Documentation
¶
Overview ¶
Package storage is RiskKernel's durable state layer. The Store interface is the seam behind which SQLite (default, zero-config, the file the user owns) and Postgres (opt-in, later) live. Callers never see SQL. Runs, steps, tool calls, and the cost ledger persist here so runs survive a crash (step 5: resume) and so spend is auditable (`riskkernel audit export`).
Schema evolution is forward-only via embedded Goose migrations (see COMPATIBILITY.md): migrations run in a transaction on startup, and the daemon refuses to start if the on-disk schema is newer than the binary understands.
Index ¶
- Constants
- Variables
- type ApprovalRecord
- type CheckpointRecord
- type Fact
- type LedgerEntry
- type LedgerTotals
- type RunRecord
- type SQLite
- func (s *SQLite) AppendLedger(ctx context.Context, e LedgerEntry) error
- func (s *SQLite) AppendToolCall(ctx context.Context, t ToolCallRecord) error
- func (s *SQLite) Close() error
- func (s *SQLite) CreateApproval(ctx context.Context, a ApprovalRecord) error
- func (s *SQLite) GetApproval(ctx context.Context, id string) (ApprovalRecord, error)
- func (s *SQLite) GetFact(ctx context.Context, namespace, key string) (Fact, error)
- func (s *SQLite) GetRun(ctx context.Context, id string) (RunRecord, error)
- func (s *SQLite) LatestCheckpoint(ctx context.Context, runID string) (CheckpointRecord, error)
- func (s *SQLite) LedgerForRun(ctx context.Context, runID string) ([]LedgerEntry, error)
- func (s *SQLite) ListApprovals(ctx context.Context, status string) ([]ApprovalRecord, error)
- func (s *SQLite) ListCheckpoints(ctx context.Context, runID string) ([]CheckpointRecord, error)
- func (s *SQLite) ListFacts(ctx context.Context, namespace string) ([]Fact, error)
- func (s *SQLite) ListRuns(ctx context.Context) ([]RunRecord, error)
- func (s *SQLite) ListRunsByStatus(ctx context.Context, status string) ([]RunRecord, error)
- func (s *SQLite) ListSteps(ctx context.Context, runID string) ([]StepRecord, error)
- func (s *SQLite) PutFact(ctx context.Context, f Fact) error
- func (s *SQLite) ResolveApproval(ctx context.Context, id, status, reason, decidedBy string, decidedAt time.Time) error
- func (s *SQLite) SaveCheckpoint(ctx context.Context, c CheckpointRecord) error
- func (s *SQLite) Totals(ctx context.Context, runID string) (LedgerTotals, error)
- func (s *SQLite) UpsertRun(ctx context.Context, r RunRecord) error
- func (s *SQLite) UpsertStep(ctx context.Context, st StepRecord) error
- type StepRecord
- type Store
- type ToolCallRecord
Constants ¶
const ( ApprovalPending = "pending" ApprovalApproved = "approved" ApprovalDenied = "denied" )
Approval status values.
Variables ¶
var ErrNotFound = errors.New("storage: not found")
ErrNotFound is returned when a requested record does not exist.
var ErrSchemaTooNew = errors.New("storage: on-disk schema is newer than this binary; upgrade riskkernel")
ErrSchemaTooNew is returned when the on-disk schema version is newer than the running binary understands. RiskKernel refuses to start in this case rather than risk corrupting a user's data (downgrade protection, COMPATIBILITY.md).
Functions ¶
This section is empty.
Types ¶
type ApprovalRecord ¶
type ApprovalRecord struct {
ID string
RunID string
StepIndex int32
Tool string
SideEffect string
Arguments map[string]any
Status string // pending | approved | denied
Reason string
DecidedBy string
CreatedAt time.Time
DecidedAt *time.Time
}
ApprovalRecord is a human-in-the-loop gate on a side-effecting tool call.
type CheckpointRecord ¶
type CheckpointRecord struct {
RunID string
StepIndex int32
Name string
UsagePromptTokens int64
UsageCompletionTokens int64
UsageDollars float64
UsageLoops int32
Payload map[string]any
CreatedAt time.Time
}
CheckpointRecord is a crash-resumable snapshot: a run's usage at a step plus an opaque user-supplied payload to restart from.
type LedgerEntry ¶
type LedgerEntry struct {
RunID string
StepIndex int32
Provider string
Model string
PromptTokens int64
CompletionTokens int64
Dollars float64
Priced bool // false when the model had no known price
ResponseID string
CreatedAt time.Time
}
LedgerEntry is one priced model call — the auditable unit of spend.
type LedgerTotals ¶
type LedgerTotals struct {
RunID string
Calls int64
PromptTokens int64
CompletionTokens int64
Dollars float64
}
LedgerTotals aggregates spend for audit/reporting.
type RunRecord ¶
type RunRecord struct {
ID string
Name string
Status string
HaltReason string
BudgetTokens int64
BudgetDollars float64
BudgetLoops int32
BudgetSeconds int32
UsagePromptTokens int64
UsageCompletionTokens int64
UsageDollars float64
UsageLoops int32
Metadata map[string]string
CreatedAt time.Time
UpdatedAt time.Time
}
RunRecord is the persisted form of a governed run.
type SQLite ¶
type SQLite struct {
// contains filtered or unexported fields
}
SQLite is the default Store backend: a single WAL-mode SQLite file the user owns. Pure-Go driver, so the binary stays static and cross-compilable.
func OpenSQLite ¶
OpenSQLite opens (creating if needed) the SQLite database at path, applies pending forward migrations in a transaction, and enforces downgrade protection.
func (*SQLite) AppendLedger ¶
func (s *SQLite) AppendLedger(ctx context.Context, e LedgerEntry) error
func (*SQLite) AppendToolCall ¶
func (s *SQLite) AppendToolCall(ctx context.Context, t ToolCallRecord) error
func (*SQLite) CreateApproval ¶
func (s *SQLite) CreateApproval(ctx context.Context, a ApprovalRecord) error
CreateApproval persists a new (pending) approval request.
func (*SQLite) GetApproval ¶
GetApproval returns an approval by id, or ErrNotFound.
func (*SQLite) LatestCheckpoint ¶
LatestCheckpoint returns a run's most recent checkpoint, or ErrNotFound.
func (*SQLite) LedgerForRun ¶
func (*SQLite) ListApprovals ¶
ListApprovals returns approvals filtered by status ("" = all), newest first.
func (*SQLite) ListCheckpoints ¶
ListCheckpoints returns a run's checkpoints in time order.
func (*SQLite) ListRunsByStatus ¶
ListRunsByStatus returns runs in the given lifecycle status, newest first.
func (*SQLite) ResolveApproval ¶
func (s *SQLite) ResolveApproval(ctx context.Context, id, status, reason, decidedBy string, decidedAt time.Time) error
ResolveApproval records a decision on a pending approval. It is a no-op if the approval is not currently pending (returns ErrNotFound so callers can detect a double-resolve or unknown id).
func (*SQLite) SaveCheckpoint ¶
func (s *SQLite) SaveCheckpoint(ctx context.Context, c CheckpointRecord) error
SaveCheckpoint appends a crash-resumable checkpoint.
func (*SQLite) UpsertStep ¶
func (s *SQLite) UpsertStep(ctx context.Context, st StepRecord) error
type StepRecord ¶
type StepRecord struct {
RunID string
Index int32
Status string
PromptTokens int64
CompletionTokens int64
Dollars float64
StartedAt time.Time
EndedAt *time.Time // nil while running
}
StepRecord is one loop iteration of a run.
type Store ¶
type Store interface {
// UpsertRun inserts or replaces a run row by ID.
UpsertRun(ctx context.Context, r RunRecord) error
// GetRun returns a run by ID, or ErrNotFound.
GetRun(ctx context.Context, id string) (RunRecord, error)
// ListRuns returns all runs, newest first.
ListRuns(ctx context.Context) ([]RunRecord, error)
// ListRunsByStatus returns runs in the given lifecycle status (e.g. "running"
// for reload-on-startup), newest first.
ListRunsByStatus(ctx context.Context, status string) ([]RunRecord, error)
// UpsertStep inserts or replaces a step row by (run_id, index).
UpsertStep(ctx context.Context, s StepRecord) error
// ListSteps returns a run's steps in index order.
ListSteps(ctx context.Context, runID string) ([]StepRecord, error)
// AppendLedger appends one priced call to the cost ledger.
AppendLedger(ctx context.Context, e LedgerEntry) error
// LedgerForRun returns a run's ledger entries in time order.
LedgerForRun(ctx context.Context, runID string) ([]LedgerEntry, error)
// Totals aggregates a run's ledger.
Totals(ctx context.Context, runID string) (LedgerTotals, error)
// AppendToolCall records a tool invocation.
AppendToolCall(ctx context.Context, t ToolCallRecord) error
// PutFact inserts or updates an episodic memory fact by (namespace, key).
PutFact(ctx context.Context, f Fact) error
// GetFact returns a fact, or ErrNotFound.
GetFact(ctx context.Context, namespace, key string) (Fact, error)
// ListFacts returns all facts in a namespace.
ListFacts(ctx context.Context, namespace string) ([]Fact, error)
// CreateApproval persists a new (pending) approval request.
CreateApproval(ctx context.Context, a ApprovalRecord) error
// GetApproval returns an approval by id, or ErrNotFound.
GetApproval(ctx context.Context, id string) (ApprovalRecord, error)
// ResolveApproval records a decision (approved/denied) on a pending approval.
ResolveApproval(ctx context.Context, id, status, reason, decidedBy string, decidedAt time.Time) error
// ListApprovals returns approvals filtered by status ("" = all), newest first.
ListApprovals(ctx context.Context, status string) ([]ApprovalRecord, error)
// SaveCheckpoint appends a crash-resumable checkpoint.
SaveCheckpoint(ctx context.Context, c CheckpointRecord) error
// LatestCheckpoint returns a run's most recent checkpoint, or ErrNotFound.
LatestCheckpoint(ctx context.Context, runID string) (CheckpointRecord, error)
// ListCheckpoints returns a run's checkpoints in time order.
ListCheckpoints(ctx context.Context, runID string) ([]CheckpointRecord, error)
// Close releases the backend's resources.
Close() error
}
Store is the durable backend. Implementations must be safe for concurrent use.
type ToolCallRecord ¶
type ToolCallRecord struct {
ID string
RunID string
StepIndex int32
Tool string
SideEffect string
Arguments map[string]any
Status string
CreatedAt time.Time
}
ToolCallRecord is a (side-effecting) tool invocation; populated by the MCP gateway and HITL approval gate in later build steps.
Source Files