README
¶
Unkey
Open Source API Development platform
Contributing
We welcome contributions! To ensure your work doesn't conflict with ongoing work, please:
- Read our contributing guide
- Discuss your ideas with us in public channels (GitHub/Discord) BEFORE starting development (No private DMs)
- Get approval from a core team member
This helps us align efforts and prevents duplicated or conflicting work.
Let's talk
Authors
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
apps
|
|
|
agent
module
|
|
|
api
module
|
|
|
chproxy
module
|
|
|
event-router
module
|
|
|
tinybird-proxy
module
|
|
|
vault
module
|
|
|
cmd
|
|
|
run/ctrl
Package ctrl provides CLI commands for running the Unkey control plane.
|
Package ctrl provides CLI commands for running the Unkey control plane. |
|
demo_api
module
|
|
|
dev
|
|
|
linters
Package linters provides custom linter wrappers for use with Bazel's nogo framework.
|
Package linters provides custom linter wrappers for use with Bazel's nogo framework. |
|
linters/errcheck
Package errcheck provides an errcheck analyzer for use with nogo.
|
Package errcheck provides an errcheck analyzer for use with nogo. |
|
linters/exhaustive
Package exhaustive provides an exhaustive analyzer for use with nogo.
|
Package exhaustive provides an exhaustive analyzer for use with nogo. |
|
linters/exhaustruct
Package exhaustruct provides an exhaustruct analyzer for use with nogo.
|
Package exhaustruct provides an exhaustruct analyzer for use with nogo. |
|
linters/govet
Package govet provides a composite go vet analyzer for use with nogo.
|
Package govet provides a composite go vet analyzer for use with nogo. |
|
linters/ineffassign
Package ineffassign provides an ineffassign analyzer for use with nogo.
|
Package ineffassign provides an ineffassign analyzer for use with nogo. |
|
linters/nolint
Package nolint provides utilities to wrap go/analysis analyzers with support for //nolint directives, which nogo does not handle by default.
|
Package nolint provides utilities to wrap go/analysis analyzers with support for //nolint directives, which nogo does not handle by default. |
|
linters/reassign
Package reassign provides a reassign analyzer for use with nogo.
|
Package reassign provides a reassign analyzer for use with nogo. |
|
linters/unused
Package unused provides an unused analyzer for use with nogo.
|
Package unused provides an unused analyzer for use with nogo. |
|
gen
|
|
|
proto/ctrl/v1/ctrlv1connect
Package ctrl.v1 provides the Cluster service for multi-cluster deployment orchestration.
|
Package ctrl.v1 provides the Cluster service for multi-cluster deployment orchestration. |
|
go
module
|
|
|
deploy/assetmanagerd
module
|
|
|
deploy/billaged
module
|
|
|
deploy/builderd
module
|
|
|
deploy/metald
module
|
|
|
deploy/metald/client
module
|
|
|
deploy/pkg/health
module
|
|
|
deploy/pkg/spiffe
module
|
|
|
deploy/pkg/tls
module
|
|
|
deploy/pkg/tracing
module
|
|
|
internal
|
|
|
services/auditlogs
Package auditlogs provides audit logging services for tracking user actions and system events across the Unkey platform.
|
Package auditlogs provides audit logging services for tracking user actions and system events across the Unkey platform. |
|
services/caches
Package caches provides a centralized caching service for commonly accessed database entities.
|
Package caches provides a centralized caching service for commonly accessed database entities. |
|
services/keys
Package keys implements a comprehensive key management and verification system for API keys with support for rate limiting, usage tracking, permissions, and workspace isolation.
|
Package keys implements a comprehensive key management and verification system for API keys with support for rate limiting, usage tracking, permissions, and workspace isolation. |
|
services/keys/db
Package db provides database access for the keys service.
|
Package db provides database access for the keys service. |
|
services/keys/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
services/ratelimit
Package ratelimit implements lockless distributed rate limiting using a sliding window algorithm with atomic counters.
|
Package ratelimit implements lockless distributed rate limiting using a sliding window algorithm with atomic counters. |
|
services/ratelimit/metrics
Package metrics provides Prometheus collectors for the rate limit service.
|
Package metrics provides Prometheus collectors for the rate limit service. |
|
services/usagelimiter/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
pkg
|
|
|
array
Package array provides generic utility functions for slice generation and manipulation.
|
Package array provides generic utility functions for slice generation and manipulation. |
|
assert
Package assert provides simple assertion utilities for validating conditions and inputs throughout the application.
|
Package assert provides simple assertion utilities for validating conditions and inputs throughout the application. |
|
auditlog
Package auditlog defines types and constants for the audit logging system.
|
Package auditlog defines types and constants for the audit logging system. |
|
base58
Package base58 implements Base58 encoding for binary data.
|
Package base58 implements Base58 encoding for binary data. |
|
batch
Package batch provides utilities for efficiently processing items in batches.
|
Package batch provides utilities for efficiently processing items in batches. |
|
batch/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
buffer
Package buffer provides a generic buffered channel implementation with configurable capacity and drop behavior.
|
Package buffer provides a generic buffered channel implementation with configurable capacity and drop behavior. |
|
buffer/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
buildinfo
Package buildinfo exposes build metadata that is injected at link time via -ldflags -X. Values are populated by the release pipeline (goreleaser).
|
Package buildinfo exposes build metadata that is injected at link time via -ldflags -X. Values are populated by the release pipeline (goreleaser). |
|
cache
Package cache provides a generic, thread-safe caching system with support for time-based expiration, custom eviction policies, and observability.
|
Package cache provides a generic, thread-safe caching system with support for time-based expiration, custom eviction policies, and observability. |
|
cache/clustering
nolint: all
|
nolint: all |
|
circuitbreaker
Package circuitbreaker implements the Circuit Breaker pattern to prevent cascading failures when dependent services are unavailable or experiencing high latency.
|
Package circuitbreaker implements the Circuit Breaker pattern to prevent cascading failures when dependent services are unavailable or experiencing high latency. |
|
cli
Package cli provides a command-line interface framework for building CLI applications.
|
Package cli provides a command-line interface framework for building CLI applications. |
|
clickhouse
Package clickhouse provides a client for interacting with ClickHouse databases, optimized for high-volume event data storage and analytics.
|
Package clickhouse provides a client for interacting with ClickHouse databases, optimized for high-volume event data storage and analytics. |
|
clock
Package clock provides a flexible interface for time-related operations, allowing for consistent time handling in both production and test environments.
|
Package clock provides a flexible interface for time-related operations, allowing for consistent time handling in both production and test environments. |
|
cluster
Package cluster provides a two-tier gossip-based cluster membership using hashicorp/memberlist (SWIM protocol).
|
Package cluster provides a two-tier gossip-based cluster membership using hashicorp/memberlist (SWIM protocol). |
|
codes
Code generated by generate.go; DO NOT EDIT.
|
Code generated by generate.go; DO NOT EDIT. |
|
conc
Package conc provides bounded-concurrency helpers.
|
Package conc provides bounded-concurrency helpers. |
|
config
Package config loads and validates TOML configuration into Go structs using struct tags for defaults and constraints.
|
Package config loads and validates TOML configuration into Go structs using struct tags for defaults and constraints. |
|
counter
Package counter provides abstractions and implementations for distributed counters.
|
Package counter provides abstractions and implementations for distributed counters. |
|
ctxutil
Package ctxutil provides utilities for working with context.Context, specifically focused on storing and retrieving request-scoped values.
|
Package ctxutil provides utilities for working with context.Context, specifically focused on storing and retrieving request-scoped values. |
|
db
Package db provides a database access layer for MySQL with support for read/write splitting, connection management, and type-safe SQL operations.
|
Package db provides a database access layer for MySQL with support for read/write splitting, connection management, and type-safe SQL operations. |
|
db/plugins/bulk-insert
command
Package main provides a sqlc plugin that generates bulk insert functions.
|
Package main provides a sqlc plugin that generates bulk insert functions. |
|
dns
Package dns provides DNS lookup utilities using Cloudflare's 1.1.1.1 resolver.
|
Package dns provides DNS lookup utilities using Cloudflare's 1.1.1.1 resolver. |
|
dns/domainconnect
Package domainconnect implements the Domain Connect protocol (v2) for one-click DNS configuration of custom domains.
|
Package domainconnect implements the Domain Connect protocol (v2) for one-click DNS configuration of custom domains. |
|
dockertest
Package dockertest provides lightweight Docker container management for integration tests.
|
Package dockertest provides lightweight Docker container management for integration tests. |
|
fault
Package fault provides a clean, concise error handling system designed for building robust applications with rich error context and secure user messaging.
|
Package fault provides a clean, concise error handling system designed for building robust applications with rich error context and secure user messaging. |
|
fuzz
Package fuzz provides utilities for consuming fuzzer-generated byte slices and converting them into typed Go values.
|
Package fuzz provides utilities for consuming fuzzer-generated byte slices and converting them into typed Go values. |
|
hash
Package hash provides cryptographic hashing utilities for various security-related operations such as API key validation, data integrity checks, and signatures.
|
Package hash provides cryptographic hashing utilities for various security-related operations such as API key validation, data integrity checks, and signatures. |
|
healthcheck
Package healthcheck provides push-based health monitoring for scheduled tasks.
|
Package healthcheck provides push-based health monitoring for scheduled tasks. |
|
jwt
Package jwt provides JSON Web Token signing and verification with algorithm-pinned security to prevent algorithm confusion attacks.
|
Package jwt provides JSON Web Token signing and verification with algorithm-pinned security to prevent algorithm confusion attacks. |
|
logger
Package logger provides wide-event logging with tail sampling support.
|
Package logger provides wide-event logging with tail sampling support. |
|
match
Package match provides pattern matching utilities.
|
Package match provides pattern matching utilities. |
|
mysql
Package mysql provides a minimal shared MySQL abstraction for backend services.
|
Package mysql provides a minimal shared MySQL abstraction for backend services. |
|
mysql/metrics
Package metrics defines Prometheus metrics used by pkg/mysql wrappers.
|
Package metrics defines Prometheus metrics used by pkg/mysql wrappers. |
|
prefixedapikey/cmd
command
|
|
|
prometheus
Package prometheus provides HTTP server infrastructure for exposing Prometheus metrics.
|
Package prometheus provides HTTP server infrastructure for exposing Prometheus metrics. |
|
prometheus/lazy
Package lazy provides lazy-registering Prometheus metric wrappers.
|
Package lazy provides lazy-registering Prometheus metric wrappers. |
|
prometheus/metrics
Package metrics provides Prometheus metric collectors for monitoring Unkey services.
|
Package metrics provides Prometheus metric collectors for monitoring Unkey services. |
|
prompt
Package prompt provides interactive terminal prompts for CLI applications.
|
Package prompt provides interactive terminal prompts for CLI applications. |
|
prompt/example
command
|
|
|
prompt/example/date
command
|
|
|
prompt/example/datetime
command
|
|
|
prompt/example/multiselect
command
|
|
|
prompt/example/select
command
|
|
|
prompt/example/time
command
|
|
|
prompt/example/wizard
command
|
|
|
rbac
Package rbac implements a flexible Role-Based Access Control system for managing permissions and authorization checks.
|
Package rbac implements a flexible Role-Based Access Control system for managing permissions and authorization checks. |
|
restate/admin
Package admin provides a client for the Restate admin API.
|
Package admin provides a client for the Restate admin API. |
|
restate/compensation
Package compensation provides a rollback mechanism for multi-step Restate workflows.
|
Package compensation provides a rollback mechanism for multi-step Restate workflows. |
|
retry
Package retry provides functionality to retry operations with configurable attempts and backoff.
|
Package retry provides functionality to retry operations with configurable attempts and backoff. |
|
testutil/containers
Package containers provides testing utilities for integration tests with docker-compose services.
|
Package containers provides testing utilities for integration tests with docker-compose services. |
|
timing
Package timing defines a small, strict header format for server-side timing data and provides helpers to record it through zen sessions.
|
Package timing defines a small, strict header format for server-side timing data and provides helpers to record it through zen sessions. |
|
tls
Package tls provides utilities for configuring TLS (Transport Layer Security) in HTTP servers.
|
Package tls provides utilities for configuring TLS (Transport Layer Security) in HTTP servers. |
|
uid
Package uid generates prefixed random identifiers for Unkey resources.
|
Package uid generates prefixed random identifiers for Unkey resources. |
|
zen
Package zen provides a lightweight HTTP framework built on top of the standard library.
|
Package zen provides a lightweight HTTP framework built on top of the standard library. |
|
zen/metrics
Package metrics provides Prometheus metric collectors for monitoring application performance.
|
Package metrics provides Prometheus metric collectors for monitoring application performance. |
|
sdks
|
|
|
golang
module
|
|
|
svc
|
|
|
api/internal/testutil
Package testutil provides integration test infrastructure for the API service.
|
Package testutil provides integration test infrastructure for the API service. |
|
api/internal/testutil/seed
Package seed provides database seeding utilities for integration tests.
|
Package seed provides database seeding utilities for integration tests. |
|
api/openapi
Package openapi provides primitives to interact with the openapi HTTP API.
|
Package openapi provides primitives to interact with the openapi HTTP API. |
|
ctrl
Package ctrl is the root package for the Unkey control plane service.
|
Package ctrl is the root package for the Unkey control plane service. |
|
ctrl/api
Package api provides the control plane HTTP/2 server for Unkey's distributed infrastructure.
|
Package api provides the control plane HTTP/2 server for Unkey's distributed infrastructure. |
|
ctrl/dedup
Package dedup centralises the "cancel in-progress siblings" logic used when a new deployment is created for a branch that already has an active build.
|
Package dedup centralises the "cancel in-progress siblings" logic used when a new deployment is created for a branch that already has an active build. |
|
ctrl/integration/harness
Package harness provides a unified test harness for ctrl worker integration tests.
|
Package harness provides a unified test harness for ctrl worker integration tests. |
|
ctrl/internal/auth
Package auth provides shared bearer token authentication for ctrl ConnectRPC services.
|
Package auth provides shared bearer token authentication for ctrl ConnectRPC services. |
|
ctrl/services
Package services provides Connect service implementations for the control plane.
|
Package services provides Connect service implementations for the control plane. |
|
ctrl/services/acme
Package acme provides ACME certificate challenge management.
|
Package acme provides ACME certificate challenge management. |
|
ctrl/services/cluster
Package cluster implements the Connect ClusterService for synchronizing desired state between the control plane and krane agents running in regional Kubernetes clusters.
|
Package cluster implements the Connect ClusterService for synchronizing desired state between the control plane and krane agents running in regional Kubernetes clusters. |
|
ctrl/services/ctrl
Package ctrl provides administrative and health check services.
|
Package ctrl provides administrative and health check services. |
|
ctrl/services/openapi
Package openapi provides OpenAPI specification and schema documentation.
|
Package openapi provides OpenAPI specification and schema documentation. |
|
ctrl/worker
Package worker implements the Restate workflow worker for Unkey's control plane.
|
Package worker implements the Restate workflow worker for Unkey's control plane. |
|
ctrl/worker/buildslot
Package buildslot implements the BuildSlotService Restate virtual object, which caps how many deployments in a workspace can be actively building at the same time.
|
Package buildslot implements the BuildSlotService Restate virtual object, which caps how many deployments in a workspace can be actively building at the same time. |
|
ctrl/worker/certificate
Package certificate implements ACME certificate workflows for SSL/TLS provisioning.
|
Package certificate implements ACME certificate workflows for SSL/TLS provisioning. |
|
ctrl/worker/clickhouseuser
Package clickhouseuser implements ClickHouse user provisioning workflows.
|
Package clickhouseuser implements ClickHouse user provisioning workflows. |
|
ctrl/worker/customdomain
Package customdomain implements domain verification workflows.
|
Package customdomain implements domain verification workflows. |
|
ctrl/worker/deploy
Package deploy orchestrates the deployment lifecycle for user applications.
|
Package deploy orchestrates the deployment lifecycle for user applications. |
|
ctrl/worker/deployment
Package deployment provides a Restate virtual object that serialises all mutations targeting a single deployment.
|
Package deployment provides a Restate virtual object that serialises all mutations targeting a single deployment. |
|
ctrl/worker/github
Package github provides a GitHub App client for repository access.
|
Package github provides a GitHub App client for repository access. |
|
ctrl/worker/keyrefill
Package keyrefill implements a Restate workflow for refilling API key usage limits.
|
Package keyrefill implements a Restate workflow for refilling API key usage limits. |
|
ctrl/worker/openapi
Package openapi provides a Restate virtual object that scrapes OpenAPI specifications from running user deployments.
|
Package openapi provides a Restate virtual object that scrapes OpenAPI specifications from running user deployments. |
|
ctrl/worker/quotacheck
Package quotacheck implements a Restate workflow for monitoring workspace quota usage.
|
Package quotacheck implements a Restate workflow for monitoring workspace quota usage. |
|
ctrl/worker/routing
Package routing manages frontline route assignment for deployments.
|
Package routing manages frontline route assignment for deployments. |
|
ctrl/worker/sentinel
Package sentinel provides Restate services for deploying and rolling out sentinel configuration changes.
|
Package sentinel provides Restate services for deploying and rolling out sentinel configuration changes. |
|
demo
command
|
|
|
frontline/internal/certmanager
Package certmanager provides dynamic TLS certificate management for the frontline.
|
Package certmanager provides dynamic TLS certificate management for the frontline. |
|
frontline/internal/db
Package db provides read-only database access for the frontline reverse proxy.
|
Package db provides read-only database access for the frontline reverse proxy. |
|
frontline/internal/errorpage
Package errorpage renders HTML error pages for frontline.
|
Package errorpage renders HTML error pages for frontline. |
|
frontline/internal/proxy
Package proxy provides HTTP/HTTPS proxying for the frontline.
|
Package proxy provides HTTP/HTTPS proxying for the frontline. |
|
frontline/internal/router
Package router resolves a hostname to a deployment, parses the deployment's policies, and decides whether the request runs locally (engine + proxy to a running instance in this region) or hops to a peer frontline in another region.
|
Package router resolves a hostname to a deployment, parses the deployment's policies, and decides whether the request runs locally (engine + proxy to a running instance in this region) or hops to a peer frontline in another region. |
|
heimdall
Package heimdall is the per-node resource metering agent for Unkey's deployment platform.
|
Package heimdall is the per-node resource metering agent for Unkey's deployment platform. |
|
heimdall/internal/checkpoint
Package checkpoint defines the unit heimdall writes to ClickHouse.
|
Package checkpoint defines the unit heimdall writes to ClickHouse. |
|
heimdall/internal/collector
Package collector reads cgroup v2 counters for each krane-managed pod on the node and emits one checkpoint per container per tick.
|
Package collector reads cgroup v2 counters for each krane-managed pod on the node and emits one checkpoint per container per tick. |
|
heimdall/internal/network
Package network owns heimdall's per-pod egress/ingress byte accounting.
|
Package network owns heimdall's per-pod egress/ingress byte accounting. |
|
kitchensink
command
Command kitchensink runs a stdlib-only HTTP server that exposes every probe subpackage as a real HTTP endpoint.
|
Command kitchensink runs a stdlib-only HTTP server that exposes every probe subpackage as a real HTTP endpoint. |
|
kitchensink/buildinfo
Package buildinfo exposes a string injected at link time.
|
Package buildinfo exposes a string injected at link time. |
|
kitchensink/echo
Package echo returns the request body verbatim and preserves Content-Type.
|
Package echo returns the request body verbatim and preserves Content-Type. |
|
kitchensink/env
Package env exposes process environment variables over HTTP.
|
Package env exposes process environment variables over HTTP. |
|
kitchensink/headers
Package headers echoes the incoming request headers as JSON.
|
Package headers echoes the incoming request headers as JSON. |
|
kitchensink/hello
Package hello is the simplest kitchensink probe: it returns a constant 200 OK response.
|
Package hello is the simplest kitchensink probe: it returns a constant 200 OK response. |
|
kitchensink/index
Package index serves the route listing at GET /.
|
Package index serves the route listing at GET /. |
|
kitchensink/internal/httpx
Package httpx provides the small response helpers shared across kitchensink probes.
|
Package httpx provides the small response helpers shared across kitchensink probes. |
|
kitchensink/logs
Package logs reads the request body and writes it to stdout at INFO.
|
Package logs reads the request body and writes it to stdout at INFO. |
|
kitchensink/principal
Package principal decodes the X-Unkey-Principal header that sentinel sets after a successful auth policy and echoes the decoded principal as JSON.
|
Package principal decodes the X-Unkey-Principal header that sentinel sets after a successful auth policy and echoes the decoded principal as JSON. |
|
kitchensink/sleep
Package sleep blocks for a caller-specified duration before returning 200.
|
Package sleep blocks for a caller-specified duration before returning 200. |
|
kitchensink/status
Package status returns whatever HTTP status the caller asks for via the URL path.
|
Package status returns whatever HTTP status the caller asks for via the URL path. |
|
krane
Package krane provides a distributed container orchestration agent for managing deployments and sentinels across Kubernetes clusters via gRPC APIs.
|
Package krane provides a distributed container orchestration agent for managing deployments and sentinels across Kubernetes clusters via gRPC APIs. |
|
krane/internal/cilium
Package cilium manages CiliumNetworkPolicy resources in Kubernetes clusters.
|
Package cilium manages CiliumNetworkPolicy resources in Kubernetes clusters. |
|
krane/internal/deployment
Package deployment manages user workload ReplicaSets in Kubernetes as part of krane's split control loop architecture.
|
Package deployment manages user workload ReplicaSets in Kubernetes as part of krane's split control loop architecture. |
|
krane/internal/keymutex
Package keymutex provides a keyed mutex used to serialize work per key.
|
Package keymutex provides a keyed mutex used to serialize work per key. |
|
krane/internal/podstatus
Package podstatus provides small helpers for inspecting a pod's ContainersReady condition from krane's watch loops.
|
Package podstatus provides small helpers for inspecting a pod's ContainersReady condition from krane's watch loops. |
|
krane/internal/sentinel
Package sentinel provides the SentinelController for managing sentinel Deployments and Services in Kubernetes.
|
Package sentinel provides the SentinelController for managing sentinel Deployments and Services in Kubernetes. |
|
krane/internal/testutil
Package testutil provides test utilities shared across krane controller tests.
|
Package testutil provides test utilities shared across krane controller tests. |
|
krane/pkg/labels
Package labels provides standardized label management for krane Kubernetes resources.
|
Package labels provides standardized label management for krane Kubernetes resources. |
|
vault/testutil
Package testutil provides test utilities for creating a real vault service.
|
Package testutil provides test utilities for creating a real vault service. |
|
tools
|
|
|
exportoneof
command
Command exportoneof scans protobuf-generated Go files for unexported oneof interfaces (e.g.
|
Command exportoneof scans protobuf-generated Go files for unexported oneof interfaces (e.g. |
|
generate-rpc-clients
command
generate-rpc-clients generates simplified client wrappers for Connect RPC service interfaces.
|
generate-rpc-clients generates simplified client wrappers for Connect RPC service interfaces. |
|
gha-fetch-digest
module
|
Click to show internal directories.
Click to hide internal directories.