jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4766a54314
rdev/ai-lookup/services/api-keys.md
jordan 39df51defd feat: Add multi-provider code agent interface with Claude Code and OpenCode adapters 
Implements weeks 1-4 of the multi-provider architecture:

Week 1 - Foundation:
- Add domain models (AgentProvider, AgentRequest, AgentEvent, AgentResult)
- Define CodeAgent port interface with Execute, Cancel, Capabilities
- Create thread-safe provider registry with first-registered default

Week 2 - Claude Code Adapter:
- Extract kubectl exec logic into CodeAgent implementation
- Parse stream-json output format (init, message, tool_use, result)
- Support session continuation via --resume flag

Week 3 - OpenCode Adapter:
- HTTP/SSE client for opencode serve API
- Session management (create, send message, abort)
- Event streaming with documented buffer rationale

Week 4 - Quality & Polish:
- Fix race condition in OpenCode Cancel method
- Add AgentRequest.Validate() with ErrPromptRequired, ErrInvalidTimeout
- Document DefaultAvailabilityTimeout constants
- Add HTTP error context for debugging

Also includes:
- Work queue system with PostgreSQL adapter
- Credential store for infrastructure secrets
- Project templates with Woodpecker CI integration
- Comprehensive test coverage

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 09:25:51 -07:00

44 lines
1.2 KiB
Markdown
Raw Blame History

# API Keys
**Last Updated:** 2025-01
**Confidence:** High
## Summary
API keys authenticate all requests to rdev (except health/docs). Keys have scopes, can be restricted to specific projects and IP ranges, and have expiration dates.
**Key Facts:**
- Header: `X-API-Key: <key>`
- Keys are hashed before storage (only prefix visible)
- Admin key via `RDEV_ADMIN_KEY` env var for bootstrap
- Scopes: `projects:read`, `projects:write`, `keys:read`, `keys:write`, `audit:read`
- Project restrictions: nil = all projects, or list of allowed project IDs
- IP restrictions: CIDR notation for allowed ranges
**File Pointers:**
- Service: `internal/auth/service.go`
- Middleware: `internal/auth/middleware.go`
- Handler: `internal/handlers/keys.go`
- Repository: `internal/adapter/postgres/apikey.go`
## Key Lifecycle
1. Create via `POST /keys` (admin only)
2. Key returned once (plaintext), stored hashed
3. Validate on each request via middleware
4. Revoke via `DELETE /keys/{id}`
## Scopes
| Scope | Allows |
|-------|--------|
| `projects:read` | List/get projects |
| `projects:write` | Execute commands |
| `keys:read` | List API keys |
| `keys:write` | Create/delete keys |
| `audit:read` | Query audit logs |
## Related Topics
- [Project Service](./project-service.md)
Reference in New Issue View Git Blame Copy Permalink