services

package
v1.331.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 11, 2026 License: MIT Imports: 44 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Environment variable names for Claude credentials
	EnvClaudeAccessToken  = "CLAUDE_ACCESS_TOKEN"
	EnvClaudeRefreshToken = "CLAUDE_REFRESH_TOKEN"
	EnvClaudeExpiresAt    = "CLAUDE_EXPIRES_AT"
)

Variables

This section is empty.

Functions

func BoolPtr added in v1.148.0 

func BoolPtr(b bool) *bool

BoolPtr returns a pointer to a bool

func BootstrapPersonalAPIKeys added in v1.219.0 

func BootstrapPersonalAPIKeys(
	ctx context.Context,
	authService *SimpleAuthService,
	personalAPIKeyRepo repositories.PersonalAPIKeyRepository,
) error

BootstrapPersonalAPIKeys loads existing personal API keys from Kubernetes into auth service

func BootstrapServiceAccounts added in v1.216.0 

func BootstrapServiceAccounts(
	ctx context.Context,
	authService *SimpleAuthService,
	teamConfigRepo repositories.TeamConfigRepository,
) error

BootstrapServiceAccounts loads existing service accounts from Kubernetes and creates missing ones

func ExtractTeamEnvFile added in v1.148.0 

func ExtractTeamEnvFile(tags map[string]string) string

ExtractTeamEnvFile extracts the env_file value from tags

func HashLabelValue added in v1.160.0 

func HashLabelValue(value string) string

HashLabelValue creates a sha256 hash of a value for use as a Kubernetes label value This allows querying by values that may contain invalid characters (e.g., "/" in team IDs) The hash is truncated to 16 characters for brevity while maintaining uniqueness

func HashTeamID added in v1.148.0 

func HashTeamID(teamID string) string

HashTeamID creates a sha256 hash of the team ID for use as a Kubernetes label value This allows querying by team_id without sanitization issues (e.g., "/" in team IDs) The hash is truncated to 63 characters to fit within Kubernetes label value limits

func Int64Ptr added in v1.148.0 

func Int64Ptr(i int64) *int64

Int64Ptr returns a pointer to an int64

func MergeEnvironmentVariables added in v1.148.0 

func MergeEnvironmentVariables(cfg EnvMergeConfig) (map[string]string, error)

MergeEnvironmentVariables merges environment variables from multiple sources with the following priority (highest to lowest): 1. Request environment variables 2. Team/organization specific environment file (from tags["env_file"]) 3. Auth team environment file (from team_role_mapping) 4. Role-based environment variables

func SanitizeLabelKey added in v1.148.0 

func SanitizeLabelKey(s string) string

SanitizeLabelKey sanitizes a string to be used as a Kubernetes label key

func SanitizeLabelValue added in v1.148.0 

func SanitizeLabelValue(s string) string

SanitizeLabelValue sanitizes a string to be used as a Kubernetes label value

func SanitizeSecretName added in v1.148.0 

func SanitizeSecretName(s string) string

SanitizeSecretName sanitizes a string to be used as a Kubernetes Secret name Secret names must be lowercase, alphanumeric, and may contain dashes Example: "myorg/backend-team" -> "myorg-backend-team"

Types

type AuthServiceForBootstrap added in v1.216.0 

type AuthServiceForBootstrap interface {
	CreateServiceAccountForTeam(ctx context.Context, teamID string, teamConfigRepo repositories.TeamConfigRepository) error
	LoadServiceAccountFromTeamConfig(ctx context.Context, teamConfig interface{}) error
}

AuthServiceForBootstrap defines the interface for auth service methods needed by bootstrap

type ChainCredentialProvider added in v1.148.0 

type ChainCredentialProvider struct {
	// contains filtered or unexported fields
}

ChainCredentialProvider tries multiple providers in order until one succeeds

func NewChainCredentialProvider added in v1.148.0 

func NewChainCredentialProvider(providers ...CredentialProvider) *ChainCredentialProvider

NewChainCredentialProvider creates a new ChainCredentialProvider

func (*ChainCredentialProvider) Load added in v1.148.0 

func (p *ChainCredentialProvider) Load(userID string) (*ClaudeCredentials, error)

Load attempts to load credentials from each provider in order Returns the first successful result Returns nil, nil if all providers return nil

func (*ChainCredentialProvider) Name added in v1.148.0 

func (p *ChainCredentialProvider) Name() string

Name returns the provider name

type ClaudeCredentials added in v1.148.0 

type ClaudeCredentials struct {
	AccessToken  string
	RefreshToken string
	ExpiresAt    string // epoch milliseconds as string

	// RawJSON contains the original credentials.json file content
	// When set, this should be used directly instead of reconstructing from fields
	RawJSON []byte
}

ClaudeCredentials represents Claude authentication credentials

type CredentialProvider added in v1.148.0 

type CredentialProvider interface {
	// Name returns the provider name for logging purposes
	Name() string

	// Load attempts to load credentials from this provider for the specified user
	// userID is used to locate user-specific credential files
	// Returns nil, nil if credentials are not available (not an error)
	// Returns nil, error if there was an error loading credentials
	Load(userID string) (*ClaudeCredentials, error)
}

CredentialProvider is an interface for loading Claude credentials from various sources

func DefaultCredentialProvider added in v1.148.0 

func DefaultCredentialProvider() CredentialProvider

DefaultCredentialProvider returns the default credential provider chain Order: Environment variables (highest priority) -> File

type EncryptionServiceFactory added in v1.179.0 

type EncryptionServiceFactory struct {
	// contains filtered or unexported fields
}

EncryptionServiceFactory は EncryptionService の実装を作成するファクトリー

func NewEncryptionServiceFactory added in v1.179.0 

func NewEncryptionServiceFactory(prefix string) *EncryptionServiceFactory

NewEncryptionServiceFactory は EncryptionServiceFactory を作成する 環境変数から設定を読み込む prefix が空の場合は "AGENTAPI_ENCRYPTION" を使用

func (*EncryptionServiceFactory) Create added in v1.179.0 

func (f *EncryptionServiceFactory) Create() (services.EncryptionService, error)

Create は EncryptionService の実装を作成する 優先順位: KMS → Local → Noop

type EncryptionServiceRegistry added in v1.179.0 

type EncryptionServiceRegistry struct {
	// contains filtered or unexported fields
}

EncryptionServiceRegistry manages multiple EncryptionService implementations and selects the appropriate one based on encryption metadata

func NewEncryptionServiceRegistry added in v1.179.0 

func NewEncryptionServiceRegistry(primary services.EncryptionService) *EncryptionServiceRegistry

NewEncryptionServiceRegistry creates a new registry

func (*EncryptionServiceRegistry) GetForDecryption added in v1.179.0 

func (r *EncryptionServiceRegistry) GetForDecryption(metadata services.EncryptionMetadata) services.EncryptionService

GetForDecryption returns the appropriate service for decrypting based on metadata Falls back to primary if no matching service is found

func (*EncryptionServiceRegistry) GetForEncryption added in v1.179.0 

func (r *EncryptionServiceRegistry) GetForEncryption() services.EncryptionService

GetForEncryption returns the primary service used for encrypting new values

func (*EncryptionServiceRegistry) Register added in v1.179.0 

func (r *EncryptionServiceRegistry) Register(service services.EncryptionService)

Register adds an EncryptionService to the registry

func (*EncryptionServiceRegistry) SetPrimary added in v1.179.0 

func (r *EncryptionServiceRegistry) SetPrimary(service services.EncryptionService)

SetPrimary sets the primary encryption service

type EnvCredentialProvider added in v1.148.0 

type EnvCredentialProvider struct{}

EnvCredentialProvider loads credentials from environment variables

func NewEnvCredentialProvider added in v1.148.0 

func NewEnvCredentialProvider() *EnvCredentialProvider

NewEnvCredentialProvider creates a new EnvCredentialProvider

func (*EnvCredentialProvider) Load added in v1.148.0 

func (p *EnvCredentialProvider) Load(_ string) (*ClaudeCredentials, error)

Load attempts to load credentials from environment variables userID is ignored for environment variable provider Returns nil, nil if CLAUDE_ACCESS_TOKEN is not set

func (*EnvCredentialProvider) Name added in v1.148.0 

func (p *EnvCredentialProvider) Name() string

Name returns the provider name

type EnvMergeConfig added in v1.148.0 

type EnvMergeConfig struct {
	RoleEnvFiles    *config.RoleEnvFilesConfig
	UserRole        string
	TeamEnvFile     string // From tags["env_file"]
	AuthTeamEnvFile string // From team_role_mapping
	RequestEnv      map[string]string
}

EnvMergeConfig contains configuration for environment variable merging

type FileCredentialProvider added in v1.148.0 

type FileCredentialProvider struct {
	// contains filtered or unexported fields
}

FileCredentialProvider loads credentials from user-specific credential files When userID is provided, it looks for credentials at: $HOME/.agentapi-proxy/myclaudes/[userID]/.claude/.credentials.json When userID is empty, it falls back to ~/.claude/.credentials.json

func NewFileCredentialProvider added in v1.148.0 

func NewFileCredentialProvider() *FileCredentialProvider

NewFileCredentialProvider creates a new FileCredentialProvider with default path

func NewFileCredentialProviderWithPath added in v1.148.0 

func NewFileCredentialProviderWithPath(path string) *FileCredentialProvider

NewFileCredentialProviderWithPath creates a new FileCredentialProvider with custom path This is primarily used for testing

func (*FileCredentialProvider) Load added in v1.148.0 

func (p *FileCredentialProvider) Load(userID string) (*ClaudeCredentials, error)

Load attempts to load credentials from the file If userID is provided, looks in the user-specific directory Returns nil, nil if the file doesn't exist Returns nil, error if there was an error reading the file

func (*FileCredentialProvider) Name added in v1.148.0 

func (p *FileCredentialProvider) Name() string

Name returns the provider name

type KMSEncryptionService added in v1.179.0 

type KMSEncryptionService struct {
	// contains filtered or unexported fields
}

KMSEncryptionService は AWS KMS を使用した暗号化サービス

func NewKMSEncryptionService added in v1.179.0 

func NewKMSEncryptionService(keyID, region string) (*KMSEncryptionService, error)

NewKMSEncryptionService は KMSEncryptionService を作成する

func (*KMSEncryptionService) Algorithm added in v1.179.0 

func (s *KMSEncryptionService) Algorithm() string

Algorithm は "aws-kms" を返す

func (*KMSEncryptionService) Decrypt added in v1.179.0 

func (s *KMSEncryptionService) Decrypt(ctx context.Context, encrypted *services.EncryptedData) (string, error)

Decrypt は AWS KMS で暗号化されたデータを復号する

func (*KMSEncryptionService) Encrypt added in v1.179.0 

func (s *KMSEncryptionService) Encrypt(ctx context.Context, plaintext string) (*services.EncryptedData, error)

Encrypt は平文を AWS KMS で暗号化する

func (*KMSEncryptionService) KeyID added in v1.179.0 

func (s *KMSEncryptionService) KeyID() string

KeyID は KMS キー ID を返す

type KubernetesSession added in v1.148.0 

type KubernetesSession struct {
	// contains filtered or unexported fields
}

KubernetesSession represents a session running in a Kubernetes Deployment

func NewKubernetesSession added in v1.148.0 

func NewKubernetesSession(
	id string,
	request *entities.RunServerRequest,
	deploymentName, serviceName, pvcName, namespace string,
	servicePort int,
	cancelFunc context.CancelFunc,
	webhookPayload []byte,
) *KubernetesSession

NewKubernetesSession creates a new KubernetesSession

func (*KubernetesSession) Addr added in v1.148.0 

func (s *KubernetesSession) Addr() string

Addr returns the address (host:port) the session is running on For Kubernetes sessions, this returns the Service DNS name with port

func (*KubernetesSession) Cancel added in v1.148.0 

func (s *KubernetesSession) Cancel()

Cancel cancels the session context to trigger shutdown

func (*KubernetesSession) DeploymentName added in v1.148.0 

func (s *KubernetesSession) DeploymentName() string

DeploymentName returns the Kubernetes Deployment name

func (*KubernetesSession) Description added in v1.148.0 

func (s *KubernetesSession) Description() string

Description returns the session description (cached initial message)

func (*KubernetesSession) ID added in v1.148.0 

func (s *KubernetesSession) ID() string

ID returns the session ID

func (*KubernetesSession) IsStock added in v1.330.0 

func (s *KubernetesSession) IsStock() bool

IsStock returns whether this is a pre-warmed stock session.

func (*KubernetesSession) LastMessageAt added in v1.310.0 

func (s *KubernetesSession) LastMessageAt() time.Time

LastMessageAt returns when the last message was sent to the session.

func (*KubernetesSession) Namespace added in v1.148.0 

func (s *KubernetesSession) Namespace() string

Namespace returns the Kubernetes namespace

func (*KubernetesSession) PVCName added in v1.148.0 

func (s *KubernetesSession) PVCName() string

PVCName returns the Kubernetes PVC name

func (*KubernetesSession) ProvisionPayload added in v1.328.0 

func (s *KubernetesSession) ProvisionPayload() []byte

ProvisionPayload returns the JSON payload for POST /provision.

func (*KubernetesSession) ProvisionSettings added in v1.328.0 

func (s *KubernetesSession) ProvisionSettings() *sessionsettings.SessionSettings

ProvisionSettings returns the SessionSettings used for provisioning. Returns nil if not yet set (i.e., provisioning has not completed successfully).

func (*KubernetesSession) Request added in v1.148.0 

func (s *KubernetesSession) Request() *entities.RunServerRequest

Request returns the run server request

func (*KubernetesSession) ResolvedAPIKey added in v1.295.0 

func (s *KubernetesSession) ResolvedAPIKey() string

ResolvedAPIKey returns the API key resolved during session creation.

func (*KubernetesSession) Scope added in v1.148.0 

func (s *KubernetesSession) Scope() entities.ResourceScope

Scope returns the resource scope ("user" or "team")

func (*KubernetesSession) ServiceDNS added in v1.148.0 

func (s *KubernetesSession) ServiceDNS() string

ServiceDNS returns the Kubernetes Service DNS name for this session

func (*KubernetesSession) ServiceName added in v1.148.0 

func (s *KubernetesSession) ServiceName() string

ServiceName returns the Kubernetes Service name

func (*KubernetesSession) ServicePort added in v1.148.0 

func (s *KubernetesSession) ServicePort() int

ServicePort returns the service port

func (*KubernetesSession) SetDescription added in v1.169.0 

func (s *KubernetesSession) SetDescription(desc string)

SetDescription sets the session description (used for restored sessions from Secret)

func (*KubernetesSession) SetIsStock added in v1.330.0 

func (s *KubernetesSession) SetIsStock(v bool)

SetIsStock sets the stock flag for this session.

func (*KubernetesSession) SetLastMessageAt added in v1.310.0 

func (s *KubernetesSession) SetLastMessageAt(t time.Time)

SetLastMessageAt sets the last message time (used for restored sessions and SendMessage).

func (*KubernetesSession) SetProvisionPayload added in v1.328.0 

func (s *KubernetesSession) SetProvisionPayload(data []byte)

SetProvisionPayload stores the JSON payload to be sent to the agent-provisioner via POST /provision after the Pod becomes ready.

func (*KubernetesSession) SetProvisionSettings added in v1.328.0 

func (s *KubernetesSession) SetProvisionSettings(settings *sessionsettings.SessionSettings)

SetProvisionSettings stores the SessionSettings used for provisioning. This is called after successful provisioning to enable Pod restart recovery.

func (*KubernetesSession) SetResolvedAPIKey added in v1.295.0 

func (s *KubernetesSession) SetResolvedAPIKey(key string)

SetResolvedAPIKey stores the API key resolved during session creation. This is used by the memory-sync sidecar to authenticate with the proxy.

func (*KubernetesSession) SetStartedAt added in v1.148.0 

func (s *KubernetesSession) SetStartedAt(t time.Time)

SetStartedAt sets the session start time (used for restored sessions)

func (*KubernetesSession) SetStatus added in v1.148.0 

func (s *KubernetesSession) SetStatus(status string)

SetStatus updates the session status

func (*KubernetesSession) SetUpdatedAt added in v1.190.0 

func (s *KubernetesSession) SetUpdatedAt(t time.Time)

SetUpdatedAt sets the last updated time (used for restored sessions)

func (*KubernetesSession) StartedAt added in v1.148.0 

func (s *KubernetesSession) StartedAt() time.Time

StartedAt returns when the session was started

func (*KubernetesSession) Status added in v1.148.0 

func (s *KubernetesSession) Status() string

Status returns the current status of the session

func (*KubernetesSession) Tags added in v1.148.0 

func (s *KubernetesSession) Tags() map[string]string

Tags returns the session tags

func (*KubernetesSession) TeamID added in v1.148.0 

func (s *KubernetesSession) TeamID() string

TeamID returns the team ID when Scope is "team"

func (*KubernetesSession) TouchUpdatedAt added in v1.190.0 

func (s *KubernetesSession) TouchUpdatedAt()

TouchUpdatedAt updates the updatedAt timestamp to now

func (*KubernetesSession) UpdatedAt added in v1.190.0 

func (s *KubernetesSession) UpdatedAt() time.Time

UpdatedAt returns when the session was last updated

func (*KubernetesSession) UserID added in v1.148.0 

func (s *KubernetesSession) UserID() string

UserID returns the user ID that owns this session

func (*KubernetesSession) WebhookPayload added in v1.205.0 

func (s *KubernetesSession) WebhookPayload() []byte

WebhookPayload returns the webhook payload JSON

type KubernetesSessionManager added in v1.148.0 

type KubernetesSessionManager struct {
	// contains filtered or unexported fields
}

func NewKubernetesSessionManager added in v1.148.0 

func NewKubernetesSessionManager(
	cfg *config.Config,
	verbose bool,
	lgr *logger.Logger,
) (*KubernetesSessionManager, error)

NewKubernetesSessionManager creates a new KubernetesSessionManager

func NewKubernetesSessionManagerWithClient added in v1.148.0 

func NewKubernetesSessionManagerWithClient(
	cfg *config.Config,
	verbose bool,
	lgr *logger.Logger,
	client kubernetes.Interface,
) (*KubernetesSessionManager, error)

NewKubernetesSessionManagerWithClient creates a new KubernetesSessionManager with a custom client This is useful for testing with a fake client

func (*KubernetesSessionManager) AddSessionDeletedHandler added in v1.327.0 

func (m *KubernetesSessionManager) AddSessionDeletedHandler(handler SessionDeletedHandler)

AddSessionDeletedHandler registers a handler that is invoked when a session is deleted, before its Kubernetes resources are removed. Multiple handlers can be registered and they are called in registration order.

func (*KubernetesSessionManager) CountStockSessions added in v1.330.0 

func (m *KubernetesSessionManager) CountStockSessions(ctx context.Context) (int, error)

CountStockSessions returns the number of available (not being deleted) stock sessions.

func (*KubernetesSessionManager) CreateSession added in v1.148.0 

func (m *KubernetesSessionManager) CreateSession(ctx context.Context, id string, req *entities.RunServerRequest, webhookPayload []byte) (entities.Session, error)

CreateSession creates a new session with a Kubernetes Deployment. It first attempts to use a pre-warmed stock session (labeled agentapi.proxy/stock=true). If no stock is available, a new session is created from scratch.

func (*KubernetesSessionManager) CreateStockSession added in v1.330.0 

func (m *KubernetesSessionManager) CreateStockSession(ctx context.Context) error

CreateStockSession creates a pre-warmed stock session (Deployment + Service) without calling /provision. The pod starts the agent-provisioner and waits for adoption via adoptStockSession, which sends the actual /provision call.

func (*KubernetesSessionManager) DeleteSession added in v1.148.0 

func (m *KubernetesSessionManager) DeleteSession(id string) error

DeleteSession stops and removes a session If the session is not in memory, it attempts to restore from Kubernetes Service first

func (*KubernetesSessionManager) GetClient added in v1.148.0 

func (m *KubernetesSessionManager) GetClient() kubernetes.Interface

GetClient returns the Kubernetes client (used by subscription secret syncer)

func (*KubernetesSessionManager) GetInitialMessage added in v1.211.0 

func (m *KubernetesSessionManager) GetInitialMessage(ctx context.Context, session *KubernetesSession) string

GetInitialMessage retrieves the initial message from Secret for a given session

func (*KubernetesSessionManager) GetMessages added in v1.201.0 

func (m *KubernetesSessionManager) GetMessages(ctx context.Context, id string) ([]portrepos.Message, error)

GetMessages retrieves conversation history from a session

func (*KubernetesSessionManager) GetNamespace added in v1.148.0 

func (m *KubernetesSessionManager) GetNamespace() string

GetNamespace returns the Kubernetes namespace (used by subscription secret syncer)

func (*KubernetesSessionManager) GetPersonalAPIKeyRepository added in v1.219.0 

func (m *KubernetesSessionManager) GetPersonalAPIKeyRepository() portrepos.PersonalAPIKeyRepository

GetPersonalAPIKeyRepository returns the personal API key repository

func (*KubernetesSessionManager) GetSession added in v1.148.0 

func (m *KubernetesSessionManager) GetSession(id string) entities.Session

GetSession returns a session by ID If the session is not in memory, it attempts to restore from Kubernetes Service

func (*KubernetesSessionManager) ListSessions added in v1.148.0 

func (m *KubernetesSessionManager) ListSessions(filter entities.SessionFilter) []entities.Session

ListSessions returns all sessions matching the filter Sessions are retrieved from Kubernetes Services to survive proxy restarts

func (*KubernetesSessionManager) PurgeStockSessions added in v1.331.0 

func (m *KubernetesSessionManager) PurgeStockSessions(ctx context.Context) error

PurgeStockSessions deletes all existing pre-warmed stock sessions (Service, Deployment, PVC). Called by the stock inventory worker on startup to ensure that stale pods built from an old image are replaced with fresh ones.

func (*KubernetesSessionManager) SendMessage added in v1.194.0 

func (m *KubernetesSessionManager) SendMessage(ctx context.Context, id string, message string) error

SendMessage sends a message to an existing session

func (*KubernetesSessionManager) SetPersonalAPIKeyRepository added in v1.218.0 

func (m *KubernetesSessionManager) SetPersonalAPIKeyRepository(repo portrepos.PersonalAPIKeyRepository)

SetPersonalAPIKeyRepository sets the personal API key repository

func (*KubernetesSessionManager) SetServiceAccountEnsurer added in v1.236.0 

func (m *KubernetesSessionManager) SetServiceAccountEnsurer(ensurer ServiceAccountEnsurer)

SetServiceAccountEnsurer sets the service account ensurer for team-scoped session creation

func (*KubernetesSessionManager) SetSettingsRepository added in v1.148.0 

func (m *KubernetesSessionManager) SetSettingsRepository(repo portrepos.SettingsRepository)

SetSettingsRepository sets the settings repository for Bedrock configuration

func (*KubernetesSessionManager) SetTeamConfigRepository added in v1.217.0 

func (m *KubernetesSessionManager) SetTeamConfigRepository(repo portrepos.TeamConfigRepository)

SetTeamConfigRepository sets the team config repository for service account configuration

func (*KubernetesSessionManager) Shutdown added in v1.148.0 

func (m *KubernetesSessionManager) Shutdown(timeout time.Duration) error

Shutdown gracefully stops all sessions Note: This does NOT delete Kubernetes resources (Deployment, Service, PVC, Secret). Resources are preserved so sessions can be restored when the proxy restarts. Use DeleteSession to explicitly delete a session and its resources.

func (*KubernetesSessionManager) StopAgent added in v1.289.0 

func (m *KubernetesSessionManager) StopAgent(ctx context.Context, id string) error

StopAgent sends a stop_agent action to the running agent in the session via the claude-agentapi POST /action endpoint. This terminates the running agent task without deleting the session.

func (*KubernetesSessionManager) UpdateServiceAnnotation added in v1.190.0 

func (m *KubernetesSessionManager) UpdateServiceAnnotation(ctx context.Context, sessionID, key, value string) error

UpdateServiceAnnotation updates a specific annotation on a session's Service

type KubernetesSubscriptionSecretSyncer added in v1.148.0 

type KubernetesSubscriptionSecretSyncer struct {
	// contains filtered or unexported fields
}

KubernetesSubscriptionSecretSyncer syncs subscription data to Kubernetes Secrets

func NewKubernetesSubscriptionSecretSyncer added in v1.148.0 

func NewKubernetesSubscriptionSecretSyncer(
	clientset kubernetes.Interface,
	namespace string,
	storage notification.Storage,
	secretPrefix string,
) *KubernetesSubscriptionSecretSyncer

NewKubernetesSubscriptionSecretSyncer creates a new KubernetesSubscriptionSecretSyncer

func (*KubernetesSubscriptionSecretSyncer) GetSecretName added in v1.148.0 

func (s *KubernetesSubscriptionSecretSyncer) GetSecretName(userID string) string

GetSecretName returns the secret name for a given user ID

func (*KubernetesSubscriptionSecretSyncer) Sync added in v1.148.0 

func (s *KubernetesSubscriptionSecretSyncer) Sync(userID string) error

Sync creates or updates the subscription Secret for a user

type LocalEncryptionService added in v1.179.0 

type LocalEncryptionService struct {
	// contains filtered or unexported fields
}

LocalEncryptionService は AES-256-GCM を使用したローカル暗号化サービス

func NewLocalEncryptionService added in v1.179.0 

func NewLocalEncryptionService(keyPath string, keyEnvVar string) (*LocalEncryptionService, error)

NewLocalEncryptionService は LocalEncryptionService を作成する keyPath が指定されていない場合、環境変数から読み込む keyEnvVar が空の場合は "AGENTAPI_ENCRYPTION_KEY" を使用

func (*LocalEncryptionService) Algorithm added in v1.179.0 

func (s *LocalEncryptionService) Algorithm() string

Algorithm は "aes-256-gcm" を返す

func (*LocalEncryptionService) Decrypt added in v1.179.0 

func (s *LocalEncryptionService) Decrypt(ctx context.Context, encrypted *services.EncryptedData) (string, error)

Decrypt は AES-256-GCM で暗号化されたデータを復号する

func (*LocalEncryptionService) Encrypt added in v1.179.0 

func (s *LocalEncryptionService) Encrypt(ctx context.Context, plaintext string) (*services.EncryptedData, error)

Encrypt は平文を AES-256-GCM で暗号化する

func (*LocalEncryptionService) KeyID added in v1.179.0 

func (s *LocalEncryptionService) KeyID() string

KeyID はキーのフィンガープリントを返す

type NoopEncryptionService added in v1.179.0 

type NoopEncryptionService struct{}

NoopEncryptionService は暗号化を行わないダミーの実装 インターフェースが通る状態を作るために使用する

func NewNoopEncryptionService added in v1.179.0 

func NewNoopEncryptionService() *NoopEncryptionService

NewNoopEncryptionService は NoopEncryptionService を作成する

func (*NoopEncryptionService) Algorithm added in v1.179.0 

func (s *NoopEncryptionService) Algorithm() string

Algorithm は "noop" を返す

func (*NoopEncryptionService) Decrypt added in v1.179.0 

func (s *NoopEncryptionService) Decrypt(ctx context.Context, encrypted *services.EncryptedData) (string, error)

Decrypt は暗号化されたデータをそのまま返す(復号しない)

func (*NoopEncryptionService) Encrypt added in v1.179.0 

func (s *NoopEncryptionService) Encrypt(ctx context.Context, plaintext string) (*services.EncryptedData, error)

Encrypt は平文をそのまま返す(暗号化しない)

func (*NoopEncryptionService) KeyID added in v1.179.0 

func (s *NoopEncryptionService) KeyID() string

KeyID は "noop" を返す

type ServiceAccountEnsurer added in v1.236.0 

type ServiceAccountEnsurer interface {
	EnsureServiceAccount(ctx context.Context, teamID string) error
}

KubernetesSessionManager manages sessions using Kubernetes Deployments ServiceAccountEnsurer ensures a service account exists for a team. Implementations must be safe to call concurrently.

type SessionDeletedHandler added in v1.327.0 

type SessionDeletedHandler func(ctx context.Context, session entities.Session)

SessionDeletedHandler is a callback invoked just before a session's Kubernetes resources are removed. At this point the session's Service endpoint is still reachable, so handlers can safely call GetMessages or other in-session APIs. Handlers are called synchronously and their errors are intentionally ignored so that session deletion always proceeds regardless of handler failures.

type SimpleAuthService 

type SimpleAuthService struct {
	// contains filtered or unexported fields
}

SimpleAuthService implements AuthService with simple in-memory authentication

func NewSimpleAuthService 

func NewSimpleAuthService() *SimpleAuthService

NewSimpleAuthService creates a new SimpleAuthService

func (*SimpleAuthService) AddUser 

func (s *SimpleAuthService) AddUser(user *entities.User)

AddUser adds a user to the service (for testing/demo purposes)

func (*SimpleAuthService) AuthenticateUser 

func (s *SimpleAuthService) AuthenticateUser(ctx context.Context, credentials *services.Credentials) (*entities.User, error)

AuthenticateUser authenticates a user with the given credentials

func (*SimpleAuthService) CreateServiceAccountForTeam added in v1.216.0 

func (s *SimpleAuthService) CreateServiceAccountForTeam(ctx context.Context, teamID string, teamConfigRepo repositories.TeamConfigRepository) (*entities.User, *entities.ServiceAccount, error)

CreateServiceAccountForTeam creates a service account for a team

func (*SimpleAuthService) GenerateAPIKey 

func (s *SimpleAuthService) GenerateAPIKey(ctx context.Context, userID entities.UserID, permissions []entities.Permission) (*services.APIKey, error)

GenerateAPIKey generates a new API key for a user

func (*SimpleAuthService) LoadPersonalAPIKey added in v1.219.0 

func (s *SimpleAuthService) LoadPersonalAPIKey(ctx context.Context, personalAPIKey *entities.PersonalAPIKey) error

LoadPersonalAPIKey loads a personal API key into memory

func (*SimpleAuthService) LoadServiceAccountFromTeamConfig added in v1.216.0 

func (s *SimpleAuthService) LoadServiceAccountFromTeamConfig(ctx context.Context, teamConfig *entities.TeamConfig) error

LoadServiceAccountFromTeamConfig loads a service account from team config into memory

func (*SimpleAuthService) RefreshUserInfo 

func (s *SimpleAuthService) RefreshUserInfo(ctx context.Context, user *entities.User) (*entities.User, error)

RefreshUserInfo refreshes user information from external sources

func (*SimpleAuthService) RevokeAPIKey 

func (s *SimpleAuthService) RevokeAPIKey(ctx context.Context, apiKey string) error

RevokeAPIKey revokes an existing API key

func (*SimpleAuthService) SetGitHubAuthConfig added in v1.71.0 

func (s *SimpleAuthService) SetGitHubAuthConfig(cfg *config.GitHubAuthConfig)

SetGitHubAuthConfig sets the GitHub authentication configuration. If a provider has already been set via SetGitHubProvider, it is preserved. Otherwise a new GitHubAuthProvider is created from the config.

func (*SimpleAuthService) SetGitHubProvider added in v1.287.0 

func (s *SimpleAuthService) SetGitHubProvider(provider *auth.GitHubAuthProvider)

SetGitHubProvider injects a pre-configured GitHubAuthProvider. This allows the caller to supply a provider that already has optional dependencies (e.g. TeamMappingRepository) wired in.

func (*SimpleAuthService) ValidateAPIKey 

func (s *SimpleAuthService) ValidateAPIKey(ctx context.Context, apiKey string) (*entities.User, error)

ValidateAPIKey validates an API key and returns the associated user

func (*SimpleAuthService) ValidatePermission 

func (s *SimpleAuthService) ValidatePermission(ctx context.Context, user *entities.User, permission entities.Permission) error

ValidatePermission checks if a user has a specific permission

type SimpleNotificationService 

type SimpleNotificationService struct {
	// contains filtered or unexported fields
}

SimpleNotificationService implements NotificationService with basic functionality

func NewSimpleNotificationService 

func NewSimpleNotificationService() *SimpleNotificationService

NewSimpleNotificationService creates a new SimpleNotificationService

func (*SimpleNotificationService) SendBulkNotifications 

func (s *SimpleNotificationService) SendBulkNotifications(ctx context.Context, notification *entities.Notification, subscriptions []*entities.Subscription) ([]*services.NotificationResult, error)

SendBulkNotifications sends notifications to multiple subscriptions

func (*SimpleNotificationService) SendNotification 

func (s *SimpleNotificationService) SendNotification(ctx context.Context, notification *entities.Notification, subscription *entities.Subscription) error

SendNotification sends a notification to a specific subscription

func (*SimpleNotificationService) TestNotification 

func (s *SimpleNotificationService) TestNotification(ctx context.Context, subscription *entities.Subscription) error

TestNotification sends a test notification to verify the subscription

func (*SimpleNotificationService) ValidateSubscription 

func (s *SimpleNotificationService) ValidateSubscription(ctx context.Context, subscription *entities.Subscription) error

ValidateSubscription validates a push notification subscription

type SlackChannelResolver added in v1.266.0 

type SlackChannelResolver struct {
	// contains filtered or unexported fields
}

SlackChannelResolver resolves Slack channel IDs to names using the Slack API, with a two-level cache: in-memory (sync.Map) and a Kubernetes ConfigMap for persistence.

func NewSlackChannelResolver added in v1.266.0 

func NewSlackChannelResolver(kubeClient kubernetes.Interface, namespace string) *SlackChannelResolver

NewSlackChannelResolver creates a new SlackChannelResolver

func (*SlackChannelResolver) FetchThreadReplies added in v1.317.0 

func (r *SlackChannelResolver) FetchThreadReplies(ctx context.Context, channel, threadTS, botToken string) ([]SlackMessage, error)

FetchThreadReplies fetches all messages in a Slack thread using the conversations.replies API. channel is the Slack channel ID and threadTS is the root message timestamp. Returns messages sorted by timestamp (oldest first), including the root message. Requires a bot token with channels:history or groups:history scope.

func (*SlackChannelResolver) GetBotToken added in v1.266.0 

func (r *SlackChannelResolver) GetBotToken(ctx context.Context, secretName, secretKey string) (string, error)

GetBotToken retrieves the Slack bot token from a Kubernetes Secret.

func (*SlackChannelResolver) PostMessage added in v1.269.0 

func (r *SlackChannelResolver) PostMessage(ctx context.Context, channel, threadTS, text, botToken string) error

PostMessage posts a message to a Slack channel, optionally in a thread. If threadTS is non-empty, the message is posted as a thread reply. Requires a bot token with chat:write scope.

func (*SlackChannelResolver) ResolveChannelName added in v1.266.0 

func (r *SlackChannelResolver) ResolveChannelName(ctx context.Context, channelID, botToken string) (string, error)

ResolveChannelName resolves a Slack channel ID to its name. Resolution order:

  1. In-memory cache
  2. Kubernetes ConfigMap (persistent)
  3. Slack API conversations.info (requires bot token with channels:read / groups:read scope)

func (*SlackChannelResolver) WithSlackAPIBase added in v1.317.0 

func (r *SlackChannelResolver) WithSlackAPIBase(base string) *SlackChannelResolver

WithSlackAPIBase overrides the Slack API base URL. Intended for testing only; production callers should use the default (https://slack.com/api).

type SlackMessage added in v1.317.0 

type SlackMessage struct {
	User    string `json:"user"`
	BotID   string `json:"bot_id,omitempty"`
	Text    string `json:"text"`
	Ts      string `json:"ts"`
	SubType string `json:"subtype,omitempty"`
}

SlackMessage represents a single Slack message returned by conversations.replies.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.