sov

package module
v0.0.0-...-8df018f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

README

Sov

PEMM — Protocol-Enforced Modular Monolith for Go. One module, five packages, zero external dependencies. The gateway is the single entry point: register methods, remote services, middleware, and roles directly on it. Same call shape for local and remote — the resolver chain decides. Same handler code runs as a single binary, as N pods behind a gateway, or as a hybrid that does both at once.

Wire: POST /rpc/{Router}/{method} with {"args":...}. args can be either an array (positional) or an object (named) — same handler decodes both shapes. That is the entire contract.

This README is the read-me-first. Going deeper:

  • DESIGN.md — the model: wire shape, plugin hooks, federation, auth-split.
  • docs/PEMM.md — what "Protocol-Enforced Modular Monolith" means and why it's distinct (enforcement axis, fused boundary).
  • docs/WIRE_CONTRACT.md — the exact, language-agnostic contract a pod implements (register, signing, seal, RPC, introspect, health).
  • examples/chirp/polyglot/ — a non-Go (Python) pod that joins the mesh as a first-class member. Producer polyglot, proven.
  • BENCHMARKS.md — the cost of PEMM: in-process ≈ µs, remote = 1 RTT, batch coalesces N→1.

Packages

Package Role
github.com/Toyz/sov Top-level facade. Re-exports the 80% surface — sov.New, sov.Register, sov.RequireSubject, common errors.
github.com/Toyz/sov/rpc Controller layer. Reflection-based Engine.Register(&Router{}), transport-agnostic dispatch, built-in Describe(). No HTTP.
github.com/Toyz/sov/gateway The single entry point. Owns its engine, the resolver chain, the HTTP server, auth/authz wiring, framework endpoints.
github.com/Toyz/sov/signing Per-request Ed25519 signing middleware (request integrity — not identity).
github.com/Toyz/sov/rpctest Test ergonomics. Handler tests are function calls.

30-second start

package main

import (
    "context"
    "log"

    "github.com/Toyz/sov"
)

type EchoRouter struct{}
type SayParams struct{ Msg string `json:"msg"` }

func (r *EchoRouter) Say(_ *sov.Context, p *SayParams) (map[string]string, error) {
    if p.Msg == "" {
        return nil, sov.BadRequest("msg required")
    }
    return map[string]string{"echoed": p.Msg}, nil
}

func main() {
    gw := sov.New()
    gw.Register(&EchoRouter{})
    log.Fatal(gw.ListenAndServe(context.Background(), ":8080"))
}

# Named
curl -s -X POST localhost:8080/rpc/Echo/say -d '{"args":{"msg":"hi"}}'
# Positional
curl -s -X POST localhost:8080/rpc/Echo/say -d '{"args":["hi"]}'
# → {"data":{"echoed":"hi"}}

Dispatch picks the shape by the first non-whitespace byte of args: [ → positional, { → named. A sov: struct tag drives both paths.

Handler contract

Router structs end in Router. Exported methods become wire methods. Wire namespace = type name minus the Router suffix.

func (r *X) M(ctx *rpc.Context)              error           // params-less, no result
func (r *X) M(ctx *rpc.Context) (T, error)                   // no params, typed result
func (r *X) M(ctx *rpc.Context, p *Params) (T, error)        // typed params + result
func (r *X) M(ctx *rpc.Context, p *Params)   error           // typed params, no result

Params and result are JSON-tagged structs. Anything else panics at boot — the panic includes the offending signature, the accepted forms, and a hint.

Optional PublicMethods() []string declares which methods are public (authz default-allows them).

Struct tag grammar (sov:"name,pos,flags...,key=value...") — see DESIGN.md for the full grammar. Drives both wire shapes, parsed once at Register() time, panics at boot on dup names, dup positions, gaps, required+omitempty conflict, unknown flags, or empty kv values.

Errors are typed:

return nil, sov.NotFound("widget %s", id)
return nil, sov.BadRequestCode("WORKSPACE_SLUG_IN_USE", "slug taken")

Three deployment shapes — same handler source

Path Topology
examples/chirp/cmd/monolith/ All services in one binary
examples/chirp/cmd/hybrid/ Some in-process, others remote — one binary
examples/chirp/cmd/mesh/ 6 containers via docker-compose (gateway + 5 pods)
examples/chirp/cmd/mesh-tiered/ Federated master/team gateway topology
examples/chirp/cmd/nested-pemm/ Two gateways in one binary via gw.LinkPeer

All shapes import the SAME examples/chirp/handlers/ packages; only cmd/ wiring differs. bash examples/chirp/walkthrough.sh produces byte-equivalent output against all of them — that's the PEMM proof.

Gateway = single entry point

gw := sov.New(
    sov.WithAdvertiseURL("http://this-pod:8080"), // stamp X-Sov-Upstream
    sov.WithHMACSecret(secret),                   // seal X-Sov-* bundle
)

// Local in-process — engine.Register sugar.
gw.Register(&UserRouter{...})

// Remote — equivalent of the pod POSTing _register at startup.
gw.RegisterRemote("Widgets", "http://widgets-pod:9001", 30*time.Second)

// Auth + authz: detected by interface in monolith mode.
gw.Register(&AuthRouter{...})    // sov.AuthService → auto-bound
gw.Register(&PolicyRouter{...})  // sov.AuthzService → auto-bound

// One entry point for plugins + middleware.
gw.Use(slog.Default())                            // *slog.Logger satisfies gateway.Logger
gw.UseAll(preset.Monolith(preset.MonolithConfig{})...)
gw.Use(loggingMiddleware)

log.Fatal(gw.ListenAndServe(ctx, ":8080"))

The three-domain auth split (Identity / Authorization / Profile) is enforced by the framework — Claims has no Role field. See DESIGN.md → Three-domain auth split.

Mesh pod

gw.JoinMesh(ctx, sov.MeshOptions{
    UpstreamURL: "http://gateway:8080",
    Address:     ":9001",
    Advertise:   "http://auth:9001",
    Roles:       sov.RoleAuth,           // self-declare role (RoleAuth | RoleAuthz)
    MeshSecret:  []byte(os.Getenv("SOV_MESH_SECRET")),
})

Mesh hardening (signed _register, role-conflict guard, name allowlist) is built into the registry, meshsecret, roletakeover, and preempt plugins — see DESIGN.md → Federation + tiered mesh.

Cross-service calls — sov.Client

// Monolith: gw.LocalClient() — no HTTP loopback, dispatches in-process.
// Mesh:     sov.NewClient(gwURL) — HTTPs through the central gateway.
var u User
err := cli.Call(ctx, "User", "get", &GetParams{ID: "u_1"}, &u)

Auto-forwards the inbound Authorization header so identity propagates across hops.

Pluggable Server

The HTTP server is gateway.Server — an interface. Default gateway.NewNetHTTPServer(opts) uses net/http. Plug in fiber / fasthttp / echo by implementing two methods (Handle, ListenAndServe) and passing via sov.WithServer(...). Sov ships no fiber adapter — that is your choice, not the framework's.

NetHTTPOptions.TrustUpstreamClaims (or sov.WithTrustUpstreamClaims(true)) — pods set this to accept X-Sov-* from a trusted upstream gateway. Edge gateways leave the default (strip).

Plugins — sov-itself-PEMM

Sov's extension model IS PEMM applied to the framework. A plugin is a Go type satisfying one or more interface hooks; gw.Use(plugin) auto- detects each. A plugin can ALSO be a sov service.

gw.Use(audit.New(audit.Config{Out: os.Stdout}))   // DispatchHook + IntrospectContributor + Audit.recent RPC
gw.Use(slog.Default())                            // Logger

14 builtin plugins ship under gateway/builtin/. Each has its own README with the full Config struct, hooks, and capabilities.

Plugin One-liner
audit DispatchHook + ring buffer + Audit.recent RPC
auth Translates Claims to legacy X-Forwarded-* headers
batch Owns /rpc/_batch; cascades nested batches per pod
cors Preflight short-circuit + per-response CORS headers
explorer Embedded HTML browser + drift radar at /rpc/_explorer/
hmacseal HMAC-seals X-Sov-* on outbound; verifies on inbound
manifest Emits the PEMM manifest at /rpc/_manifest
meshsecret HMAC gate on /rpc/_register
metrics Prom-format aggregation across registered services
preempt Federation takeover map; one-way, consumed on success
registry Promotes to registry shape — owns _register, /health, aggregation
requestid Generates + propagates X-Sov-Request-Id
roletakeover Drops the default 409 ROLE_CONFLICT (blue-green)
upstreams URL allowlist of upstream gateways whose X-Sov-* are trusted

Full hook interface list (20 sub-interfaces, all detected by Go type assertion) is documented in gateway/plugin.go. See DESIGN.md → Plugin model for the rationalized list and what each one fires on.

Presets

gateway/preset bundles plugins for the common deployment shapes. Each takes a Config struct composing per-plugin Configs.

gw.UseAll(preset.Monolith(preset.MonolithConfig{Audit: audit.Config{Out: os.Stdout}})...)
gw.UseAll(preset.Pod(preset.PodConfig{HMACSeal: hmacseal.Config{Secret: secret}})...)
gw.UseAll(preset.Registry(preset.RegistryConfig{Registry: registry.Config{AllowedNames: []string{"Auth", "Authz"}}})...)
gw.UseAll(preset.Hybrid(preset.HybridConfig{})...)

Empty-valued config entries skip their plugin so a minimal preset.Registry(preset.RegistryConfig{}) call still works.

Cascading batch + explorer

One POST to /rpc/_batch with N calls fans out concurrently; the gateway groups by destination and any group with >=2 remote entries pointing at the same pod collapses into ONE nested /rpc/_batch to that pod. sov.WithExplorer() mounts an embedded HTML browser at /rpc/_explorer/ (pure reader of /rpc/_introspect — flat type catalog, drift radar, live execution). Details in DESIGN.md → Cascading batch.

CLI: sov

One binary, one install:

go install github.com/Toyz/sov/cmd/sov@latest
Subcommand Purpose
sov init <mode> Scaffold a project (monolith / hybrid / mesh / …)
sov gen <lang> Generate a typed client (ts / go / kotlin / swift / python)
sov call Invoke a method (Service.method) and print the response
sov conform Validate a pod against the wire contract (polyglot conformance)
sov drift Check the gateway catalog for type-shape drift across services
sov inspect Pretty-print /rpc/_introspect (services, types, ownership, plugins)
sov health Pretty-print /rpc/_health
sov version CLI version + build info

Codegen pulls from a live gateway:

sov gen ts --from http://localhost:8080 --out ./client.ts
# Or one-shot — spawn the gateway, fetch, kill. Binary must honor SOV_LISTEN.
sov gen ts --exec /tmp/sov-monolith --out ./client.ts

Each language target emits a single file with typed methods + the batch() helper. Drift detection prints stderr warnings naming each variant + which services hold it; CI greps stderr if it wants to fail.

Testing

func TestWidgetCreate(t *testing.T) {
    eng := rpc.NewEngine()
    eng.Register(&WidgetRouter{Store: fakeStore})

    ctx := rpctest.New().WithUser("u_alice").Ctx()
    var w Widget
    status, err := rpctest.CallInto(eng, ctx, "Widget", "create",
        &CreateParams{Name: "foo"}, &w)
    require.Equal(t, 200, status)
}

Fuzz: go test -fuzz=FuzzDispatch -fuzztime=60s ./rpc.

Status

Pre-1.0. Breaking changes allowed per wave. Zero external dependencies — go.mod is just module github.com/Toyz/sov + go 1.25.0, pure stdlib top to bottom.

Deferred to v0.2+: hot-path decoder closures, DNS/Istio resolvers, SSE / streaming, mTLS on _register. See DESIGN.md → What PEMM explicitly does NOT do.

Documentation

Overview

Package sov is the top-level façade for the sov framework. It re-exports the most-used types and constructors from sov/rpc, sov/gateway, and sov/signing so the 80% case can write `sov.X` against a single import. 

import "github.com/Toyz/sov"

func main() {
    gw := sov.New()
    gw.Use(registry.New())
    gw.Register(&MyRouter{})
    log.Fatal(gw.ListenAndServe(ctx, ":8080"))
}

Power users who need transport adapters, mesh wiring, or the raw rpc.Engine reach for the underlying packages directly.

Index

Constants

View Source 
const (
	RoleAuth  = gateway.RoleAuth
	RoleAuthz = gateway.RoleAuthz
)

Variables

View Source 
var (
	// New returns a Gateway.
	New = gateway.New
	// NewClient returns a Client that POSTs against baseURL.
	NewClient = gateway.NewClient
	// LocalRouters returns every wire-named router on gw — convenience
	// for team gateways that federate "everything I host".
	LocalRouters = gateway.LocalRouters
	// NormalizeUpstreamURL is the canonical form used by every
	// federation layer for identity comparisons.
	NormalizeUpstreamURL = gateway.NormalizeUpstreamURL
	// WithServer overrides the HTTP server.
	WithServer = gateway.WithServer
	// WithResolver overrides the resolver chain.
	WithResolver = gateway.WithResolver
	// WithMiddleware appends consumer middleware.
	WithMiddleware = gateway.WithMiddleware
	// WithProxyClient overrides the http.Client used for remote proxy.
	WithProxyClient = gateway.WithProxyClient
	// WithClaimsCache overrides the verified-claims cache (default
	// in-memory, per-replica). Pass a shared impl (e.g. Redis) so a fleet
	// of gateway replicas reuse each other's auth-verify results.
	WithClaimsCache = gateway.WithClaimsCache
	// WithTrustUpstreamClaims tells the default Server to trust inbound X-Sov-*.
	WithTrustUpstreamClaims = gateway.WithTrustUpstreamClaims
	// WithAdvertiseURL stamps the gateway's public URL on every outbound proxy hop as X-Sov-Upstream.
	WithAdvertiseURL = gateway.WithAdvertiseURL
	// WithHTTPClient overrides the underlying *http.Client for sov.NewClient.
	WithHTTPClient = gateway.WithHTTPClient
	// UseSigning wires the zero-trust signing middleware.
	UseSigning = signing.UseSigning
	// NewMonolith returns a gateway pre-loaded with preset.Monolith.
	NewMonolith = preset.NewMonolith
	// NewPod returns a gateway pre-loaded with preset.Pod.
	NewPod = preset.NewPod
	// NewRegistry returns a gateway pre-loaded with preset.Registry.
	NewRegistry = preset.NewRegistry
	// NewHybrid returns a gateway pre-loaded with preset.Hybrid.
	NewHybrid = preset.NewHybrid
	// HaltErr wraps an error so a boot-time hook refuses startup.
	HaltErr = gateway.HaltErr
	// RespondErr wraps an error with a *Response the gateway returns.
	RespondErr = gateway.RespondErr
	// IsHalt reports whether err carries a HaltErr sentinel.
	IsHalt = gateway.IsHalt
)
View Source 
var (
	// RequireSubject extracts the authenticated subject id from ctx, or
	// returns 401 UNAUTHORIZED. The canonical handler-side gate.
	RequireSubject = rpc.RequireSubject
	// UserFromContext returns ctx.User or 401 UNAUTHORIZED.
	UserFromContext = rpc.UserFromContext

	// Common error constructors.
	NotFound        = rpc.NotFound
	Forbidden       = rpc.Forbidden
	ForbiddenCode   = rpc.ForbiddenCode
	Unauthorized    = rpc.Unauthorized
	BadRequest      = rpc.BadRequest
	BadRequestCode  = rpc.BadRequestCode
	Conflict        = rpc.Conflict
	Internal        = rpc.Internal
	NotImplemented  = rpc.NotImplemented
	TooManyRequests = rpc.TooManyRequests

	// Typed header accessors.
	ClaimsFromHeaders        = gateway.ClaimsFromHeaders
	AuthorizationFromContext = gateway.AuthorizationFromContext
)

Functions

func LoadEnv 

func LoadEnv(paths ...string) error

LoadEnv reads each KEY=VALUE file at the supplied paths and calls os.Setenv for every entry. Missing files are skipped silently — useful for projects that ship .sov.env in dev but rely on real environment variables in production. Existing env vars are NOT overwritten (consistent with most .env conventions); call LoadEnvOverride when you want force. 

func main() {
    sov.LoadEnv(".sov.env")
    gw := sov.NewMesh(...)
}

Wire shape: one entry per line. Lines beginning with '#' or empty lines are skipped. VALUE may be quoted with single or double quotes (quotes are stripped); inline `#` after an unquoted value starts a comment. No shell-style $VAR interpolation — values are literal.

func LoadEnvOverride 

func LoadEnvOverride(paths ...string) error

LoadEnvOverride is LoadEnv with overwrite semantics — every parsed key replaces any existing env var. Use when the file is the source of truth and you want to reset stale values.

Types

type AuthService 

type AuthService = gateway.AuthService

AuthService is the contract gw.RegisterAuth requires.

type AuthzDecision 

type AuthzDecision = gateway.AuthzDecision

AuthzDecision is the shape an AuthzService.Check must return.

type AuthzService 

type AuthzService = gateway.AuthzService

AuthzService is the contract gw.RegisterAuthz requires.

type CheckParams 

type CheckParams = gateway.CheckParams

CheckParams is what the gateway sends to AuthzService.Check.

type Claims 

type Claims = rpc.Claims

Claims is the verified caller identity. Identity + delegation only — authorization state lives in the AuthzService.

type ClaimsCache 

type ClaimsCache = gateway.ClaimsCache

ClaimsCache is the verified-claims cache contract. Implement it (e.g. Redis-backed) and pass WithClaimsCache to share auth-verify results across gateway replicas. Default is in-memory, per-replica.

type Client 

type Client = gateway.Client

Client is the cross-service caller interface. Either an in-process LocalClient or an HTTP-backed NewClient(baseURL).

type ClientOption 

type ClientOption = gateway.ClientOption

ClientOption mutates a gateway HTTP client constructed via NewClient.

type Context 

type Context = rpc.Context

Context is the per-request value handed to every router method.

type Error 

type Error = rpc.Error

Error is the canonical wire-shaped error.

type Gateway 

type Gateway = gateway.Gateway

Gateway is the single entry point. Wraps a rpc.Engine + resolver chain behind a pluggable Server. See gateway.Gateway.

type Handler 

type Handler = gateway.Handler

Handler is the gateway's per-request callable.

type HybridConfig 

type HybridConfig = preset.HybridConfig

Preset config type aliases — let consumers populate the preset configs without importing the preset package directly.

type MeshOptions 

type MeshOptions = gateway.MeshOptions

MeshOptions configures gw.JoinMesh.

type Middleware 

type Middleware = gateway.Middleware

Middleware wraps the gateway's request handler.

type MonolithConfig 

type MonolithConfig = preset.MonolithConfig

Preset config type aliases — let consumers populate the preset configs without importing the preset package directly.

type Option 

type Option = gateway.Option

Option mutates gateway construction.

type PodConfig 

type PodConfig = preset.PodConfig

Preset config type aliases — let consumers populate the preset configs without importing the preset package directly.

type RegistryConfig 

type RegistryConfig = preset.RegistryConfig

Preset config type aliases — let consumers populate the preset configs without importing the preset package directly.

type Request 

type Request = gateway.Request

Request is the transport-agnostic request shape.

type Response 

type Response = gateway.Response

Response is the transport-agnostic response shape.

type RoleFlag 

type RoleFlag = gateway.RoleFlag

RoleFlag is the bit set a pod self-declares on _register.

type VerifyParams 

type VerifyParams = gateway.VerifyParams

VerifyParams is what the gateway sends to AuthService.Verify.

Source Files

View all Source files

Directories

Path Synopsis
cmd
sov command
sov — the sov gateway operator CLI.
 sov — the sov gateway operator CLI.
sov/call
Package call implements `sov call` — quick interactive RPC.
 Package call implements `sov call` — quick interactive RPC.
sov/conform
Package conform implements `sov conform` — validate that a running pod (in ANY language) satisfies the sov wire contract (docs/WIRE_CONTRACT.md).
 Package conform implements `sov conform` — validate that a running pod (in ANY language) satisfies the sov wire contract (docs/WIRE_CONTRACT.md).
sov/drift
Package drift implements `sov drift` — the drift-check subcommand.
 Package drift implements `sov drift` — the drift-check subcommand.
sov/gen
Package gen is the `sov gen` subcommand router.
 Package gen is the `sov gen` subcommand router.
sov/gen/all
Package all implements the `sov gen all` subcommand: fetch the gateway catalog once (or spawn the gateway binary once) and emit every supported language client into a single output directory.
 Package all implements the `sov gen all` subcommand: fetch the gateway catalog once (or spawn the gateway binary once) and emit every supported language client into a single output directory.
sov/gen/golang
Package golang implements the `sovgen go` subcommand.
 Package golang implements the `sovgen go` subcommand.
sov/gen/kotlin
Package kotlin implements the `sovgen kotlin` subcommand.
 Package kotlin implements the `sovgen kotlin` subcommand.
sov/gen/python
Package python implements the `sovgen python` subcommand.
 Package python implements the `sovgen python` subcommand.
sov/gen/swift
Package swift implements the `sovgen swift` subcommand.
 Package swift implements the `sovgen swift` subcommand.
sov/gen/ts
Package ts implements the `sov gen ts` subcommand.
 Package ts implements the `sov gen ts` subcommand.
sov/health
Package health implements `sov health` — pretty-print of the /rpc/_health rollup.
 Package health implements `sov health` — pretty-print of the /rpc/_health rollup.
sov/init_cmd
Package initcmd implements `sov init <mode>` — the project scaffolder.
 Package initcmd implements `sov init <mode>` — the project scaffolder.
sov/inspect
Package inspect implements `sov inspect` — pretty-print of the /rpc/_introspect catalog.
 Package inspect implements `sov inspect` — pretty-print of the /rpc/_introspect catalog.
sov/internal/catalog
Package catalog centralizes the shared sovgen plumbing: fetching a /rpc/_introspect report, spawning a gateway binary on a free local port, polling for readiness, and the repeated --header K=V flag type.
 Package catalog centralizes the shared sovgen plumbing: fetching a /rpc/_introspect report, spawning a gateway binary on a free local port, polling for readiness, and the repeated --header K=V flag type.
sov/internal/docgen
Package docgen renders the shared title/desc/doc/example/deprecated doc-comment block that every sovgen emitter attaches to generated types and fields.
 Package docgen renders the shared title/desc/doc/example/deprecated doc-comment block that every sovgen emitter attaches to generated types and fields.
sov/internal/output
Package output provides TTY-aware rendering helpers shared by the sov CLI subcommands that print to humans (drift, inspect, health).
 Package output provides TTY-aware rendering helpers shared by the sov CLI subcommands that print to humans (drift, inspect, health).
sov/internal/strs
Package strs holds the tiny string helpers the code emitters share.
 Package strs holds the tiny string helpers the code emitters share.
examples
chirp/cmd/hybrid command
Hybrid binary: ONE gateway hosting Auth + Authz + User in-process while routing Chirp + Feed to remote pods registered via _register.
 Hybrid binary: ONE gateway hosting Auth + Authz + User in-process while routing Chirp + Feed to remote pods registered via _register.
chirp/cmd/mesh-tiered/chirps command
Tiered mesh — chirps pod.
 Tiered mesh — chirps pod.
chirp/cmd/mesh-tiered/feed command
Tiered mesh — feed pod.
 Tiered mesh — feed pod.
chirp/cmd/mesh-tiered/prime command
Tiered mesh — master/prime gateway.
 Tiered mesh — master/prime gateway.
chirp/cmd/mesh-tiered/team-feed command
Tiered mesh — team-feed gateway.
 Tiered mesh — team-feed gateway.
chirp/cmd/mesh-tiered/team-users command
Tiered mesh — team-users gateway.
 Tiered mesh — team-users gateway.
chirp/cmd/mesh-tiered/users command
Tiered mesh — users pod.
 Tiered mesh — users pod.
chirp/cmd/mesh/auth command
Mesh pod: Auth service.
 Mesh pod: Auth service.
chirp/cmd/mesh/authz command
Mesh pod: Authz service.
 Mesh pod: Authz service.
chirp/cmd/mesh/chirps command
Mesh pod: Chirp service.
 Mesh pod: Chirp service.
chirp/cmd/mesh/feed command
Mesh pod: Feed service.
 Mesh pod: Feed service.
chirp/cmd/mesh/gateway command
Mesh-mode gateway: registry role only.
 Mesh-mode gateway: registry role only.
chirp/cmd/mesh/users command
Mesh pod: User service.
 Mesh pod: User service.
chirp/cmd/monolith command
Monolith binary: gateway + all chirp services + the authz policy in one process.
 Monolith binary: gateway + all chirp services + the authz policy in one process.
chirp/cmd/nested-pemm command
Nested PEMM: TWO gateways in ONE binary linked via localpeer.
 Nested PEMM: TWO gateways in ONE binary linked via localpeer.
chirp/handlers/auth
Package auth is the chirp demo's identity surface — register a credential, exchange a handle+password for a session token, verify tokens for the gateway.
 Package auth is the chirp demo's identity surface — register a credential, exchange a handle+password for a session token, verify tokens for the gateway.
chirp/handlers/authz
Package authz is the chirp demo's policy-as-service.
 Package authz is the chirp demo's policy-as-service.
chirp/handlers/chirps
Package chirps owns the chirp entity end-to-end.
 Package chirps owns the chirp entity end-to-end.
chirp/handlers/feed
Package feed assembles a user's timeline by calling UserService for the follow graph and ChirpService for the chirps.
 Package feed assembles a user's timeline by calling UserService for the follow graph and ChirpService for the chirps.
chirp/handlers/users
Package users owns the user identity + follow graph end-to-end.
 Package users owns the user identity + follow graph end-to-end.
minimal command
Minimal sov example: one Echo service, one binary, ~10 lines of wiring.
 Minimal sov example: one Echo service, one binary, ~10 lines of wiring.
Package gateway is the entry point that wraps a sov rpc.Engine and exposes it over an HTTP-shaped server.
 Package gateway is the entry point that wraps a sov rpc.Engine and exposes it over an HTTP-shaped server.
builtin/audit
Package audit ships a sov plugin that records every dispatch event into a sliding-window in-memory ring AND emits structured JSON to a writer (typically os.Stdout or a log file).
 Package audit ships a sov plugin that records every dispatch event into a sliding-window in-memory ring AND emits structured JSON to a writer (typically os.Stdout or a log file).
builtin/auth
Package auth ships a first-party sov plugin that translates verified Claims into legacy-shape headers ("X-Forwarded-User" / "X-Forwarded-Scopes" / "X-Tenant-Id") on every outbound proxy hop.
 Package auth ships a first-party sov plugin that translates verified Claims into legacy-shape headers ("X-Forwarded-User" / "X-Forwarded-Scopes" / "X-Tenant-Id") on every outbound proxy hop.
builtin/batch
Package batch ships the cascading-batch endpoint at /rpc/_batch.
 Package batch ships the cascading-batch endpoint at /rpc/_batch.
builtin/cors
Package cors adds CORS headers to every response and handles the browser's OPTIONS preflight short-circuit.
 Package cors adds CORS headers to every response and handles the browser's OPTIONS preflight short-circuit.
builtin/explorer
Package explorer mounts the embedded HTML browser at /rpc/_explorer/.
 Package explorer mounts the embedded HTML browser at /rpc/_explorer/.
builtin/hmacseal
Package hmacseal seals injected X-Sov-* claim headers with HMAC-SHA256 so downstream services can detect forged claim bundles.
 Package hmacseal seals injected X-Sov-* claim headers with HMAC-SHA256 so downstream services can detect forged claim bundles.
builtin/hmacseal/proto
Package proto is the wire format for X-Sov-Seal.
 Package proto is the wire format for X-Sov-Seal.
builtin/introspect
Package introspect is the opt-in plugin that exposes the public /rpc/_introspect endpoint — the aggregated API catalog (every service, method, and type the gateway can route).
 Package introspect is the opt-in plugin that exposes the public /rpc/_introspect endpoint — the aggregated API catalog (every service, method, and type the gateway can route).
builtin/manifest
Package manifest emits the PEMM manifest of a running gateway — a single JSON document describing services, plugins, role bindings, federation map, and registered remotes.
 Package manifest emits the PEMM manifest of a running gateway — a single JSON document describing services, plugins, role bindings, federation map, and registered remotes.
builtin/meshsecret
Package meshsecret ships the HMAC gate for /rpc/_register.
 Package meshsecret ships the HMAC gate for /rpc/_register.
builtin/meshsecret/proto
Package proto is the wire format for the mesh-secret-gated /rpc/_register sig.
 Package proto is the wire format for the mesh-secret-gated /rpc/_register sig.
builtin/metrics
Package metrics ships a Prometheus-text-format metrics plugin for sov.
 Package metrics ships a Prometheus-text-format metrics plugin for sov.
builtin/preempt
Package preempt permits a federated _register to take over a service name already claimed by a different address.
 Package preempt permits a federated _register to take over a service name already claimed by a different address.
builtin/registertoken
Package registertoken ships the simple shared-token gate for /rpc/_register.
 Package registertoken ships the simple shared-token gate for /rpc/_register.
builtin/registertoken/proto
Package proto is the wire format for the static register-token join gate.
 Package proto is the wire format for the static register-token join gate.
builtin/registry
Package registry promotes the gateway to central-registry shape — owns POST /rpc/_register and the public top-level /health URL.
 Package registry promotes the gateway to central-registry shape — owns POST /rpc/_register and the public top-level /health URL.
builtin/requestid
Package requestid stamps a stable X-Sov-Request-Id on every request as it enters the gateway and propagates it through every hop the request takes: outbound proxy calls, in-process local dispatch, and downstream gateways (via the same header).
 Package requestid stamps a stable X-Sov-Request-Id on every request as it enters the gateway and propagates it through every hop the request takes: outbound proxy calls, in-process local dispatch, and downstream gateways (via the same header).
builtin/roletakeover
Package roletakeover relaxes the default cross-name role-binding guard.
 Package roletakeover relaxes the default cross-name role-binding guard.
builtin/static
Package static mounts a static-file tree (a built SPA, a docs site, a bundle of assets) on the gateway via a RouteHandler.
 Package static mounts a static-file tree (a built SPA, a docs site, a bundle of assets) on the gateway via a RouteHandler.
builtin/upstreams
Package upstreams limits which upstream gateway URLs a pod trusts X-Sov-* claim headers from.
 Package upstreams limits which upstream gateway URLs a pod trusts X-Sov-* claim headers from.
preset
Package preset curates default plugin bundles for the common sov deployment modes.
 Package preset curates default plugin bundles for the common sov deployment modes.
rpc
Package rpc is the transport-agnostic controller layer for Sov.
 Package rpc is the transport-agnostic controller layer for Sov.
tsrender
Package tsrender turns Go reflect types into TypeScript-shaped strings.
 Package tsrender turns Go reflect types into TypeScript-shaped strings.
Package rpctest is the test-ergonomics helper for sov consumers.
 Package rpctest is the test-ergonomics helper for sov consumers.
Package signing implements Sov's per-request Ed25519 request-signing scheme.
 Package signing implements Sov's per-request Ed25519 request-signing scheme.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.