repository

package
v0.0.0-...-3400737 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BunEdgeRepository 

type BunEdgeRepository struct {
	// contains filtered or unexported fields
}

BunEdgeRepository persists dependency edges using Bun ORM against PostgreSQL.

func (*BunEdgeRepository) Create 

func (r *BunEdgeRepository) Create(ctx context.Context, edge *models.Edge) error

Create inserts a new edge row.

func (*BunEdgeRepository) Delete 

func (r *BunEdgeRepository) Delete(ctx context.Context, id int64) error

Delete removes an edge by its ID.

func (*BunEdgeRepository) FindByOutput 

func (r *BunEdgeRepository) FindByOutput(ctx context.Context, outputKey string) ([]models.Edge, error)

FindByOutput finds all edges that reference a specific output key.

func (*BunEdgeRepository) GetAllEdges 

func (r *BunEdgeRepository) GetAllEdges(ctx context.Context) ([]models.Edge, error)

GetAllEdges fetches all edges in the system, ordered by ID (insertion order).

func (*BunEdgeRepository) GetByID 

func (r *BunEdgeRepository) GetByID(ctx context.Context, id int64) (*models.Edge, error)

GetByID fetches an edge by its ID.

func (*BunEdgeRepository) GetIncomingEdges 

func (r *BunEdgeRepository) GetIncomingEdges(ctx context.Context, toStateGUID string) ([]models.Edge, error)

GetIncomingEdges fetches all edges where the given state is the consumer.

func (*BunEdgeRepository) GetIncomingEdgesWithProducers 

func (r *BunEdgeRepository) GetIncomingEdgesWithProducers(ctx context.Context, toStateGUID string) ([]*models.Edge, error)

GetIncomingEdgesWithProducers fetches incoming edges with producer state data preloaded. The FromStateRel field will be populated for each edge. This avoids N+1 queries when iterating over edges and accessing producer state.

func (*BunEdgeRepository) GetOutgoingEdges 

func (r *BunEdgeRepository) GetOutgoingEdges(ctx context.Context, fromStateGUID string) ([]models.Edge, error)

GetOutgoingEdges fetches all edges where the given state is the producer.

func (*BunEdgeRepository) GetOutgoingEdgesWithConsumers 

func (r *BunEdgeRepository) GetOutgoingEdgesWithConsumers(ctx context.Context, fromStateGUID string) ([]*models.Edge, error)

GetOutgoingEdgesWithConsumers fetches outgoing edges with consumer state data preloaded. The ToStateRel field will be populated for each edge. This avoids N+1 queries when iterating over edges and accessing consumer state.

func (*BunEdgeRepository) GetOutgoingEdgesWithValidation 

func (r *BunEdgeRepository) GetOutgoingEdgesWithValidation(ctx context.Context, fromStateGUID string) ([]EdgeWithValidation, error)

GetOutgoingEdgesWithValidation fetches outgoing edges with producer output validation status. Uses Bun relation to LEFT JOIN state_outputs table for atomic read (single MVCC snapshot). The ProducerOutput field will be populated for each edge (nil if output doesn't exist).

func (*BunEdgeRepository) Update 

func (r *BunEdgeRepository) Update(ctx context.Context, edge *models.Edge) error

Update persists mutated edge data.

func (*BunEdgeRepository) WouldCreateCycle 

func (r *BunEdgeRepository) WouldCreateCycle(ctx context.Context, fromState, toState string) (bool, error)

WouldCreateCycle checks if adding an edge from fromState to toState would create a cycle. Uses a recursive CTE to check reachability.

type BunGroupRoleRepository 

type BunGroupRoleRepository struct {
	// contains filtered or unexported fields
}

BunGroupRoleRepository implements GroupRoleRepository using Bun ORM

func (*BunGroupRoleRepository) Create 

func (r *BunGroupRoleRepository) Create(ctx context.Context, gr *models.GroupRole) error

Create inserts a new group-role mapping

func (*BunGroupRoleRepository) Delete 

func (r *BunGroupRoleRepository) Delete(ctx context.Context, id string) error

Delete deletes a group-role mapping by ID

func (*BunGroupRoleRepository) DeleteByGroupAndRole 

func (r *BunGroupRoleRepository) DeleteByGroupAndRole(ctx context.Context, groupName string, roleID string) error

DeleteByGroupAndRole deletes a specific group-role mapping

func (*BunGroupRoleRepository) GetByGroupName 

func (r *BunGroupRoleRepository) GetByGroupName(ctx context.Context, groupName string) ([]models.GroupRole, error)

GetByGroupName retrieves all role mappings for a group

func (*BunGroupRoleRepository) GetByID 

func (r *BunGroupRoleRepository) GetByID(ctx context.Context, id string) (*models.GroupRole, error)

GetByID retrieves a group-role mapping by ID

func (*BunGroupRoleRepository) GetByRoleID 

func (r *BunGroupRoleRepository) GetByRoleID(ctx context.Context, roleID string) ([]models.GroupRole, error)

GetByRoleID retrieves all group mappings for a specific role

func (*BunGroupRoleRepository) List 

func (r *BunGroupRoleRepository) List(ctx context.Context) ([]models.GroupRole, error)

List retrieves all group-role mappings

type BunLabelPolicyRepository 

type BunLabelPolicyRepository struct {
	// contains filtered or unexported fields
}

BunLabelPolicyRepository manages label policy using Bun ORM.

func (*BunLabelPolicyRepository) GetPolicy 

func (r *BunLabelPolicyRepository) GetPolicy(ctx context.Context) (*models.LabelPolicy, error)

GetPolicy retrieves the current label policy (single-row table).

func (*BunLabelPolicyRepository) SetPolicy 

func (r *BunLabelPolicyRepository) SetPolicy(ctx context.Context, policyDef *models.PolicyDefinition) error

SetPolicy creates or updates the label policy with version increment.

type BunRevokedJTIRepository 

type BunRevokedJTIRepository struct {
	// contains filtered or unexported fields
}

BunRevokedJTIRepository implements RevokedJTIRepository using Bun ORM

func (*BunRevokedJTIRepository) Create 

func (r *BunRevokedJTIRepository) Create(ctx context.Context, revokedJTI *models.RevokedJTI) error

Create adds a JTI to the revocation denylist

func (*BunRevokedJTIRepository) DeleteExpired 

func (r *BunRevokedJTIRepository) DeleteExpired(ctx context.Context, gracePeriod time.Duration) error

DeleteExpired removes revoked JTIs where exp < now() - grace period Used for periodic cleanup to prevent table bloat

func (*BunRevokedJTIRepository) GetByJTI 

func (r *BunRevokedJTIRepository) GetByJTI(ctx context.Context, jti string) (*models.RevokedJTI, error)

GetByJTI retrieves a revoked JTI entry by its ID

func (*BunRevokedJTIRepository) IsRevoked 

func (r *BunRevokedJTIRepository) IsRevoked(ctx context.Context, jti string) (bool, error)

IsRevoked checks if a JTI exists in the revocation table Uses SELECT EXISTS pattern for efficient boolean check

type BunRoleRepository 

type BunRoleRepository struct {
	// contains filtered or unexported fields
}

BunRoleRepository implements RoleRepository using Bun ORM

func (*BunRoleRepository) Create 

func (r *BunRoleRepository) Create(ctx context.Context, role *models.Role) error

Create inserts a new role

func (*BunRoleRepository) Delete 

func (r *BunRoleRepository) Delete(ctx context.Context, id string) error

Delete deletes a role by ID

func (*BunRoleRepository) GetByID 

func (r *BunRoleRepository) GetByID(ctx context.Context, id string) (*models.Role, error)

GetByID retrieves a role by ID

func (*BunRoleRepository) GetByName 

func (r *BunRoleRepository) GetByName(ctx context.Context, name string) (*models.Role, error)

GetByName retrieves a role by name

func (*BunRoleRepository) List 

func (r *BunRoleRepository) List(ctx context.Context) ([]models.Role, error)

List retrieves all roles

func (*BunRoleRepository) Update 

func (r *BunRoleRepository) Update(ctx context.Context, role *models.Role) error

Update updates an existing role

type BunServiceAccountRepository 

type BunServiceAccountRepository struct {
	// contains filtered or unexported fields
}

BunServiceAccountRepository implements ServiceAccountRepository using Bun ORM

func (*BunServiceAccountRepository) Create 

func (r *BunServiceAccountRepository) Create(ctx context.Context, sa *models.ServiceAccount) error

Create inserts a new service account

func (*BunServiceAccountRepository) GetByClientID 

func (r *BunServiceAccountRepository) GetByClientID(ctx context.Context, clientID string) (*models.ServiceAccount, error)

GetByClientID retrieves a service account by client ID

func (*BunServiceAccountRepository) GetByID 

func (r *BunServiceAccountRepository) GetByID(ctx context.Context, id string) (*models.ServiceAccount, error)

GetByID retrieves a service account by ID

func (*BunServiceAccountRepository) GetByName 

func (r *BunServiceAccountRepository) GetByName(ctx context.Context, name string) (*models.ServiceAccount, error)

GetByName retrieves a service account by name

func (*BunServiceAccountRepository) List 

func (r *BunServiceAccountRepository) List(ctx context.Context) ([]models.ServiceAccount, error)

List retrieves all service accounts

func (*BunServiceAccountRepository) ListByCreator 

func (r *BunServiceAccountRepository) ListByCreator(ctx context.Context, createdBy string) ([]models.ServiceAccount, error)

ListByCreator retrieves service accounts created by a specific user

func (*BunServiceAccountRepository) SetDisabled 

func (r *BunServiceAccountRepository) SetDisabled(ctx context.Context, id string, disabled bool) error

SetDisabled updates the disabled status of a service account

func (*BunServiceAccountRepository) Update 

func (r *BunServiceAccountRepository) Update(ctx context.Context, sa *models.ServiceAccount) error

Update updates an existing service account

func (*BunServiceAccountRepository) UpdateLastUsed 

func (r *BunServiceAccountRepository) UpdateLastUsed(ctx context.Context, id string) error

UpdateLastUsed updates the last_used_at timestamp

func (*BunServiceAccountRepository) UpdateSecretHash 

func (r *BunServiceAccountRepository) UpdateSecretHash(ctx context.Context, id string, secretHash string) error

UpdateSecretHash updates the client secret hash (for rotation)

type BunSessionRepository 

type BunSessionRepository struct {
	// contains filtered or unexported fields
}

BunSessionRepository implements SessionRepository using Bun ORM

func (*BunSessionRepository) Create 

func (r *BunSessionRepository) Create(ctx context.Context, session *models.Session) error

Create inserts a new session

func (*BunSessionRepository) DeleteExpired 

func (r *BunSessionRepository) DeleteExpired(ctx context.Context) error

DeleteExpired deletes all expired sessions Should be run periodically by a cleanup job

func (*BunSessionRepository) GetByID 

func (r *BunSessionRepository) GetByID(ctx context.Context, id string) (*models.Session, error)

GetByID retrieves a session by ID

func (*BunSessionRepository) GetByServiceAccountID 

func (r *BunSessionRepository) GetByServiceAccountID(ctx context.Context, serviceAccountID string) ([]models.Session, error)

GetByServiceAccountID retrieves all sessions for a service account

func (*BunSessionRepository) GetByTokenHash 

func (r *BunSessionRepository) GetByTokenHash(ctx context.Context, tokenHash string) (*models.Session, error)

GetByTokenHash retrieves a session by its token hash This is the primary lookup method for authentication

func (*BunSessionRepository) GetByUserID 

func (r *BunSessionRepository) GetByUserID(ctx context.Context, userID string) ([]models.Session, error)

GetByUserID retrieves all sessions for a user

func (*BunSessionRepository) List 

func (r *BunSessionRepository) List(ctx context.Context) ([]models.Session, error)

List retrieves all sessions (admin operation)

func (*BunSessionRepository) Revoke 

func (r *BunSessionRepository) Revoke(ctx context.Context, id string) error

Revoke marks a session as revoked

func (*BunSessionRepository) RevokeByServiceAccountID 

func (r *BunSessionRepository) RevokeByServiceAccountID(ctx context.Context, serviceAccountID string) error

RevokeByServiceAccountID revokes all sessions for a service account Used for FR-070b (cascade revocation when service account is disabled/deleted)

func (*BunSessionRepository) RevokeByUserID 

func (r *BunSessionRepository) RevokeByUserID(ctx context.Context, userID string) error

RevokeByUserID revokes all sessions for a user Used for manual logout or security incidents

func (*BunSessionRepository) UpdateLastUsed 

func (r *BunSessionRepository) UpdateLastUsed(ctx context.Context, id string) error

UpdateLastUsed updates the last_used_at timestamp for a session

type BunStateOutputRepository 

type BunStateOutputRepository struct {
	// contains filtered or unexported fields
}

BunStateOutputRepository persists state outputs using Bun ORM against PostgreSQL.

func (*BunStateOutputRepository) DeleteOutputsByState 

func (r *BunStateOutputRepository) DeleteOutputsByState(ctx context.Context, stateGUID string) error

DeleteOutputsByState removes all cached outputs for a state.

func (*BunStateOutputRepository) GetOutputSchema 

func (r *BunStateOutputRepository) GetOutputSchema(ctx context.Context, stateGUID string, outputKey string) (string, error)

GetOutputSchema retrieves the JSON Schema for a specific state output. Returns empty string if no schema has been set (not an error).

func (*BunStateOutputRepository) GetOutputsByState 

func (r *BunStateOutputRepository) GetOutputsByState(ctx context.Context, stateGUID string) ([]OutputKey, error)

GetOutputsByState returns all cached outputs for a state.

func (*BunStateOutputRepository) GetOutputsWithoutSchema 

func (r *BunStateOutputRepository) GetOutputsWithoutSchema(ctx context.Context, stateGUID string) ([]string, error)

GetOutputsWithoutSchema returns output keys that don't have a schema set. Used by inference service to determine which outputs need schema generation. Returns empty slice if all outputs have schemas (not an error).

func (*BunStateOutputRepository) GetSchemasForState 

func (r *BunStateOutputRepository) GetSchemasForState(ctx context.Context, stateGUID string) (map[string]string, error)

GetSchemasForState returns all output schemas for a state (for validation). Returns map of outputKey -> schemaJSON for outputs that have schemas. Outputs without schemas are not included in the map.

func (*BunStateOutputRepository) SearchOutputsByKey 

func (r *BunStateOutputRepository) SearchOutputsByKey(ctx context.Context, outputKey string) ([]StateOutputRef, error)

SearchOutputsByKey finds all states with output matching key (exact match).

func (*BunStateOutputRepository) SetOutputSchema 

func (r *BunStateOutputRepository) SetOutputSchema(ctx context.Context, stateGUID string, outputKey string, schemaJSON string) error

SetOutputSchema sets or updates the JSON Schema for a specific state output. Creates the output record if it doesn't exist (with state_serial=0, sensitive=false). Always sets schema_source to "manual" since this is an explicit SetOutputSchema call.

func (*BunStateOutputRepository) SetOutputSchemaWithSource 

func (r *BunStateOutputRepository) SetOutputSchemaWithSource(ctx context.Context, stateGUID, outputKey, schemaJSON, source string, expectedSerial int64) error

SetOutputSchemaWithSource sets or updates the JSON Schema with source tracking. source must be "manual" or "inferred". Creates the output record if it doesn't exist (with state_serial=0, sensitive=false). expectedSerial: For inferred schemas, verifies output still exists at this serial before writing. 

Use -1 for manual schemas to skip serial check (always write).

func (*BunStateOutputRepository) UpdateValidationStatus 

func (r *BunStateOutputRepository) UpdateValidationStatus(ctx context.Context, stateGUID, outputKey, status string, validationError *string, validatedAt time.Time) error

UpdateValidationStatus updates the validation status for a specific output. Sets validation_status, validation_error, and validated_at columns. validationError can be nil for "valid" or "not_validated" statuses.

func (*BunStateOutputRepository) UpsertOutputs 

func (r *BunStateOutputRepository) UpsertOutputs(ctx context.Context, stateGUID string, serial int64, outputs []OutputKey) error

UpsertOutputs atomically replaces all outputs for a state. Deletes outputs with mismatched serial, then inserts new outputs.

type BunStateRepository 

type BunStateRepository struct {
	// contains filtered or unexported fields
}

BunStateRepository persists states using Bun ORM against PostgreSQL.

func (*BunStateRepository) Create 

func (r *BunStateRepository) Create(ctx context.Context, state *models.State) error

Create inserts a new state row using the client-provided GUID.

func (*BunStateRepository) GetByGUID 

func (r *BunStateRepository) GetByGUID(ctx context.Context, guid string) (*models.State, error)

GetByGUID fetches a state by its immutable GUID.

func (*BunStateRepository) GetByGUIDWithRelations 

func (r *BunStateRepository) GetByGUIDWithRelations(ctx context.Context, guid string, relations ...string) (*models.State, error)

GetByGUIDWithRelations fetches a state with specified relations preloaded. Relations can be: "Outputs", "IncomingEdges", "OutgoingEdges" This allows flexible eager loading based on what data is needed.

func (*BunStateRepository) GetByGUIDs 

func (r *BunStateRepository) GetByGUIDs(ctx context.Context, guids []string) (map[string]*models.State, error)

GetByGUIDs fetches multiple states by GUIDs in a single query (batch operation). Returns a map of GUID -> State for efficient lookup. Missing GUIDs are omitted from result.

func (*BunStateRepository) GetByLogicID 

func (r *BunStateRepository) GetByLogicID(ctx context.Context, logicID string) (*models.State, error)

GetByLogicID fetches a state via its human readable identifier.

func (*BunStateRepository) List 

func (r *BunStateRepository) List(ctx context.Context) ([]models.State, error)

List returns all states ordered from newest to oldest with relationship counts. Uses efficient COUNT subqueries to populate dependencies_count, dependents_count, outputs_count without fetching full relationship data (eliminates N+1 pattern for StateInfo rendering).

func (*BunStateRepository) ListStatesWithOutputs 

func (r *BunStateRepository) ListStatesWithOutputs(ctx context.Context) ([]*models.State, error)

ListStatesWithOutputs returns all states with their outputs preloaded (avoids N+1). This is useful for operations that need to display state summaries with output counts.

func (*BunStateRepository) ListWithFilter 

func (r *BunStateRepository) ListWithFilter(ctx context.Context, filter string, pageSize int, offset int) ([]models.State, error)

ListWithFilter returns states matching bexpr filter with deterministic label ordering and counts. T026: Implements in-memory bexpr filtering per data-model.md lines 360-411. Includes efficient COUNT subqueries for relationship counts.

func (*BunStateRepository) Lock 

func (r *BunStateRepository) Lock(ctx context.Context, guid string, lockInfo *models.LockInfo) error

Lock attempts to acquire an optimistic lock for the state.

func (*BunStateRepository) Unlock 

func (r *BunStateRepository) Unlock(ctx context.Context, guid string, lockID string) error

Unlock clears the lock metadata after verifying the current lock ID matches.

func (*BunStateRepository) Update 

func (r *BunStateRepository) Update(ctx context.Context, state *models.State) error

Update persists mutated state content and metadata. DEPRECATED: use UpdateContentAndUpsertOutputs for 003-ux-improvements-for/FR-027 compliance.

func (*BunStateRepository) UpdateContentAndUpsertOutputs 

func (r *BunStateRepository) UpdateContentAndUpsertOutputs(ctx context.Context, guid string, content []byte, lockID string, serial int64, outputs []OutputKey) error

UpdateContentAndUpsertOutputs atomically updates state content and output cache in one transaction. This ensures 003-ux-improvements-for/FR-027 compliance: cache and state are always consistent.

type BunUserRepository 

type BunUserRepository struct {
	// contains filtered or unexported fields
}

BunUserRepository implements UserRepository using Bun ORM

func (*BunUserRepository) Create 

func (r *BunUserRepository) Create(ctx context.Context, user *models.User) error

Create inserts a new user into the database

func (*BunUserRepository) GetByEmail 

func (r *BunUserRepository) GetByEmail(ctx context.Context, email string) (*models.User, error)

GetByEmail retrieves a user by their email

func (*BunUserRepository) GetByID 

func (r *BunUserRepository) GetByID(ctx context.Context, id string) (*models.User, error)

GetByID retrieves a user by their ID

func (*BunUserRepository) GetBySubject 

func (r *BunUserRepository) GetBySubject(ctx context.Context, subject string) (*models.User, error)

GetBySubject retrieves a user by their OIDC subject. For internal IdP users (subject = NULL), falls back to ID lookup if subject looks like a UUID.

func (*BunUserRepository) List 

func (r *BunUserRepository) List(ctx context.Context) ([]models.User, error)

List retrieves all users

func (*BunUserRepository) SetPasswordHash 

func (r *BunUserRepository) SetPasswordHash(ctx context.Context, id string, passwordHash string) error

SetPasswordHash updates the stored bcrypt hash for a user's local credentials.

func (*BunUserRepository) Update 

func (r *BunUserRepository) Update(ctx context.Context, user *models.User) error

Update updates an existing user

func (*BunUserRepository) UpdateLastLogin 

func (r *BunUserRepository) UpdateLastLogin(ctx context.Context, id string) error

UpdateLastLogin updates the last_login_at timestamp for a user

type BunUserRoleRepository 

type BunUserRoleRepository struct {
	// contains filtered or unexported fields
}

BunUserRoleRepository implements UserRoleRepository using Bun ORM

func (*BunUserRoleRepository) Create 

func (r *BunUserRoleRepository) Create(ctx context.Context, ur *models.UserRole) error

Create inserts a new user-role assignment

func (*BunUserRoleRepository) Delete 

func (r *BunUserRoleRepository) Delete(ctx context.Context, id string) error

Delete deletes a user-role assignment by ID

func (*BunUserRoleRepository) DeleteByServiceAccountAndRole 

func (r *BunUserRoleRepository) DeleteByServiceAccountAndRole(ctx context.Context, serviceAccountID string, roleID string) error

DeleteByServiceAccountAndRole deletes a specific service account-role assignment

func (*BunUserRoleRepository) DeleteByUserAndRole 

func (r *BunUserRoleRepository) DeleteByUserAndRole(ctx context.Context, userID string, roleID string) error

DeleteByUserAndRole deletes a specific user-role assignment

func (*BunUserRoleRepository) GetByID 

func (r *BunUserRoleRepository) GetByID(ctx context.Context, id string) (*models.UserRole, error)

GetByID retrieves a user-role assignment by ID

func (*BunUserRoleRepository) GetByRoleID 

func (r *BunUserRoleRepository) GetByRoleID(ctx context.Context, roleID string) ([]models.UserRole, error)

GetByRoleID retrieves all assignments for a specific role

func (*BunUserRoleRepository) GetByServiceAccountAndRoleID 

func (r *BunUserRoleRepository) GetByServiceAccountAndRoleID(ctx context.Context, serviceAccountID string, roleID string) (*models.UserRole, error)

GetByServiceAccountAndRoleID retrieves all role assignments for a service account

func (*BunUserRoleRepository) GetByServiceAccountID 

func (r *BunUserRoleRepository) GetByServiceAccountID(ctx context.Context, serviceAccountID string) ([]models.UserRole, error)

GetByServiceAccountID retrieves all role assignments for a service account

func (*BunUserRoleRepository) GetByUserAndRoleID 

func (r *BunUserRoleRepository) GetByUserAndRoleID(ctx context.Context, userID, roleID string) (*models.UserRole, error)

GetByUserAndRoleID retrieves all role assignments for a user and role

func (*BunUserRoleRepository) GetByUserID 

func (r *BunUserRoleRepository) GetByUserID(ctx context.Context, userID string) ([]models.UserRole, error)

GetByUserID retrieves all role assignments for a user

func (*BunUserRoleRepository) List 

func (r *BunUserRoleRepository) List(ctx context.Context) ([]models.UserRole, error)

List retrieves all user-role assignments

type EdgeRepository 

type EdgeRepository interface {
	// CRUD operations
	Create(ctx context.Context, edge *models.Edge) error
	GetByID(ctx context.Context, id int64) (*models.Edge, error)
	Delete(ctx context.Context, id int64) error
	Update(ctx context.Context, edge *models.Edge) error

	// Query operations
	GetOutgoingEdges(ctx context.Context, fromStateGUID string) ([]models.Edge, error)
	GetIncomingEdges(ctx context.Context, toStateGUID string) ([]models.Edge, error)
	GetAllEdges(ctx context.Context) ([]models.Edge, error)
	FindByOutput(ctx context.Context, outputKey string) ([]models.Edge, error)

	// Eager loading operations (avoid N+1 queries)
	// GetIncomingEdgesWithProducers fetches incoming edges with producer state data preloaded.
	// The FromStateRel field will be populated for each edge.
	GetIncomingEdgesWithProducers(ctx context.Context, toStateGUID string) ([]*models.Edge, error)

	// GetOutgoingEdgesWithConsumers fetches outgoing edges with consumer state data preloaded.
	// The ToStateRel field will be populated for each edge.
	GetOutgoingEdgesWithConsumers(ctx context.Context, fromStateGUID string) ([]*models.Edge, error)

	// GetOutgoingEdgesWithValidation fetches outgoing edges with producer output validation status.
	// Returns edges with validation_status and validation_error from state_outputs table.
	// Uses LEFT JOIN semantics: edges without matching outputs have nil validation fields.
	// Guarantees atomic read (single MVCC snapshot) for consistent edge status computation.
	GetOutgoingEdgesWithValidation(ctx context.Context, fromStateGUID string) ([]EdgeWithValidation, error)

	// Cycle detection (application-layer pre-check, DB trigger is safety net)
	WouldCreateCycle(ctx context.Context, fromState, toState string) (bool, error)
}

EdgeRepository exposes persistence operations for dependency edges.

func NewBunEdgeRepository 

func NewBunEdgeRepository(db *bun.DB) EdgeRepository

NewBunEdgeRepository constructs a repository backed by Bun.

type EdgeWithValidation 

type EdgeWithValidation struct {
	Edge             models.Edge
	ValidationStatus *string // From state_outputs.validation_status
	ValidationError  *string // From state_outputs.validation_error
}

EdgeWithValidation wraps an Edge with its producer output's validation status. Used by EdgeUpdateJob to atomically read edge and validation data in a single query.

type GroupRoleRepository 

type GroupRoleRepository interface {
	Create(ctx context.Context, gr *models.GroupRole) error
	GetByID(ctx context.Context, id string) (*models.GroupRole, error)
	GetByGroupName(ctx context.Context, groupName string) ([]models.GroupRole, error)
	GetByRoleID(ctx context.Context, roleID string) ([]models.GroupRole, error)
	Delete(ctx context.Context, id string) error
	DeleteByGroupAndRole(ctx context.Context, groupName string, roleID string) error
	List(ctx context.Context) ([]models.GroupRole, error)
}

GroupRoleRepository exposes persistence operations for group-role mappings

func NewBunGroupRoleRepository 

func NewBunGroupRoleRepository(db *bun.DB) GroupRoleRepository

NewBunGroupRoleRepository creates a new Bun-based group role repository

type LabelPolicyRepository 

type LabelPolicyRepository interface {
	// GetPolicy retrieves the current policy (single-row table with id=1)
	GetPolicy(ctx context.Context) (*models.LabelPolicy, error)

	// SetPolicy creates or updates the policy with version increment
	SetPolicy(ctx context.Context, policy *models.PolicyDefinition) error
}

LabelPolicyRepository exposes persistence operations for label validation policy. T030: Added for label policy management.

func NewBunLabelPolicyRepository 

func NewBunLabelPolicyRepository(db *bun.DB) LabelPolicyRepository

NewBunLabelPolicyRepository constructs a repository backed by Bun.

type OutputKey 

type OutputKey struct {
	Key              string
	Sensitive        bool
	StateSerial      int64      // Serial of state this output came from (0 = pre-declared schema, >0 = from Terraform state)
	SchemaJSON       *string    // Optional JSON Schema definition for this output
	SchemaSource     *string    // Schema source: "manual" or "inferred"
	ValidationStatus *string    // Validation status: "valid", "invalid", or "error"
	ValidationError  *string    // Validation error message (if validation failed)
	ValidatedAt      *time.Time // Last validation timestamp
}

OutputKey represents a Terraform output name and metadata.

type RevokedJTIRepository 

type RevokedJTIRepository interface {
	// Create adds a JTI to the revocation denylist
	Create(ctx context.Context, revokedJTI *models.RevokedJTI) error

	// IsRevoked checks if a JTI exists in the revocation table
	IsRevoked(ctx context.Context, jti string) (bool, error)

	// DeleteExpired removes revoked JTIs where exp < now() - grace period
	// Used for periodic cleanup to prevent table bloat
	DeleteExpired(ctx context.Context, gracePeriod time.Duration) error

	// GetByJTI retrieves a revoked JTI entry by its ID
	GetByJTI(ctx context.Context, jti string) (*models.RevokedJTI, error)
}

RevokedJTIRepository exposes persistence operations for revoked JWT IDs

func NewBunRevokedJTIRepository 

func NewBunRevokedJTIRepository(db *bun.DB) RevokedJTIRepository

NewBunRevokedJTIRepository creates a new Bun-based revoked JTI repository

type RoleRepository 

type RoleRepository interface {
	Create(ctx context.Context, role *models.Role) error
	GetByID(ctx context.Context, id string) (*models.Role, error)
	GetByName(ctx context.Context, name string) (*models.Role, error)
	Update(ctx context.Context, role *models.Role) error
	Delete(ctx context.Context, id string) error
	List(ctx context.Context) ([]models.Role, error)
}

RoleRepository exposes persistence operations for roles

func NewBunRoleRepository 

func NewBunRoleRepository(db *bun.DB) RoleRepository

NewBunRoleRepository creates a new Bun-based role repository

type ServiceAccountRepository 

type ServiceAccountRepository interface {
	Create(ctx context.Context, sa *models.ServiceAccount) error
	GetByID(ctx context.Context, id string) (*models.ServiceAccount, error)
	GetByName(ctx context.Context, name string) (*models.ServiceAccount, error)
	GetByClientID(ctx context.Context, clientID string) (*models.ServiceAccount, error)
	Update(ctx context.Context, sa *models.ServiceAccount) error
	UpdateLastUsed(ctx context.Context, id string) error
	UpdateSecretHash(ctx context.Context, id string, secretHash string) error
	SetDisabled(ctx context.Context, id string, disabled bool) error
	List(ctx context.Context) ([]models.ServiceAccount, error)
	ListByCreator(ctx context.Context, createdBy string) ([]models.ServiceAccount, error)
}

ServiceAccountRepository exposes persistence operations for service accounts

func NewBunServiceAccountRepository 

func NewBunServiceAccountRepository(db *bun.DB) ServiceAccountRepository

NewBunServiceAccountRepository creates a new Bun-based service account repository

type SessionRepository 

type SessionRepository interface {
	Create(ctx context.Context, session *models.Session) error
	GetByID(ctx context.Context, id string) (*models.Session, error)
	GetByTokenHash(ctx context.Context, tokenHash string) (*models.Session, error)
	GetByUserID(ctx context.Context, userID string) ([]models.Session, error)
	GetByServiceAccountID(ctx context.Context, serviceAccountID string) ([]models.Session, error)
	UpdateLastUsed(ctx context.Context, id string) error
	Revoke(ctx context.Context, id string) error
	RevokeByUserID(ctx context.Context, userID string) error
	RevokeByServiceAccountID(ctx context.Context, serviceAccountID string) error
	DeleteExpired(ctx context.Context) error
	List(ctx context.Context) ([]models.Session, error)
}

SessionRepository exposes persistence operations for sessions

func NewBunSessionRepository 

func NewBunSessionRepository(db *bun.DB) SessionRepository

NewBunSessionRepository creates a new Bun-based session repository

type StateOutputRef 

type StateOutputRef struct {
	StateGUID    string
	StateLogicID string
	OutputKey    string
	Sensitive    bool
}

StateOutputRef represents a state reference with an output key.

type StateOutputRepository 

type StateOutputRepository interface {
	// UpsertOutputs atomically replaces all outputs for a state
	// Deletes old outputs where state_serial != serial, inserts new ones
	UpsertOutputs(ctx context.Context, stateGUID string, serial int64, outputs []OutputKey) error

	// GetOutputsByState returns all cached outputs for a state
	// Returns empty slice if no outputs exist (not an error)
	GetOutputsByState(ctx context.Context, stateGUID string) ([]OutputKey, error)

	// SearchOutputsByKey finds all states with output matching key (exact match)
	// Used for cross-state dependency discovery
	SearchOutputsByKey(ctx context.Context, outputKey string) ([]StateOutputRef, error)

	// DeleteOutputsByState removes all cached outputs for a state
	// Cascade handles this on state deletion, but explicit method useful for testing
	DeleteOutputsByState(ctx context.Context, stateGUID string) error

	// SetOutputSchema sets or updates the JSON Schema for a specific state output.
	// Creates the output record if it doesn't exist (with state_serial=0, sensitive=false).
	// This allows declaring expected outputs before they exist in the Terraform state.
	SetOutputSchema(ctx context.Context, stateGUID string, outputKey string, schemaJSON string) error

	// GetOutputSchema retrieves the JSON Schema for a specific state output.
	// Returns empty string if no schema has been set (not an error).
	// Returns error only for actual database failures.
	GetOutputSchema(ctx context.Context, stateGUID string, outputKey string) (string, error)

	// SetOutputSchemaWithSource sets or updates the JSON Schema with source tracking.
	// source must be "manual" or "inferred".
	// Creates the output record if it doesn't exist (with state_serial=0, sensitive=false).
	// expectedSerial: For inferred schemas, verifies output still exists at this serial before writing.
	//                 Use -1 for manual schemas to skip serial check (always write).
	SetOutputSchemaWithSource(ctx context.Context, stateGUID, outputKey, schemaJSON, source string, expectedSerial int64) error

	// GetOutputsWithoutSchema returns output keys that don't have a schema set.
	// Used by inference service to determine which outputs need schema generation.
	// Returns empty slice if all outputs have schemas (not an error).
	GetOutputsWithoutSchema(ctx context.Context, stateGUID string) ([]string, error)

	// GetSchemasForState returns all output schemas for a state (for validation).
	// Returns map of outputKey -> schemaJSON for outputs that have schemas.
	// Outputs without schemas are not included in the map.
	GetSchemasForState(ctx context.Context, stateGUID string) (map[string]string, error)

	// UpdateValidationStatus updates the validation status for a specific output.
	// Sets validation_status, validation_error, and validated_at columns.
	// validationError can be nil for "valid" or "not_validated" statuses.
	UpdateValidationStatus(ctx context.Context, stateGUID, outputKey, status string, validationError *string, validatedAt time.Time) error
}

StateOutputRepository exposes persistence operations for cached Terraform outputs.

func NewBunStateOutputRepository 

func NewBunStateOutputRepository(db *bun.DB) StateOutputRepository

NewBunStateOutputRepository constructs a repository backed by Bun.

type StateRepository 

type StateRepository interface {
	Create(ctx context.Context, state *models.State) error
	GetByGUID(ctx context.Context, guid string) (*models.State, error)
	GetByLogicID(ctx context.Context, logicID string) (*models.State, error)
	Update(ctx context.Context, state *models.State) error
	List(ctx context.Context) ([]models.State, error)
	Lock(ctx context.Context, guid string, lockInfo *models.LockInfo) error
	Unlock(ctx context.Context, guid string, lockID string) error

	// UpdateContentAndUpsertOutputs atomically updates state content and output cache in one transaction.
	// This ensures FR-027 compliance: cache and state are always consistent.
	UpdateContentAndUpsertOutputs(ctx context.Context, guid string, content []byte, lockID string, serial int64, outputs []OutputKey) error

	// ListWithFilter returns states matching bexpr filter with pagination.
	// T029: Added for label filtering support.
	ListWithFilter(ctx context.Context, filter string, pageSize int, offset int) ([]models.State, error)

	// GetByGUIDs fetches multiple states by GUIDs in a single query (batch operation).
	// Returns a map of GUID -> State for efficient lookup. Missing GUIDs are omitted from result.
	GetByGUIDs(ctx context.Context, guids []string) (map[string]*models.State, error)

	// GetByGUIDWithRelations fetches a state with specified relations preloaded.
	// Relations can be: "Outputs", "IncomingEdges", "OutgoingEdges"
	// Example: GetByGUIDWithRelations(ctx, guid, "Outputs", "IncomingEdges")
	GetByGUIDWithRelations(ctx context.Context, guid string, relations ...string) (*models.State, error)

	// ListStatesWithOutputs returns all states with their outputs preloaded (avoids N+1).
	ListStatesWithOutputs(ctx context.Context) ([]*models.State, error)
}

StateRepository exposes persistence operations for Terraform states.

func NewBunStateRepository 

func NewBunStateRepository(db *bun.DB) StateRepository

NewBunStateRepository constructs a repository backed by Bun.

type UserRepository 

type UserRepository interface {
	Create(ctx context.Context, user *models.User) error
	GetByID(ctx context.Context, id string) (*models.User, error)
	GetBySubject(ctx context.Context, subject string) (*models.User, error)
	GetByEmail(ctx context.Context, email string) (*models.User, error)
	Update(ctx context.Context, user *models.User) error
	UpdateLastLogin(ctx context.Context, id string) error
	SetPasswordHash(ctx context.Context, id string, passwordHash string) error
	List(ctx context.Context) ([]models.User, error)
}

UserRepository exposes persistence operations for users

func NewBunUserRepository 

func NewBunUserRepository(db *bun.DB) UserRepository

NewBunUserRepository creates a new Bun-based user repository

type UserRoleRepository 

type UserRoleRepository interface {
	Create(ctx context.Context, ur *models.UserRole) error
	GetByID(ctx context.Context, id string) (*models.UserRole, error)
	GetByUserID(ctx context.Context, userID string) ([]models.UserRole, error)
	GetByUserAndRoleID(ctx context.Context, userID string, roleID string) (*models.UserRole, error)
	GetByServiceAccountID(ctx context.Context, serviceAccountID string) ([]models.UserRole, error)
	GetByServiceAccountAndRoleID(ctx context.Context, serviceAccountID string, roleID string) (*models.UserRole, error)
	GetByRoleID(ctx context.Context, roleID string) ([]models.UserRole, error)
	Delete(ctx context.Context, id string) error
	DeleteByUserAndRole(ctx context.Context, userID string, roleID string) error
	DeleteByServiceAccountAndRole(ctx context.Context, serviceAccountID string, roleID string) error
	List(ctx context.Context) ([]models.UserRole, error)
}

UserRoleRepository exposes persistence operations for user-role assignments

func NewBunUserRoleRepository 

func NewBunUserRoleRepository(db *bun.DB) UserRoleRepository

NewBunUserRoleRepository creates a new Bun-based user role repository

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.