This commit is contained in:
2026-06-22 08:55:57 +08:00
parent dbb87823e8
commit 6ade6e8fa9
325 changed files with 41131 additions and 855 deletions
+120
View File
@@ -0,0 +1,120 @@
// login_throttle.go throttles login brute-force by counting consecutive failed
// attempts per (ip, email) key in a fixed time window — the same fixed-window
// token-bucket algorithm proven in internal/mcp.RateLimiter, kept local here to
// avoid an import cycle (user must not depend on mcp). On too many failures
// within the window the next attempt is rejected with retry-after BEFORE any
// password hash is computed, so an attacker cannot keep spending CPU on bcrypt.
//
// Keying by ip+email (not ip alone) means one attacker cannot lock a victim out
// by hammering the victim's email from arbitrary IPs, and a shared NAT IP cannot
// lock every user behind it; it does mean a botnet rotating IPs is not fully
// stopped — that is the documented limit of a per-(ip,email) counter.
package user
import (
"strings"
"sync"
"time"
)
// LoginThrottleConfig controls the failure window. MaxFailures failed attempts
// within Window blocks further attempts until the window rolls over.
type LoginThrottleConfig struct {
Enabled bool
MaxFailures int
Window time.Duration
}
// attemptBucket is one (ip,email) key's failure counter for the current window.
type attemptBucket struct {
count int
windowAt time.Time
}
// LoginThrottle is a concurrency-safe per-key fixed-window failure limiter.
type LoginThrottle struct {
cfg LoginThrottleConfig
mu sync.Mutex
m map[string]*attemptBucket
now func() time.Time // injectable for tests
}
// NewLoginThrottle builds a throttle. now=nil uses time.Now. A disabled config
// (Enabled=false or MaxFailures<=0) yields a throttle that always allows.
func NewLoginThrottle(cfg LoginThrottleConfig, now func() time.Time) *LoginThrottle {
if now == nil {
now = time.Now
}
if cfg.Window <= 0 {
cfg.Window = 15 * time.Minute
}
return &LoginThrottle{cfg: cfg, m: map[string]*attemptBucket{}, now: now}
}
// key normalizes (ip, email) into a single bucket key. Email is lowercased so
// case variants share one counter; IP is taken as-is.
func throttleKey(ip, email string) string {
return ip + ":" + strings.ToLower(strings.TrimSpace(email))
}
// disabled reports whether the throttle is a no-op.
func (t *LoginThrottle) disabled() bool {
return t == nil || !t.cfg.Enabled || t.cfg.MaxFailures <= 0
}
// Allow reports whether a login attempt for (ip,email) may proceed. When
// blocked it returns the duration until the current window rolls over. Allow
// does NOT itself record an attempt — call RecordFailure on bad credentials and
// Reset on success.
func (t *LoginThrottle) Allow(ip, email string) (bool, time.Duration) {
if t.disabled() {
return true, 0
}
t.mu.Lock()
defer t.mu.Unlock()
now := t.now()
b := t.m[throttleKey(ip, email)]
if b == nil {
return true, 0
}
if now.Sub(b.windowAt) >= t.cfg.Window {
// Window expired: stale counter, allow (RecordFailure will reset it).
return true, 0
}
if b.count >= t.cfg.MaxFailures {
retry := t.cfg.Window - now.Sub(b.windowAt)
if retry < 0 {
retry = 0
}
return false, retry
}
return true, 0
}
// RecordFailure increments the failure counter for (ip,email), starting a new
// window if the previous one has expired.
func (t *LoginThrottle) RecordFailure(ip, email string) {
if t.disabled() {
return
}
t.mu.Lock()
defer t.mu.Unlock()
now := t.now()
k := throttleKey(ip, email)
b := t.m[k]
if b == nil || now.Sub(b.windowAt) >= t.cfg.Window {
b = &attemptBucket{windowAt: now}
t.m[k] = b
}
b.count++
}
// Reset clears the failure counter for (ip,email) after a successful login.
func (t *LoginThrottle) Reset(ip, email string) {
if t.disabled() {
return
}
t.mu.Lock()
defer t.mu.Unlock()
delete(t.m, throttleKey(ip, email))
}
+105
View File
@@ -0,0 +1,105 @@
package user
import (
"testing"
"time"
"github.com/stretchr/testify/require"
)
func newThrottle(now *time.Time) *LoginThrottle {
return NewLoginThrottle(
LoginThrottleConfig{Enabled: true, MaxFailures: 3, Window: 10 * time.Minute},
func() time.Time { return *now },
)
}
func TestLoginThrottle_LockoutAfterN(t *testing.T) {
now := time.Now()
th := newThrottle(&now)
ip, email := "1.2.3.4", "user@example.com"
for i := 0; i < 3; i++ {
allowed, _ := th.Allow(ip, email)
require.True(t, allowed, "attempt %d should be allowed", i+1)
th.RecordFailure(ip, email)
}
// 4th attempt blocked.
allowed, retry := th.Allow(ip, email)
require.False(t, allowed)
require.Greater(t, retry, time.Duration(0))
}
func TestLoginThrottle_WindowExpiryResets(t *testing.T) {
now := time.Now()
th := newThrottle(&now)
ip, email := "1.2.3.4", "user@example.com"
for i := 0; i < 3; i++ {
th.RecordFailure(ip, email)
}
blocked, _ := th.Allow(ip, email)
require.False(t, blocked)
// Advance past the window: counter is stale -> allowed again.
now = now.Add(11 * time.Minute)
allowed, _ := th.Allow(ip, email)
require.True(t, allowed)
}
func TestLoginThrottle_SuccessReset(t *testing.T) {
now := time.Now()
th := newThrottle(&now)
ip, email := "1.2.3.4", "user@example.com"
th.RecordFailure(ip, email)
th.RecordFailure(ip, email)
th.Reset(ip, email) // simulate successful login
// Counter cleared: can fail 3 more times before lockout.
for i := 0; i < 3; i++ {
allowed, _ := th.Allow(ip, email)
require.True(t, allowed)
th.RecordFailure(ip, email)
}
blocked, _ := th.Allow(ip, email)
require.False(t, blocked)
}
func TestLoginThrottle_PerIPEmailIsolation(t *testing.T) {
now := time.Now()
th := newThrottle(&now)
victim := "victim@example.com"
// Attacker hammers victim's email from one IP and trips the lock for that IP.
for i := 0; i < 3; i++ {
th.RecordFailure("9.9.9.9", victim)
}
blocked, _ := th.Allow("9.9.9.9", victim)
require.False(t, blocked)
// The real victim, on a DIFFERENT IP, is NOT locked out.
allowed, _ := th.Allow("5.5.5.5", victim)
require.True(t, allowed, "victim must not be locked out by an attacker on another IP")
}
func TestLoginThrottle_CaseInsensitiveEmail(t *testing.T) {
now := time.Now()
th := newThrottle(&now)
ip := "1.2.3.4"
for i := 0; i < 3; i++ {
th.RecordFailure(ip, "User@Example.com")
}
// Same email different case shares the counter.
blocked, _ := th.Allow(ip, "user@example.com")
require.False(t, blocked)
}
func TestLoginThrottle_DisabledAlwaysAllows(t *testing.T) {
th := NewLoginThrottle(LoginThrottleConfig{Enabled: false, MaxFailures: 1}, nil)
for i := 0; i < 100; i++ {
th.RecordFailure("1.1.1.1", "a@b.c")
}
allowed, _ := th.Allow("1.1.1.1", "a@b.c")
require.True(t, allowed)
}
+38 -6
View File
@@ -32,17 +32,38 @@ const sessionTTL = 7 * 24 * time.Hour
// service 是 Service 接口的默认实现。字段保持小写以禁止外部直接构造,
// 调用方必须通过 NewService 注入 Repository。
type service struct {
repo Repository
audit audit.Recorder
now func() time.Time
repo Repository
audit audit.Recorder
now func() time.Time
throttle *LoginThrottle // 登录暴力破解节流;默认 disabled,装配期可回填
}
// NewService 用给定的 Repository 和 audit.Recorder 构造 Service 实现。
// recorder 可为 nil(审计是 best-effort,nil 时直接跳过写审计)。
// 返回 Service 接口而非 *service,以便日后扩展实现(如增加缓存层装饰器)
// 时不破坏调用方代码。
// 时不破坏调用方代码。默认装一个 disabled 的 LoginThrottle(无节流),
// 装配期通过 SetLoginThrottle 注入启用的实例。
func NewService(repo Repository, recorder audit.Recorder) Service {
return &service{repo: repo, audit: recorder, now: time.Now}
return &service{
repo: repo,
audit: recorder,
now: time.Now,
throttle: NewLoginThrottle(LoginThrottleConfig{}, nil),
}
}
// SetLoginThrottle 注入登录节流器(装配期回填)。传 nil 时退回 disabled。
// 因 Service 是接口,调用方需类型断言到该 setter(与项目其它装配期回填一致)。
func (s *service) SetLoginThrottle(t *LoginThrottle) {
if t == nil {
t = NewLoginThrottle(LoginThrottleConfig{}, nil)
}
s.throttle = t
}
// LoginThrottleSetter 是装配期回填登录节流器的窄接口(app.go 用类型断言取得)。
type LoginThrottleSetter interface {
SetLoginThrottle(t *LoginThrottle)
}
// Login 校验邮箱与密码,成功后签发新的会话 token。
@@ -50,9 +71,17 @@ func NewService(repo Repository, recorder audit.Recorder) Service {
// 不向调用方泄露 "邮箱是否存在" 这一侧信道;只有底层故障(哈希解析、
// token 生成、写库失败等)会返回带详细 cause 的非授权类错误。
func (s *service) Login(ctx context.Context, email, password, ip string) (string, *User, error) {
// 暴力破解节流:在任何 DB 查询 / 密码哈希之前判定,超限直接 429,避免攻击者
// 持续消耗 bcrypt CPU。key = ip + lowercase(email),未知邮箱与已知邮箱走同一
// 计数路径,不引入邮箱枚举侧信道。
if allowed, _ := s.throttle.Allow(ip, email); !allowed {
return "", nil, errs.New(errs.CodeRateLimited, "登录尝试过于频繁,请稍后再试")
}
u, err := s.repo.GetUserByEmail(ctx, email)
if err != nil {
// 不区分 "邮箱不存在" 与 "密码错误",统一报 unauthorized。
// 不区分 "邮箱不存在" 与 "密码错误",统一报 unauthorized。失败计数。
s.throttle.RecordFailure(ip, email)
return "", nil, errs.New(errs.CodeUnauthorized, "邮箱或密码错误")
}
ok, err := VerifyPassword(password, u.PasswordHash)
@@ -60,8 +89,11 @@ func (s *service) Login(ctx context.Context, email, password, ip string) (string
return "", nil, errs.Wrap(err, errs.CodeInternal, "verify password")
}
if !ok {
s.throttle.RecordFailure(ip, email)
return "", nil, errs.New(errs.CodeUnauthorized, "邮箱或密码错误")
}
// 凭据正确:清零该 key 的失败计数。
s.throttle.Reset(ip, email)
tok, hash, err := NewSessionToken()
if err != nil {
+240 -17
View File
@@ -8,6 +8,7 @@ import (
"net/netip"
"github.com/jackc/pgx/v5/pgtype"
"github.com/pgvector/pgvector-go"
)
type AcpAgentKind struct {
@@ -25,6 +26,11 @@ type AcpAgentKind struct {
ToolAllowlist []string `json:"tool_allowlist"`
ClientType string `json:"client_type"`
EncryptedMcpServers []byte `json:"encrypted_mcp_servers"`
ModelID pgtype.UUID `json:"model_id"`
MaxCostUsd pgtype.Numeric `json:"max_cost_usd"`
MaxTokens *int64 `json:"max_tokens"`
MaxWallClockSeconds *int32 `json:"max_wall_clock_seconds"`
KeyVersion int16 `json:"key_version"`
}
type AcpAgentKindConfigFile struct {
@@ -35,6 +41,7 @@ type AcpAgentKindConfigFile struct {
UpdatedBy pgtype.UUID `json:"updated_by"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
KeyVersion int16 `json:"key_version"`
}
type AcpEvent struct {
@@ -64,23 +71,64 @@ type AcpPermissionRequest struct {
}
type AcpSession struct {
ID pgtype.UUID `json:"id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
ProjectID pgtype.UUID `json:"project_id"`
AgentKindID pgtype.UUID `json:"agent_kind_id"`
UserID pgtype.UUID `json:"user_id"`
IssueID pgtype.UUID `json:"issue_id"`
RequirementID pgtype.UUID `json:"requirement_id"`
AgentSessionID *string `json:"agent_session_id"`
Branch string `json:"branch"`
CwdPath string `json:"cwd_path"`
IsMainWorktree bool `json:"is_main_worktree"`
Status string `json:"status"`
Pid *int32 `json:"pid"`
ExitCode *int32 `json:"exit_code"`
LastError *string `json:"last_error"`
StartedAt pgtype.Timestamptz `json:"started_at"`
EndedAt pgtype.Timestamptz `json:"ended_at"`
ID pgtype.UUID `json:"id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
ProjectID pgtype.UUID `json:"project_id"`
AgentKindID pgtype.UUID `json:"agent_kind_id"`
UserID pgtype.UUID `json:"user_id"`
IssueID pgtype.UUID `json:"issue_id"`
RequirementID pgtype.UUID `json:"requirement_id"`
AgentSessionID *string `json:"agent_session_id"`
Branch string `json:"branch"`
CwdPath string `json:"cwd_path"`
IsMainWorktree bool `json:"is_main_worktree"`
Status string `json:"status"`
Pid *int32 `json:"pid"`
ExitCode *int32 `json:"exit_code"`
LastError *string `json:"last_error"`
StartedAt pgtype.Timestamptz `json:"started_at"`
EndedAt pgtype.Timestamptz `json:"ended_at"`
LastStopReason *string `json:"last_stop_reason"`
OrchestratorStepID pgtype.UUID `json:"orchestrator_step_id"`
PromptTokens int64 `json:"prompt_tokens"`
CompletionTokens int64 `json:"completion_tokens"`
ThinkingTokens int64 `json:"thinking_tokens"`
TotalCostUsd pgtype.Numeric `json:"total_cost_usd"`
LastActivityAt pgtype.Timestamptz `json:"last_activity_at"`
BudgetMaxCostUsd pgtype.Numeric `json:"budget_max_cost_usd"`
BudgetMaxTokens *int64 `json:"budget_max_tokens"`
BudgetMaxWallClockSeconds *int32 `json:"budget_max_wall_clock_seconds"`
TerminatedReason *string `json:"terminated_reason"`
SandboxMode *string `json:"sandbox_mode"`
CostUsd pgtype.Numeric `json:"cost_usd"`
TokensTotal int64 `json:"tokens_total"`
}
type AcpSessionUsage struct {
ID int64 `json:"id"`
SessionID pgtype.UUID `json:"session_id"`
UserID pgtype.UUID `json:"user_id"`
ProjectID pgtype.UUID `json:"project_id"`
AgentKindID pgtype.UUID `json:"agent_kind_id"`
ModelID pgtype.UUID `json:"model_id"`
PromptTokens int64 `json:"prompt_tokens"`
CompletionTokens int64 `json:"completion_tokens"`
ThinkingTokens int64 `json:"thinking_tokens"`
CostUsd pgtype.Numeric `json:"cost_usd"`
SourceEventID *int64 `json:"source_event_id"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
}
type AcpTurn struct {
ID int64 `json:"id"`
SessionID pgtype.UUID `json:"session_id"`
TurnIndex int32 `json:"turn_index"`
PromptRequestID *string `json:"prompt_request_id"`
Status string `json:"status"`
StopReason *string `json:"stop_reason"`
UpdateCount int32 `json:"update_count"`
StartedAt pgtype.Timestamptz `json:"started_at"`
CompletedAt pgtype.Timestamptz `json:"completed_at"`
}
type AuditLog struct {
@@ -94,6 +142,81 @@ type AuditLog struct {
CreatedAt pgtype.Timestamptz `json:"created_at"`
}
type ChangeRequest struct {
ID pgtype.UUID `json:"id"`
ProjectID pgtype.UUID `json:"project_id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
RequirementID pgtype.UUID `json:"requirement_id"`
IssueID pgtype.UUID `json:"issue_id"`
Number int32 `json:"number"`
Title string `json:"title"`
Description string `json:"description"`
SourceBranch string `json:"source_branch"`
TargetBranch string `json:"target_branch"`
State string `json:"state"`
ReviewVerdict string `json:"review_verdict"`
CiState string `json:"ci_state"`
Provider string `json:"provider"`
ExternalID *int64 `json:"external_id"`
ExternalUrl string `json:"external_url"`
MergeCommitSha string `json:"merge_commit_sha"`
ReviewedBy pgtype.UUID `json:"reviewed_by"`
ReviewedAt pgtype.Timestamptz `json:"reviewed_at"`
CreatedBy pgtype.UUID `json:"created_by"`
MergedAt pgtype.Timestamptz `json:"merged_at"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}
type CodeChunk struct {
ID pgtype.UUID `json:"id"`
RunID pgtype.UUID `json:"run_id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
CommitSha string `json:"commit_sha"`
FilePath string `json:"file_path"`
Lang *string `json:"lang"`
StartLine int32 `json:"start_line"`
EndLine int32 `json:"end_line"`
Content string `json:"content"`
ContentSha []byte `json:"content_sha"`
TokenCount *int32 `json:"token_count"`
Embedding *pgvector.Vector `json:"embedding"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
}
type CodeIndexRun struct {
ID pgtype.UUID `json:"id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
WorktreeID pgtype.UUID `json:"worktree_id"`
Branch string `json:"branch"`
CommitSha string `json:"commit_sha"`
Status string `json:"status"`
EmbeddingEndpointID pgtype.UUID `json:"embedding_endpoint_id"`
EmbeddingModel string `json:"embedding_model"`
Dims int32 `json:"dims"`
FilesIndexed int32 `json:"files_indexed"`
ChunksIndexed int32 `json:"chunks_indexed"`
Error *string `json:"error"`
StartedAt pgtype.Timestamptz `json:"started_at"`
FinishedAt pgtype.Timestamptz `json:"finished_at"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
}
type CommitSummary struct {
ID pgtype.UUID `json:"id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
WorktreeID pgtype.UUID `json:"worktree_id"`
Branch string `json:"branch"`
CommitSha string `json:"commit_sha"`
Kind string `json:"kind"`
Title *string `json:"title"`
BodyMd string `json:"body_md"`
Model *string `json:"model"`
Status string `json:"status"`
Error *string `json:"error"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
}
type Conversation struct {
ID pgtype.UUID `json:"id"`
UserID pgtype.UUID `json:"user_id"`
@@ -110,6 +233,14 @@ type Conversation struct {
RequirementID pgtype.UUID `json:"requirement_id"`
}
type CryptoKey struct {
Version int32 `json:"version"`
Provider string `json:"provider"`
KeyRef *string `json:"key_ref"`
Status string `json:"status"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
}
type GitCredential struct {
ID pgtype.UUID `json:"id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
@@ -119,6 +250,7 @@ type GitCredential struct {
Fingerprint *string `json:"fingerprint"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
KeyVersion int16 `json:"key_version"`
}
type Issue struct {
@@ -135,6 +267,17 @@ type Issue struct {
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
ParentID pgtype.UUID `json:"parent_id"`
Priority int32 `json:"priority"`
}
type IssueDependency struct {
ID pgtype.UUID `json:"id"`
ProjectID pgtype.UUID `json:"project_id"`
BlockedID pgtype.UUID `json:"blocked_id"`
BlockerID pgtype.UUID `json:"blocker_id"`
CreatedBy pgtype.UUID `json:"created_by"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
}
type Job struct {
@@ -162,6 +305,7 @@ type LlmEndpoint struct {
CreatedBy pgtype.UUID `json:"created_by"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
KeyVersion int16 `json:"key_version"`
}
type LlmModel struct {
@@ -252,6 +396,50 @@ type Notification struct {
CreatedAt pgtype.Timestamptz `json:"created_at"`
}
type NotificationPref struct {
UserID pgtype.UUID `json:"user_id"`
EmailEnabled bool `json:"email_enabled"`
ImEnabled bool `json:"im_enabled"`
ImWebhookUrlEnc []byte `json:"im_webhook_url_enc"`
MinSeverity string `json:"min_severity"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}
type OrchestratorRun struct {
ID pgtype.UUID `json:"id"`
ProjectID pgtype.UUID `json:"project_id"`
RequirementID pgtype.UUID `json:"requirement_id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
OwnerID pgtype.UUID `json:"owner_id"`
Status string `json:"status"`
CurrentPhase string `json:"current_phase"`
Config []byte `json:"config"`
LastError *string `json:"last_error"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
EndedAt pgtype.Timestamptz `json:"ended_at"`
}
type OrchestratorStep struct {
ID pgtype.UUID `json:"id"`
RunID pgtype.UUID `json:"run_id"`
Phase string `json:"phase"`
Attempt int32 `json:"attempt"`
ParentStepID pgtype.UUID `json:"parent_step_id"`
Depth int32 `json:"depth"`
Status string `json:"status"`
AgentKindID pgtype.UUID `json:"agent_kind_id"`
AcpSessionID pgtype.UUID `json:"acp_session_id"`
Prompt string `json:"prompt"`
StopReason *string `json:"stop_reason"`
GateResult []byte `json:"gate_result"`
LastError *string `json:"last_error"`
JobID pgtype.UUID `json:"job_id"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
EndedAt pgtype.Timestamptz `json:"ended_at"`
}
type Project struct {
ID pgtype.UUID `json:"id"`
Slug string `json:"slug"`
@@ -264,6 +452,30 @@ type Project struct {
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}
type ProjectMember struct {
ProjectID pgtype.UUID `json:"project_id"`
UserID pgtype.UUID `json:"user_id"`
Role string `json:"role"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
AddedBy pgtype.UUID `json:"added_by"`
}
type ProjectMemory struct {
ID pgtype.UUID `json:"id"`
ProjectID pgtype.UUID `json:"project_id"`
WorkspaceID pgtype.UUID `json:"workspace_id"`
Kind string `json:"kind"`
Title string `json:"title"`
Body string `json:"body"`
Tags []string `json:"tags"`
Source string `json:"source"`
Embedding *pgvector.Vector `json:"embedding"`
EmbeddingModel *string `json:"embedding_model"`
CreatedBy pgtype.UUID `json:"created_by"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}
type PromptTemplate struct {
ID pgtype.UUID `json:"id"`
Name string `json:"name"`
@@ -299,6 +511,16 @@ type RequirementArtifact struct {
SourceMessageID *int64 `json:"source_message_id"`
CreatedBy pgtype.UUID `json:"created_by"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
Verdict string `json:"verdict"`
}
type RequirementPhasePointer struct {
RequirementID pgtype.UUID `json:"requirement_id"`
Phase string `json:"phase"`
ApprovedArtifactID pgtype.UUID `json:"approved_artifact_id"`
ApprovedBy pgtype.UUID `json:"approved_by"`
ApprovedAt pgtype.Timestamptz `json:"approved_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}
type User struct {
@@ -354,6 +576,7 @@ type WorkspaceRunProfile struct {
CreatedBy pgtype.UUID `json:"created_by"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
KeyVersion int16 `json:"key_version"`
}
type WorkspaceWorktree struct {