coulomb/flex-auth
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pin FlexAuthResourceManifest schema (resource-registration-v0)
Some checks failed
CI / Build and Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details

Browse Source 
Closes FLEX-WP-0005 T03. Shape pinned against the Markitect-side emitter
in markitect-tool/src/markitect_tool/policy/enterprise.py (FlexAuthResource
+ FlexAuthResourceManifest dataclasses, MKTT-WP-0014).

Artifacts:
- schemas/resource_manifest.schema.json (JSON Schema draft 2020-12)
- examples/markitect/resource_manifest.yaml (mirrors markitect-tool's
  example; metadata.flex_auth_contract = resource-registration-v0)
- pkg/api/resource_manifest.go (Go type with json + yaml tags, plus
  FlexAuthContractV0 const)
- pkg/api/resource_manifest_test.go (golden parse of the example +
  minimal-fields round-trip)

First external dep: gopkg.in/yaml.v3 v3.0.1. SBOM ingested into State Hub
(2 entries) — repo last_sbom_at now non-null. Makefile sbom target gains
a GOPATH/bin fallback so it works without ~/go/bin on PATH.

Interface change published to State Hub (a4a5293e-…) and inbox-notified
markitect-tool. The change is additive — Markitect's existing emitter
matches the pinned schema exactly.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-05-16 02:04:00 +02:00
parent 55120ec20a
commit e2d410de6e
8 changed files with 258 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
pkg/api/resource_manifest.go Normal file
View File

@@ -0,0 +1,30 @@
package api
// ResourceManifest is the shape a protected system publishes to register
// its resources with flex-auth. The shape is pinned against the
// Markitect-side emitter in markitect-tool (MKTT-WP-0014); see
// schemas/resource_manifest.schema.json for the JSON Schema and
// examples/markitect/resource_manifest.yaml for the canonical example.
type ResourceManifest struct {
ID string `json:"id" yaml:"id"`
System string `json:"system" yaml:"system"`
Resources []Resource `json:"resources" yaml:"resources"`
Actions []string `json:"actions,omitempty" yaml:"actions,omitempty"`
Metadata map[string]any `json:"metadata,omitempty" yaml:"metadata,omitempty"`
}
// Resource is one entry in a ResourceManifest.
type Resource struct {
ID string `json:"id" yaml:"id"`
Type string `json:"type" yaml:"type"`
Path string `json:"path,omitempty" yaml:"path,omitempty"`
Parent string `json:"parent,omitempty" yaml:"parent,omitempty"`
Labels []string `json:"labels,omitempty" yaml:"labels,omitempty"`
TrustZone string `json:"trust_zone,omitempty" yaml:"trust_zone,omitempty"`
Owner string `json:"owner,omitempty" yaml:"owner,omitempty"`
Attributes map[string]any `json:"attributes,omitempty" yaml:"attributes,omitempty"`
}
// FlexAuthContractV0 is the metadata.flex_auth_contract value that
// signals the v0 resource-registration contract.
const FlexAuthContractV0 = "resource-registration-v0"