golangLAKEHOUSE

profit/golangLAKEHOUSE

Fork 0

Commit Graph

Author	SHA1	Message	Date
root	0d18ffa780	ADR-003: inter-service auth posture — Bearer + IP allowlist Locks in the auth model that R-001 + R-007 will be retrofitted against. Doc-only — wiring deferred to Sprint 1 when the first non-loopback binding is needed. Decision: Bearer token (from secrets-go.toml [auth] section) + IP allowlist (CIDR list). Both layers required when auth is on; empty token = G0 dev no-op. /health exempt. Implementation shape (when it lands): - internal/shared/auth.go middleware: one chi r.Use line per binary - shared.Run gates: refuses non-loopback bind without configured token - subtle.ConstantTimeCompare for token equality (timing-safe) Alternatives considered + rejected: mTLS — too heavy for single-machine inter-service traffic JWT — buys nothing over Bearer without external IdP IP-only — one stolen IP entry = full access; no defense depth OAuth2 — no external IdP commitment in G0-G3 timeline What this doesn't do: - Doesn't implement (code lands Sprint 1) - Doesn't break G0 dev (empty token = middleware no-op) - Doesn't address gateway→end-user auth (different ADR shape) Closes the design-decision blocker for R-001 and R-007. Wiring ticket: Sprint 1 backlog story S1.2. Also lifts ADR-002 (storaged per-prefix PUT cap) into the doc — it was implemented in 423a381 but not yet recorded as an ADR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 06:05:59 -05:00
Claw	f07668064e	docs: seed PRD + SPEC for the Go-direction rewrite Two documents only — no Go code yet. PRD restates the problem and preserves the Rust PRD's invariants verbatim, then maps the locked stack to Go libraries and surfaces four hard problems (DuckDB-via-cgo for the query engine, Lance dropped, Dioxus → HTMX, arrow-go maturity). SPEC walks each Rust crate + TS surface and tags the port with library choice / effort estimate / risk + a 5-phase migration plan from skeleton (Phase G0) to demo parity (Phase G5). Six open questions remain that gate Phase G0: - DuckDB cgo OK? - HTMX vs React for the UI? - Repo location? - Distillation v1.0.0 port verbatim or rebuild? - Pathway memory data — port 88 traces or start clean? - Auditor lineage — port audit_baselines.jsonl or restart? Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-28 06:35:23 -05:00

Author

SHA1

Message

Date

root

0d18ffa780

ADR-003: inter-service auth posture — Bearer + IP allowlist

Locks in the auth model that R-001 + R-007 will be retrofitted
against. Doc-only — wiring deferred to Sprint 1 when the first
non-loopback binding is needed.

Decision: Bearer token (from secrets-go.toml [auth] section) + IP
allowlist (CIDR list). Both layers required when auth is on; empty
token = G0 dev no-op. /health exempt.

Implementation shape (when it lands):
  - internal/shared/auth.go middleware: one chi r.Use line per binary
  - shared.Run gates: refuses non-loopback bind without configured token
  - subtle.ConstantTimeCompare for token equality (timing-safe)

Alternatives considered + rejected:
  mTLS         — too heavy for single-machine inter-service traffic
  JWT          — buys nothing over Bearer without external IdP
  IP-only      — one stolen IP entry = full access; no defense depth
  OAuth2       — no external IdP commitment in G0-G3 timeline

What this doesn't do:
  - Doesn't implement (code lands Sprint 1)
  - Doesn't break G0 dev (empty token = middleware no-op)
  - Doesn't address gateway→end-user auth (different ADR shape)

Closes the design-decision blocker for R-001 and R-007. Wiring
ticket: Sprint 1 backlog story S1.2.

Also lifts ADR-002 (storaged per-prefix PUT cap) into the doc —
it was implemented in 423a381 but not yet recorded as an ADR.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-29 06:05:59 -05:00

Claw

f07668064e

docs: seed PRD + SPEC for the Go-direction rewrite

Two documents only — no Go code yet. PRD restates the problem and
preserves the Rust PRD's invariants verbatim, then maps the locked
stack to Go libraries and surfaces four hard problems (DuckDB-via-cgo
for the query engine, Lance dropped, Dioxus → HTMX, arrow-go maturity).
SPEC walks each Rust crate + TS surface and tags the port with library
choice / effort estimate / risk + a 5-phase migration plan from
skeleton (Phase G0) to demo parity (Phase G5).

Six open questions remain that gate Phase G0:
- DuckDB cgo OK?
- HTMX vs React for the UI?
- Repo location?
- Distillation v1.0.0 port verbatim or rebuild?
- Pathway memory data — port 88 traces or start clean?
- Auditor lineage — port audit_baselines.jsonl or restart?

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-28 06:35:23 -05:00

2 Commits