credentials

package

v0.23.0 Latest Latest Go to latest Published: May 7, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vaayne/anna

Links

Open Source Insights

Documentation ¶

Index ¶

func OAuthDefinition() tools.Definition
func VaultDefinition() tools.Definition
type AddSecretInstruction
type FlowStatus
type OAuthTool
- func NewOAuthTool(svc *Service) *OAuthTool
- func (t *OAuthTool) Definition() tools.Definition
- func (t *OAuthTool) Execute(ctx context.Context, args map[string]any) (string, error)
type ProviderStatus
type RunnerInvalidator
type Service
- func NewService(vaultSvc *vault.Service, pluginCfg pluginhost.ConfigBackend, ...) *Service
type VaultEntry
type VaultTool
- func NewVaultTool(svc *Service) *VaultTool
- func (t *VaultTool) Definition() tools.Definition
- func (t *VaultTool) Execute(ctx context.Context, args map[string]any) (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func OAuthDefinition ¶

func OAuthDefinition() tools.Definition

OAuthDefinition returns the tool definition without requiring a live service.

func VaultDefinition ¶

func VaultDefinition() tools.Definition

VaultDefinition returns the tool definition without requiring a live service.

Types ¶

type AddSecretInstruction ¶

type AddSecretInstruction struct {
	Name    string
	Purpose string
	Command string // exact /config KEY VALUE command to run
}

AddSecretInstruction is returned by add_secret; it never contains the secret value.

type FlowStatus ¶

type FlowStatus struct {
	Provider        string
	FlowID          string
	VerificationURI string
	UserCode        string
	ExpiresAt       time.Time
	State           string
}

FlowStatus is the model-visible view of an in-flight OAuth flow.

type OAuthTool ¶

type OAuthTool struct {
	// contains filtered or unexported fields
}

OAuthTool manages OAuth provider connections.

func NewOAuthTool ¶

func NewOAuthTool(svc *Service) *OAuthTool

NewOAuthTool creates an OAuthTool backed by the given service.

func (*OAuthTool) Definition ¶

func (t *OAuthTool) Definition() tools.Definition

Definition implements tools.Tool. The provider enum is built dynamically from the registry so newly-declared manifest providers are immediately reachable.

func (*OAuthTool) Execute ¶

func (t *OAuthTool) Execute(ctx context.Context, args map[string]any) (string, error)

Execute implements tools.Tool.

type ProviderStatus ¶

type ProviderStatus struct {
	Provider    string `json:"provider"`
	Available   bool   `json:"available"`
	Connected   bool   `json:"connected"`
	Username    string `json:"username,omitempty"`    // label for the connected account
	Unavailable string `json:"unavailable,omitempty"` // reason when Available is false
}

ProviderStatus describes the availability of an OAuth provider.

type RunnerInvalidator ¶

type RunnerInvalidator interface {
	InvalidateUser(userID int64) error
}

RunnerInvalidator invalidates live runners for a user across all pools.

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

Service is the shared host-side credential manager. It owns vault secret operations and OAuth orchestration. Admin HTTP handlers and the built-in credentials tool both delegate to this service.

func NewService ¶

func NewService(
	vaultSvc *vault.Service,
	pluginCfg pluginhost.ConfigBackend,
	flowStore *oauth.FlowStore,
	corsOrigin string,
) *Service

NewService creates a credentials service. vaultSvc may be nil if the vault is not configured (methods that need it return errors).

func (*Service) AddSecretInstruction ¶

func (s *Service) AddSecretInstruction(name, purpose string) AddSecretInstruction

AddSecretInstruction returns a user-facing instruction to store a secret via /config. It never accepts or echoes the secret value.

func (*Service) CompleteAuthCodeFlow ¶ added in v0.16.0

func (s *Service) CompleteAuthCodeFlow(ctx context.Context, provider, flowID, code string) error

CompleteAuthCodeFlow finalizes an authorization-code OAuth callback flow.

func (*Service) CompleteAuthCodeFlowWithOrigin ¶ added in v0.16.0

func (s *Service) CompleteAuthCodeFlowWithOrigin(ctx context.Context, provider, flowID, code string, origin string) error

func (*Service) DeleteVaultEntry ¶

func (s *Service) DeleteVaultEntry(ctx context.Context, userID int64, name string) error

DeleteVaultEntry removes a named vault entry for userID.

func (*Service) Disconnect ¶

func (s *Service) Disconnect(ctx context.Context, userID int64, provider string) error

Disconnect removes the OAuth bundle for the given provider and user.

func (*Service) GetFlowForCallback ¶

func (s *Service) GetFlowForCallback(flowID string) (oauth.FlowStatus, bool)

GetFlowForCallback returns the stored flow (for callback handlers that need userID).

func (*Service) GetProviderStatuses ¶

func (s *Service) GetProviderStatuses(ctx context.Context, userID int64) []ProviderStatus

GetProviderStatuses returns status for all registered OAuth providers.

func (*Service) InvalidateUser ¶

func (s *Service) InvalidateUser(userID int64) error

InvalidateUser closes all live runners for userID across all pools.

func (*Service) ListVault ¶

func (s *Service) ListVault(ctx context.Context, userID int64) ([]VaultEntry, error)

ListVault returns metadata for all vault entries owned by userID.

func (*Service) PollFlow ¶

func (s *Service) PollFlow(ctx context.Context, userID int64, provider, flowID string) (FlowStatus, bool, error)

PollFlow polls an in-flight OAuth flow. For device-code flows it completes and saves the token when authorized. For auth-code flows it returns completed=true once the callback has finalized the flow.

func (*Service) SetInvalidator ¶

func (s *Service) SetInvalidator(inv RunnerInvalidator)

SetInvalidator wires the runner invalidator (usually *agent.PoolManager).

func (*Service) SetProviderPluginIDs ¶ added in v0.16.0

func (s *Service) SetProviderPluginIDs(m map[string]string)

SetProviderPluginIDs maps each provider ID to the plugin ID that supplies its OAuth credentials. Populated from manifest oauth_provider fields at startup.

func (*Service) SetRegistry ¶ added in v0.16.0

func (s *Service) SetRegistry(r *oauth.ProviderRegistry)

SetRegistry wires the OAuth provider registry used for generic provider operations.

func (*Service) SetVaultService ¶

func (s *Service) SetVaultService(svc *vault.Service)

SetVaultService sets or replaces the vault service at runtime (e.g. after startup).

func (*Service) StartFlow ¶

func (s *Service) StartFlow(ctx context.Context, userID int64, provider string) (FlowStatus, error)

StartFlow starts an OAuth flow for the given provider and user. It prefers device_code flows when available, making it suitable for agent/CLI use.

func (*Service) StartFlowWithOrigin ¶ added in v0.16.0

func (s *Service) StartFlowWithOrigin(ctx context.Context, userID int64, provider string, origin string) (FlowStatus, error)

StartFlowWithOrigin starts an OAuth flow for use by the admin UI. It uses the provider's preferred flow type (device_code when available, otherwise authorization_code). The callback URL is built from origin so browser redirects land on the correct host.

type VaultEntry ¶

type VaultEntry struct {
	Name      string
	UpdatedAt string
}

VaultEntry holds non-sensitive metadata for a stored secret.

type VaultTool ¶

type VaultTool struct {
	// contains filtered or unexported fields
}

VaultTool manages stored key-value secrets.

func NewVaultTool ¶

func NewVaultTool(svc *Service) *VaultTool

NewVaultTool creates a VaultTool backed by the given service.

func (*VaultTool) Definition ¶

func (t *VaultTool) Definition() tools.Definition

Definition implements tools.Tool.

func (*VaultTool) Execute ¶

func (t *VaultTool) Execute(ctx context.Context, args map[string]any) (string, error)

Execute implements tools.Tool.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
oauth

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL