Versions in this module Expand all Collapse all v0 v0.1.3-rc.1 Jul 8, 2026 v0.1.2 Jul 7, 2026 v0.1.1 Jul 7, 2026 v0.1.0 Jul 7, 2026 Changes in this version + const AuditStream + const EvAccess + const EvApproval + const IdentityVaultRef + const ProofHeader + var ErrUnauthenticated = errors.New("controlplane: unauthenticated") + func Attenuate(tok string, holder *Identity, nextAudience ed25519.PublicKey, scope Scope, ...) (string, error) + func ExternalName(pub ed25519.PublicKey, base, purpose string, c Constraints) (string, error) + func Issue(issuer *Identity, audience ed25519.PublicKey, scope Scope, ...) (string, error) + func Name() func(resource.Resource) string + func ParsePrincipalID(id string) (ed25519.PublicKey, error) + func PrincipalID(pub ed25519.PublicKey) string + func SignProof(holder *Identity, method, path, nonce string, now time.Time) (string, error) + func SpecField(path ...string) func(resource.Resource) string + func StatusField(path ...string) func(resource.Resource) string + type ActionFunc func(ctx context.Context, p Principal, res resource.Resource) (any, error) + type ActionSpec struct + Action string + Dangerous bool + MinScope Scope + Quorum int + Run ActionFunc + type Authenticator interface + Authenticate func(r *http.Request) (Principal, error) + type Authority struct + Grant capability.Grant + Scope Scope + Subject string + func Verify(tok string, issuer ed25519.PublicKey, now time.Time) (Authority, error) + type Change struct + Kind ChangeKind + Resource resource.Resource + type ChangeKind string + const Added + const Deleted + const Modified + type Column struct + Header string + Project func(resource.Resource) string + type Constraints struct + Charset string + LeadLetter bool + MaxLen int + MinLen int + Separator string + func DNSName(maxLen int) Constraints + func (c Constraints) Validate(name string) error + type DelegationAuthenticator struct + func NewDelegationAuthenticator(issuer ed25519.PublicKey, clk clock.Clock) *DelegationAuthenticator + func (a *DelegationAuthenticator) Authenticate(r *http.Request) (Principal, error) + type DenyAll struct + func (DenyAll) Authenticate(*http.Request) (Principal, error) + type Descriptor struct + Columns []Column + Kind string + type Detail struct + Columns []string + Events []spine.Event + Resource resource.Resource + Row Row + func Describe(ctx context.Context, store resource.Store, log spine.Log, d Descriptor, ...) (Detail, error) + type FieldDelta struct + A string + B string + Field string + func Diff(a, b resource.Resource) []FieldDelta + type Identity struct + func GenerateIdentity() (*Identity, error) + func IdentityFromSeed(seed []byte) (*Identity, error) + func LoadOrCreateIdentity(ctx context.Context, v SeedVault, ref string) (*Identity, error) + func (i *Identity) ExternalName(base, purpose string, c Constraints) (string, error) + func (i *Identity) ID() string + func (i *Identity) Public() ed25519.PublicKey + func (i *Identity) Seed() []byte + type NameSource string + const NameEphemeral + const NameIdentity + const NameOverride + type Option func(*Server) + func WithAction(verb string, spec ActionSpec) Option + func WithAdmitter(a dispatch.Admitter) Option + func WithApprovals(v *approval.Verifier, host string) Option + func WithLocalGrant(g capability.Grant) Option + func WithLogger(l observe.Logger) Option + func WithWatchPoll(d time.Duration) Option + type PollWatcher struct + func NewPollWatcher(store resource.Store, kind string, sel resource.Selector) *PollWatcher + func (w *PollWatcher) Poll(ctx context.Context) ([]Change, error) + type PossessionAuthenticator struct + func RequirePossession(inner Authenticator, clk clock.Clock, opts ...PossessionOption) *PossessionAuthenticator + func (p *PossessionAuthenticator) Authenticate(r *http.Request) (Principal, error) + type PossessionOption func(*PossessionAuthenticator) + func WithProofSkew(d time.Duration) PossessionOption + func WithTLSPossession() PossessionOption + type Principal struct + Grant capability.Grant + ID string + Scope Scope + type ResolvedName struct + Source NameSource + Value string + func ResolveName(id *Identity, base, purpose, override string, c Constraints) (ResolvedName, error) + type Row struct + Cells []string + ID string + Name string + type Scope int + const ScopeAdmin + const ScopeNone + const ScopeOperator + const ScopeRead + func (s Scope) Allows(required Scope) bool + func (s Scope) String() string + type SeedVault interface + Lookup func(ctx context.Context, ref string) (secret.Text, error) + Set func(ctx context.Context, ref string, value secret.Text) error + type Server struct + func NewServer(store resource.Store, log spine.Log, auth Authenticator, opts ...Option) *Server + func (s *Server) Handler() http.Handler + type Table struct + Columns []string + Rows []Row + func List(ctx context.Context, store resource.Store, d Descriptor, sel resource.Selector) (Table, error) + type TokenAuthenticator struct + func GeneratedOperator(id string, scope Scope, mint func() (string, error)) (*TokenAuthenticator, string, error) + func NewTokenAuthenticator(tokens map[string]Principal) *TokenAuthenticator + func (a *TokenAuthenticator) Authenticate(r *http.Request) (Principal, error) + type Watcher interface + Poll func(ctx context.Context) ([]Change, error)