Documentation
¶
Overview ¶
Package admin provides REST API endpoints for administrative operations.
Index ¶
- func RequireAdmin(auth Authenticator) func(http.Handler) http.Handler
- func RequirePersona(auth Authenticator) func(http.Handler) http.Handler
- type APIKeyAuthenticator
- type APIKeyManager
- type AuditMetricsQuerier
- type AuditQuerier
- type Authenticator
- type ConfigStore
- type Deps
- type Handler
- type KnowledgeHandler
- func (h *KnowledgeHandler) GetChangeset(w http.ResponseWriter, r *http.Request)
- func (h *KnowledgeHandler) GetInsight(w http.ResponseWriter, r *http.Request)
- func (h *KnowledgeHandler) GetStats(w http.ResponseWriter, r *http.Request)
- func (h *KnowledgeHandler) ListChangesets(w http.ResponseWriter, r *http.Request)
- func (h *KnowledgeHandler) ListInsights(w http.ResponseWriter, r *http.Request)
- func (h *KnowledgeHandler) RollbackChangeset(w http.ResponseWriter, r *http.Request)
- func (h *KnowledgeHandler) UpdateInsight(w http.ResponseWriter, r *http.Request)
- func (h *KnowledgeHandler) UpdateInsightStatus(w http.ResponseWriter, r *http.Request)
- type PersonaRegistry
- type PlatformAuthenticator
- type ToolkitRegistry
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RequireAdmin ¶
func RequireAdmin(auth Authenticator) func(http.Handler) http.Handler
RequireAdmin creates middleware that enforces admin authentication.
func RequirePersona ¶ added in v0.17.0
func RequirePersona(auth Authenticator) func(http.Handler) http.Handler
RequirePersona creates middleware that enforces authentication via an Authenticator (which already includes persona validation).
Types ¶
type APIKeyAuthenticator ¶
APIKeyAuthenticator validates admin access via API keys.
func (*APIKeyAuthenticator) Authenticate ¶
func (a *APIKeyAuthenticator) Authenticate(r *http.Request) (*User, error)
Authenticate checks the X-API-Key or Authorization header.
type APIKeyManager ¶ added in v0.17.0
type APIKeyManager interface {
ListKeys() []auth.APIKeySummary
GenerateKey(name string, roles []string) (string, error)
RemoveByName(name string) bool
}
APIKeyManager manages API keys at runtime.
type AuditMetricsQuerier ¶ added in v0.17.1
type AuditMetricsQuerier interface {
Timeseries(ctx context.Context, filter audit.TimeseriesFilter) ([]audit.TimeseriesBucket, error)
Breakdown(ctx context.Context, filter audit.BreakdownFilter) ([]audit.BreakdownEntry, error)
Overview(ctx context.Context, startTime, endTime *time.Time) (*audit.Overview, error)
Performance(ctx context.Context, startTime, endTime *time.Time) (*audit.PerformanceStats, error)
}
AuditMetricsQuerier provides aggregate audit metrics.
type AuditQuerier ¶ added in v0.17.0
type AuditQuerier interface {
Query(ctx context.Context, filter audit.QueryFilter) ([]audit.Event, error)
Count(ctx context.Context, filter audit.QueryFilter) (int, error)
Distinct(ctx context.Context, column string, startTime, endTime *time.Time) ([]string, error)
DistinctPairs(ctx context.Context, col1, col2 string, startTime, endTime *time.Time) (map[string]string, error)
}
AuditQuerier queries audit events.
type Authenticator ¶
Authenticator validates admin credentials.
type ConfigStore ¶ added in v0.17.0
type ConfigStore interface {
Load(ctx context.Context) ([]byte, error)
Save(ctx context.Context, data []byte, meta configstore.SaveMeta) error
History(ctx context.Context, limit int) ([]configstore.Revision, error)
Mode() string
}
ConfigStore abstracts configstore.Store for testability.
type Deps ¶ added in v0.17.0
type Deps struct {
Config *platform.Config
ConfigStore ConfigStore
PersonaRegistry PersonaRegistry
ToolkitRegistry ToolkitRegistry
MCPServer *mcp.Server
AuditQuerier AuditQuerier
AuditMetricsQuerier AuditMetricsQuerier
Knowledge *KnowledgeHandler
APIKeyManager APIKeyManager
DatabaseAvailable bool
PlatformTools []platform.ToolInfo
}
Deps holds dependencies for the admin handler.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler provides admin REST API endpoints.
func NewHandler ¶
NewHandler creates a new admin API handler.
type KnowledgeHandler ¶
type KnowledgeHandler struct {
// contains filtered or unexported fields
}
KnowledgeHandler provides admin REST endpoints for knowledge management.
func NewKnowledgeHandler ¶
func NewKnowledgeHandler( insightStore knowledge.InsightStore, changesetStore knowledge.ChangesetStore, writer knowledge.DataHubWriter, ) *KnowledgeHandler
NewKnowledgeHandler creates a new knowledge admin handler.
func (*KnowledgeHandler) GetChangeset ¶
func (h *KnowledgeHandler) GetChangeset(w http.ResponseWriter, r *http.Request)
GetChangeset handles GET /api/v1/admin/knowledge/changesets/{id}.
@Summary Get changeset @Description Returns a single changeset by ID. @Tags Knowledge @Produce json @Param id path string true "Changeset ID" @Success 200 {object} knowledge.Changeset @Failure 404 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/changesets/{id} [get]
func (*KnowledgeHandler) GetInsight ¶
func (h *KnowledgeHandler) GetInsight(w http.ResponseWriter, r *http.Request)
GetInsight handles GET /api/v1/admin/knowledge/insights/{id}.
@Summary Get insight @Description Returns a single insight by ID. @Tags Knowledge @Produce json @Param id path string true "Insight ID" @Success 200 {object} knowledge.Insight @Failure 404 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights/{id} [get]
func (*KnowledgeHandler) GetStats ¶
func (h *KnowledgeHandler) GetStats(w http.ResponseWriter, r *http.Request)
GetStats handles GET /api/v1/admin/knowledge/insights/stats.
@Summary Get insight stats @Description Returns aggregated insight statistics by entity, category, confidence, and status. @Tags Knowledge @Produce json @Param status query string false "Filter by status" @Param category query string false "Filter by category" @Param entity_urn query string false "Filter by entity URN" @Param captured_by query string false "Filter by capturer" @Param confidence query string false "Filter by confidence level" @Param since query string false "Insights after this time (RFC 3339)" @Param until query string false "Insights before this time (RFC 3339)" @Success 200 {object} knowledge.InsightStats @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights/stats [get]
func (*KnowledgeHandler) ListChangesets ¶
func (h *KnowledgeHandler) ListChangesets(w http.ResponseWriter, r *http.Request)
ListChangesets handles GET /api/v1/admin/knowledge/changesets.
@Summary List changesets @Description Returns paginated changesets with optional filtering. @Tags Knowledge @Produce json @Param entity_urn query string false "Filter by entity URN" @Param applied_by query string false "Filter by applier" @Param rolled_back query boolean false "Filter by rollback state" @Param since query string false "Changesets after this time (RFC 3339)" @Param until query string false "Changesets before this time (RFC 3339)" @Param page query integer false "Page number, 1-based (default: 1)" @Param per_page query integer false "Results per page (default: 20)" @Success 200 {object} changesetListResponse @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/changesets [get]
func (*KnowledgeHandler) ListInsights ¶
func (h *KnowledgeHandler) ListInsights(w http.ResponseWriter, r *http.Request)
ListInsights handles GET /api/v1/admin/knowledge/insights.
@Summary List insights @Description Returns paginated insights with optional filtering. @Tags Knowledge @Produce json @Param status query string false "Filter by status" @Param category query string false "Filter by category" @Param entity_urn query string false "Filter by entity URN" @Param captured_by query string false "Filter by capturer" @Param confidence query string false "Filter by confidence level" @Param since query string false "Insights after this time (RFC 3339)" @Param until query string false "Insights before this time (RFC 3339)" @Param page query integer false "Page number, 1-based (default: 1)" @Param per_page query integer false "Results per page (default: 20)" @Success 200 {object} insightListResponse @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights [get]
func (*KnowledgeHandler) RollbackChangeset ¶
func (h *KnowledgeHandler) RollbackChangeset(w http.ResponseWriter, r *http.Request)
RollbackChangeset handles POST /api/v1/admin/knowledge/changesets/{id}/rollback.
@Summary Rollback changeset @Description Rolls back a changeset, restoring previous values to DataHub. @Tags Knowledge @Produce json @Param id path string true "Changeset ID" @Success 200 {object} statusResponse @Failure 404 {object} problemDetail @Failure 409 {object} problemDetail @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/changesets/{id}/rollback [post]
func (*KnowledgeHandler) UpdateInsight ¶
func (h *KnowledgeHandler) UpdateInsight(w http.ResponseWriter, r *http.Request)
UpdateInsight handles PUT /api/v1/admin/knowledge/insights/{id}.
@Summary Update insight @Description Update insight text, category, or confidence. Cannot edit an applied insight. @Tags Knowledge @Accept json @Produce json @Param id path string true "Insight ID" @Param body body insightUpdateRequest true "Fields to update" @Success 200 {object} statusResponse @Failure 400 {object} problemDetail @Failure 404 {object} problemDetail @Failure 409 {object} problemDetail @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights/{id} [put]
func (*KnowledgeHandler) UpdateInsightStatus ¶
func (h *KnowledgeHandler) UpdateInsightStatus(w http.ResponseWriter, r *http.Request)
UpdateInsightStatus handles PUT /api/v1/admin/knowledge/insights/{id}/status.
@Summary Update insight status @Description Approve or reject an insight. Status must be 'approved' or 'rejected'. @Tags Knowledge @Accept json @Produce json @Param id path string true "Insight ID" @Param body body statusUpdateRequest true "Status update" @Success 200 {object} statusResponse @Failure 400 {object} problemDetail @Failure 404 {object} problemDetail @Failure 409 {object} problemDetail @Failure 500 {object} problemDetail @Security ApiKeyAuth @Security BearerAuth @Router /knowledge/insights/{id}/status [put]
type PersonaRegistry ¶ added in v0.17.0
type PersonaRegistry interface {
All() []*persona.Persona
Get(name string) (*persona.Persona, bool)
Register(p *persona.Persona) error
Unregister(name string) error
DefaultName() string
}
PersonaRegistry abstracts persona.Registry for testability.
type PlatformAuthenticator ¶ added in v0.17.0
type PlatformAuthenticator struct {
// contains filtered or unexported fields
}
PlatformAuthenticator wraps the platform's middleware.Authenticator chain for HTTP admin requests, validating that the resolved persona matches the configured admin persona.
func NewPlatformAuthenticator ¶ added in v0.17.0
func NewPlatformAuthenticator( auth middleware.Authenticator, adminPersona string, registry *persona.Registry, ) *PlatformAuthenticator
NewPlatformAuthenticator creates a PlatformAuthenticator that bridges the platform's MCP auth chain to HTTP admin requests.
func (*PlatformAuthenticator) Authenticate ¶ added in v0.17.0
func (pa *PlatformAuthenticator) Authenticate(r *http.Request) (*User, error)
Authenticate extracts credentials from the HTTP request, delegates to the platform authenticator, then checks that the resolved persona matches the admin persona.
type ToolkitRegistry ¶ added in v0.17.0
type ToolkitRegistry interface {
All() []registry.Toolkit
AllTools() []string
GetToolkitForTool(toolName string) registry.ToolkitMatch
}
ToolkitRegistry abstracts registry.Registry for testability.
Source Files