Skip to content

feat: add UCAN RPC handler stubs#12

Merged
alanshaw merged 1 commit into
ash/feat/implement-access-key-handlersfrom
ash/feat/ucan-rpc-stubs
Jul 2, 2026
Merged

feat: add UCAN RPC handler stubs#12
alanshaw merged 1 commit into
ash/feat/implement-access-key-handlersfrom
ash/feat/ucan-rpc-stubs

Conversation

@alanshaw

@alanshaw alanshaw commented Jun 29, 2026

Copy link
Copy Markdown
Member

Adds stubs for the UCAN RPC handlers needed per the RFC.

Depends on:

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds initial scaffolding for Hilt’s UCAN-based RPC surface (used by Ingot for S3 tenant management), including an identity-backed UCAN server mounted on the existing Echo HTTP server.

Changes:

  • Introduces UCAN RPC handler stubs and wires them into an fx module that builds a ucantone HTTP server.
  • Adds a configurable service identity (PEM-backed or ephemeral) and exposes a public did:web DID document endpoint.
  • Extends configuration/CLI flags to support identity settings.

Reviewed changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
pkg/rpc/rpc.go Adds UCAN RPC route constructors (currently stubbed).
pkg/rpc/rpc_test.go Verifies handler command strings and non-nil handlers.
pkg/fx/server.go Mounts DID document and UCAN RPC endpoints on the Echo server; expands ServerParams.
pkg/fx/server_test.go Tests the public DID document route.
pkg/fx/rpc.go Adds RPCModule and UCAN server constructor registering grouped routes.
pkg/fx/rpc_test.go Tests identity construction and UCAN server construction.
pkg/fx/identity.go Adds IdentityModule and NewIdentity factory (PEM or ephemeral).
pkg/fx/config.go Exposes IdentityConfig into the fx graph.
pkg/fx/app.go Wires IdentityModule + RPCModule into the application module list.
pkg/config/config.go Adds IdentityConfig to service config and flag bindings.
cmd/main.go Adds CLI flags for identity key file and service DID.
go.mod Bumps libforge dependency version.
go.sum Updates sums for the bumped libforge version.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/rpc/rpc.go
Comment thread pkg/rpc/rpc.go
Comment thread pkg/rpc/rpc.go
Comment thread pkg/rpc/rpc.go
Comment thread pkg/rpc/rpc.go
Comment thread pkg/fx/server.go
Comment on lines +52 to +53
// Public DID document for did:web resolution of the service identity.
e.GET("/.well-known/did.json", didDocumentHandler(p.Logger, p.Identity))

This comment was marked as outdated.

@alanshaw alanshaw merged commit cc52e3a into ash/feat/implement-access-key-handlers Jul 2, 2026
5 checks passed
alanshaw added a commit that referenced this pull request Jul 2, 2026
Adds stubs for the UCAN RPC handlers needed per the RFC.

Implements the access key handlers of the management API.
alanshaw added a commit that referenced this pull request Jul 2, 2026
Implements the "get", "update status" and "delete" handlers.

Adds additional access key and bucket store methods for listing items by
tenant as well as deleting.

⚠️ Note: cleanup of bucket data from the forge network is not handled
here.

---

Adds stubs for the UCAN RPC handlers needed per the RFC.

---

Implements the access key handlers of the management API.
alanshaw added a commit that referenced this pull request Jul 2, 2026
Implements the tenant provisioning handler (`PUT /tenants/{tenantId}`).

* Adds config for did:plc directory server
* Creates and wires did:plc directory client
* Added external ID to tenant DB table
* Creates tenant private key (currently secp256k1)
    * Stores private key in vault
    * Registers private key with did:plc directory
* Stores tenant details in DB

---

Implements the "get", "update status" and "delete" handlers.

Adds additional access key and bucket store methods for listing items by
tenant as well as deleting.

⚠️ Note: cleanup of bucket data from the forge network is not handled
here.

---

Implements the access key handlers of the management API.

---

Adds stubs for the UCAN RPC handlers needed per the RFC.
alanshaw added a commit that referenced this pull request Jul 2, 2026
…10) (#11) (#12)

Adds a KMS-agnostic `vault.Vault` interface plus in-memory and HashiCorp Vault (KV v2) implementations, and wires vault selection/config into the fx app and CLI so Hilt can persist private key material in a configurable backend.

**Changes:**
- Introduce `pkg/vault.Vault` interface with `ErrNotFound`, plus an in-memory implementation and a HashiCorp Vault (KV v2) implementation (including AppRole auth helper).
- Add config schema + viper defaults + CLI flags for selecting/configuring the vault backend, and wire backend selection into the fx app graph.
- Add tests for the vault interface contract and HashiCorp AppRole login using a testcontainers Vault dev container.

---

Implements tenant provisioning via `PUT /tenants/{tenantId}` by introducing an external tenant identifier, wiring a did:plc directory client, generating/storing tenant keys in Vault, and persisting tenant records.

**Changes:**
- Added `external_id` to tenant storage model and introduced `GetByExternalID` for idempotent provisioning.
- Added PLC directory configuration + fx wiring to provide a `plc.DirectoryClient`.
- Implemented `ProvisionTenant` API handler with accompanying tests (memory stores + httptest PLC server).

---

Implements the remaining tenant management endpoints by wiring real store-backed handlers and adding the store capabilities required to support tenant deletion cascades (buckets, access keys, delegations, vault secrets, and did:plc deactivation).

**Changes:**
- Implement `GET /tenants/:tenantId`, `POST /tenants/:tenantId/status`, and `DELETE /tenants/:tenantId` handlers (with did:plc deactivation + cascade cleanup).
- Extend tenant/bucket/access-key stores with `Delete` and “list by tenant” capabilities, including pagination for buckets.
- Add/extend unit tests for the new store methods and HTTP handlers; bump dependencies to newer `ucantone` and `dag-json-gen`.

---

This PR implements the Management API access-key endpoints, including key material storage in Vault and issuing tenant→access-key UCAN delegations based on requested S3 permissions. It also extends the store layer to support access-key expiry and efficient bucket lookups by ID for response rendering.

**Changes:**
- Implement Create/List/Get/Delete access-key handlers, including Vault secret storage and delegation issuance/revocation.
- Add `expires_at` support for access keys across schema, store implementations, and tests.
- Extend bucket listing to support filtering by explicit bucket IDs via new `bucket.ListOption`/`bucket.ListConfig`.

---

Adds initial scaffolding for Hilt’s UCAN-based RPC surface (used by Ingot for S3 tenant management), including an identity-backed UCAN server mounted on the existing Echo HTTP server.

**Changes:**
- Introduces UCAN RPC handler stubs and wires them into an `fx` module that builds a `ucantone` HTTP server.
- Adds a configurable service identity (PEM-backed or ephemeral) and exposes a public `did:web` DID document endpoint.
- Extends configuration/CLI flags to support identity settings.
alanshaw added a commit that referenced this pull request Jul 2, 2026
) (#11) (#12)

Adds a configurable “partner key” authentication mechanism to gate access to the Tenant API routes, wiring the key through config/flags and enforcing it via Echo middleware.

**Changes:**
- Introduces `AuthConfig` (`auth.partner_key`) and exposes it through the fx config module.
- Wraps all Tenant API routes in partner-key bearer auth middleware while keeping `/` and `/health` open.
- Adds new Echo middleware + unit tests for partner-key bearer authentication.

---

Adds a KMS-agnostic `vault.Vault` interface plus in-memory and HashiCorp Vault (KV v2) implementations, and wires vault selection/config into the fx app and CLI so Hilt can persist private key material in a configurable backend.

**Changes:**
- Introduce `pkg/vault.Vault` interface with `ErrNotFound`, plus an in-memory implementation and a HashiCorp Vault (KV v2) implementation (including AppRole auth helper).
- Add config schema + viper defaults + CLI flags for selecting/configuring the vault backend, and wire backend selection into the fx app graph.
- Add tests for the vault interface contract and HashiCorp AppRole login using a testcontainers Vault dev container.

---

Implements tenant provisioning via `PUT /tenants/{tenantId}` by introducing an external tenant identifier, wiring a did:plc directory client, generating/storing tenant keys in Vault, and persisting tenant records.

**Changes:**
- Added `external_id` to tenant storage model and introduced `GetByExternalID` for idempotent provisioning.
- Added PLC directory configuration + fx wiring to provide a `plc.DirectoryClient`.
- Implemented `ProvisionTenant` API handler with accompanying tests (memory stores + httptest PLC server).

---

Implements the remaining tenant management endpoints by wiring real store-backed handlers and adding the store capabilities required to support tenant deletion cascades (buckets, access keys, delegations, vault secrets, and did:plc deactivation).

**Changes:**
- Implement `GET /tenants/:tenantId`, `POST /tenants/:tenantId/status`, and `DELETE /tenants/:tenantId` handlers (with did:plc deactivation + cascade cleanup).
- Extend tenant/bucket/access-key stores with `Delete` and “list by tenant” capabilities, including pagination for buckets.
- Add/extend unit tests for the new store methods and HTTP handlers; bump dependencies to newer `ucantone` and `dag-json-gen`.

---

This PR implements the Management API access-key endpoints, including key material storage in Vault and issuing tenant→access-key UCAN delegations based on requested S3 permissions. It also extends the store layer to support access-key expiry and efficient bucket lookups by ID for response rendering.

**Changes:**
- Implement Create/List/Get/Delete access-key handlers, including Vault secret storage and delegation issuance/revocation.
- Add `expires_at` support for access keys across schema, store implementations, and tests.
- Extend bucket listing to support filtering by explicit bucket IDs via new `bucket.ListOption`/`bucket.ListConfig`.

---

Adds initial scaffolding for Hilt’s UCAN-based RPC surface (used by Ingot for S3 tenant management), including an identity-backed UCAN server mounted on the existing Echo HTTP server.

**Changes:**
- Introduces UCAN RPC handler stubs and wires them into an `fx` module that builds a `ucantone` HTTP server.
- Adds a configurable service identity (PEM-backed or ephemeral) and exposes a public `did:web` DID document endpoint.
- Extends configuration/CLI flags to support identity settings.
alanshaw added a commit that referenced this pull request Jul 2, 2026
) (#12)

Adds initial Tenant + Access Key management API scaffolding and wires store backends (memory/postgres) into the Fx app based on configuration, including new config types/flags and Postgres migration hooks.

**Changes:**
- Introduces API route stubs and request/response types for tenant + access key endpoints, and auto-registers routes onto the Echo server via an Fx group.
- Adds storage backend selection (memory vs postgres) in `AppModule`, plus Fx modules to provide the corresponding store implementations.
- Expands configuration to include `storage.*` and `storage.postgres.*` settings and flag bindings; standardizes PG unique-violation handling using `pgerrcode`.

---

Adds a configurable “partner key” authentication mechanism to gate access to the Tenant API routes, wiring the key through config/flags and enforcing it via Echo middleware.

**Changes:**
- Introduces `AuthConfig` (`auth.partner_key`) and exposes it through the fx config module.
- Wraps all Tenant API routes in partner-key bearer auth middleware while keeping `/` and `/health` open.
- Adds new Echo middleware + unit tests for partner-key bearer authentication.

---

Adds a KMS-agnostic `vault.Vault` interface plus in-memory and HashiCorp Vault (KV v2) implementations, and wires vault selection/config into the fx app and CLI so Hilt can persist private key material in a configurable backend.

**Changes:**
- Introduce `pkg/vault.Vault` interface with `ErrNotFound`, plus an in-memory implementation and a HashiCorp Vault (KV v2) implementation (including AppRole auth helper).
- Add config schema + viper defaults + CLI flags for selecting/configuring the vault backend, and wire backend selection into the fx app graph.
- Add tests for the vault interface contract and HashiCorp AppRole login using a testcontainers Vault dev container.

---

Implements tenant provisioning via `PUT /tenants/{tenantId}` by introducing an external tenant identifier, wiring a did:plc directory client, generating/storing tenant keys in Vault, and persisting tenant records.

**Changes:**
- Added `external_id` to tenant storage model and introduced `GetByExternalID` for idempotent provisioning.
- Added PLC directory configuration + fx wiring to provide a `plc.DirectoryClient`.
- Implemented `ProvisionTenant` API handler with accompanying tests (memory stores + httptest PLC server).

---

Implements the remaining tenant management endpoints by wiring real store-backed handlers and adding the store capabilities required to support tenant deletion cascades (buckets, access keys, delegations, vault secrets, and did:plc deactivation).

**Changes:**
- Implement `GET /tenants/:tenantId`, `POST /tenants/:tenantId/status`, and `DELETE /tenants/:tenantId` handlers (with did:plc deactivation + cascade cleanup).
- Extend tenant/bucket/access-key stores with `Delete` and “list by tenant” capabilities, including pagination for buckets.
- Add/extend unit tests for the new store methods and HTTP handlers; bump dependencies to newer `ucantone` and `dag-json-gen`.

---

This PR implements the Management API access-key endpoints, including key material storage in Vault and issuing tenant→access-key UCAN delegations based on requested S3 permissions. It also extends the store layer to support access-key expiry and efficient bucket lookups by ID for response rendering.

**Changes:**
- Implement Create/List/Get/Delete access-key handlers, including Vault secret storage and delegation issuance/revocation.
- Add `expires_at` support for access keys across schema, store implementations, and tests.
- Extend bucket listing to support filtering by explicit bucket IDs via new `bucket.ListOption`/`bucket.ListConfig`.

---

Adds initial scaffolding for Hilt’s UCAN-based RPC surface (used by Ingot for S3 tenant management), including an identity-backed UCAN server mounted on the existing Echo HTTP server.

**Changes:**
- Introduces UCAN RPC handler stubs and wires them into an `fx` module that builds a `ucantone` HTTP server.
- Adds a configurable service identity (PEM-backed or ephemeral) and exposes a public `did:web` DID document endpoint.
- Extends configuration/CLI flags to support identity settings.
alanshaw added a commit that referenced this pull request Jul 2, 2026
…) (#11) (#12)

Adds initial scaffolding for running hilt as a service: a Cobra-based `hilt serve` command that loads config via Viper and starts an Echo HTTP server wired together with Uber Fx.

**Changes:**
- Introduce Fx modules for config surfacing, zap logging, and Echo server lifecycle management.
- Add Viper-based config loading with defaults, env var support, and pflag binding.
- Add `cmd/main.go` CLI entrypoint plus basic Makefile/.gitignore and new dependencies (Echo, Cobra, Viper, Fx).

---

Adds initial Tenant + Access Key management API scaffolding and wires store backends (memory/postgres) into the Fx app based on configuration, including new config types/flags and Postgres migration hooks.

**Changes:**
- Introduces API route stubs and request/response types for tenant + access key endpoints, and auto-registers routes onto the Echo server via an Fx group.
- Adds storage backend selection (memory vs postgres) in `AppModule`, plus Fx modules to provide the corresponding store implementations.
- Expands configuration to include `storage.*` and `storage.postgres.*` settings and flag bindings; standardizes PG unique-violation handling using `pgerrcode`.

---

Adds a configurable “partner key” authentication mechanism to gate access to the Tenant API routes, wiring the key through config/flags and enforcing it via Echo middleware.

**Changes:**
- Introduces `AuthConfig` (`auth.partner_key`) and exposes it through the fx config module.
- Wraps all Tenant API routes in partner-key bearer auth middleware while keeping `/` and `/health` open.
- Adds new Echo middleware + unit tests for partner-key bearer authentication.

---

Adds a KMS-agnostic `vault.Vault` interface plus in-memory and HashiCorp Vault (KV v2) implementations, and wires vault selection/config into the fx app and CLI so Hilt can persist private key material in a configurable backend.

**Changes:**
- Introduce `pkg/vault.Vault` interface with `ErrNotFound`, plus an in-memory implementation and a HashiCorp Vault (KV v2) implementation (including AppRole auth helper).
- Add config schema + viper defaults + CLI flags for selecting/configuring the vault backend, and wire backend selection into the fx app graph.
- Add tests for the vault interface contract and HashiCorp AppRole login using a testcontainers Vault dev container.

---

Implements tenant provisioning via `PUT /tenants/{tenantId}` by introducing an external tenant identifier, wiring a did:plc directory client, generating/storing tenant keys in Vault, and persisting tenant records.

**Changes:**
- Added `external_id` to tenant storage model and introduced `GetByExternalID` for idempotent provisioning.
- Added PLC directory configuration + fx wiring to provide a `plc.DirectoryClient`.
- Implemented `ProvisionTenant` API handler with accompanying tests (memory stores + httptest PLC server).

---

Implements the remaining tenant management endpoints by wiring real store-backed handlers and adding the store capabilities required to support tenant deletion cascades (buckets, access keys, delegations, vault secrets, and did:plc deactivation).

**Changes:**
- Implement `GET /tenants/:tenantId`, `POST /tenants/:tenantId/status`, and `DELETE /tenants/:tenantId` handlers (with did:plc deactivation + cascade cleanup).
- Extend tenant/bucket/access-key stores with `Delete` and “list by tenant” capabilities, including pagination for buckets.
- Add/extend unit tests for the new store methods and HTTP handlers; bump dependencies to newer `ucantone` and `dag-json-gen`.

---

This PR implements the Management API access-key endpoints, including key material storage in Vault and issuing tenant→access-key UCAN delegations based on requested S3 permissions. It also extends the store layer to support access-key expiry and efficient bucket lookups by ID for response rendering.

**Changes:**
- Implement Create/List/Get/Delete access-key handlers, including Vault secret storage and delegation issuance/revocation.
- Add `expires_at` support for access keys across schema, store implementations, and tests.
- Extend bucket listing to support filtering by explicit bucket IDs via new `bucket.ListOption`/`bucket.ListConfig`.

---

Adds initial scaffolding for Hilt’s UCAN-based RPC surface (used by Ingot for S3 tenant management), including an identity-backed UCAN server mounted on the existing Echo HTTP server.

**Changes:**
- Introduces UCAN RPC handler stubs and wires them into an `fx` module that builds a `ucantone` HTTP server.
- Adds a configurable service identity (PEM-backed or ephemeral) and exposes a public `did:web` DID document endpoint.
- Extends configuration/CLI flags to support identity settings.
alanshaw added a commit that referenced this pull request Jul 2, 2026
) (#12)

Adds a new Go client for interacting with the upload service via UCAN RPC invocations, along with structured logging helpers to make invocation arguments/metadata easier to inspect in logs.

**Changes:**
- Introduce `pkg/client.UploadClient` with `RegisterCustomer` (`/customer/add`) and `ProvisionSpace` (`/provider/add`) operations.
- Add `pkg/lib/zapucan` helpers for logging UCAN invocations and decoding CBOR-encoded IPLD maps into zap fields.
- Bump `github.com/fil-forge/libforge` dependency version.

---

Adds initial scaffolding for running hilt as a service: a Cobra-based `hilt serve` command that loads config via Viper and starts an Echo HTTP server wired together with Uber Fx.

**Changes:**
- Introduce Fx modules for config surfacing, zap logging, and Echo server lifecycle management.
- Add Viper-based config loading with defaults, env var support, and pflag binding.
- Add `cmd/main.go` CLI entrypoint plus basic Makefile/.gitignore and new dependencies (Echo, Cobra, Viper, Fx).

---

Adds initial Tenant + Access Key management API scaffolding and wires store backends (memory/postgres) into the Fx app based on configuration, including new config types/flags and Postgres migration hooks.

**Changes:**
- Introduces API route stubs and request/response types for tenant + access key endpoints, and auto-registers routes onto the Echo server via an Fx group.
- Adds storage backend selection (memory vs postgres) in `AppModule`, plus Fx modules to provide the corresponding store implementations.
- Expands configuration to include `storage.*` and `storage.postgres.*` settings and flag bindings; standardizes PG unique-violation handling using `pgerrcode`.

---

Adds a configurable “partner key” authentication mechanism to gate access to the Tenant API routes, wiring the key through config/flags and enforcing it via Echo middleware.

**Changes:**
- Introduces `AuthConfig` (`auth.partner_key`) and exposes it through the fx config module.
- Wraps all Tenant API routes in partner-key bearer auth middleware while keeping `/` and `/health` open.
- Adds new Echo middleware + unit tests for partner-key bearer authentication.

---

Adds a KMS-agnostic `vault.Vault` interface plus in-memory and HashiCorp Vault (KV v2) implementations, and wires vault selection/config into the fx app and CLI so Hilt can persist private key material in a configurable backend.

**Changes:**
- Introduce `pkg/vault.Vault` interface with `ErrNotFound`, plus an in-memory implementation and a HashiCorp Vault (KV v2) implementation (including AppRole auth helper).
- Add config schema + viper defaults + CLI flags for selecting/configuring the vault backend, and wire backend selection into the fx app graph.
- Add tests for the vault interface contract and HashiCorp AppRole login using a testcontainers Vault dev container.

---

Implements tenant provisioning via `PUT /tenants/{tenantId}` by introducing an external tenant identifier, wiring a did:plc directory client, generating/storing tenant keys in Vault, and persisting tenant records.

**Changes:**
- Added `external_id` to tenant storage model and introduced `GetByExternalID` for idempotent provisioning.
- Added PLC directory configuration + fx wiring to provide a `plc.DirectoryClient`.
- Implemented `ProvisionTenant` API handler with accompanying tests (memory stores + httptest PLC server).

---

Implements the remaining tenant management endpoints by wiring real store-backed handlers and adding the store capabilities required to support tenant deletion cascades (buckets, access keys, delegations, vault secrets, and did:plc deactivation).

**Changes:**
- Implement `GET /tenants/:tenantId`, `POST /tenants/:tenantId/status`, and `DELETE /tenants/:tenantId` handlers (with did:plc deactivation + cascade cleanup).
- Extend tenant/bucket/access-key stores with `Delete` and “list by tenant” capabilities, including pagination for buckets.
- Add/extend unit tests for the new store methods and HTTP handlers; bump dependencies to newer `ucantone` and `dag-json-gen`.

---

This PR implements the Management API access-key endpoints, including key material storage in Vault and issuing tenant→access-key UCAN delegations based on requested S3 permissions. It also extends the store layer to support access-key expiry and efficient bucket lookups by ID for response rendering.

**Changes:**
- Implement Create/List/Get/Delete access-key handlers, including Vault secret storage and delegation issuance/revocation.
- Add `expires_at` support for access keys across schema, store implementations, and tests.
- Extend bucket listing to support filtering by explicit bucket IDs via new `bucket.ListOption`/`bucket.ListConfig`.

---

Adds initial scaffolding for Hilt’s UCAN-based RPC surface (used by Ingot for S3 tenant management), including an identity-backed UCAN server mounted on the existing Echo HTTP server.

**Changes:**
- Introduces UCAN RPC handler stubs and wires them into an `fx` module that builds a `ucantone` HTTP server.
- Adds a configurable service identity (PEM-backed or ephemeral) and exposes a public `did:web` DID document endpoint.
- Extends configuration/CLI flags to support identity settings.
alanshaw added a commit that referenced this pull request Jul 2, 2026
)

Adds a new Go client for interacting with the upload service via UCAN RPC invocations, along with structured logging helpers to make invocation arguments/metadata easier to inspect in logs.

**Changes:**
- Introduce `pkg/client.UploadClient` with `RegisterCustomer` (`/customer/add`) and `ProvisionSpace` (`/provider/add`) operations.
- Add `pkg/lib/zapucan` helpers for logging UCAN invocations and decoding CBOR-encoded IPLD maps into zap fields.
- Bump `github.com/fil-forge/libforge` dependency version.

---

Adds initial scaffolding for running hilt as a service: a Cobra-based `hilt serve` command that loads config via Viper and starts an Echo HTTP server wired together with Uber Fx.

**Changes:**
- Introduce Fx modules for config surfacing, zap logging, and Echo server lifecycle management.
- Add Viper-based config loading with defaults, env var support, and pflag binding.
- Add `cmd/main.go` CLI entrypoint plus basic Makefile/.gitignore and new dependencies (Echo, Cobra, Viper, Fx).

---

Adds initial Tenant + Access Key management API scaffolding and wires store backends (memory/postgres) into the Fx app based on configuration, including new config types/flags and Postgres migration hooks.

**Changes:**
- Introduces API route stubs and request/response types for tenant + access key endpoints, and auto-registers routes onto the Echo server via an Fx group.
- Adds storage backend selection (memory vs postgres) in `AppModule`, plus Fx modules to provide the corresponding store implementations.
- Expands configuration to include `storage.*` and `storage.postgres.*` settings and flag bindings; standardizes PG unique-violation handling using `pgerrcode`.

---

Adds a configurable “partner key” authentication mechanism to gate access to the Tenant API routes, wiring the key through config/flags and enforcing it via Echo middleware.

**Changes:**
- Introduces `AuthConfig` (`auth.partner_key`) and exposes it through the fx config module.
- Wraps all Tenant API routes in partner-key bearer auth middleware while keeping `/` and `/health` open.
- Adds new Echo middleware + unit tests for partner-key bearer authentication.

---

Adds a KMS-agnostic `vault.Vault` interface plus in-memory and HashiCorp Vault (KV v2) implementations, and wires vault selection/config into the fx app and CLI so Hilt can persist private key material in a configurable backend.

**Changes:**
- Introduce `pkg/vault.Vault` interface with `ErrNotFound`, plus an in-memory implementation and a HashiCorp Vault (KV v2) implementation (including AppRole auth helper).
- Add config schema + viper defaults + CLI flags for selecting/configuring the vault backend, and wire backend selection into the fx app graph.
- Add tests for the vault interface contract and HashiCorp AppRole login using a testcontainers Vault dev container.

---

Implements tenant provisioning via `PUT /tenants/{tenantId}` by introducing an external tenant identifier, wiring a did:plc directory client, generating/storing tenant keys in Vault, and persisting tenant records.

**Changes:**
- Added `external_id` to tenant storage model and introduced `GetByExternalID` for idempotent provisioning.
- Added PLC directory configuration + fx wiring to provide a `plc.DirectoryClient`.
- Implemented `ProvisionTenant` API handler with accompanying tests (memory stores + httptest PLC server).

---

Implements the remaining tenant management endpoints by wiring real store-backed handlers and adding the store capabilities required to support tenant deletion cascades (buckets, access keys, delegations, vault secrets, and did:plc deactivation).

**Changes:**
- Implement `GET /tenants/:tenantId`, `POST /tenants/:tenantId/status`, and `DELETE /tenants/:tenantId` handlers (with did:plc deactivation + cascade cleanup).
- Extend tenant/bucket/access-key stores with `Delete` and “list by tenant” capabilities, including pagination for buckets.
- Add/extend unit tests for the new store methods and HTTP handlers; bump dependencies to newer `ucantone` and `dag-json-gen`.

---

This PR implements the Management API access-key endpoints, including key material storage in Vault and issuing tenant→access-key UCAN delegations based on requested S3 permissions. It also extends the store layer to support access-key expiry and efficient bucket lookups by ID for response rendering.

**Changes:**
- Implement Create/List/Get/Delete access-key handlers, including Vault secret storage and delegation issuance/revocation.
- Add `expires_at` support for access keys across schema, store implementations, and tests.
- Extend bucket listing to support filtering by explicit bucket IDs via new `bucket.ListOption`/`bucket.ListConfig`.

---

Adds initial scaffolding for Hilt’s UCAN-based RPC surface (used by Ingot for S3 tenant management), including an identity-backed UCAN server mounted on the existing Echo HTTP server.

**Changes:**
- Introduces UCAN RPC handler stubs and wires them into an `fx` module that builds a `ucantone` HTTP server.
- Adds a configurable service identity (PEM-backed or ephemeral) and exposes a public `did:web` DID document endpoint.
- Extends configuration/CLI flags to support identity settings.
alanshaw added a commit that referenced this pull request Jul 2, 2026
) (#8) (#9) (#10) (#11) (#12)

This PR introduces a new `pkg/store` layer with both in-memory and Postgres-backed implementations for core entities (provider, tenant, bucket, access key, delegation), plus embedded goose migrations and test utilities to run Postgres-backed store tests via testcontainers.

**Changes:**
- Add store interfaces + in-memory and Postgres implementations for provider/tenant/bucket/accesskey/delegation.
- Add embedded goose migrations and a migrations runner to initialize Postgres schema.
- Add test utilities and cross-implementation tests (memory + Postgres) for each store.

---

Adds a new Go client for interacting with the upload service via UCAN RPC invocations, along with structured logging helpers to make invocation arguments/metadata easier to inspect in logs.

**Changes:**
- Introduce `pkg/client.UploadClient` with `RegisterCustomer` (`/customer/add`) and `ProvisionSpace` (`/provider/add`) operations.
- Add `pkg/lib/zapucan` helpers for logging UCAN invocations and decoding CBOR-encoded IPLD maps into zap fields.
- Bump `github.com/fil-forge/libforge` dependency version.

---

Adds initial scaffolding for running hilt as a service: a Cobra-based `hilt serve` command that loads config via Viper and starts an Echo HTTP server wired together with Uber Fx.

**Changes:**
- Introduce Fx modules for config surfacing, zap logging, and Echo server lifecycle management.
- Add Viper-based config loading with defaults, env var support, and pflag binding.
- Add `cmd/main.go` CLI entrypoint plus basic Makefile/.gitignore and new dependencies (Echo, Cobra, Viper, Fx).

---

Adds initial Tenant + Access Key management API scaffolding and wires store backends (memory/postgres) into the Fx app based on configuration, including new config types/flags and Postgres migration hooks.

**Changes:**
- Introduces API route stubs and request/response types for tenant + access key endpoints, and auto-registers routes onto the Echo server via an Fx group.
- Adds storage backend selection (memory vs postgres) in `AppModule`, plus Fx modules to provide the corresponding store implementations.
- Expands configuration to include `storage.*` and `storage.postgres.*` settings and flag bindings; standardizes PG unique-violation handling using `pgerrcode`.

---

Adds a configurable “partner key” authentication mechanism to gate access to the Tenant API routes, wiring the key through config/flags and enforcing it via Echo middleware.

**Changes:**
- Introduces `AuthConfig` (`auth.partner_key`) and exposes it through the fx config module.
- Wraps all Tenant API routes in partner-key bearer auth middleware while keeping `/` and `/health` open.
- Adds new Echo middleware + unit tests for partner-key bearer authentication.

---

Adds a KMS-agnostic `vault.Vault` interface plus in-memory and HashiCorp Vault (KV v2) implementations, and wires vault selection/config into the fx app and CLI so Hilt can persist private key material in a configurable backend.

**Changes:**
- Introduce `pkg/vault.Vault` interface with `ErrNotFound`, plus an in-memory implementation and a HashiCorp Vault (KV v2) implementation (including AppRole auth helper).
- Add config schema + viper defaults + CLI flags for selecting/configuring the vault backend, and wire backend selection into the fx app graph.
- Add tests for the vault interface contract and HashiCorp AppRole login using a testcontainers Vault dev container.

---

Implements tenant provisioning via `PUT /tenants/{tenantId}` by introducing an external tenant identifier, wiring a did:plc directory client, generating/storing tenant keys in Vault, and persisting tenant records.

**Changes:**
- Added `external_id` to tenant storage model and introduced `GetByExternalID` for idempotent provisioning.
- Added PLC directory configuration + fx wiring to provide a `plc.DirectoryClient`.
- Implemented `ProvisionTenant` API handler with accompanying tests (memory stores + httptest PLC server).

---

Implements the remaining tenant management endpoints by wiring real store-backed handlers and adding the store capabilities required to support tenant deletion cascades (buckets, access keys, delegations, vault secrets, and did:plc deactivation).

**Changes:**
- Implement `GET /tenants/:tenantId`, `POST /tenants/:tenantId/status`, and `DELETE /tenants/:tenantId` handlers (with did:plc deactivation + cascade cleanup).
- Extend tenant/bucket/access-key stores with `Delete` and “list by tenant” capabilities, including pagination for buckets.
- Add/extend unit tests for the new store methods and HTTP handlers; bump dependencies to newer `ucantone` and `dag-json-gen`.

---

This PR implements the Management API access-key endpoints, including key material storage in Vault and issuing tenant→access-key UCAN delegations based on requested S3 permissions. It also extends the store layer to support access-key expiry and efficient bucket lookups by ID for response rendering.

**Changes:**
- Implement Create/List/Get/Delete access-key handlers, including Vault secret storage and delegation issuance/revocation.
- Add `expires_at` support for access keys across schema, store implementations, and tests.
- Extend bucket listing to support filtering by explicit bucket IDs via new `bucket.ListOption`/`bucket.ListConfig`.

---

Adds initial scaffolding for Hilt’s UCAN-based RPC surface (used by Ingot for S3 tenant management), including an identity-backed UCAN server mounted on the existing Echo HTTP server.

**Changes:**
- Introduces UCAN RPC handler stubs and wires them into an `fx` module that builds a `ucantone` HTTP server.
- Adds a configurable service identity (PEM-backed or ephemeral) and exposes a public `did:web` DID document endpoint.
- Extends configuration/CLI flags to support identity settings.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants