a *PersonServerAdapter) CreateToken(ctx context.Context, token *personserver.Token) error

func (*PersonServerAdapter) CreateUser

func (a *PersonServerAdapter) CreateUser(ctx context.Context, user *personserver.User) error

func (*PersonServerAdapter) DenyMission

func (a *PersonServerAdapter) DenyMission(ctx context.Context, id, reason string) error

func (*PersonServerAdapter) GetAgent

func (*PersonServerAdapter) GetMission

func (a *PersonServerAdapter) GetMission(ctx context.Context, id string) (*personserver.Mission, error)

func (*PersonServerAdapter) GetToken

func (*PersonServerAdapter) GetUser

func (*PersonServerAdapter) GetUserByEmail

func (a *PersonServerAdapter) GetUserByEmail(ctx context.Context, email string) (*personserver.User, error)

func (*PersonServerAdapter) ListAgents

func (a *PersonServerAdapter) ListAgents(ctx context.Context) ([]*personserver.Agent, error)

func (*PersonServerAdapter) ListMissionsByUser

func (a *PersonServerAdapter) ListMissionsByUser(ctx context.Context, userID string) ([]*personserver.Mission, error)

func (*PersonServerAdapter) ListPendingMissions

func (a *PersonServerAdapter) ListPendingMissions(ctx context.Context) ([]*personserver.Mission, error)

func (*PersonServerAdapter) ListUsers

func (a *PersonServerAdapter) ListUsers(ctx context.Context) ([]*personserver.User, error)

func (*PersonServerAdapter) RevokeToken

func (a *PersonServerAdapter) RevokeToken(ctx context.Context, id string) error

type PreAuthorization

type PreAuthorization struct {
	ID        string     `json:"id" db:"id"`
	UserID    string     `json:"user_id" db:"user_id"`
	AgentID   string     `json:"agent_id" db:"agent_id"`
	Scopes    string     `json:"scopes" db:"scopes"`
	CreatedAt time.Time  `json:"created_at" db:"created_at"`
	ExpiresAt *time.Time `json:"expires_at,omitempty" db:"expires_at"`
}

PreAuthorization allows users to pre-approve certain scopes for agents.

func (*PreAuthorization) Covers

func (p *PreAuthorization) Covers(requestedScopes []string) bool

Covers returns true if this pre-authorization covers the requested scopes.

type SQLiteStore

type SQLiteStore struct {
	// contains filtered or unexported fields
}

SQLiteStore provides SQLite-backed storage.

func NewSQLite

func NewSQLite(dbPath string) (*SQLiteStore, error)

NewSQLite creates a new SQLite-backed store.

func (*SQLiteStore) ApproveMission

func (s *SQLiteStore) ApproveMission(ctx context.Context, id string, duration time.Duration) error

ApproveMission approves a mission.

func (*SQLiteStore) Close

func (s *SQLiteStore) Close() error

Close closes the database connection.

func (*SQLiteStore) CreateAgent

func (s *SQLiteStore) CreateAgent(ctx context.Context, agent *Agent) error

CreateAgent creates a new agent.

func (*SQLiteStore) CreateMission

func (s *SQLiteStore) CreateMission(ctx context.Context, mission *Mission) error

CreateMission creates a new mission.

func (*SQLiteStore) CreatePreAuthorization

func (s *SQLiteStore) CreatePreAuthorization(ctx context.Context, preAuth *PreAuthorization) error

CreatePreAuthorization creates a pre-authorization.

func (*SQLiteStore) CreateScopePolicy

func (s *SQLiteStore) CreateScopePolicy(ctx context.Context, policy *ScopePolicy) error

CreateScopePolicy creates a scope policy.

func (*SQLiteStore) CreateToken

func (s *SQLiteStore) CreateToken(ctx context.Context, token *Token) error

CreateToken creates a new token record.

func (*SQLiteStore) CreateUser

func (s *SQLiteStore) CreateUser(ctx context.Context, user *User) error

CreateUser creates a new user.

func (*SQLiteStore) DB

func (s *SQLiteStore) DB() *sql.DB

DB returns the underlying database connection for advanced use cases.

func (*SQLiteStore) DeletePreAuthorization

func (s *SQLiteStore) DeletePreAuthorization(ctx context.Context, userID, agentID string) error

DeletePreAuthorization deletes a pre-authorization.

func (*SQLiteStore) DeleteScopePolicy

func (s *SQLiteStore) DeleteScopePolicy(ctx context.Context, id string) error

DeleteScopePolicy deletes a scope policy.

func (*SQLiteStore) DenyMission

func (s *SQLiteStore) DenyMission(ctx context.Context, id, reason string) error

DenyMission denies a mission.

func (*SQLiteStore) GetAgent

func (s *SQLiteStore) GetAgent(ctx context.Context, id string) (*Agent, error)

GetAgent retrieves an agent by ID.

func (*SQLiteStore) GetMission

func (s *SQLiteStore) GetMission(ctx context.Context, id string) (*Mission, error)

GetMission retrieves a mission by ID.

func (*SQLiteStore) GetPreAuthorization

func (s *SQLiteStore) GetPreAuthorization(ctx context.Context, userID, agentID string) (*PreAuthorization, error)

GetPreAuthorization retrieves a pre-authorization for a user/agent pair.

func (*SQLiteStore) GetScopePolicy

func (s *SQLiteStore) GetScopePolicy(ctx context.Context, id string) (*ScopePolicy, error)

GetScopePolicy retrieves a scope policy by ID.

func (*SQLiteStore) GetToken

func (s *SQLiteStore) GetToken(ctx context.Context, id string) (*Token, error)

GetToken retrieves a token by ID.

func (*SQLiteStore) GetUser

func (s *SQLiteStore) GetUser(ctx context.Context, id string) (*User, error)

GetUser retrieves a user by ID.

func (*SQLiteStore) GetUserByEmail

func (s *SQLiteStore) GetUserByEmail(ctx context.Context, email string) (*User, error)

GetUserByEmail retrieves a user by email.

func (*SQLiteStore) ListAgents

func (s *SQLiteStore) ListAgents(ctx context.Context) ([]*Agent, error)

ListAgents lists all agents.

func (*SQLiteStore) ListMissionsByUser

func (s *SQLiteStore) ListMissionsByUser(ctx context.Context, userID string) ([]*Mission, error)

ListMissionsByUser lists missions for a user.

func (*SQLiteStore) ListPendingMissions

func (s *SQLiteStore) ListPendingMissions(ctx context.Context) ([]*Mission, error)

ListPendingMissions lists all pending missions.

func (*SQLiteStore) ListScopePolicies

func (s *SQLiteStore) ListScopePolicies(ctx context.Context) ([]*ScopePolicy, error)

ListScopePolicies lists all scope policies.

func (*SQLiteStore) ListTokens

func (s *SQLiteStore) ListTokens(ctx context.Context) ([]*Token, error)

ListTokens returns all tokens.

func (*SQLiteStore) ListUsers

func (s *SQLiteStore) ListUsers(ctx context.Context) ([]*User, error)

ListUsers lists all users.

func (*SQLiteStore) RevokeToken

func (s *SQLiteStore) RevokeToken(ctx context.Context, id string) error

RevokeToken revokes a token.

type ScopePolicy

type ScopePolicy struct {
	ID              string    `json:"id" db:"id"`
	Pattern         string    `json:"pattern" db:"pattern"`
	Protocol        string    `json:"protocol" db:"protocol"`
	InteractionType string    `json:"interaction_type,omitempty" db:"interaction_type"`
	Description     string    `json:"description,omitempty" db:"description"`
	Priority        int       `json:"priority" db:"priority"`
	CreatedAt       time.Time `json:"created_at" db:"created_at"`
}

ScopePolicy represents a scope policy stored in the database.

type Storer

type Storer interface {
	// Close closes the store connection.
	Close() error

	// User operations
	CreateUser(ctx context.Context, user *User) error
	GetUser(ctx context.Context, id string) (*User, error)
	GetUserByEmail(ctx context.Context, email string) (*User, error)
	ListUsers(ctx context.Context) ([]*User, error)

	// Agent operations
	CreateAgent(ctx context.Context, agent *Agent) error
	GetAgent(ctx context.Context, id string) (*Agent, error)
	ListAgents(ctx context.Context) ([]*Agent, error)

	// Mission operations
	CreateMission(ctx context.Context, mission *Mission) error
	GetMission(ctx context.Context, id string) (*Mission, error)
	ApproveMission(ctx context.Context, id string, duration time.Duration) error
	DenyMission(ctx context.Context, id, reason string) error
	ListPendingMissions(ctx context.Context) ([]*Mission, error)
	ListMissionsByUser(ctx context.Context, userID string) ([]*Mission, error)

	// Token operations
	CreateToken(ctx context.Context, token *Token) error
	GetToken(ctx context.Context, id string) (*Token, error)
	RevokeToken(ctx context.Context, id string) error
	ListTokens(ctx context.Context) ([]*Token, error)

	// Pre-authorization operations
	CreatePreAuthorization(ctx context.Context, preAuth *PreAuthorization) error
	GetPreAuthorization(ctx context.Context, userID, agentID string) (*PreAuthorization, error)
	DeletePreAuthorization(ctx context.Context, userID, agentID string) error

	// Scope policy operations
	CreateScopePolicy(ctx context.Context, policy *ScopePolicy) error
	GetScopePolicy(ctx context.Context, id string) (*ScopePolicy, error)
	ListScopePolicies(ctx context.Context) ([]*ScopePolicy, error)
	DeleteScopePolicy(ctx context.Context, id string) error
}

Storer defines the interface for authorization storage backends. Both SQLite and DynamoDB implementations satisfy this interface.

type Token

type Token struct {
	ID        string     `json:"id" db:"id"`
	MissionID string     `json:"mission_id,omitempty" db:"mission_id"`
	AgentID   string     `json:"agent_id" db:"agent_id"`
	UserID    string     `json:"user_id" db:"user_id"`
	Scopes    string     `json:"scopes" db:"scopes"`
	TokenType string     `json:"token_type" db:"token_type"`
	Protocol  string     `json:"protocol" db:"protocol"`
	IssuedAt  time.Time  `json:"issued_at" db:"issued_at"`
	ExpiresAt time.Time  `json:"expires_at" db:"expires_at"`
	RevokedAt *time.Time `json:"revoked_at,omitempty" db:"revoked_at"`
}

Token represents an issued auth token.

func (*Token) IsValid

func (t *Token) IsValid() bool

IsValid returns true if the token is still valid.

type User

type User struct {
	ID        string    `json:"id" db:"id"`
	Email     string    `json:"email" db:"email"`
	Name      string    `json:"name" db:"name"`
	CreatedAt time.Time `json:"created_at" db:"created_at"`
	UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
}

User represents a person who can authorize agents.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL