jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64ccf0b85d
rdev/ai-lookup/services/api-keys.md
jordan 39df51defd feat: Add multi-provider code agent interface with Claude Code and OpenCode adapters 
Implements weeks 1-4 of the multi-provider architecture:

Week 1 - Foundation:
- Add domain models (AgentProvider, AgentRequest, AgentEvent, AgentResult)
- Define CodeAgent port interface with Execute, Cancel, Capabilities
- Create thread-safe provider registry with first-registered default

Week 2 - Claude Code Adapter:
- Extract kubectl exec logic into CodeAgent implementation
- Parse stream-json output format (init, message, tool_use, result)
- Support session continuation via --resume flag

Week 3 - OpenCode Adapter:
- HTTP/SSE client for opencode serve API
- Session management (create, send message, abort)
- Event streaming with documented buffer rationale

Week 4 - Quality & Polish:
- Fix race condition in OpenCode Cancel method
- Add AgentRequest.Validate() with ErrPromptRequired, ErrInvalidTimeout
- Document DefaultAvailabilityTimeout constants
- Add HTTP error context for debugging

Also includes:
- Work queue system with PostgreSQL adapter
- Credential store for infrastructure secrets
- Project templates with Woodpecker CI integration
- Comprehensive test coverage

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 09:25:51 -07:00

1.2 KiB
Raw Blame History

API Keys

Last Updated: 2025-01 Confidence: High

Summary

API keys authenticate all requests to rdev (except health/docs). Keys have scopes, can be restricted to specific projects and IP ranges, and have expiration dates.

Key Facts:

  • Header: X-API-Key: <key>
  • Keys are hashed before storage (only prefix visible)
  • Admin key via RDEV_ADMIN_KEY env var for bootstrap
  • Scopes: projects:read, projects:write, keys:read, keys:write, audit:read
  • Project restrictions: nil = all projects, or list of allowed project IDs
  • IP restrictions: CIDR notation for allowed ranges

File Pointers:

  • Service: internal/auth/service.go
  • Middleware: internal/auth/middleware.go
  • Handler: internal/handlers/keys.go
  • Repository: internal/adapter/postgres/apikey.go

Key Lifecycle

  1. Create via POST /keys (admin only)
  2. Key returned once (plaintext), stored hashed
  3. Validate on each request via middleware
  4. Revoke via DELETE /keys/{id}

Scopes

Scope Allows
projects:read List/get projects
projects:write Execute commands
keys:read List API keys
keys:write Create/delete keys
audit:read Query audit logs

Related Topics