Documentation
¶
Index ¶
- Variables
- type Service
- func (s *Service) AccessibleResourceIDs(ctx context.Context, userID string) (map[string]struct{}, error)
- func (s *Service) CreateOwnerTag(ctx context.Context, connectorID, userID string) error
- func (s *Service) CreateResourceOwnerTag(ctx context.Context, resourceID, userID string) error
- func (s *Service) DeleteOwnerTag(ctx context.Context, connectorID string) error
- func (s *Service) DeleteResourceOwnerTag(ctx context.Context, resourceID string) error
- func (s *Service) EnsureToolDefaultTags(ctx context.Context, toolPath string, defaults []tool.DefaultTag) error
- func (s *Service) GroupTags(ctx context.Context) ([]*entity.Tag, error)
- func (s *Service) SyncSystemTagsForAllAdmins(ctx context.Context) error
- func (s *Service) TagsByIDs(ctx context.Context, ids []string) ([]*entity.Tag, error)
- func (s *Service) ToolTagIDs(ctx context.Context, toolPaths []string) (map[string][]string, error)
- func (s *Service) UserOwnsConnector(ctx context.Context, userID, connectorID string) (bool, error)
- func (s *Service) UserOwnsResource(ctx context.Context, userID, resourceID string) (bool, error)
Constants ¶
This section is empty.
Variables ¶
var ( // Text is the home-page group for text formatting / conversion / // manipulation tools. Text = tool.DefaultTag{ Name: "Text", Description: "Text formatting, conversion, and manipulation.", IsGroup: true, SortOrder: 10, } // AI groups AI-powered tools: agent sessions, presets, project // management, and any future model-backed helpers. AI = tool.DefaultTag{ Name: "AI", Description: "AI-powered tools and agent management.", IsGroup: true, SortOrder: 20, } // API groups developer-facing API tooling: request builders, mocking // servers, anything that helps poke at HTTP endpoints. API = tool.DefaultTag{ Name: "API", Description: "Build, mock, and inspect HTTP APIs.", IsGroup: true, SortOrder: 30, } // Security groups credential / token / encryption helpers — anything // that protects a value or reverses that protection. Sized for one // item now (encfields) but broad enough for future siblings (token // rotation, session revocation, audit-log viewer). Security = tool.DefaultTag{ Name: "Security", Description: "Credential, token, and encryption helpers.", IsGroup: true, SortOrder: 40, } // Connector groups LLM-facing wick connectors (built-in and // custom). Tagging a connector row with this tag drops it into the // "Connector" group on the home page so the admin sees every // connector instance under one heading. Connector = tool.DefaultTag{ Name: "Connector", Description: "LLM-callable connectors that wrap external APIs.", IsGroup: true, SortOrder: 50, } // Communication groups chat / messaging connectors (Slack, Telegram, // Discord, email, …). Communication = tool.DefaultTag{ Name: "Communication", Description: "Chat and messaging connectors.", IsGroup: true, SortOrder: 51, } // Development groups source-host and dev-platform connectors (GitHub, // Bitbucket, GitLab, Jira, CI, …). Development = tool.DefaultTag{ Name: "Development", Description: "Source hosts and developer platforms.", IsGroup: true, SortOrder: 52, } // Observability groups logging / metrics / tracing connectors (Loki, // Grafana, Prometheus, Sentry, …). Observability = tool.DefaultTag{ Name: "Observability", Description: "Logging, metrics, and tracing connectors.", IsGroup: true, SortOrder: 53, } // Job groups background jobs that run on a cron schedule or are // triggered manually. Job = tool.DefaultTag{ Name: "Job", Description: "Background jobs with cron scheduling.", IsGroup: true, SortOrder: 90, } // System marks built-in maintenance items (jobs/tools/connectors // shipped by wick itself) that end users should not see or manage. // // Three flags work together: // - IsSystem : admin UI refuses to assign this tag to a user, so // no user can ever "carry" it. // - IsFilter : the tag participates in the access-filter rule — // because no user carries it, the item is hidden // from every non-admin /manager surface. // - IsGroup : the home page renders System-tagged items in // their own group when an admin browses there. // // Sort last so the System group sits at the bottom of the home page. System = tool.DefaultTag{ Name: "System", Description: "Built-in maintenance items shipped with wick. Hidden from non-admin users.", IsGroup: true, IsFilter: true, IsSystem: true, SortOrder: 1000, } )
Default tag catalog. Add new shared tags here so every tool references the same spec — rename/flag changes happen in one place, and adding a tag to a tool is just appending `tags.Foo` to Meta().DefaultTags.
Seeding rules (see tags.Service.EnsureToolDefaultTags):
- A tag with a given Name is created once. Existing tags keep their flags — editing IsGroup/IsFilter here does NOT mutate an existing row. Change the flags from /admin/tags instead.
- Links to a tool are written only on the first registration of that tool (no tool_tag rows yet). Admin unlinks survive restarts.
Functions ¶
This section is empty.
Types ¶
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewService ¶
func (*Service) AccessibleResourceIDs ¶ added in v0.19.0
func (s *Service) AccessibleResourceIDs(ctx context.Context, userID string) (map[string]struct{}, error)
AccessibleResourceIDs returns the set of resource IDs the user has access to (carries an "owner:<id>" tag for), in one query. Use this to filter a list of sessions/projects by access instead of calling UserOwnsResource per resource (which is an N+1 of two queries each).
func (*Service) CreateOwnerTag ¶ added in v0.16.0
CreateOwnerTag creates a tag named "owner:{connectorID}" (IsFilter=true), links it to the connector row path, and links it to the given userID. Idempotent — if the tag already exists the existing tag is reused. Call this whenever a new connector instance row is created by a user.
func (*Service) CreateResourceOwnerTag ¶ added in v0.17.0
CreateResourceOwnerTag creates an owner tag for a generic resource (project, workflow, skill). Unlike CreateOwnerTag it does NOT link a tool-path row — it only creates the tag and links it to the user. The tag name is "owner:{resourceID}". Idempotent.
func (*Service) DeleteOwnerTag ¶ added in v0.16.0
DeleteOwnerTag removes the "owner:{connectorID}" tag and all its ToolTag + UserTag associations. Call this when a connector instance is deleted.
func (*Service) DeleteResourceOwnerTag ¶ added in v0.17.0
DeleteResourceOwnerTag removes the owner tag for the resource and all its UserTag associations. Safe to call when tag doesn't exist.
func (*Service) EnsureToolDefaultTags ¶
func (s *Service) EnsureToolDefaultTags(ctx context.Context, toolPath string, defaults []tool.DefaultTag) error
EnsureToolDefaultTags seeds DefaultTags for a tool on startup. For each spec it ensures the global tag exists by name (creating it with the declared flags if missing; existing tags are left untouched EXCEPT for the IsSystem flag — see below). It then links every spec tag to toolPath only when the tool has *no* tool_tag rows yet — so an admin who later unlinks a tag won't see it return after a restart.
IsSystem is special: it is code-owned (admins cannot toggle it from UI), so this function force-syncs the flag on EXISTING rows whose default declares IsSystem=true. That way a tag created before the IsSystem schema landed gets backfilled with the flag on the next boot — without it, the admin/repo guards (UpdateTag/DeleteTag/SetUserTags) wouldn't recognize the row as protected.
func (*Service) GroupTags ¶
GroupTags returns tags that should render as groups on the home page, ordered by sort_order then name.
func (*Service) SyncSystemTagsForAllAdmins ¶ added in v0.4.0
SyncSystemTagsForAllAdmins reconciles UserTag rows so every existing admin carries every Tag flagged IsSystem. Idempotent — uses FirstOrCreate per (user, tag) pair.
Called once at boot (after EnsureToolDefaultTags has had a chance to seed System tags) so admins who existed before the System-tag schema landed are auto-granted access to System-gated items. Per-user role changes after boot are handled inline by admin.Repo.SetRole — this boot call only catches the migration-time backfill.
func (*Service) TagsByIDs ¶ added in v0.4.0
TagsByIDs returns Tag rows for the given ids. Used by surfaces that have a list of tag ids from ToolTagIDs and want to render names/flags.
func (*Service) ToolTagIDs ¶
ToolTagIDs returns a map from tool_path to the list of tag ids it has.
func (*Service) UserOwnsConnector ¶ added in v0.16.0
UserOwnsConnector reports whether the user carries the owner tag for the given connector instance. Used by canConfigureRow / canConnectSSO.