You've already forked agentic-coding-workflow
bugfix
This commit is contained in:
@@ -0,0 +1,120 @@
|
||||
// login_throttle.go throttles login brute-force by counting consecutive failed
|
||||
// attempts per (ip, email) key in a fixed time window — the same fixed-window
|
||||
// token-bucket algorithm proven in internal/mcp.RateLimiter, kept local here to
|
||||
// avoid an import cycle (user must not depend on mcp). On too many failures
|
||||
// within the window the next attempt is rejected with retry-after BEFORE any
|
||||
// password hash is computed, so an attacker cannot keep spending CPU on bcrypt.
|
||||
//
|
||||
// Keying by ip+email (not ip alone) means one attacker cannot lock a victim out
|
||||
// by hammering the victim's email from arbitrary IPs, and a shared NAT IP cannot
|
||||
// lock every user behind it; it does mean a botnet rotating IPs is not fully
|
||||
// stopped — that is the documented limit of a per-(ip,email) counter.
|
||||
package user
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// LoginThrottleConfig controls the failure window. MaxFailures failed attempts
|
||||
// within Window blocks further attempts until the window rolls over.
|
||||
type LoginThrottleConfig struct {
|
||||
Enabled bool
|
||||
MaxFailures int
|
||||
Window time.Duration
|
||||
}
|
||||
|
||||
// attemptBucket is one (ip,email) key's failure counter for the current window.
|
||||
type attemptBucket struct {
|
||||
count int
|
||||
windowAt time.Time
|
||||
}
|
||||
|
||||
// LoginThrottle is a concurrency-safe per-key fixed-window failure limiter.
|
||||
type LoginThrottle struct {
|
||||
cfg LoginThrottleConfig
|
||||
mu sync.Mutex
|
||||
m map[string]*attemptBucket
|
||||
now func() time.Time // injectable for tests
|
||||
}
|
||||
|
||||
// NewLoginThrottle builds a throttle. now=nil uses time.Now. A disabled config
|
||||
// (Enabled=false or MaxFailures<=0) yields a throttle that always allows.
|
||||
func NewLoginThrottle(cfg LoginThrottleConfig, now func() time.Time) *LoginThrottle {
|
||||
if now == nil {
|
||||
now = time.Now
|
||||
}
|
||||
if cfg.Window <= 0 {
|
||||
cfg.Window = 15 * time.Minute
|
||||
}
|
||||
return &LoginThrottle{cfg: cfg, m: map[string]*attemptBucket{}, now: now}
|
||||
}
|
||||
|
||||
// key normalizes (ip, email) into a single bucket key. Email is lowercased so
|
||||
// case variants share one counter; IP is taken as-is.
|
||||
func throttleKey(ip, email string) string {
|
||||
return ip + ":" + strings.ToLower(strings.TrimSpace(email))
|
||||
}
|
||||
|
||||
// disabled reports whether the throttle is a no-op.
|
||||
func (t *LoginThrottle) disabled() bool {
|
||||
return t == nil || !t.cfg.Enabled || t.cfg.MaxFailures <= 0
|
||||
}
|
||||
|
||||
// Allow reports whether a login attempt for (ip,email) may proceed. When
|
||||
// blocked it returns the duration until the current window rolls over. Allow
|
||||
// does NOT itself record an attempt — call RecordFailure on bad credentials and
|
||||
// Reset on success.
|
||||
func (t *LoginThrottle) Allow(ip, email string) (bool, time.Duration) {
|
||||
if t.disabled() {
|
||||
return true, 0
|
||||
}
|
||||
t.mu.Lock()
|
||||
defer t.mu.Unlock()
|
||||
now := t.now()
|
||||
b := t.m[throttleKey(ip, email)]
|
||||
if b == nil {
|
||||
return true, 0
|
||||
}
|
||||
if now.Sub(b.windowAt) >= t.cfg.Window {
|
||||
// Window expired: stale counter, allow (RecordFailure will reset it).
|
||||
return true, 0
|
||||
}
|
||||
if b.count >= t.cfg.MaxFailures {
|
||||
retry := t.cfg.Window - now.Sub(b.windowAt)
|
||||
if retry < 0 {
|
||||
retry = 0
|
||||
}
|
||||
return false, retry
|
||||
}
|
||||
return true, 0
|
||||
}
|
||||
|
||||
// RecordFailure increments the failure counter for (ip,email), starting a new
|
||||
// window if the previous one has expired.
|
||||
func (t *LoginThrottle) RecordFailure(ip, email string) {
|
||||
if t.disabled() {
|
||||
return
|
||||
}
|
||||
t.mu.Lock()
|
||||
defer t.mu.Unlock()
|
||||
now := t.now()
|
||||
k := throttleKey(ip, email)
|
||||
b := t.m[k]
|
||||
if b == nil || now.Sub(b.windowAt) >= t.cfg.Window {
|
||||
b = &attemptBucket{windowAt: now}
|
||||
t.m[k] = b
|
||||
}
|
||||
b.count++
|
||||
}
|
||||
|
||||
// Reset clears the failure counter for (ip,email) after a successful login.
|
||||
func (t *LoginThrottle) Reset(ip, email string) {
|
||||
if t.disabled() {
|
||||
return
|
||||
}
|
||||
t.mu.Lock()
|
||||
defer t.mu.Unlock()
|
||||
delete(t.m, throttleKey(ip, email))
|
||||
}
|
||||
@@ -0,0 +1,105 @@
|
||||
package user
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func newThrottle(now *time.Time) *LoginThrottle {
|
||||
return NewLoginThrottle(
|
||||
LoginThrottleConfig{Enabled: true, MaxFailures: 3, Window: 10 * time.Minute},
|
||||
func() time.Time { return *now },
|
||||
)
|
||||
}
|
||||
|
||||
func TestLoginThrottle_LockoutAfterN(t *testing.T) {
|
||||
now := time.Now()
|
||||
th := newThrottle(&now)
|
||||
|
||||
ip, email := "1.2.3.4", "user@example.com"
|
||||
for i := 0; i < 3; i++ {
|
||||
allowed, _ := th.Allow(ip, email)
|
||||
require.True(t, allowed, "attempt %d should be allowed", i+1)
|
||||
th.RecordFailure(ip, email)
|
||||
}
|
||||
// 4th attempt blocked.
|
||||
allowed, retry := th.Allow(ip, email)
|
||||
require.False(t, allowed)
|
||||
require.Greater(t, retry, time.Duration(0))
|
||||
}
|
||||
|
||||
func TestLoginThrottle_WindowExpiryResets(t *testing.T) {
|
||||
now := time.Now()
|
||||
th := newThrottle(&now)
|
||||
ip, email := "1.2.3.4", "user@example.com"
|
||||
|
||||
for i := 0; i < 3; i++ {
|
||||
th.RecordFailure(ip, email)
|
||||
}
|
||||
blocked, _ := th.Allow(ip, email)
|
||||
require.False(t, blocked)
|
||||
|
||||
// Advance past the window: counter is stale -> allowed again.
|
||||
now = now.Add(11 * time.Minute)
|
||||
allowed, _ := th.Allow(ip, email)
|
||||
require.True(t, allowed)
|
||||
}
|
||||
|
||||
func TestLoginThrottle_SuccessReset(t *testing.T) {
|
||||
now := time.Now()
|
||||
th := newThrottle(&now)
|
||||
ip, email := "1.2.3.4", "user@example.com"
|
||||
|
||||
th.RecordFailure(ip, email)
|
||||
th.RecordFailure(ip, email)
|
||||
th.Reset(ip, email) // simulate successful login
|
||||
|
||||
// Counter cleared: can fail 3 more times before lockout.
|
||||
for i := 0; i < 3; i++ {
|
||||
allowed, _ := th.Allow(ip, email)
|
||||
require.True(t, allowed)
|
||||
th.RecordFailure(ip, email)
|
||||
}
|
||||
blocked, _ := th.Allow(ip, email)
|
||||
require.False(t, blocked)
|
||||
}
|
||||
|
||||
func TestLoginThrottle_PerIPEmailIsolation(t *testing.T) {
|
||||
now := time.Now()
|
||||
th := newThrottle(&now)
|
||||
victim := "victim@example.com"
|
||||
|
||||
// Attacker hammers victim's email from one IP and trips the lock for that IP.
|
||||
for i := 0; i < 3; i++ {
|
||||
th.RecordFailure("9.9.9.9", victim)
|
||||
}
|
||||
blocked, _ := th.Allow("9.9.9.9", victim)
|
||||
require.False(t, blocked)
|
||||
|
||||
// The real victim, on a DIFFERENT IP, is NOT locked out.
|
||||
allowed, _ := th.Allow("5.5.5.5", victim)
|
||||
require.True(t, allowed, "victim must not be locked out by an attacker on another IP")
|
||||
}
|
||||
|
||||
func TestLoginThrottle_CaseInsensitiveEmail(t *testing.T) {
|
||||
now := time.Now()
|
||||
th := newThrottle(&now)
|
||||
ip := "1.2.3.4"
|
||||
for i := 0; i < 3; i++ {
|
||||
th.RecordFailure(ip, "User@Example.com")
|
||||
}
|
||||
// Same email different case shares the counter.
|
||||
blocked, _ := th.Allow(ip, "user@example.com")
|
||||
require.False(t, blocked)
|
||||
}
|
||||
|
||||
func TestLoginThrottle_DisabledAlwaysAllows(t *testing.T) {
|
||||
th := NewLoginThrottle(LoginThrottleConfig{Enabled: false, MaxFailures: 1}, nil)
|
||||
for i := 0; i < 100; i++ {
|
||||
th.RecordFailure("1.1.1.1", "a@b.c")
|
||||
}
|
||||
allowed, _ := th.Allow("1.1.1.1", "a@b.c")
|
||||
require.True(t, allowed)
|
||||
}
|
||||
@@ -32,17 +32,38 @@ const sessionTTL = 7 * 24 * time.Hour
|
||||
// service 是 Service 接口的默认实现。字段保持小写以禁止外部直接构造,
|
||||
// 调用方必须通过 NewService 注入 Repository。
|
||||
type service struct {
|
||||
repo Repository
|
||||
audit audit.Recorder
|
||||
now func() time.Time
|
||||
repo Repository
|
||||
audit audit.Recorder
|
||||
now func() time.Time
|
||||
throttle *LoginThrottle // 登录暴力破解节流;默认 disabled,装配期可回填
|
||||
}
|
||||
|
||||
// NewService 用给定的 Repository 和 audit.Recorder 构造 Service 实现。
|
||||
// recorder 可为 nil(审计是 best-effort,nil 时直接跳过写审计)。
|
||||
// 返回 Service 接口而非 *service,以便日后扩展实现(如增加缓存层装饰器)
|
||||
// 时不破坏调用方代码。
|
||||
// 时不破坏调用方代码。默认装一个 disabled 的 LoginThrottle(无节流),
|
||||
// 装配期通过 SetLoginThrottle 注入启用的实例。
|
||||
func NewService(repo Repository, recorder audit.Recorder) Service {
|
||||
return &service{repo: repo, audit: recorder, now: time.Now}
|
||||
return &service{
|
||||
repo: repo,
|
||||
audit: recorder,
|
||||
now: time.Now,
|
||||
throttle: NewLoginThrottle(LoginThrottleConfig{}, nil),
|
||||
}
|
||||
}
|
||||
|
||||
// SetLoginThrottle 注入登录节流器(装配期回填)。传 nil 时退回 disabled。
|
||||
// 因 Service 是接口,调用方需类型断言到该 setter(与项目其它装配期回填一致)。
|
||||
func (s *service) SetLoginThrottle(t *LoginThrottle) {
|
||||
if t == nil {
|
||||
t = NewLoginThrottle(LoginThrottleConfig{}, nil)
|
||||
}
|
||||
s.throttle = t
|
||||
}
|
||||
|
||||
// LoginThrottleSetter 是装配期回填登录节流器的窄接口(app.go 用类型断言取得)。
|
||||
type LoginThrottleSetter interface {
|
||||
SetLoginThrottle(t *LoginThrottle)
|
||||
}
|
||||
|
||||
// Login 校验邮箱与密码,成功后签发新的会话 token。
|
||||
@@ -50,9 +71,17 @@ func NewService(repo Repository, recorder audit.Recorder) Service {
|
||||
// 不向调用方泄露 "邮箱是否存在" 这一侧信道;只有底层故障(哈希解析、
|
||||
// token 生成、写库失败等)会返回带详细 cause 的非授权类错误。
|
||||
func (s *service) Login(ctx context.Context, email, password, ip string) (string, *User, error) {
|
||||
// 暴力破解节流:在任何 DB 查询 / 密码哈希之前判定,超限直接 429,避免攻击者
|
||||
// 持续消耗 bcrypt CPU。key = ip + lowercase(email),未知邮箱与已知邮箱走同一
|
||||
// 计数路径,不引入邮箱枚举侧信道。
|
||||
if allowed, _ := s.throttle.Allow(ip, email); !allowed {
|
||||
return "", nil, errs.New(errs.CodeRateLimited, "登录尝试过于频繁,请稍后再试")
|
||||
}
|
||||
|
||||
u, err := s.repo.GetUserByEmail(ctx, email)
|
||||
if err != nil {
|
||||
// 不区分 "邮箱不存在" 与 "密码错误",统一报 unauthorized。
|
||||
// 不区分 "邮箱不存在" 与 "密码错误",统一报 unauthorized。失败计数。
|
||||
s.throttle.RecordFailure(ip, email)
|
||||
return "", nil, errs.New(errs.CodeUnauthorized, "邮箱或密码错误")
|
||||
}
|
||||
ok, err := VerifyPassword(password, u.PasswordHash)
|
||||
@@ -60,8 +89,11 @@ func (s *service) Login(ctx context.Context, email, password, ip string) (string
|
||||
return "", nil, errs.Wrap(err, errs.CodeInternal, "verify password")
|
||||
}
|
||||
if !ok {
|
||||
s.throttle.RecordFailure(ip, email)
|
||||
return "", nil, errs.New(errs.CodeUnauthorized, "邮箱或密码错误")
|
||||
}
|
||||
// 凭据正确:清零该 key 的失败计数。
|
||||
s.throttle.Reset(ip, email)
|
||||
|
||||
tok, hash, err := NewSessionToken()
|
||||
if err != nil {
|
||||
|
||||
+240
-17
@@ -8,6 +8,7 @@ import (
|
||||
"net/netip"
|
||||
|
||||
"github.com/jackc/pgx/v5/pgtype"
|
||||
"github.com/pgvector/pgvector-go"
|
||||
)
|
||||
|
||||
type AcpAgentKind struct {
|
||||
@@ -25,6 +26,11 @@ type AcpAgentKind struct {
|
||||
ToolAllowlist []string `json:"tool_allowlist"`
|
||||
ClientType string `json:"client_type"`
|
||||
EncryptedMcpServers []byte `json:"encrypted_mcp_servers"`
|
||||
ModelID pgtype.UUID `json:"model_id"`
|
||||
MaxCostUsd pgtype.Numeric `json:"max_cost_usd"`
|
||||
MaxTokens *int64 `json:"max_tokens"`
|
||||
MaxWallClockSeconds *int32 `json:"max_wall_clock_seconds"`
|
||||
KeyVersion int16 `json:"key_version"`
|
||||
}
|
||||
|
||||
type AcpAgentKindConfigFile struct {
|
||||
@@ -35,6 +41,7 @@ type AcpAgentKindConfigFile struct {
|
||||
UpdatedBy pgtype.UUID `json:"updated_by"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
KeyVersion int16 `json:"key_version"`
|
||||
}
|
||||
|
||||
type AcpEvent struct {
|
||||
@@ -64,23 +71,64 @@ type AcpPermissionRequest struct {
|
||||
}
|
||||
|
||||
type AcpSession struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
ProjectID pgtype.UUID `json:"project_id"`
|
||||
AgentKindID pgtype.UUID `json:"agent_kind_id"`
|
||||
UserID pgtype.UUID `json:"user_id"`
|
||||
IssueID pgtype.UUID `json:"issue_id"`
|
||||
RequirementID pgtype.UUID `json:"requirement_id"`
|
||||
AgentSessionID *string `json:"agent_session_id"`
|
||||
Branch string `json:"branch"`
|
||||
CwdPath string `json:"cwd_path"`
|
||||
IsMainWorktree bool `json:"is_main_worktree"`
|
||||
Status string `json:"status"`
|
||||
Pid *int32 `json:"pid"`
|
||||
ExitCode *int32 `json:"exit_code"`
|
||||
LastError *string `json:"last_error"`
|
||||
StartedAt pgtype.Timestamptz `json:"started_at"`
|
||||
EndedAt pgtype.Timestamptz `json:"ended_at"`
|
||||
ID pgtype.UUID `json:"id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
ProjectID pgtype.UUID `json:"project_id"`
|
||||
AgentKindID pgtype.UUID `json:"agent_kind_id"`
|
||||
UserID pgtype.UUID `json:"user_id"`
|
||||
IssueID pgtype.UUID `json:"issue_id"`
|
||||
RequirementID pgtype.UUID `json:"requirement_id"`
|
||||
AgentSessionID *string `json:"agent_session_id"`
|
||||
Branch string `json:"branch"`
|
||||
CwdPath string `json:"cwd_path"`
|
||||
IsMainWorktree bool `json:"is_main_worktree"`
|
||||
Status string `json:"status"`
|
||||
Pid *int32 `json:"pid"`
|
||||
ExitCode *int32 `json:"exit_code"`
|
||||
LastError *string `json:"last_error"`
|
||||
StartedAt pgtype.Timestamptz `json:"started_at"`
|
||||
EndedAt pgtype.Timestamptz `json:"ended_at"`
|
||||
LastStopReason *string `json:"last_stop_reason"`
|
||||
OrchestratorStepID pgtype.UUID `json:"orchestrator_step_id"`
|
||||
PromptTokens int64 `json:"prompt_tokens"`
|
||||
CompletionTokens int64 `json:"completion_tokens"`
|
||||
ThinkingTokens int64 `json:"thinking_tokens"`
|
||||
TotalCostUsd pgtype.Numeric `json:"total_cost_usd"`
|
||||
LastActivityAt pgtype.Timestamptz `json:"last_activity_at"`
|
||||
BudgetMaxCostUsd pgtype.Numeric `json:"budget_max_cost_usd"`
|
||||
BudgetMaxTokens *int64 `json:"budget_max_tokens"`
|
||||
BudgetMaxWallClockSeconds *int32 `json:"budget_max_wall_clock_seconds"`
|
||||
TerminatedReason *string `json:"terminated_reason"`
|
||||
SandboxMode *string `json:"sandbox_mode"`
|
||||
CostUsd pgtype.Numeric `json:"cost_usd"`
|
||||
TokensTotal int64 `json:"tokens_total"`
|
||||
}
|
||||
|
||||
type AcpSessionUsage struct {
|
||||
ID int64 `json:"id"`
|
||||
SessionID pgtype.UUID `json:"session_id"`
|
||||
UserID pgtype.UUID `json:"user_id"`
|
||||
ProjectID pgtype.UUID `json:"project_id"`
|
||||
AgentKindID pgtype.UUID `json:"agent_kind_id"`
|
||||
ModelID pgtype.UUID `json:"model_id"`
|
||||
PromptTokens int64 `json:"prompt_tokens"`
|
||||
CompletionTokens int64 `json:"completion_tokens"`
|
||||
ThinkingTokens int64 `json:"thinking_tokens"`
|
||||
CostUsd pgtype.Numeric `json:"cost_usd"`
|
||||
SourceEventID *int64 `json:"source_event_id"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
}
|
||||
|
||||
type AcpTurn struct {
|
||||
ID int64 `json:"id"`
|
||||
SessionID pgtype.UUID `json:"session_id"`
|
||||
TurnIndex int32 `json:"turn_index"`
|
||||
PromptRequestID *string `json:"prompt_request_id"`
|
||||
Status string `json:"status"`
|
||||
StopReason *string `json:"stop_reason"`
|
||||
UpdateCount int32 `json:"update_count"`
|
||||
StartedAt pgtype.Timestamptz `json:"started_at"`
|
||||
CompletedAt pgtype.Timestamptz `json:"completed_at"`
|
||||
}
|
||||
|
||||
type AuditLog struct {
|
||||
@@ -94,6 +142,81 @@ type AuditLog struct {
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
}
|
||||
|
||||
type ChangeRequest struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
ProjectID pgtype.UUID `json:"project_id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
RequirementID pgtype.UUID `json:"requirement_id"`
|
||||
IssueID pgtype.UUID `json:"issue_id"`
|
||||
Number int32 `json:"number"`
|
||||
Title string `json:"title"`
|
||||
Description string `json:"description"`
|
||||
SourceBranch string `json:"source_branch"`
|
||||
TargetBranch string `json:"target_branch"`
|
||||
State string `json:"state"`
|
||||
ReviewVerdict string `json:"review_verdict"`
|
||||
CiState string `json:"ci_state"`
|
||||
Provider string `json:"provider"`
|
||||
ExternalID *int64 `json:"external_id"`
|
||||
ExternalUrl string `json:"external_url"`
|
||||
MergeCommitSha string `json:"merge_commit_sha"`
|
||||
ReviewedBy pgtype.UUID `json:"reviewed_by"`
|
||||
ReviewedAt pgtype.Timestamptz `json:"reviewed_at"`
|
||||
CreatedBy pgtype.UUID `json:"created_by"`
|
||||
MergedAt pgtype.Timestamptz `json:"merged_at"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
}
|
||||
|
||||
type CodeChunk struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
RunID pgtype.UUID `json:"run_id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
CommitSha string `json:"commit_sha"`
|
||||
FilePath string `json:"file_path"`
|
||||
Lang *string `json:"lang"`
|
||||
StartLine int32 `json:"start_line"`
|
||||
EndLine int32 `json:"end_line"`
|
||||
Content string `json:"content"`
|
||||
ContentSha []byte `json:"content_sha"`
|
||||
TokenCount *int32 `json:"token_count"`
|
||||
Embedding *pgvector.Vector `json:"embedding"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
}
|
||||
|
||||
type CodeIndexRun struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
WorktreeID pgtype.UUID `json:"worktree_id"`
|
||||
Branch string `json:"branch"`
|
||||
CommitSha string `json:"commit_sha"`
|
||||
Status string `json:"status"`
|
||||
EmbeddingEndpointID pgtype.UUID `json:"embedding_endpoint_id"`
|
||||
EmbeddingModel string `json:"embedding_model"`
|
||||
Dims int32 `json:"dims"`
|
||||
FilesIndexed int32 `json:"files_indexed"`
|
||||
ChunksIndexed int32 `json:"chunks_indexed"`
|
||||
Error *string `json:"error"`
|
||||
StartedAt pgtype.Timestamptz `json:"started_at"`
|
||||
FinishedAt pgtype.Timestamptz `json:"finished_at"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
}
|
||||
|
||||
type CommitSummary struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
WorktreeID pgtype.UUID `json:"worktree_id"`
|
||||
Branch string `json:"branch"`
|
||||
CommitSha string `json:"commit_sha"`
|
||||
Kind string `json:"kind"`
|
||||
Title *string `json:"title"`
|
||||
BodyMd string `json:"body_md"`
|
||||
Model *string `json:"model"`
|
||||
Status string `json:"status"`
|
||||
Error *string `json:"error"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
}
|
||||
|
||||
type Conversation struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
UserID pgtype.UUID `json:"user_id"`
|
||||
@@ -110,6 +233,14 @@ type Conversation struct {
|
||||
RequirementID pgtype.UUID `json:"requirement_id"`
|
||||
}
|
||||
|
||||
type CryptoKey struct {
|
||||
Version int32 `json:"version"`
|
||||
Provider string `json:"provider"`
|
||||
KeyRef *string `json:"key_ref"`
|
||||
Status string `json:"status"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
}
|
||||
|
||||
type GitCredential struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
@@ -119,6 +250,7 @@ type GitCredential struct {
|
||||
Fingerprint *string `json:"fingerprint"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
KeyVersion int16 `json:"key_version"`
|
||||
}
|
||||
|
||||
type Issue struct {
|
||||
@@ -135,6 +267,17 @@ type Issue struct {
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
ParentID pgtype.UUID `json:"parent_id"`
|
||||
Priority int32 `json:"priority"`
|
||||
}
|
||||
|
||||
type IssueDependency struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
ProjectID pgtype.UUID `json:"project_id"`
|
||||
BlockedID pgtype.UUID `json:"blocked_id"`
|
||||
BlockerID pgtype.UUID `json:"blocker_id"`
|
||||
CreatedBy pgtype.UUID `json:"created_by"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
}
|
||||
|
||||
type Job struct {
|
||||
@@ -162,6 +305,7 @@ type LlmEndpoint struct {
|
||||
CreatedBy pgtype.UUID `json:"created_by"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
KeyVersion int16 `json:"key_version"`
|
||||
}
|
||||
|
||||
type LlmModel struct {
|
||||
@@ -252,6 +396,50 @@ type Notification struct {
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
}
|
||||
|
||||
type NotificationPref struct {
|
||||
UserID pgtype.UUID `json:"user_id"`
|
||||
EmailEnabled bool `json:"email_enabled"`
|
||||
ImEnabled bool `json:"im_enabled"`
|
||||
ImWebhookUrlEnc []byte `json:"im_webhook_url_enc"`
|
||||
MinSeverity string `json:"min_severity"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
}
|
||||
|
||||
type OrchestratorRun struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
ProjectID pgtype.UUID `json:"project_id"`
|
||||
RequirementID pgtype.UUID `json:"requirement_id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
OwnerID pgtype.UUID `json:"owner_id"`
|
||||
Status string `json:"status"`
|
||||
CurrentPhase string `json:"current_phase"`
|
||||
Config []byte `json:"config"`
|
||||
LastError *string `json:"last_error"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
EndedAt pgtype.Timestamptz `json:"ended_at"`
|
||||
}
|
||||
|
||||
type OrchestratorStep struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
RunID pgtype.UUID `json:"run_id"`
|
||||
Phase string `json:"phase"`
|
||||
Attempt int32 `json:"attempt"`
|
||||
ParentStepID pgtype.UUID `json:"parent_step_id"`
|
||||
Depth int32 `json:"depth"`
|
||||
Status string `json:"status"`
|
||||
AgentKindID pgtype.UUID `json:"agent_kind_id"`
|
||||
AcpSessionID pgtype.UUID `json:"acp_session_id"`
|
||||
Prompt string `json:"prompt"`
|
||||
StopReason *string `json:"stop_reason"`
|
||||
GateResult []byte `json:"gate_result"`
|
||||
LastError *string `json:"last_error"`
|
||||
JobID pgtype.UUID `json:"job_id"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
EndedAt pgtype.Timestamptz `json:"ended_at"`
|
||||
}
|
||||
|
||||
type Project struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
Slug string `json:"slug"`
|
||||
@@ -264,6 +452,30 @@ type Project struct {
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
}
|
||||
|
||||
type ProjectMember struct {
|
||||
ProjectID pgtype.UUID `json:"project_id"`
|
||||
UserID pgtype.UUID `json:"user_id"`
|
||||
Role string `json:"role"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
AddedBy pgtype.UUID `json:"added_by"`
|
||||
}
|
||||
|
||||
type ProjectMemory struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
ProjectID pgtype.UUID `json:"project_id"`
|
||||
WorkspaceID pgtype.UUID `json:"workspace_id"`
|
||||
Kind string `json:"kind"`
|
||||
Title string `json:"title"`
|
||||
Body string `json:"body"`
|
||||
Tags []string `json:"tags"`
|
||||
Source string `json:"source"`
|
||||
Embedding *pgvector.Vector `json:"embedding"`
|
||||
EmbeddingModel *string `json:"embedding_model"`
|
||||
CreatedBy pgtype.UUID `json:"created_by"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
}
|
||||
|
||||
type PromptTemplate struct {
|
||||
ID pgtype.UUID `json:"id"`
|
||||
Name string `json:"name"`
|
||||
@@ -299,6 +511,16 @@ type RequirementArtifact struct {
|
||||
SourceMessageID *int64 `json:"source_message_id"`
|
||||
CreatedBy pgtype.UUID `json:"created_by"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
Verdict string `json:"verdict"`
|
||||
}
|
||||
|
||||
type RequirementPhasePointer struct {
|
||||
RequirementID pgtype.UUID `json:"requirement_id"`
|
||||
Phase string `json:"phase"`
|
||||
ApprovedArtifactID pgtype.UUID `json:"approved_artifact_id"`
|
||||
ApprovedBy pgtype.UUID `json:"approved_by"`
|
||||
ApprovedAt pgtype.Timestamptz `json:"approved_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
}
|
||||
|
||||
type User struct {
|
||||
@@ -354,6 +576,7 @@ type WorkspaceRunProfile struct {
|
||||
CreatedBy pgtype.UUID `json:"created_by"`
|
||||
CreatedAt pgtype.Timestamptz `json:"created_at"`
|
||||
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
|
||||
KeyVersion int16 `json:"key_version"`
|
||||
}
|
||||
|
||||
type WorkspaceWorktree struct {
|
||||
|
||||
Reference in New Issue
Block a user