72d16929ca
Major refactoring to hexagonal (ports & adapters) architecture: - Add service layer (apikey_service, project_service) for business logic - Add webhook system with dispatcher and delivery tracking - Add command queue with priority-based processing - Add rate limiting with sliding window algorithm - Add audit logging for command execution - Add OpenTelemetry integration (traces, metrics, spans) - Add circuit breaker for fault tolerance - Add cached repository wrapper for performance - Add comprehensive validation package - Add Kubernetes client integration for pod management - Add database migrations (allowed_ips, audit_log, rate_limiting, queue, webhooks) - Add network policy and PodDisruptionBudget for k8s - Remove legacy executor and projects/registry packages - Untrack secrets.yaml (now managed via envault) - Add coverage.out to .gitignore - Add e2e test infrastructure with docker-compose - Add comprehensive documentation (API, architecture, operations, plans) - Add golangci-lint config and pre-commit hook Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
10 lines
500 B
SQL
10 lines
500 B
SQL
-- Add IP allowlisting support to API keys
|
|
-- Allows restricting API key usage to specific IP addresses/CIDR ranges
|
|
|
|
-- Add allowed_ips column to api_keys table
|
|
-- Using TEXT[] to store CIDR notation strings (e.g., "192.168.1.0/24", "10.0.0.0/8")
|
|
-- NULL means no IP restriction (allow from anywhere)
|
|
ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS allowed_ips TEXT[];
|
|
|
|
COMMENT ON COLUMN api_keys.allowed_ips IS 'Array of allowed IP addresses/CIDR ranges. NULL = no restriction (allow from anywhere)';
|