einherjar/contracts
2
0
Fork 0
Code Issues Pull Requests Packages Releases 1 Activity

feat(contracts): initial implementation (v1.0.0)

Browse Source 
Introduces code.nochebuena.dev/einherjar/contracts — the zero-dependency
foundation of the Einherjar framework. Defines the interfaces and minimal
types consumed by every starter. Zero external dependencies. Zero Einherjar
dependencies. Nothing is above it in the dependency graph.

lifecycle:
- Component — OnInit, OnStart, OnStop three-phase lifecycle hooks

observability:
- Level (LevelCritical=0, LevelDegraded); zero value is the safe default
- Checkable — HealthCheck, Name, Priority
- Identifiable — ModulePath, ModuleVersion; implemented by all starters to
  surface module identity and version in the startup banner

logging:
- Logger — Debug, Info, Warn, Error, With, WithContext

errs:
- CodedError — ErrorCode() string; satisfied by core/xerrors.Err
- ContextualError — ErrorContext() map[string]any; satisfied by core/xerrors.Err

security:
- Identity value type — UID, TenantID, DisplayName, Email; NewIdentity, WithTenant
- Permission (int64), MaxPermission=62, PermissionMask — Has, Grant
- PermissionProvider — ResolveMask(ctx, uid, resource) (PermissionMask, error)
- SecurityBag value type — immutable request-scoped security context; carries
  Identity and arbitrary typed attributes (hardware IDs, grant codes, etc.);
  With copies the attribute map on every call to preserve receiver-invariant behaviour
- NewSecurityBag, Identity, WithIdentity, Get, With
- SetBagInContext / BagFromContext — full bag context storage
- SetInContext / FromContext — backed by SecurityBag; all four cross-function
  combinations (SetInContext+BagFromContext, SetBagInContext+FromContext) are valid

One file per type; CT-6 enforced by compliance test AST walk.
This commit is contained in:
Rene Nochebuena
2026-05-29 15:43:08 +00:00
commit 098a2098f8
31 changed files with 2230 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
security/permission_provider.go Normal file
View File

@@ -0,0 +1,18 @@
package security
import "context"
// PermissionProvider resolves the permission mask for a user on a given resource.
//
// Implementations may call FromContext to retrieve the Identity (and its TenantID)
// when multi-tenancy is required — there is no need to thread tenantID as an
// explicit parameter since it is already in the context.
//
// The resource string identifies what is being accessed (e.g. "orders",
// "invoices"). Its meaning is defined by the application domain.
type PermissionProvider interface {
// ResolveMask returns the PermissionMask for uid on resource.
// A zero mask means no permissions are granted. Callers check individual
// bits with PermissionMask.Has using domain-defined Permission constants.
ResolveMask(ctx context.Context, uid, resource string) (PermissionMask, error)
}