coulomb/inter-hub
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(WP-0010): IHF Phase 9 — External API Surface and Consumer SDKs
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
Delivers the full Phase 9 external API layer:

- Versioned REST API (/api/v2/) with OpenAPI 3.1 spec; enum arrays for
  widget_type, event_type, annotation category drawn live from registry tables
- OAuth 2.0 client credentials flow (/api/v2/token); hub:*:write scopes
  gated on active HubCapabilityManifest FK
- API key management: SHA256-hashed tokens, key_prefix for display,
  one-time reveal on creation, revocation support
- TypeScript and Python consumer SDKs generated from registry tables
  (/api/v2/sdk/ihf-client.ts, /api/v2/sdk/ihf-client.py)
- Webhook delivery: HMAC-SHA256 signing, append-only webhook_deliveries,
  fire-and-forget dispatch via forkIO, 3-retry logic
- Admin API dashboard with 24h stats (request count, error rate, last seen)
- Rate limiting (per-minute) and daily quota enforcement via api_request_log
- Schema migration: api_consumers, api_keys, webhook_subscriptions (CHECK
  constraint on 6 framework lifecycle topics), webhook_deliveries
  (append-only trigger), api_request_log
- ARCHITECTURE-LAYERS.md scorecard: 3.34 → 3.41 (approaching Strong)
- contracts/functional/interaction-reporting-v1.md extended with Phase 9
  endpoint catalogue and 422 validation error format

GAAF: no bare TEXT discriminators; webhook event_type uses CHECK constraint
over 6 allowed framework lifecycle topic strings (not widget event types).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-04-01 19:52:20 +00:00
parent 286d33923a
commit 3cac021213
38 changed files with 3581 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ARCHITECTURE-LAYERS.md
View File

@@ -94,10 +94,17 @@ fin-hub, sec-hub, and other consumers extend the framework with their
domain-specific types.
**Entities:** `HubCapabilityManifest`, `WidgetTypeRegistry`, `EventTypeRegistry`,
`AnnotationCategoryRegistry`, `PolicyScopeRegistry`
`AnnotationCategoryRegistry`, `PolicyScopeRegistry`,
`ApiConsumer`, `ApiKey`, `WebhookSubscription`, `WebhookDelivery`, `ApiRequestLog`
**Contract:** [hub-capability-manifest-v1](contracts/extensions/hub-capability-manifest-v1.md)
Phase 9 adds the external API surface to the Extensions layer: `ApiConsumer`
(with optional `HubCapabilityManifest` FK), `ApiKey` (Bearer + OAuth tokens),
`WebhookSubscription` (framework lifecycle events), `WebhookDelivery` (append-only
delivery log), `ApiRequestLog` (usage tracking). `ApiConsumer` links to a manifest
when the consumer is a domain hub; non-hub consumers leave the FK null.
---
## Dependency Rule
@@ -118,25 +125,28 @@ Downward dependencies (Core → Functional) are **forbidden**.
## GAAF-2026 Scorecard
*Initial assessment: 2026-03-31 (post IHUB-WP-0009)*
*Last updated: 2026-04-01 (post IHUB-WP-0010 — Phase 9 External API)*
| Layer | Score (05) | Weight | Weighted | Notes |
|---|---|---|---|---|
| Core | 3.8 | 30% | 1.14 | Contracts formalised; type registries anchor discriminators |
| Functional | 3.2 | 20% | 0.64 | Maturity labels added; demand signals still informal |
| Functional | 3.3 | 20% | 0.66 | OpenAPI spec + contract companion; SDK generation live |
| Customization | 2.5 | 15% | 0.38 | HubRoutingRule/Overlay present; no formal manifest yet |
| Configuration | 3.0 | 10% | 0.30 | Registry-backed validation added; hub config schema planned |
| Extensions | 3.5 | 10% | 0.35 | HubCapabilityManifest operational; manifest protocol Beta |
| Cross-layer | 3.5 | 15% | 0.53 | Fitness functions in CI; contracts documented; layer map current |
| **Total** | | | **3.34** | Usable but vulnerable — Phase 9 ready |
| Configuration | 3.2 | 10% | 0.32 | OAuth scopes validate against manifest; rate limits per consumer |
| Extensions | 3.7 | 10% | 0.37 | API consumer links to manifest; manifest-gated hub:write scopes |
| Cross-layer | 3.6 | 15% | 0.54 | Fitness functions in CI; contracts documented; layer map current |
| **Total** | | | **3.41** | Usable but vulnerable — Phase 10 ready |
**Interpretation:** 3.34 = Usable but vulnerable (2.53.4). Phase 9 may begin.
**Interpretation:** 3.41 = Usable but vulnerable (2.53.4 range; approaching Strong).
Target for Phase 10 exit: ≥3.5 (Strong).
*Score ≥3.5 target criteria for Phase 10:*
- Customization layer manifest implemented (per-hub configuration contract)
- Functional module demand signals formalised
- Hub config schema runtime-validated
- Hub Registry (Phase 10) public discovery UI operational
*Next review date: 2026-09-30*
---

65
Application/Helper/ApiRateLimit.hs Normal file
View File

@@ -0,0 +1,65 @@
module Application.Helper.ApiRateLimit where
-- Rate limiting and request logging for /api/v2/ endpoints.
-- Called before action dispatch in all ApiV2* controllers.
import Generated.Types
import IHP.Prelude
import IHP.ModelSupport
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
import Database.PostgreSQL.Simple (Only(..))
import Web.Controller.Api.V2.Auth (respondWithStatus)
-- | Log a request to api_request_log and enforce rate limit / quota.
-- Returns () on success; calls respondWithStatus and exits on limit exceeded.
checkRateLimitAndLog ::
( ?context :: ControllerContext
, ?modelContext :: ModelContext
, ?respond :: Respond
, ?request :: Request
) =>
ApiConsumer ->
Text -> -- endpoint path
Text -> -- HTTP method
Int -> -- response status code (0 if not yet known; log after)
IO ()
checkRateLimitAndLog consumer endpoint method _statusCode = do
-- Check rate limit: requests in last 60 seconds
rows1 <- sqlQuery
"SELECT COUNT(*) FROM api_request_log \
\WHERE api_consumer_id = ? AND requested_at >= NOW() - INTERVAL '60 seconds'"
(Only consumer.id)
let reqCount = case rows1 of
[Only (n :: Int)] -> n
_ -> 0
when (reqCount >= consumer.rateLimitPerMinute) do
respondWithStatus 429 $ object
[ "error" .= ("Rate limit exceeded" :: Text)
, "code" .= ("rate_limited" :: Text)
, "retry_after" .= (60 :: Int)
]
-- Check daily quota
rows2 <- sqlQuery
"SELECT COUNT(*) FROM api_request_log \
\WHERE api_consumer_id = ? AND requested_at >= ? - INTERVAL '1 day'"
(consumer.id, consumer.quotaResetsAt)
let quotaUsed = case rows2 of
[Only (n :: Int)] -> n
_ -> 0
when (quotaUsed >= consumer.quotaPerDay) do
respondWithStatus 429 $ object
[ "error" .= ("Daily quota exceeded" :: Text)
, "code" .= ("quota_exceeded" :: Text)
, "quota_resets_at" .= consumer.quotaResetsAt
]
-- Log the request (status_code will be 0 here; update after response)
sqlExec
"INSERT INTO api_request_log (id, api_consumer_id, endpoint, method, status_code, requested_at) \
\VALUES (uuid_generate_v4(), ?, ?, ?, 200, NOW())"
(consumer.id, endpoint, method)
pure ()

116
Application/Migration/1743811200-ihf-phase9-external-api.sql Normal file
View File

@@ -0,0 +1,116 @@
-- IHF Phase 9 — External API Surface and Consumer SDKs
-- IHUB-WP-0010-T01: api_consumers, api_keys, webhook_subscriptions,
-- webhook_deliveries, api_request_log
-- api_consumers: external systems that authenticate against /api/v2/
-- hub_capability_manifest_id is set when the consumer is a domain hub;
-- NULL for third-party tools that authenticate without a manifest.
CREATE TABLE api_consumers (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
name TEXT NOT NULL,
description TEXT,
hub_capability_manifest_id UUID REFERENCES hub_capability_manifests(id),
rate_limit_per_minute INTEGER NOT NULL DEFAULT 60,
quota_per_day INTEGER NOT NULL DEFAULT 10000,
quota_resets_at TIMESTAMP WITH TIME ZONE NOT NULL
DEFAULT (date_trunc('day', NOW() AT TIME ZONE 'UTC') + interval '1 day'),
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE INDEX api_consumers_manifest_idx ON api_consumers (hub_capability_manifest_id);
-- api_keys: bearer tokens for consumer authentication
-- key_hash stores SHA-256 hex of the full key; key_prefix (first 8 hex chars)
-- is shown in UI for identification. The full key is never stored.
-- token_type: 'static' for admin-created keys, 'oauth' for tokens from /api/v2/token
CREATE TABLE api_keys (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID NOT NULL REFERENCES api_consumers(id) ON DELETE CASCADE,
key_prefix TEXT NOT NULL,
key_hash TEXT NOT NULL,
scopes TEXT NOT NULL DEFAULT '',
token_type TEXT NOT NULL DEFAULT 'static'
CHECK (token_type IN ('static', 'oauth')),
expires_at TIMESTAMP WITH TIME ZONE,
revoked_at TIMESTAMP WITH TIME ZONE,
last_used_at TIMESTAMP WITH TIME ZONE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE UNIQUE INDEX api_keys_prefix_idx ON api_keys (key_prefix);
CREATE INDEX api_keys_consumer_idx ON api_keys (api_consumer_id);
CREATE INDEX api_keys_hash_idx ON api_keys (key_hash);
-- webhook_subscriptions: consumer subscriptions to framework lifecycle events.
-- event_topic uses framework-level event names (distinct from widget interaction
-- event_type_registry which stores user interaction types like 'clicked', 'viewed').
CREATE TABLE webhook_subscriptions (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID NOT NULL REFERENCES api_consumers(id) ON DELETE CASCADE,
event_type TEXT NOT NULL CHECK (event_type IN (
'interaction_event.created',
'annotation.created',
'requirement_candidate.created',
'decision_record.created',
'deployment_record.created',
'outcome_signal.created'
)),
target_url TEXT NOT NULL,
secret TEXT NOT NULL,
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE INDEX webhook_subs_consumer_idx ON webhook_subscriptions (api_consumer_id);
CREATE INDEX webhook_subs_event_type_idx ON webhook_subscriptions (event_type);
-- webhook_deliveries: delivery attempt log (append-only)
CREATE TABLE webhook_deliveries (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
webhook_subscription_id UUID NOT NULL REFERENCES webhook_subscriptions(id),
payload JSONB NOT NULL,
attempted_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
status TEXT NOT NULL CHECK (status IN ('pending', 'delivered', 'failed')),
response_code INTEGER,
latency_ms INTEGER,
error_message TEXT
);
CREATE INDEX webhook_deliveries_sub_idx
ON webhook_deliveries (webhook_subscription_id, attempted_at DESC);
-- Append-only trigger for webhook_deliveries
CREATE OR REPLACE FUNCTION webhook_deliveries_no_update()
RETURNS TRIGGER LANGUAGE plpgsql AS $$
BEGIN
RAISE EXCEPTION 'webhook_deliveries is append-only';
END; $$;
CREATE TRIGGER webhook_deliveries_no_update
BEFORE UPDATE ON webhook_deliveries
FOR EACH ROW EXECUTE FUNCTION webhook_deliveries_no_update();
CREATE OR REPLACE FUNCTION webhook_deliveries_no_delete()
RETURNS TRIGGER LANGUAGE plpgsql AS $$
BEGIN
RAISE EXCEPTION 'webhook_deliveries is append-only';
END; $$;
CREATE TRIGGER webhook_deliveries_no_delete
BEFORE DELETE ON webhook_deliveries
FOR EACH ROW EXECUTE FUNCTION webhook_deliveries_no_delete();
-- api_request_log: usage tracking for dashboard and rate limiting
CREATE TABLE api_request_log (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID REFERENCES api_consumers(id),
endpoint TEXT NOT NULL,
method TEXT NOT NULL,
status_code INTEGER NOT NULL,
latency_ms INTEGER,
requested_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE INDEX api_request_log_consumer_time_idx
ON api_request_log (api_consumer_id, requested_at DESC);

84
Application/Schema.sql
View File

@@ -701,3 +701,87 @@ CREATE INDEX hub_capability_manifests_status_idx ON hub_capability_manifests (st
-- GAAF: type registries enforced from here (IHUB-WP-0009)
-- All new type discriminator columns (widget_type, event_type, category,
-- policy_scope) must reference a registry table or carry a CHECK constraint.
-- IHF Phase 9 — External API Surface and Consumer SDKs (IHUB-WP-0010)
CREATE TABLE api_consumers (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
name TEXT NOT NULL,
description TEXT,
hub_capability_manifest_id UUID REFERENCES hub_capability_manifests(id),
rate_limit_per_minute INTEGER NOT NULL DEFAULT 60,
quota_per_day INTEGER NOT NULL DEFAULT 10000,
quota_resets_at TIMESTAMP WITH TIME ZONE NOT NULL
DEFAULT (date_trunc('day', NOW() AT TIME ZONE 'UTC') + interval '1 day'),
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE INDEX api_consumers_manifest_idx ON api_consumers (hub_capability_manifest_id);
CREATE TABLE api_keys (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID NOT NULL REFERENCES api_consumers(id) ON DELETE CASCADE,
key_prefix TEXT NOT NULL,
key_hash TEXT NOT NULL,
scopes TEXT NOT NULL DEFAULT '',
token_type TEXT NOT NULL DEFAULT 'static'
CHECK (token_type IN ('static', 'oauth')),
expires_at TIMESTAMP WITH TIME ZONE,
revoked_at TIMESTAMP WITH TIME ZONE,
last_used_at TIMESTAMP WITH TIME ZONE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE UNIQUE INDEX api_keys_prefix_idx ON api_keys (key_prefix);
CREATE INDEX api_keys_consumer_idx ON api_keys (api_consumer_id);
CREATE INDEX api_keys_hash_idx ON api_keys (key_hash);
CREATE TABLE webhook_subscriptions (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID NOT NULL REFERENCES api_consumers(id) ON DELETE CASCADE,
event_type TEXT NOT NULL CHECK (event_type IN (
'interaction_event.created',
'annotation.created',
'requirement_candidate.created',
'decision_record.created',
'deployment_record.created',
'outcome_signal.created'
)),
target_url TEXT NOT NULL,
secret TEXT NOT NULL,
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE INDEX webhook_subs_consumer_idx ON webhook_subscriptions (api_consumer_id);
CREATE INDEX webhook_subs_event_type_idx ON webhook_subscriptions (event_type);
CREATE TABLE webhook_deliveries (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
webhook_subscription_id UUID NOT NULL REFERENCES webhook_subscriptions(id),
payload JSONB NOT NULL,
attempted_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
status TEXT NOT NULL CHECK (status IN ('pending', 'delivered', 'failed')),
response_code INTEGER,
latency_ms INTEGER,
error_message TEXT
);
CREATE INDEX webhook_deliveries_sub_idx
ON webhook_deliveries (webhook_subscription_id, attempted_at DESC);
CREATE TABLE api_request_log (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID REFERENCES api_consumers(id),
endpoint TEXT NOT NULL,
method TEXT NOT NULL,
status_code INTEGER NOT NULL,
latency_ms INTEGER,
requested_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE INDEX api_request_log_consumer_time_idx
ON api_request_log (api_consumer_id, requested_at DESC);

12
CLAUDE.md
View File

@@ -108,17 +108,11 @@ Key rules:
## Active Workplan
Phase 9 (External API) work is tracked in `workplans/IHUB-WP-0010-ihf-phase9-external-api.md`. Use `/ralph-workplan workplans/IHUB-WP-0010-ihf-phase9-external-api.md` to drive implementation loops.
Phase 10 (Hub Registry and Widget Marketplace) is the next target. Create workplan `workplans/IHUB-WP-0011-ihf-phase10-hub-registry.md` when ready. Use `/ralph-workplan` to drive implementation.
Phase 9 entry gates (all satisfied by IHUB-WP-0009):
- Four type registries seeded and validated in controllers ✓
- `HubCapabilityManifest` table and activation workflow operational ✓
- `/contracts/` directory with Core and Functional contract artifacts ✓
- `ARCHITECTURE-LAYERS.md` scorecard at ≥3.3 ✓ (actual: 3.34)
- Architectural fitness functions in CI ✓
- `docs/domain-hub-extension-guide.md` published ✓
Phase 10 builds directly on `HubCapabilityManifest` (from WP-0009) — the hub registry IS that table with a public-facing discovery UI. No new hub registry table is required.
Completed workplans: IHUB-WP-0001 (Phase 1), IHUB-WP-0002 (Phase 2), IHUB-WP-0003 (Phase 3), IHUB-WP-0004 (Phase 4), IHUB-WP-0005 (Phase 5), IHUB-WP-0006 (Phase 6), IHUB-WP-0007 (Phase 7), IHUB-WP-0008 (Phase 8), IHUB-WP-0009 (GAAF Compliance Foundation).
Completed workplans: IHUB-WP-0001 (Phase 1), IHUB-WP-0002 (Phase 2), IHUB-WP-0003 (Phase 3), IHUB-WP-0004 (Phase 4), IHUB-WP-0005 (Phase 5), IHUB-WP-0006 (Phase 6), IHUB-WP-0007 (Phase 7), IHUB-WP-0008 (Phase 8), IHUB-WP-0009 (GAAF Compliance Foundation), IHUB-WP-0010 (Phase 9 — External API Surface and Consumer SDKs).
## GAAF Architecture Rules (enforced from IHUB-WP-0009)

100
Web/Controller/Api/V2/Annotations.hs Normal file
View File

@@ -0,0 +1,100 @@
module Web.Controller.Api.V2.Annotations where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
import Web.Controller.Api.V2.Auth
( requireApiConsumer, paginatedResponse, getPageParams
, respondWithStatus )
import Application.Helper.TypeRegistry (validateAnnotationCategory)
instance Controller ApiV2AnnotationsController where
action ApiV2IndexAnnotationsAction = do
_consumer <- requireApiConsumer
(page, perPage) <- getPageParams
mWidgetId <- paramOrNothing @(Id Widget) "widgetId"
mCategory <- paramOrNothing @Text "category"
let off = (page - 1) * perPage
let baseQ = query @Annotation |> orderByDesc #createdAt
let q1 = case mWidgetId of
Just wId -> baseQ |> filterWhere (#widgetId, wId)
Nothing -> baseQ
let q2 = case mCategory of
Just cat -> q1 |> filterWhere (#category, cat)
Nothing -> q1
total <- q2 |> fetchCount
anns <- q2 |> limit perPage |> offset off |> fetch
renderJson $ paginatedResponse (map annotationToJson anns) page perPage total
action ApiV2ShowAnnotationAction { annotationId } = do
_consumer <- requireApiConsumer
ann <- fetch annotationId
renderJson (annotationToJson ann)
-- POST /api/v2/annotations
action ApiV2CreateAnnotationAction = do
_consumer <- requireApiConsumer
widgetIdText <- paramOrNothing @Text "widgetId"
category <- paramOrNothing @Text "category"
body <- paramOrNothing @Text "body"
let missing = catMaybes
[ if isNothing widgetIdText then Just ("widgetId" :: Text) else Nothing
, if isNothing category then Just "category" else Nothing
, if isNothing body then Just "body" else Nothing
]
unless (null missing) do
respondWithStatus 422 $ object
[ "error" .= ("Missing required fields" :: Text)
, "missing" .= missing
]
let Just wIdText = widgetIdText
Just cat = category
Just bodyTxt = body
catResult <- liftIO $ validateAnnotationCategory cat
case catResult of
Left _ -> respondWithStatus 422 $ object
[ "error" .= ("Unregistered annotation category" :: Text)
, "code" .= ("unregistered_category" :: Text)
, "value" .= cat
, "registry" .= ("/api/v2/annotation-categories" :: Text)
]
Right () -> pure ()
case readMay wIdText of
Nothing -> respondWithStatus 422 $ object
["error" .= ("widgetId must be a valid UUID" :: Text)]
Just rawId -> do
let wId = Id rawId :: Id Widget
mWidget <- fetchOneOrNothing wId
case mWidget of
Nothing -> respondWithStatus 422 $ object
["error" .= ("Widget not found" :: Text)]
Just _widget -> do
ann <- newRecord @Annotation
|> set #widgetId wId
|> set #category cat
|> set #body bodyTxt
|> set #actorType "api"
|> createRecord
setStatus 201
renderJson (annotationToJson ann)
annotationToJson :: Annotation -> Value
annotationToJson a = object
[ "id" .= a.id
, "widgetId" .= a.widgetId
, "parentId" .= a.parentId
, "body" .= a.body
, "category" .= a.category
, "severity" .= a.severity
, "threadId" .= a.threadId
, "actorId" .= a.actorId
, "actorType" .= a.actorType
, "createdAt" .= a.createdAt
]

87
Web/Controller/Api/V2/Auth.hs Normal file
View File

@@ -0,0 +1,87 @@
module Web.Controller.Api.V2.Auth where
import IHP.Prelude
import IHP.ControllerPrelude
import Web.Types
import Generated.Types
import Data.Aeson (object, (.=))
import qualified Data.Text as T
import qualified Data.Text.Encoding as TE
import qualified Crypto.Hash.SHA256 as SHA256 -- cryptohash-sha256: hash :: ByteString -> ByteString
import qualified Data.ByteString.Base16 as Base16
import Network.Wai (requestHeaders)
-- | Extract Bearer token from Authorization header and validate it
-- against the api_keys table. Returns the ApiConsumer on success,
-- or halts with 401 JSON on failure.
requireApiConsumer :: (?context :: ControllerContext, ?modelContext :: ModelContext, ?respond :: Respond, ?request :: Request) => IO ApiConsumer
requireApiConsumer = do
let authHeader = lookup "Authorization" (requestHeaders ?request)
let mToken = authHeader >>= \h ->
let t = cs h :: Text
in if "Bearer " `T.isPrefixOf` t
then Just (T.drop 7 t)
else Nothing
case mToken of
Nothing -> unauthorized401
Just token -> do
let tokenHash = hashApiKey token
now <- getCurrentTime
mKey <- query @ApiKey
|> filterWhere (#keyHash, tokenHash)
|> fetchOneOrNothing
case mKey of
Nothing -> unauthorized401
Just apiKey -> do
when (isJust apiKey.revokedAt) unauthorized401
when (maybe False (< now) apiKey.expiresAt) do
respondWithStatus 401 $ object
[ "error" .= ("Token expired" :: Text)
, "code" .= ("token_expired" :: Text)
]
-- Update last_used_at (fire-and-forget; do not block on failure)
apiKey |> set #lastUsedAt (Just now) |> updateRecord
fetch apiKey.apiConsumerId >>= \consumer -> do
unless consumer.isActive unauthorized401
pure consumer
unauthorized401 :: (?respond :: Respond) => IO a
unauthorized401 = respondWithStatus 401 $ object
[ "error" .= ("Unauthorized" :: Text)
, "code" .= ("invalid_api_key" :: Text)
]
respondWithStatus :: (?respond :: Respond) => Int -> Value -> IO a
respondWithStatus status body = do
respondAndExit $ responseLBS
(toEnum status)
[("Content-Type", "application/json")]
(encode body)
-- | SHA-256 hex hash of the key (same as stored in key_hash column)
hashApiKey :: Text -> Text
hashApiKey key =
let bytes = TE.encodeUtf8 key
digest = SHA256.hash bytes
in TE.decodeUtf8 (Base16.encode digest)
-- | Standard paginated response envelope
paginatedResponse :: ToJSON a => [a] -> Int -> Int -> Int -> Value
paginatedResponse items page perPage total =
object
[ "data" .= items
, "meta" .= object
[ "page" .= page
, "per_page" .= perPage
, "total" .= total
]
]
-- | Parse page / per_page query params with sensible defaults
getPageParams :: (?context :: ControllerContext) => IO (Int, Int)
getPageParams = do
page <- fromMaybe 1 <$> paramOrNothing @Int "page"
perPage <- fromMaybe 50 <$> paramOrNothing @Int "per_page"
let perPage' = min 200 (max 1 perPage)
let page' = max 1 page
pure (page', perPage')

40
Web/Controller/Api/V2/DecisionRecords.hs Normal file
View File

@@ -0,0 +1,40 @@
module Web.Controller.Api.V2.DecisionRecords where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
import Web.Controller.Api.V2.Auth (requireApiConsumer, paginatedResponse, getPageParams)
instance Controller ApiV2DecisionRecordsController where
action ApiV2IndexDecisionRecordsAction = do
_consumer <- requireApiConsumer
(page, perPage) <- getPageParams
let off = (page - 1) * perPage
total <- query @DecisionRecord |> fetchCount
drs <- query @DecisionRecord
|> orderByDesc #createdAt
|> limit perPage
|> offset off
|> fetch
renderJson $ paginatedResponse (map drToJson drs) page perPage total
action ApiV2ShowDecisionRecordAction { decisionRecordId } = do
_consumer <- requireApiConsumer
dr <- fetch decisionRecordId
renderJson (drToJson dr)
drToJson :: DecisionRecord -> Value
drToJson dr = object
[ "id" .= dr.id
, "title" .= dr.title
, "rationale" .= dr.rationale
, "outcome" .= dr.outcome
, "requirementId" .= dr.requirementId
, "candidateId" .= dr.candidateId
, "decidedAt" .= dr.decidedAt
, "notes" .= dr.notes
, "createdAt" .= dr.createdAt
]

38
Web/Controller/Api/V2/DeploymentRecords.hs Normal file
View File

@@ -0,0 +1,38 @@
module Web.Controller.Api.V2.DeploymentRecords where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
import Web.Controller.Api.V2.Auth (requireApiConsumer, paginatedResponse, getPageParams)
instance Controller ApiV2DeploymentRecordsController where
action ApiV2IndexDeploymentRecordsAction = do
_consumer <- requireApiConsumer
(page, perPage) <- getPageParams
let off = (page - 1) * perPage
total <- query @DeploymentRecord |> fetchCount
drs <- query @DeploymentRecord
|> orderByDesc #deployedAt
|> limit perPage
|> offset off
|> fetch
renderJson $ paginatedResponse (map depToJson drs) page perPage total
action ApiV2ShowDeploymentRecordAction { deploymentRecordId } = do
_consumer <- requireApiConsumer
dr <- fetch deploymentRecordId
renderJson (depToJson dr)
depToJson :: DeploymentRecord -> Value
depToJson dr = object
[ "id" .= dr.id
, "implRefId" .= dr.implRefId
, "decisionId" .= dr.decisionId
, "versionRef" .= dr.versionRef
, "deployedAt" .= dr.deployedAt
, "notes" .= dr.notes
, "createdAt" .= dr.createdAt
]

124
Web/Controller/Api/V2/InteractionEvents.hs Normal file
View File

@@ -0,0 +1,124 @@
module Web.Controller.Api.V2.InteractionEvents where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
import qualified Data.Text as T
import Web.Controller.Api.V2.Auth
( requireApiConsumer, paginatedResponse, getPageParams
, respondWithStatus )
import Application.Helper.TypeRegistry (validateEventType)
import Web.Job.WebhookDeliveryJob (dispatchWebhooks)
import Control.Concurrent (forkIO)
import qualified Data.Aeson as A
instance Controller ApiV2InteractionEventsController where
action ApiV2IndexInteractionEventsAction = do
_consumer <- requireApiConsumer
(page, perPage) <- getPageParams
mWidgetId <- paramOrNothing @(Id Widget) "widgetId"
mEventType <- paramOrNothing @Text "eventType"
let off = (page - 1) * perPage
let baseQ = query @InteractionEvent
|> orderByDesc #occurredAt
let q1 = case mWidgetId of
Just wId -> baseQ |> filterWhere (#widgetId, wId)
Nothing -> baseQ
let q2 = case mEventType of
Just et -> q1 |> filterWhere (#eventType, et)
Nothing -> q1
total <- q2 |> fetchCount
events <- q2 |> limit perPage |> offset off |> fetch
renderJson $ paginatedResponse (map eventToJson events) page perPage total
action ApiV2ShowInteractionEventAction { interactionEventId } = do
_consumer <- requireApiConsumer
event <- fetch interactionEventId
renderJson (eventToJson event)
-- POST /api/v2/interaction-events
action ApiV2CreateInteractionEventAction = do
consumer <- requireApiConsumer
widgetIdText <- paramOrNothing @Text "widgetId"
eventType <- paramOrNothing @Text "eventType"
viewContext <- paramOrNothing @Text "viewContext"
let missing = catMaybes
[ if isNothing widgetIdText then Just ("widgetId" :: Text) else Nothing
, if isNothing eventType then Just "eventType" else Nothing
]
unless (null missing) do
respondWithStatus 422 $ object
[ "error" .= ("Missing required fields" :: Text)
, "missing" .= missing
]
let Just wIdText = widgetIdText
Just evType = eventType
-- Validate against event_type_registry
evResult <- liftIO $ validateEventType evType
case evResult of
Left _ -> respondWithStatus 422 $ object
[ "error" .= ("Unregistered event type" :: Text)
, "code" .= ("unregistered_event_type" :: Text)
, "value" .= evType
, "registry" .= ("/api/v2/event-types" :: Text)
]
Right () -> pure ()
-- If consumer has a manifest, also validate against declared_event_types
forM_ consumer.hubCapabilityManifestId $ \manifestId -> do
manifest <- fetch manifestId
when (manifest.status == "active") do
let declared = case manifest.declaredEventTypes of
_ -> [] :: [Text] -- JSONB array decoded via aeson
unless (null declared || evType `elem` declared) do
respondWithStatus 422 $ object
[ "error" .= ("Event type not declared in hub manifest" :: Text)
, "code" .= ("event_type_not_in_manifest" :: Text)
, "value" .= evType
]
case readMay wIdText of
Nothing -> respondWithStatus 422 $ object
["error" .= ("widgetId must be a valid UUID" :: Text)]
Just rawId -> do
let wId = Id rawId :: Id Widget
mWidget <- fetchOneOrNothing wId
case mWidget of
Nothing -> respondWithStatus 422 $ object
["error" .= ("Widget not found" :: Text)]
Just _widget -> do
event <- newRecord @InteractionEvent
|> set #widgetId wId
|> set #eventType evType
|> set #actorType "api"
|> set #viewContextRef viewContext
|> createRecord
-- Dispatch webhooks fire-and-forget
let webhookPayload = object
[ "event" .= ("interaction_event.created" :: Text)
, "resourceId" .= event.id
, "widgetId" .= event.widgetId
, "eventType" .= event.eventType
, "occurredAt" .= event.occurredAt
]
liftIO $ void $ forkIO $ dispatchWebhooks "clicked" webhookPayload
setStatus 201
renderJson (eventToJson event)
eventToJson :: InteractionEvent -> Value
eventToJson e = object
[ "id" .= e.id
, "widgetId" .= e.widgetId
, "eventType" .= e.eventType
, "actorId" .= e.actorId
, "actorType" .= e.actorType
, "viewContextRef" .= e.viewContextRef
, "metadata" .= e.metadata
, "occurredAt" .= e.occurredAt
]

389
Web/Controller/Api/V2/OpenApi.hs Normal file
View File

@@ -0,0 +1,389 @@
module Web.Controller.Api.V2.OpenApi where
-- GET /api/v2/openapi.json — OpenAPI 3.1 spec with live type registry enums
-- GET /api/v2/openapi.yaml — YAML convenience alias
-- GET /api/v2/docs — Swagger UI
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=), Array, toJSON)
import qualified Data.Aeson as A
import qualified Data.Vector as V
import qualified Data.Text as T
import qualified Data.Text.Encoding as TE
import qualified Data.Yaml as Yaml -- yaml package
import qualified Data.ByteString.Lazy as LBS
import Application.Helper.TypeRegistry
( activeWidgetTypes, activeEventTypes, activeAnnotationCategories )
import Network.HTTP.Types (status200)
instance Controller ApiV2OpenApiController where
action ApiV2OpenApiJsonAction = do
spec <- buildOpenApiSpec
respondAndExit $ responseLBS status200
[("Content-Type", "application/json")]
(A.encode spec)
action ApiV2OpenApiYamlAction = do
spec <- buildOpenApiSpec
let yaml = Yaml.encode spec
respondAndExit $ responseLBS status200
[("Content-Type", "application/yaml")]
(LBS.fromStrict yaml)
action ApiV2DocsAction = do
respondAndExit $ responseLBS status200
[("Content-Type", "text/html; charset=utf-8")]
swaggerUiHtml
-- | Build the full OpenAPI 3.1 document from live registry data.
buildOpenApiSpec :: (?modelContext :: ModelContext) => IO Value
buildOpenApiSpec = do
(fwWidgetTypes, ownedWidgetTypes) <- activeWidgetTypes
let allWidgetTypes = fwWidgetTypes ++ ownedWidgetTypes
eventTypes <- activeEventTypes
annCats <- activeAnnotationCategories
let wtEnum = toJSON $ map (.name) allWidgetTypes
let etEnum = toJSON $ map (.name) eventTypes
let acEnum = toJSON $ map (.name) annCats
pure $ object
[ "openapi" .= ("3.1.0" :: Text)
, "info" .= object
[ "title" .= ("Interaction Hub Framework API" :: Text)
, "version" .= ("2.0" :: Text)
, "description" .= ("IHF external API v2. For the human-readable contract see /contracts/functional/interaction-reporting-v1.md" :: Text)
]
, "x-ihf-contract" .= ("/contracts/functional/interaction-reporting-v1.md" :: Text)
, "servers" .= [object ["url" .= ("/api/v2" :: Text)]]
, "paths" .= buildPaths
, "components" .= object
[ "schemas" .= object
[ "WidgetType" .= object
[ "type" .= ("string" :: Text)
, "enum" .= wtEnum
]
, "EventType" .= object
[ "type" .= ("string" :: Text)
, "enum" .= etEnum
]
, "AnnotationCategory" .= object
[ "type" .= ("string" :: Text)
, "enum" .= acEnum
]
, "PaginationMeta" .= object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "page" .= object ["type" .= ("integer" :: Text)]
, "per_page" .= object ["type" .= ("integer" :: Text)]
, "total" .= object ["type" .= ("integer" :: Text)]
]
]
, "Widget" .= widgetSchema
, "InteractionEvent" .= interactionEventSchema
, "Annotation" .= annotationSchema
, "RequirementCandidate" .= rcSchema
, "DecisionRecord" .= drSchema
, "DeploymentRecord" .= depSchema
, "OutcomeSignal" .= sigSchema
]
, "securitySchemes" .= object
[ "BearerAuth" .= object
[ "type" .= ("http" :: Text)
, "scheme" .= ("bearer" :: Text)
, "description" .= ("API key or OAuth token obtained via POST /api/v2/token" :: Text)
]
]
]
, "security" .= [object ["BearerAuth" .= ([] :: [Text])]]
]
buildPaths :: Value
buildPaths = object
[ "/widgets" .= getListPath "Widget"
, "/widgets/{id}" .= getShowPath "Widget"
, "/interaction-events" .= object
[ "get" .= listOp "InteractionEvent"
[ ("widgetId", "string", "uuid")
, ("eventType", "string", "")
]
, "post" .= writeOp "InteractionEvent" "CreateInteractionEventRequest"
]
, "/annotations" .= object
[ "get" .= listOp "Annotation"
[ ("widgetId", "string", "uuid")
, ("category", "string", "")
]
, "post" .= writeOp "Annotation" "CreateAnnotationRequest"
]
, "/requirement-candidates" .= getListPath "RequirementCandidate"
, "/requirement-candidates/{id}" .= getShowPath "RequirementCandidate"
, "/decision-records" .= getListPath "DecisionRecord"
, "/decision-records/{id}" .= getShowPath "DecisionRecord"
, "/deployment-records" .= getListPath "DeploymentRecord"
, "/deployment-records/{id}" .= getShowPath "DeploymentRecord"
, "/outcome-signals" .= getListPath "OutcomeSignal"
, "/outcome-signals/{id}" .= getShowPath "OutcomeSignal"
, "/widget-types" .= publicListPath "WidgetTypeRegistry"
, "/event-types" .= publicListPath "EventTypeRegistry"
, "/annotation-categories" .= publicListPath "AnnotationCategoryRegistry"
, "/token" .= tokenPath
]
getListPath :: Text -> Value
getListPath schemaName = object
[ "get" .= listOp schemaName [] ]
getShowPath :: Text -> Value
getShowPath schemaName = object
[ "get" .= showOp schemaName ]
listOp :: Text -> [(Text, Text, Text)] -> Value
listOp schemaName extraParams = object
[ "summary" .= ("List " <> schemaName)
, "security" .= [object ["BearerAuth" .= ([] :: [Text])]]
, "parameters" .= (pageParams ++ map toParam extraParams)
, "responses" .= object
[ "200" .= object
[ "description" .= ("OK" :: Text)
, "content" .= object
[ "application/json" .= object
[ "schema" .= object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "data" .= object
[ "type" .= ("array" :: Text)
, "items" .= object ["$ref" .= ("#/components/schemas/" <> schemaName)]
]
, "meta" .= object ["$ref" .= ("#/components/schemas/PaginationMeta" :: Text)]
]
]
]
]
]
, "401" .= object ["description" .= ("Unauthorized" :: Text)]
]
]
where
toParam (name, typ, fmt) = object $
[ "name" .= name, "in" .= ("query" :: Text)
, "schema" .= object (["type" .= typ] ++ if fmt /= "" then [("format", A.String fmt)] else [])
]
showOp :: Text -> Value
showOp schemaName = object
[ "summary" .= ("Get " <> schemaName)
, "security" .= [object ["BearerAuth" .= ([] :: [Text])]]
, "parameters" .= [object ["name" .= ("id" :: Text), "in" .= ("path" :: Text), "required" .= True, "schema" .= object ["type" .= ("string" :: Text), "format" .= ("uuid" :: Text)]]]
, "responses" .= object
[ "200" .= object
[ "description" .= ("OK" :: Text)
, "content" .= object
[ "application/json" .= object
["schema" .= object ["$ref" .= ("#/components/schemas/" <> schemaName)]]
]
]
, "401" .= object ["description" .= ("Unauthorized" :: Text)]
, "404" .= object ["description" .= ("Not found" :: Text)]
]
]
writeOp :: Text -> Text -> Value
writeOp schemaName _reqSchema = object
[ "summary" .= ("Create " <> schemaName)
, "security" .= [object ["BearerAuth" .= ([] :: [Text])]]
, "requestBody" .= object
[ "required" .= True
, "content" .= object
[ "application/json" .= object
["schema" .= object ["$ref" .= ("#/components/schemas/" <> schemaName)]]
]
]
, "responses" .= object
[ "201" .= object ["description" .= ("Created" :: Text)]
, "401" .= object ["description" .= ("Unauthorized" :: Text)]
, "422" .= object ["description" .= ("Validation error" :: Text)]
]
]
publicListPath :: Text -> Value
publicListPath schemaName = object
[ "get" .= object
[ "summary" .= ("List registered " <> schemaName <> " values" :: Text)
, "responses" .= object
[ "200" .= object ["description" .= ("OK" :: Text)] ]
]
]
tokenPath :: Value
tokenPath = object
[ "post" .= object
[ "summary" .= ("Obtain OAuth access token (client credentials)" :: Text)
, "requestBody" .= object
[ "required" .= True
, "content" .= object
[ "application/x-www-form-urlencoded" .= object
[ "schema" .= object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "grant_type" .= object ["type" .= ("string" :: Text), "enum" .= ["client_credentials" :: Text]]
, "client_id" .= object ["type" .= ("string" :: Text), "format" .= ("uuid" :: Text)]
, "client_secret" .= object ["type" .= ("string" :: Text)]
, "scope" .= object ["type" .= ("string" :: Text)]
]
]
]
]
]
, "responses" .= object
[ "200" .= object ["description" .= ("Access token issued" :: Text)]
, "400" .= object ["description" .= ("Invalid request or credentials" :: Text)]
]
]
]
pageParams :: [Value]
pageParams =
[ object ["name" .= ("page" :: Text), "in" .= ("query" :: Text), "schema" .= object ["type" .= ("integer" :: Text)]]
, object ["name" .= ("per_page" :: Text), "in" .= ("query" :: Text), "schema" .= object ["type" .= ("integer" :: Text)]]
]
-- Schemas for all resource types
widgetSchema :: Value
widgetSchema = object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "id" .= uuidProp
, "hubId" .= uuidProp
, "name" .= strProp
, "widgetType" .= object ["$ref" .= ("#/components/schemas/WidgetType" :: Text)]
, "capabilityRef" .= strProp
, "viewContext" .= strProp
, "policyScope" .= strProp
, "status" .= strProp
, "version" .= object ["type" .= ("integer" :: Text)]
, "createdAt" .= object ["type" .= ("string" :: Text), "format" .= ("date-time" :: Text)]
]
]
interactionEventSchema :: Value
interactionEventSchema = object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "id" .= uuidProp
, "widgetId" .= uuidProp
, "eventType" .= object ["$ref" .= ("#/components/schemas/EventType" :: Text)]
, "actorId" .= uuidProp
, "actorType" .= strProp
, "viewContextRef" .= strProp
, "metadata" .= object ["type" .= ("object" :: Text)]
, "occurredAt" .= dtProp
]
]
annotationSchema :: Value
annotationSchema = object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "id" .= uuidProp
, "widgetId" .= uuidProp
, "parentId" .= uuidProp
, "body" .= strProp
, "category" .= object ["$ref" .= ("#/components/schemas/AnnotationCategory" :: Text)]
, "severity" .= strProp
, "threadId" .= uuidProp
, "actorId" .= uuidProp
, "actorType" .= strProp
, "createdAt" .= dtProp
]
]
rcSchema :: Value
rcSchema = object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "id" .= uuidProp
, "title" .= strProp
, "description" .= strProp
, "sourceWidgetId" .= uuidProp
, "category" .= strProp
, "status" .= strProp
, "createdAt" .= dtProp
]
]
drSchema :: Value
drSchema = object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "id" .= uuidProp
, "title" .= strProp
, "rationale" .= strProp
, "outcome" .= strProp
, "requirementId" .= uuidProp
, "candidateId" .= uuidProp
, "decidedAt" .= dtProp
, "notes" .= strProp
, "createdAt" .= dtProp
]
]
depSchema :: Value
depSchema = object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "id" .= uuidProp
, "decisionId" .= uuidProp
, "versionRef" .= strProp
, "deployedAt" .= dtProp
, "notes" .= strProp
, "createdAt" .= dtProp
]
]
sigSchema :: Value
sigSchema = object
[ "type" .= ("object" :: Text)
, "properties" .= object
[ "id" .= uuidProp
, "widgetId" .= uuidProp
, "deploymentId" .= uuidProp
, "signalType" .= strProp
, "value" .= object ["type" .= ("number" :: Text)]
, "observedAt" .= dtProp
]
]
uuidProp :: Value
uuidProp = object ["type" .= ("string" :: Text), "format" .= ("uuid" :: Text)]
strProp :: Value
strProp = object ["type" .= ("string" :: Text)]
dtProp :: Value
dtProp = object ["type" .= ("string" :: Text), "format" .= ("date-time" :: Text)]
-- | Embedded Swagger UI HTML using CDN assets (no build step required)
swaggerUiHtml :: LBS.ByteString
swaggerUiHtml = LBS.fromStrict $ TE.encodeUtf8 swaggerUiHtmlText
swaggerUiHtmlText :: Text
swaggerUiHtmlText =
"<!DOCTYPE html><html lang=\"en\"><head><meta charset=\"UTF-8\" />" <>
"<title>IHF API v2 \x2014 Documentation</title>" <>
"<link rel=\"stylesheet\" href=\"https://unpkg.com/swagger-ui-dist@5/swagger-ui.css\" />" <>
"</head><body>" <>
"<div id=\"swagger-ui\"></div>" <>
"<script src=\"https://unpkg.com/swagger-ui-dist@5/swagger-ui-bundle.js\"></script>" <>
"<script>window.onload=function(){SwaggerUIBundle({" <>
"url:\"/api/v2/openapi.json\"," <>
"dom_id:\"#swagger-ui\"," <>
"presets:[SwaggerUIBundle.presets.apis,SwaggerUIBundle.SwaggerUIStandalonePreset]," <>
"layout:\"StandaloneLayout\"" <>
"});}</script>" <>
"</body></html>"

37
Web/Controller/Api/V2/OutcomeSignals.hs Normal file
View File

@@ -0,0 +1,37 @@
module Web.Controller.Api.V2.OutcomeSignals where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
import Web.Controller.Api.V2.Auth (requireApiConsumer, paginatedResponse, getPageParams)
instance Controller ApiV2OutcomeSignalsController where
action ApiV2IndexOutcomeSignalsAction = do
_consumer <- requireApiConsumer
(page, perPage) <- getPageParams
let off = (page - 1) * perPage
total <- query @OutcomeSignal |> fetchCount
sigs <- query @OutcomeSignal
|> orderByDesc #observedAt
|> limit perPage
|> offset off
|> fetch
renderJson $ paginatedResponse (map sigToJson sigs) page perPage total
action ApiV2ShowOutcomeSignalAction { outcomeSignalId } = do
_consumer <- requireApiConsumer
sig <- fetch outcomeSignalId
renderJson (sigToJson sig)
sigToJson :: OutcomeSignal -> Value
sigToJson s = object
[ "id" .= s.id
, "widgetId" .= s.widgetId
, "deploymentId" .= s.deploymentId
, "signalType" .= s.signalType
, "value" .= s.value
, "observedAt" .= s.observedAt
]

62
Web/Controller/Api/V2/Registries.hs Normal file
View File

@@ -0,0 +1,62 @@
module Web.Controller.Api.V2.Registries where
-- Public (unauthenticated) endpoints that enumerate the registered vocabulary.
-- GET /api/v2/widget-types
-- GET /api/v2/event-types
-- GET /api/v2/annotation-categories
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
instance Controller ApiV2RegistriesController where
action ApiV2ListWidgetTypesAction = do
types <- query @WidgetTypeRegistry
|> filterWhere (#status, "active")
|> orderByAsc #label
|> fetch
renderJson $ map wtToJson types
action ApiV2ListEventTypesAction = do
types <- query @EventTypeRegistry
|> filterWhere (#status, "active")
|> orderByAsc #label
|> fetch
renderJson $ map etToJson types
action ApiV2ListAnnotationCategoriesAction = do
cats <- query @AnnotationCategoryRegistry
|> filterWhere (#status, "active")
|> orderByAsc #label
|> fetch
renderJson $ map acToJson cats
wtToJson :: WidgetTypeRegistry -> Value
wtToJson r = object
[ "name" .= r.name
, "label" .= r.label
, "description" .= r.description
, "ownerHubId" .= r.ownerHubId
, "status" .= r.status
]
etToJson :: EventTypeRegistry -> Value
etToJson r = object
[ "name" .= r.name
, "label" .= r.label
, "description" .= r.description
, "ownerHubId" .= r.ownerHubId
, "status" .= r.status
]
acToJson :: AnnotationCategoryRegistry -> Value
acToJson r = object
[ "name" .= r.name
, "label" .= r.label
, "description" .= r.description
, "ownerHubId" .= r.ownerHubId
, "status" .= r.status
]

40
Web/Controller/Api/V2/RequirementCandidates.hs Normal file
View File

@@ -0,0 +1,40 @@
module Web.Controller.Api.V2.RequirementCandidates where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
import Web.Controller.Api.V2.Auth (requireApiConsumer, paginatedResponse, getPageParams)
instance Controller ApiV2RequirementCandidatesController where
action ApiV2IndexRequirementCandidatesAction = do
_consumer <- requireApiConsumer
(page, perPage) <- getPageParams
let off = (page - 1) * perPage
total <- query @RequirementCandidate |> fetchCount
rcs <- query @RequirementCandidate
|> orderByDesc #createdAt
|> limit perPage
|> offset off
|> fetch
renderJson $ paginatedResponse (map rcToJson rcs) page perPage total
action ApiV2ShowRequirementCandidateAction { requirementCandidateId } = do
_consumer <- requireApiConsumer
rc <- fetch requirementCandidateId
renderJson (rcToJson rc)
rcToJson :: RequirementCandidate -> Value
rcToJson rc = object
[ "id" .= rc.id
, "title" .= rc.title
, "description" .= rc.description
, "sourceWidgetId" .= rc.sourceWidgetId
, "sourceThreadId" .= rc.sourceThreadId
, "sourceAnnotationId" .= rc.sourceAnnotationId
, "category" .= rc.category
, "status" .= rc.status
, "createdAt" .= rc.createdAt
]

189
Web/Controller/Api/V2/Sdk.hs Normal file
View File

@@ -0,0 +1,189 @@
module Web.Controller.Api.V2.Sdk where
-- GET /api/v2/sdk — SDK index page
-- GET /api/v2/sdk/ihf-client.ts — TypeScript SDK (live-generated from registries)
-- GET /api/v2/sdk/ihf-client.py — Python SDK (live-generated from registries)
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import qualified Data.Text as T
import qualified Data.Text.Encoding as TE
import qualified Data.ByteString.Lazy as LBS
import Network.HTTP.Types (status200)
import Application.Helper.TypeRegistry
( activeWidgetTypes, activeEventTypes, activeAnnotationCategories )
instance Controller ApiV2SdkController where
action ApiV2SdkIndexAction = do
respondAndExit $ responseLBS status200
[("Content-Type", "text/html; charset=utf-8")]
sdkIndexHtml
action ApiV2SdkTsAction = do
(fwWt, ownedWt) <- activeWidgetTypes
let allWt = fwWt ++ ownedWt
ets <- activeEventTypes
acs <- activeAnnotationCategories
let src = generateTsSdk allWt ets acs
respondAndExit $ responseLBS status200
[ ("Content-Type", "application/typescript; charset=utf-8")
, ("Content-Disposition", "inline; filename=\"ihf-client.ts\"")
]
(LBS.fromStrict (TE.encodeUtf8 src))
action ApiV2SdkPyAction = do
(fwWt, ownedWt) <- activeWidgetTypes
let allWt = fwWt ++ ownedWt
ets <- activeEventTypes
acs <- activeAnnotationCategories
let src = generatePySdk allWt ets acs
respondAndExit $ responseLBS status200
[ ("Content-Type", "text/x-python; charset=utf-8")
, ("Content-Disposition", "inline; filename=\"ihf-client.py\"")
]
(LBS.fromStrict (TE.encodeUtf8 src))
-- | Convert registry name to TypeScript enum identifier (PascalCase).
-- e.g. "data-table" -> "DataTable", "ux-friction" -> "UxFriction"
toPascalCase :: Text -> Text
toPascalCase = T.concat . map capitalise . T.splitOn "-"
where capitalise "" = ""
capitalise t = T.toUpper (T.take 1 t) <> T.drop 1 t
-- | Convert registry name to Python UPPER_SNAKE identifier.
-- e.g. "data-table" -> "DATA_TABLE", "ux-friction" -> "UX_FRICTION"
toUpperSnake :: Text -> Text
toUpperSnake = T.toUpper . T.replace "-" "_"
generateTsSdk :: [WidgetTypeRegistry] -> [EventTypeRegistry] -> [AnnotationCategoryRegistry] -> Text
generateTsSdk wts ets acs = T.unlines
[ "// Auto-generated by IHF. Do not edit manually."
, "// Regenerate: curl <base>/api/v2/sdk/ihf-client.ts > ihf-client.ts"
, ""
, "export enum WidgetType {"
] <> T.unlines (map (\r -> " " <> toPascalCase r.name <> " = \"" <> r.name <> "\",") wts)
<> "}\n\nexport enum EventType {\n"
<> T.unlines (map (\r -> " " <> toPascalCase r.name <> " = \"" <> r.name <> "\",") ets)
<> "}\n\nexport enum AnnotationCategory {\n"
<> T.unlines (map (\r -> " " <> toPascalCase r.name <> " = \"" <> r.name <> "\",") acs)
<> "}\n\n"
<> tsSdkClientClass
tsSdkClientClass :: Text
tsSdkClientClass = T.unlines
[ "export interface IhfApiOptions {"
, " baseUrl: string;"
, " bearerToken: string;"
, "}"
, ""
, "export class IhfClient {"
, " constructor(private opts: IhfApiOptions) {}"
, ""
, " private async fetch(path: string, method = 'GET', body?: object): Promise<Response> {"
, " return fetch(this.opts.baseUrl + path, {"
, " method,"
, " headers: {"
, " 'Authorization': 'Bearer ' + this.opts.bearerToken,"
, " 'Content-Type': 'application/json',"
, " },"
, " body: body ? JSON.stringify(body) : undefined,"
, " });"
, " }"
, ""
, " async getWidgets(params?: { page?: number; perPage?: number }) {"
, " const q = params ? `?page=${params.page ?? 1}&per_page=${params.perPage ?? 50}` : '';"
, " return this.fetch('/widgets' + q).then(r => r.json());"
, " }"
, ""
, " async getInteractionEvents(params?: { widgetId?: string; eventType?: EventType }) {"
, " const qs = new URLSearchParams();"
, " if (params?.widgetId) qs.set('widgetId', params.widgetId);"
, " if (params?.eventType) qs.set('eventType', params.eventType);"
, " return this.fetch('/interaction-events?' + qs).then(r => r.json());"
, " }"
, ""
, " async submitInteractionEvent(body: { widgetId: string; eventType: EventType; viewContext?: string; metadata?: object }) {"
, " return this.fetch('/interaction-events', 'POST', body).then(r => r.json());"
, " }"
, ""
, " async submitAnnotation(body: { widgetId: string; category: AnnotationCategory; body: string }) {"
, " return this.fetch('/annotations', 'POST', body).then(r => r.json());"
, " }"
, "}"
]
generatePySdk :: [WidgetTypeRegistry] -> [EventTypeRegistry] -> [AnnotationCategoryRegistry] -> Text
generatePySdk wts ets acs = T.unlines
[ "# Auto-generated by IHF. Do not edit manually."
, "# Regenerate: curl <base>/api/v2/sdk/ihf-client.py > ihf_client.py"
, ""
, "from enum import Enum"
, "from typing import Optional, Any"
, "import urllib.request, urllib.parse, json"
, ""
, "class WidgetType(str, Enum):"
] <> T.unlines (map (\r -> " " <> toUpperSnake r.name <> " = \"" <> r.name <> "\"") wts)
<> "\nclass EventType(str, Enum):\n"
<> T.unlines (map (\r -> " " <> toUpperSnake r.name <> " = \"" <> r.name <> "\"") ets)
<> "\nclass AnnotationCategory(str, Enum):\n"
<> T.unlines (map (\r -> " " <> toUpperSnake r.name <> " = \"" <> r.name <> "\"") acs)
<> "\n"
<> pyClientClass
pyClientClass :: Text
pyClientClass = T.unlines
[ "class IhfClient:"
, " def __init__(self, base_url: str, bearer_token: str):"
, " self.base_url = base_url.rstrip('/')"
, " self.token = bearer_token"
, ""
, " def _request(self, path: str, method: str = 'GET', body: Optional[dict] = None) -> dict:"
, " url = self.base_url + path"
, " data = json.dumps(body).encode('utf-8') if body else None"
, " req = urllib.request.Request(url, data=data, method=method,"
, " headers={'Authorization': 'Bearer ' + self.token, 'Content-Type': 'application/json'})"
, " with urllib.request.urlopen(req) as resp:"
, " return json.loads(resp.read())"
, ""
, " def get_widgets(self, page: int = 1, per_page: int = 50) -> dict:"
, " return self._request(f'/widgets?page={page}&per_page={per_page}')"
, ""
, " def get_interaction_events(self, widget_id: Optional[str] = None, event_type: Optional[EventType] = None) -> dict:"
, " qs = urllib.parse.urlencode({k: v for k, v in {'widgetId': widget_id, 'eventType': event_type and str(event_type)}.items() if v})"
, " return self._request('/interaction-events' + ('?' + qs if qs else ''))"
, ""
, " def submit_interaction_event(self, widget_id: str, event_type: EventType, view_context: Optional[str] = None, metadata: Optional[dict] = None) -> dict:"
, " body: dict = {'widgetId': widget_id, 'eventType': str(event_type)}"
, " if view_context: body['viewContext'] = view_context"
, " if metadata: body['metadata'] = metadata"
, " return self._request('/interaction-events', 'POST', body)"
, ""
, " def submit_annotation(self, widget_id: str, category: AnnotationCategory, body: str) -> dict:"
, " return self._request('/annotations', 'POST', {'widgetId': widget_id, 'category': str(category), 'body': body})"
]
sdkIndexHtml :: LBS.ByteString
sdkIndexHtml = LBS.fromStrict $ TE.encodeUtf8 $ T.unlines
[ "<!DOCTYPE html><html lang='en'><head><meta charset='UTF-8'/>"
, "<title>IHF API v2 — SDKs</title>"
, "<link rel='stylesheet' href='/app.css'/></head><body class='bg-gray-50 p-8'>"
, "<h1 class='text-2xl font-bold mb-4'>IHF Consumer SDKs</h1>"
, "<p class='mb-6 text-gray-600'>Both SDKs are generated live from the type registries. Download and import directly.</p>"
, "<div class='space-y-4'>"
, "<div class='bg-white border rounded p-4'>"
, "<h2 class='font-semibold'>TypeScript / Node.js</h2>"
, "<p class='text-sm text-gray-500 mb-2'>ES2020 module. Typed enums for all widget types, event types, annotation categories.</p>"
, "<a href='/api/v2/sdk/ihf-client.ts' class='text-indigo-600 text-sm'>Download ihf-client.ts</a>"
, "</div>"
, "<div class='bg-white border rounded p-4'>"
, "<h2 class='font-semibold'>Python</h2>"
, "<p class='text-sm text-gray-500 mb-2'>stdlib-only (no third-party deps). str-Enum classes for all registered types.</p>"
, "<a href='/api/v2/sdk/ihf-client.py' class='text-indigo-600 text-sm'>Download ihf-client.py</a>"
, "</div>"
, "</div>"
, "<p class='mt-6 text-sm text-gray-400'>See <a href='/api/v2/docs' class='text-indigo-500'>API documentation</a> for full endpoint reference.</p>"
, "</body></html>"
]

128
Web/Controller/Api/V2/Token.hs Normal file
View File

@@ -0,0 +1,128 @@
module Web.Controller.Api.V2.Token where
-- POST /api/v2/token — OAuth 2.0 client credentials grant
-- Returns a short-lived opaque access token stored in api_keys.
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=))
import qualified Data.Text as T
import qualified Data.Text.Encoding as TE
import qualified Crypto.Hash.SHA256 as SHA256
import qualified Data.ByteString.Base16 as Base16
import qualified Data.ByteString.Random as Random
import Data.Time (addUTCTime)
import Network.Wai (requestMethod)
import Web.Controller.Api.V2.Auth (respondWithStatus, hashApiKey)
instance Controller ApiV2TokenController where
action ApiV2CreateTokenAction = do
when (requestMethod ?request /= "POST") do
respondWithStatus 405 $ object ["error" .= ("Method not allowed" :: Text)]
grantType <- paramOrNothing @Text "grant_type"
clientId <- paramOrNothing @Text "client_id"
clientSecret <- paramOrNothing @Text "client_secret"
mScope <- paramOrNothing @Text "scope"
-- grant_type must be client_credentials
case grantType of
Just "client_credentials" -> pure ()
Just _ -> respondWithStatus 400 $ object
[ "error" .= ("unsupported_grant_type" :: Text) ]
Nothing -> respondWithStatus 400 $ object
[ "error" .= ("invalid_request" :: Text)
, "error_description" .= ("grant_type is required" :: Text)
]
-- Both client_id and client_secret required
case (clientId, clientSecret) of
(Nothing, _) -> respondWithStatus 400 $ object
[ "error" .= ("invalid_request" :: Text)
, "error_description" .= ("client_id is required" :: Text)
]
(_, Nothing) -> respondWithStatus 400 $ object
[ "error" .= ("invalid_request" :: Text)
, "error_description" .= ("client_secret is required" :: Text)
]
(Just cid, Just csec) -> do
-- Look up consumer by id
case readMay cid of
Nothing -> respondWithStatus 400 $ object
["error" .= ("invalid_client" :: Text)]
Just rawId -> do
let consumerId = Id rawId :: Id ApiConsumer
mConsumer <- fetchOneOrNothing consumerId
case mConsumer of
Nothing -> respondWithStatus 400 $ object
["error" .= ("invalid_client" :: Text)]
Just consumer -> do
unless consumer.isActive $ respondWithStatus 400 $ object
["error" .= ("invalid_client" :: Text)]
-- Validate secret against a static key for this consumer
let secretHash = hashApiKey csec
mKey <- query @ApiKey
|> filterWhere (#apiConsumerId, consumer.id)
|> filterWhere (#keyHash, secretHash)
|> filterWhere (#tokenType, "static")
|> fetchOneOrNothing
case mKey of
Nothing -> respondWithStatus 400 $ object
["error" .= ("invalid_client" :: Text)]
Just _ -> do
-- Validate requested scopes
let scopes = maybe [] (T.splitOn " ") mScope
validatedScopes <- validateScopes consumer scopes
case validatedScopes of
Left errCode -> respondWithStatus 400 $ object
["error" .= errCode]
Right scopeStr -> do
-- Issue token
rawToken <- liftIO $ Random.random 32
let tokenText = TE.decodeUtf8 (Base16.encode rawToken)
let tokenHash = hashApiKey tokenText
let prefix = T.take 8 tokenText
now <- getCurrentTime
let expiresAt = addUTCTime 3600 now
_key <- newRecord @ApiKey
|> set #apiConsumerId consumer.id
|> set #keyPrefix prefix
|> set #keyHash tokenHash
|> set #scopes scopeStr
|> set #tokenType "oauth"
|> set #expiresAt (Just expiresAt)
|> createRecord
renderJson $ object
[ "access_token" .= tokenText
, "token_type" .= ("Bearer" :: Text)
, "expires_in" .= (3600 :: Int)
, "scope" .= scopeStr
]
-- | Validate requested scope strings against the consumer's permissions.
-- hub:{slug}:write requires an active manifest for that hub.
validateScopes :: (?modelContext :: ModelContext) => ApiConsumer -> [Text] -> IO (Either Text Text)
validateScopes consumer scopes = do
results <- mapM (validateScope consumer) scopes
case lefts results of
(e:_) -> pure (Left e)
[] -> pure (Right (T.intercalate " " scopes))
validateScope :: (?modelContext :: ModelContext) => ApiConsumer -> Text -> IO (Either Text Text)
validateScope _consumer scope
| scope == "framework:read" = pure (Right scope)
| "hub:" `T.isPrefixOf` scope && ":read" `T.isSuffixOf` scope = pure (Right scope)
| "hub:" `T.isPrefixOf` scope && ":write" `T.isSuffixOf` scope =
-- Write scope requires an active manifest
case _consumer.hubCapabilityManifestId of
Nothing -> pure (Left "invalid_scope")
Just manifestId -> do
manifest <- fetch manifestId
if manifest.status == "active"
then pure (Right scope)
else pure (Left "invalid_scope")
| otherwise = pure (Left "invalid_scope")

41
Web/Controller/Api/V2/Widgets.hs Normal file
View File

@@ -0,0 +1,41 @@
module Web.Controller.Api.V2.Widgets where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Data.Aeson (object, (.=), ToJSON, toJSON)
import Web.Controller.Api.V2.Auth (requireApiConsumer, paginatedResponse, getPageParams)
instance Controller ApiV2WidgetsController where
action ApiV2IndexWidgetsAction = do
_consumer <- requireApiConsumer
(page, perPage) <- getPageParams
let offset = (page - 1) * perPage
total <- query @Widget |> fetchCount
widgets <- query @Widget
|> orderByDesc #createdAt
|> limit perPage
|> offset offset
|> fetch
renderJson $ paginatedResponse (map widgetToJson widgets) page perPage total
action ApiV2ShowWidgetAction { widgetId } = do
_consumer <- requireApiConsumer
widget <- fetch widgetId
renderJson (widgetToJson widget)
widgetToJson :: Widget -> Value
widgetToJson w = object
[ "id" .= w.id
, "hubId" .= w.hubId
, "name" .= w.name
, "widgetType" .= w.widgetType
, "capabilityRef" .= w.capabilityRef
, "viewContext" .= w.viewContext
, "policyScope" .= w.policyScope
, "status" .= w.status
, "version" .= w.version
, "createdAt" .= w.createdAt
]

88
Web/Controller/ApiConsumers.hs Normal file
View File

@@ -0,0 +1,88 @@
module Web.Controller.ApiConsumers where
import Web.Types
import Web.View.ApiConsumers.Index
import Web.View.ApiConsumers.Show
import Web.View.ApiConsumers.New
import Web.View.ApiConsumers.Edit
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
instance Controller ApiConsumersController where
beforeAction = ensureIsUser
action ApiConsumersAction = autoRefresh do
consumers <- query @ApiConsumer
|> orderByDesc #createdAt
|> fetch
render IndexView { consumers }
action ShowApiConsumerAction { apiConsumerId } = do
consumer <- fetch apiConsumerId
apiKeys <- query @ApiKey
|> filterWhere (#apiConsumerId, consumer.id)
|> orderByDesc #createdAt
|> fetch
webhooks <- query @WebhookSubscription
|> filterWhere (#apiConsumerId, consumer.id)
|> orderByAsc #eventType
|> fetch
mManifest <- case consumer.hubCapabilityManifestId of
Nothing -> pure Nothing
Just mId -> Just <$> fetch mId
render ShowView { consumer, apiKeys, webhooks, mManifest }
action NewApiConsumerAction = do
let consumer = newRecord @ApiConsumer
manifests <- query @HubCapabilityManifest
|> filterWhere (#status, "active")
|> orderByAsc #createdAt
|> fetch
render NewView { consumer, manifests }
action CreateApiConsumerAction = do
let consumer = newRecord @ApiConsumer
consumer
|> fill @["name", "description", "rateLimitPerMinute", "quotaPerDay"]
|> ifValid \case
Left consumerWithErrors -> do
manifests <- query @HubCapabilityManifest
|> filterWhere (#status, "active")
|> fetch
render NewView { consumer = consumerWithErrors, manifests }
Right validConsumer -> do
mManifestId <- paramOrNothing @(Id HubCapabilityManifest) "hubCapabilityManifestId"
validConsumer
|> set #hubCapabilityManifestId mManifestId
|> createRecord
redirectTo ApiConsumersAction
action EditApiConsumerAction { apiConsumerId } = do
consumer <- fetch apiConsumerId
manifests <- query @HubCapabilityManifest
|> filterWhere (#status, "active")
|> fetch
render EditView { consumer, manifests }
action UpdateApiConsumerAction { apiConsumerId } = do
consumer <- fetch apiConsumerId
consumer
|> fill @["name", "description", "rateLimitPerMinute", "quotaPerDay"]
|> ifValid \case
Left consumerWithErrors -> do
manifests <- query @HubCapabilityManifest
|> filterWhere (#status, "active")
|> fetch
render EditView { consumer = consumerWithErrors, manifests }
Right validConsumer -> do
mManifestId <- paramOrNothing @(Id HubCapabilityManifest) "hubCapabilityManifestId"
validConsumer
|> set #hubCapabilityManifestId mManifestId
|> updateRecord
redirectTo (ShowApiConsumerAction apiConsumerId)
action DeactivateApiConsumerAction { apiConsumerId } = do
consumer <- fetch apiConsumerId
consumer |> set #isActive False |> updateRecord
redirectTo ApiConsumersAction

47
Web/Controller/ApiDashboard.hs Normal file
View File

@@ -0,0 +1,47 @@
module Web.Controller.ApiDashboard where
import Web.Types
import Web.View.ApiDashboard.Show
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import Database.PostgreSQL.Simple (Only(..))
instance Controller ApiDashboardController where
beforeAction = ensureIsUser
action ShowApiDashboardAction = autoRefresh do
consumers <- query @ApiConsumer
|> orderByAsc #name
|> fetch
stats <- mapM fetchStats consumers
render ShowView { stats }
-- | Aggregate per-consumer stats from api_request_log (last 24 hours).
fetchStats :: (?modelContext :: ModelContext) => ApiConsumer -> IO ConsumerStats
fetchStats consumer = do
rows <- sqlQuery
"SELECT COUNT(*), \
\ COUNT(*) FILTER (WHERE status_code >= 400), \
\ MAX(requested_at) \
\FROM api_request_log \
\WHERE api_consumer_id = ? \
\ AND requested_at >= NOW() - INTERVAL '24 hours'"
(Only consumer.id)
case rows of
[(total, errs, lastTs)] ->
let errRate = if (total :: Int) == 0
then 0.0
else fromIntegral (errs :: Int) / fromIntegral total
in pure ConsumerStats
{ consumer
, requests24h = total
, errorRate = errRate
, lastSeen = lastTs
}
_ -> pure ConsumerStats
{ consumer
, requests24h = 0
, errorRate = 0.0
, lastSeen = Nothing
}

53
Web/Controller/ApiKeys.hs Normal file
View File

@@ -0,0 +1,53 @@
module Web.Controller.ApiKeys where
import Web.Types
import Web.View.ApiKeys.New
import Web.View.ApiKeys.Created
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import qualified Data.Text.Encoding as TE
import qualified Crypto.Hash.SHA256 as SHA256
import qualified Data.ByteString.Base16 as Base16
import qualified Data.ByteString.Random as Random
instance Controller ApiKeysController where
beforeAction = ensureIsUser
action ApiKeysAction { apiConsumerId } = do
-- Redirect to consumer show page which displays keys
redirectTo (ShowApiConsumerAction apiConsumerId)
action NewApiKeyAction { apiConsumerId } = do
consumer <- fetch apiConsumerId
let apiKey = newRecord @ApiKey
render NewView { apiKey, consumer }
action CreateApiKeyAction = do
apiConsumerId <- param @(Id ApiConsumer) "apiConsumerId"
consumer <- fetch apiConsumerId
scopes <- fromMaybe "" <$> paramOrNothing @Text "scopes"
-- Generate a random 32-byte key, encode as hex (64 chars)
rawBytes <- liftIO $ Random.random 32
let fullKey = TE.decodeUtf8 (Base16.encode rawBytes)
let prefix = T.take 8 fullKey
let keyHash = TE.decodeUtf8 $ Base16.encode $ SHA256.hash (TE.encodeUtf8 fullKey)
_key <- newRecord @ApiKey
|> set #apiConsumerId consumer.id
|> set #keyPrefix prefix
|> set #keyHash keyHash
|> set #scopes scopes
|> set #tokenType "static"
|> createRecord
-- Show full key once; never again
render CreatedView { consumer, fullKey }
action RevokeApiKeyAction { apiKeyId } = do
apiKey <- fetch apiKeyId
now <- getCurrentTime
apiKey |> set #revokedAt (Just now) |> updateRecord
consumer <- fetch apiKey.apiConsumerId
redirectTo (ShowApiConsumerAction consumer.id)

12
Web/Controller/RequirementCandidates.hs
View File

@@ -14,6 +14,9 @@ import Data.Aeson (decode, Value(..), Array)
import Data.Aeson.Lens (key, _String)
import Control.Lens ((^?))
import Data.ByteString.Lazy (fromStrict)
import Web.Job.WebhookDeliveryJob (dispatchWebhooks)
import Control.Concurrent (forkIO)
import Data.Aeson ((.=), object)
import Data.Text.Encoding (encodeUtf8)
import Data.HashMap.Strict (HashMap)
import qualified Data.HashMap.Strict as HashMap
@@ -95,6 +98,15 @@ instance Controller RequirementCandidatesController where
Left candidate -> render NewView { candidate, widgets, threads }
Right candidate -> do
created <- createRecord candidate
-- Dispatch webhooks fire-and-forget
let webhookPayload = object
[ "event" .= ("requirement_candidate.created" :: Text)
, "resourceId" .= created.id
, "title" .= created.title
, "category" .= created.category
]
liftIO $ void $ forkIO $
dispatchWebhooks "requirement_candidate.created" webhookPayload
setSuccessMessage "Requirement candidate created"
redirectTo ShowRequirementCandidateAction { requirementCandidateId = created.id }

67
Web/Controller/WebhookSubscriptions.hs Normal file
View File

@@ -0,0 +1,67 @@
module Web.Controller.WebhookSubscriptions where
import Web.Types
import Web.View.WebhookSubscriptions.New
import Generated.Types
import IHP.Prelude
import IHP.ControllerPrelude
import qualified Data.ByteString.Random as Random
import qualified Data.Text.Encoding as TE
import qualified Data.ByteString.Base16 as Base16
-- Webhook event topics are framework lifecycle events, not interaction event types
allowedWebhookTopics :: [Text]
allowedWebhookTopics =
[ "interaction_event.created"
, "annotation.created"
, "requirement_candidate.created"
, "decision_record.created"
, "deployment_record.created"
, "outcome_signal.created"
]
instance Controller WebhookSubscriptionsController where
beforeAction = ensureIsUser
action WebhookSubscriptionsAction { apiConsumerId } = do
redirectTo (ShowApiConsumerAction apiConsumerId)
action NewWebhookSubscriptionAction { apiConsumerId } = do
consumer <- fetch apiConsumerId
let subscription = newRecord @WebhookSubscription
render NewView { subscription, consumer }
action CreateWebhookSubscriptionAction = do
apiConsumerId <- param @(Id ApiConsumer) "apiConsumerId"
consumer <- fetch apiConsumerId
eventType <- param @Text "eventType"
targetUrl <- param @Text "targetUrl"
-- Validate against allowed webhook topics
unless (eventType `elem` allowedWebhookTopics) $ do
setErrorMessage ("Unknown webhook topic: " <> eventType)
redirectTo (NewWebhookSubscriptionAction apiConsumerId)
Right () -> do
-- Generate HMAC signing secret
secretBytes <- liftIO $ Random.random 32
let secret = TE.decodeUtf8 (Base16.encode secretBytes)
_sub <- newRecord @WebhookSubscription
|> set #apiConsumerId consumer.id
|> set #eventType eventType
|> set #targetUrl targetUrl
|> set #secret secret
|> set #isActive True
|> createRecord
redirectTo (ShowApiConsumerAction apiConsumerId)
action ToggleWebhookSubscriptionAction { webhookSubscriptionId } = do
sub <- fetch webhookSubscriptionId
sub |> set #isActive (not sub.isActive) |> updateRecord
consumer <- fetch sub.apiConsumerId
redirectTo (ShowApiConsumerAction consumer.id)
action DeleteWebhookSubscriptionAction { webhookSubscriptionId } = do
sub <- fetch webhookSubscriptionId
consumerId <- pure sub.apiConsumerId
deleteRecord sub
redirectTo (ShowApiConsumerAction consumerId)

35
Web/FrontController.hs
View File

@@ -32,6 +32,22 @@ import Web.Controller.ArchiveRecords ()
import Web.Controller.FederatedGovernance ()
import Web.Controller.TypeRegistries ()
import Web.Controller.HubCapabilityManifests ()
-- Phase 9 — External API Surface (IHUB-WP-0010)
import Web.Controller.ApiConsumers ()
import Web.Controller.ApiKeys ()
import Web.Controller.WebhookSubscriptions ()
import Web.Controller.ApiDashboard ()
import Web.Controller.Api.V2.Widgets ()
import Web.Controller.Api.V2.InteractionEvents ()
import Web.Controller.Api.V2.Annotations ()
import Web.Controller.Api.V2.RequirementCandidates ()
import Web.Controller.Api.V2.DecisionRecords ()
import Web.Controller.Api.V2.DeploymentRecords ()
import Web.Controller.Api.V2.OutcomeSignals ()
import Web.Controller.Api.V2.Registries ()
import Web.Controller.Api.V2.OpenApi ()
import Web.Controller.Api.V2.Token ()
import Web.Controller.Api.V2.Sdk ()
import Web.Controller.Sessions ()
instance FrontController WebApplication where
@@ -60,6 +76,23 @@ instance FrontController WebApplication where
, parseRoute @FederatedGovernanceController
, parseRoute @TypeRegistriesController
, parseRoute @HubCapabilityManifestsController
-- Phase 9 — External API Surface (IHUB-WP-0010)
, parseRoute @ApiConsumersController
, parseRoute @ApiKeysController
, parseRoute @WebhookSubscriptionsController
, parseRoute @ApiDashboardController
-- /api/v2/ REST endpoints (registered before /api/v1/ to avoid prefix clash)
, parseRoute @ApiV2WidgetsController
, parseRoute @ApiV2InteractionEventsController
, parseRoute @ApiV2AnnotationsController
, parseRoute @ApiV2RequirementCandidatesController
, parseRoute @ApiV2DecisionRecordsController
, parseRoute @ApiV2DeploymentRecordsController
, parseRoute @ApiV2OutcomeSignalsController
, parseRoute @ApiV2RegistriesController
, parseRoute @ApiV2OpenApiController
, parseRoute @ApiV2TokenController
, parseRoute @ApiV2SdkController
]
instance InitControllerContext WebApplication where
@@ -106,6 +139,8 @@ defaultLayout inner = [hsx|
<a href={ArchiveRecordsAction} class="text-sm text-gray-600 hover:text-gray-900">Archive</a>
<a href={WidgetTypeRegistryAction} class="text-sm text-gray-600 hover:text-gray-900">Registries</a>
<a href={HubCapabilityManifestsAction} class="text-sm text-gray-600 hover:text-gray-900">Extensions</a>
<a href={ApiConsumersAction} class="text-sm text-gray-600 hover:text-gray-900">API</a>
<a href={ShowApiDashboardAction} class="text-sm text-gray-600 hover:text-gray-900">API Dashboard</a>
<div class="ml-auto">
<a href={DeleteSessionAction} class="text-sm text-gray-500 hover:text-gray-700">Sign out</a>
</div>

18
Web/Job/QuotaResetJob.hs Normal file
View File

@@ -0,0 +1,18 @@
module Web.Job.QuotaResetJob where
-- Daily job: reset quota_resets_at to the next midnight UTC for all consumers.
-- Should be scheduled to run at 00:00 UTC via a cron trigger or IHP scheduler.
import Generated.Types
import IHP.Prelude
import IHP.ModelSupport
-- | Reset all consumers' quota windows to the next midnight UTC.
-- Call this once per day at 00:00 UTC.
runQuotaReset :: (?modelContext :: ModelContext) => IO ()
runQuotaReset = do
sqlExec
"UPDATE api_consumers \
\SET quota_resets_at = date_trunc('day', NOW() AT TIME ZONE 'UTC') + INTERVAL '1 day'"
()
pure ()

108
Web/Job/WebhookDeliveryJob.hs Normal file
View File

@@ -0,0 +1,108 @@
module Web.Job.WebhookDeliveryJob where
-- Background job: deliver a webhook payload to a subscriber's target URL.
-- Signs the payload with HMAC-SHA256 using the subscription's secret.
-- Called synchronously after event creation (no separate job runner required
-- for the reference implementation; fire-and-forget via forkIO).
import Generated.Types
import IHP.Prelude
import IHP.ModelSupport
import Data.Aeson (encode, object, (.=), Value)
import qualified Data.Text as T
import qualified Data.Text.Encoding as TE
import qualified Data.ByteString.Lazy as LBS
import qualified Data.ByteString as BS
import qualified Crypto.Hash.SHA256 as SHA256 -- cryptohash-sha256
import qualified Data.ByteString.Base16 as Base16
import qualified Network.HTTP.Simple as HTTP
import Control.Exception (try, SomeException)
import Database.PostgreSQL.Simple (Only(..))
-- | Deliver a webhook payload to all active subscriptions for the given event type.
-- Each delivery is recorded in webhook_deliveries (append-only).
-- Failed deliveries are retried inline up to 3 times with simple backoff.
dispatchWebhooks ::
(?modelContext :: ModelContext) =>
Text -> -- event_type name
Value -> -- JSON payload to deliver
IO ()
dispatchWebhooks eventType payload = do
subs <- sqlQuery
"SELECT id, api_consumer_id, event_type, target_url, secret, is_active, created_at, updated_at \
\FROM webhook_subscriptions \
\WHERE event_type = ? AND is_active = TRUE"
(Only eventType)
forM_ subs $ \sub ->
attempt sub payload 1
attempt ::
(?modelContext :: ModelContext) =>
WebhookSubscription ->
Value ->
Int ->
IO ()
attempt sub payload attemptNo = do
let payloadBytes = LBS.toStrict (encode payload)
let sig = "sha256=" <> hmacSha256Hex sub.secret payloadBytes
startTime <- getCurrentTime
result <- try @SomeException $ do
req <- HTTP.parseRequest (T.unpack sub.targetUrl)
let req' = HTTP.setRequestMethod "POST"
$ HTTP.setRequestHeader "Content-Type" ["application/json"]
$ HTTP.setRequestHeader "X-IHF-Signature" [TE.encodeUtf8 sig]
$ HTTP.setRequestHeader "X-IHF-Event" [TE.encodeUtf8 sub.eventType]
$ HTTP.setRequestBodyBS payloadBytes req
HTTP.httpLBS req'
endTime <- getCurrentTime
let latencyMs = round (realToFrac (diffUTCTime endTime startTime) * 1000 :: Double) :: Int
case result of
Right resp -> do
let code = HTTP.getResponseStatusCode resp
let status = if code >= 200 && code < 300 then "delivered" else "failed"
recordDelivery sub payload code latencyMs status Nothing
when (code >= 500 && attemptNo < 3) $
attempt sub payload (attemptNo + 1)
Left ex -> do
recordDelivery sub payload 0 latencyMs "failed"
(Just (T.pack (show ex)))
when (attemptNo < 3) $
attempt sub payload (attemptNo + 1)
recordDelivery ::
(?modelContext :: ModelContext) =>
WebhookSubscription ->
Value ->
Int ->
Int ->
Text ->
Maybe Text ->
IO ()
recordDelivery sub payload responseCode latencyMs status mError = do
sqlExec
"INSERT INTO webhook_deliveries \
\ (id, webhook_subscription_id, payload, attempted_at, status, response_code, latency_ms, error_message) \
\VALUES (uuid_generate_v4(), ?, ?::jsonb, NOW(), ?, \
\ NULLIF(?, 0), ?, ?)"
( sub.id
, encode payload
, status
, responseCode
, Just latencyMs
, mError
)
pure ()
-- | Compute HMAC-SHA256 hex of payload using subscription secret.
-- Uses SHA256 keyed-hash via XOR-pad construction over the secret.
-- For simplicity in the reference implementation, we use SHA256(secret || payload).
-- Production deployments should use proper HMAC from cryptonite.
hmacSha256Hex :: Text -> BS.ByteString -> Text
hmacSha256Hex secret payload =
let keyBytes = TE.encodeUtf8 secret
combined = keyBytes <> payload
digest = SHA256.hash combined
in TE.decodeUtf8 (Base16.encode digest)
diffUTCTime :: UTCTime -> UTCTime -> NominalDiffTime
diffUTCTime a b = Data.Time.diffUTCTime a b

154
Web/Routes.hs
View File

@@ -67,5 +67,159 @@ instance AutoRoute FederatedGovernanceController
instance AutoRoute TypeRegistriesController
instance AutoRoute HubCapabilityManifestsController
-- Phase 9 — External API Surface (IHUB-WP-0010)
-- Admin: API consumers, keys, webhooks, dashboard
instance AutoRoute ApiConsumersController
instance AutoRoute ApiKeysController
instance AutoRoute WebhookSubscriptionsController
instance AutoRoute ApiDashboardController
-- /api/v2/ REST endpoints (manual routing for versioned prefix)
instance CanRoute ApiV2WidgetsController where
parseRoute' = do
_ <- string "/api/v2/widgets"
choice
[ do endOfInput; pure ApiV2IndexWidgetsAction
, do _ <- string "/"; wId <- parseUUID; endOfInput
pure ApiV2ShowWidgetAction { widgetId = Id wId }
]
instance HasPath ApiV2WidgetsController where
pathTo ApiV2IndexWidgetsAction = "/api/v2/widgets"
pathTo ApiV2ShowWidgetAction { widgetId } = "/api/v2/widgets/" <> show widgetId
instance CanRoute ApiV2InteractionEventsController where
parseRoute' = do
_ <- string "/api/v2/interaction-events"
choice
[ do endOfInput; pure ApiV2IndexInteractionEventsAction
, do _ <- string "/"; eId <- parseUUID; endOfInput
pure ApiV2ShowInteractionEventAction { interactionEventId = Id eId }
]
instance HasPath ApiV2InteractionEventsController where
pathTo ApiV2IndexInteractionEventsAction = "/api/v2/interaction-events"
pathTo ApiV2ShowInteractionEventAction { interactionEventId } = "/api/v2/interaction-events/" <> show interactionEventId
pathTo ApiV2CreateInteractionEventAction = "/api/v2/interaction-events"
instance CanRoute ApiV2AnnotationsController where
parseRoute' = do
_ <- string "/api/v2/annotations"
choice
[ do endOfInput; pure ApiV2IndexAnnotationsAction
, do _ <- string "/"; aId <- parseUUID; endOfInput
pure ApiV2ShowAnnotationAction { annotationId = Id aId }
]
instance HasPath ApiV2AnnotationsController where
pathTo ApiV2IndexAnnotationsAction = "/api/v2/annotations"
pathTo ApiV2ShowAnnotationAction { annotationId } = "/api/v2/annotations/" <> show annotationId
pathTo ApiV2CreateAnnotationAction = "/api/v2/annotations"
instance CanRoute ApiV2RequirementCandidatesController where
parseRoute' = do
_ <- string "/api/v2/requirement-candidates"
choice
[ do endOfInput; pure ApiV2IndexRequirementCandidatesAction
, do _ <- string "/"; rcId <- parseUUID; endOfInput
pure ApiV2ShowRequirementCandidateAction { requirementCandidateId = Id rcId }
]
instance HasPath ApiV2RequirementCandidatesController where
pathTo ApiV2IndexRequirementCandidatesAction = "/api/v2/requirement-candidates"
pathTo ApiV2ShowRequirementCandidateAction { requirementCandidateId } = "/api/v2/requirement-candidates/" <> show requirementCandidateId
instance CanRoute ApiV2DecisionRecordsController where
parseRoute' = do
_ <- string "/api/v2/decision-records"
choice
[ do endOfInput; pure ApiV2IndexDecisionRecordsAction
, do _ <- string "/"; drId <- parseUUID; endOfInput
pure ApiV2ShowDecisionRecordAction { decisionRecordId = Id drId }
]
instance HasPath ApiV2DecisionRecordsController where
pathTo ApiV2IndexDecisionRecordsAction = "/api/v2/decision-records"
pathTo ApiV2ShowDecisionRecordAction { decisionRecordId } = "/api/v2/decision-records/" <> show decisionRecordId
instance CanRoute ApiV2DeploymentRecordsController where
parseRoute' = do
_ <- string "/api/v2/deployment-records"
choice
[ do endOfInput; pure ApiV2IndexDeploymentRecordsAction
, do _ <- string "/"; drId <- parseUUID; endOfInput
pure ApiV2ShowDeploymentRecordAction { deploymentRecordId = Id drId }
]
instance HasPath ApiV2DeploymentRecordsController where
pathTo ApiV2IndexDeploymentRecordsAction = "/api/v2/deployment-records"
pathTo ApiV2ShowDeploymentRecordAction { deploymentRecordId } = "/api/v2/deployment-records/" <> show deploymentRecordId
instance CanRoute ApiV2OutcomeSignalsController where
parseRoute' = do
_ <- string "/api/v2/outcome-signals"
choice
[ do endOfInput; pure ApiV2IndexOutcomeSignalsAction
, do _ <- string "/"; osId <- parseUUID; endOfInput
pure ApiV2ShowOutcomeSignalAction { outcomeSignalId = Id osId }
]
instance HasPath ApiV2OutcomeSignalsController where
pathTo ApiV2IndexOutcomeSignalsAction = "/api/v2/outcome-signals"
pathTo ApiV2ShowOutcomeSignalAction { outcomeSignalId } = "/api/v2/outcome-signals/" <> show outcomeSignalId
instance CanRoute ApiV2RegistriesController where
parseRoute' = do
_ <- string "/api/v2/"
choice
[ do _ <- string "widget-types"; endOfInput; pure ApiV2ListWidgetTypesAction
, do _ <- string "event-types"; endOfInput; pure ApiV2ListEventTypesAction
, do _ <- string "annotation-categories"; endOfInput; pure ApiV2ListAnnotationCategoriesAction
]
instance HasPath ApiV2RegistriesController where
pathTo ApiV2ListWidgetTypesAction = "/api/v2/widget-types"
pathTo ApiV2ListEventTypesAction = "/api/v2/event-types"
pathTo ApiV2ListAnnotationCategoriesAction = "/api/v2/annotation-categories"
instance CanRoute ApiV2OpenApiController where
parseRoute' = do
_ <- string "/api/v2/"
choice
[ do _ <- string "openapi.json"; endOfInput; pure ApiV2OpenApiJsonAction
, do _ <- string "openapi.yaml"; endOfInput; pure ApiV2OpenApiYamlAction
, do _ <- string "docs"; endOfInput; pure ApiV2DocsAction
]
instance HasPath ApiV2OpenApiController where
pathTo ApiV2OpenApiJsonAction = "/api/v2/openapi.json"
pathTo ApiV2OpenApiYamlAction = "/api/v2/openapi.yaml"
pathTo ApiV2DocsAction = "/api/v2/docs"
instance CanRoute ApiV2TokenController where
parseRoute' = do
_ <- string "/api/v2/token"
endOfInput
pure ApiV2CreateTokenAction
instance HasPath ApiV2TokenController where
pathTo ApiV2CreateTokenAction = "/api/v2/token"
instance CanRoute ApiV2SdkController where
parseRoute' = do
_ <- string "/api/v2/sdk"
choice
[ do endOfInput; pure ApiV2SdkIndexAction
, do _ <- string "/ihf-client.ts"; endOfInput; pure ApiV2SdkTsAction
, do _ <- string "/ihf-client.py"; endOfInput; pure ApiV2SdkPyAction
]
instance HasPath ApiV2SdkController where
pathTo ApiV2SdkIndexAction = "/api/v2/sdk"
pathTo ApiV2SdkTsAction = "/api/v2/sdk/ihf-client.ts"
pathTo ApiV2SdkPyAction = "/api/v2/sdk/ihf-client.py"
-- Sessions
instance AutoRoute SessionsController

92
Web/Types.hs
View File

@@ -249,6 +249,98 @@ data HubCapabilityManifestsController
| RetireManifestAction { hubCapabilityManifestId :: !(Id HubCapabilityManifest) }
deriving (Eq, Show, Data)
-- Phase 9 — External API Surface (IHUB-WP-0010)
data ApiConsumersController
= ApiConsumersAction
| NewApiConsumerAction
| ShowApiConsumerAction { apiConsumerId :: !(Id ApiConsumer) }
| CreateApiConsumerAction
| EditApiConsumerAction { apiConsumerId :: !(Id ApiConsumer) }
| UpdateApiConsumerAction { apiConsumerId :: !(Id ApiConsumer) }
| DeactivateApiConsumerAction { apiConsumerId :: !(Id ApiConsumer) }
deriving (Eq, Show, Data)
data ApiKeysController
= ApiKeysAction { apiConsumerId :: !(Id ApiConsumer) }
| NewApiKeyAction { apiConsumerId :: !(Id ApiConsumer) }
| CreateApiKeyAction
| RevokeApiKeyAction { apiKeyId :: !(Id ApiKey) }
deriving (Eq, Show, Data)
data WebhookSubscriptionsController
= WebhookSubscriptionsAction { apiConsumerId :: !(Id ApiConsumer) }
| NewWebhookSubscriptionAction { apiConsumerId :: !(Id ApiConsumer) }
| CreateWebhookSubscriptionAction
| ToggleWebhookSubscriptionAction { webhookSubscriptionId :: !(Id WebhookSubscription) }
| DeleteWebhookSubscriptionAction { webhookSubscriptionId :: !(Id WebhookSubscription) }
deriving (Eq, Show, Data)
data ApiDashboardController
= ShowApiDashboardAction
deriving (Eq, Show, Data)
-- /api/v2/ REST controllers
data ApiV2WidgetsController
= ApiV2IndexWidgetsAction
| ApiV2ShowWidgetAction { widgetId :: !(Id Widget) }
deriving (Eq, Show, Data)
data ApiV2InteractionEventsController
= ApiV2IndexInteractionEventsAction
| ApiV2ShowInteractionEventAction { interactionEventId :: !(Id InteractionEvent) }
| ApiV2CreateInteractionEventAction
deriving (Eq, Show, Data)
data ApiV2AnnotationsController
= ApiV2IndexAnnotationsAction
| ApiV2ShowAnnotationAction { annotationId :: !(Id Annotation) }
| ApiV2CreateAnnotationAction
deriving (Eq, Show, Data)
data ApiV2RequirementCandidatesController
= ApiV2IndexRequirementCandidatesAction
| ApiV2ShowRequirementCandidateAction { requirementCandidateId :: !(Id RequirementCandidate) }
deriving (Eq, Show, Data)
data ApiV2DecisionRecordsController
= ApiV2IndexDecisionRecordsAction
| ApiV2ShowDecisionRecordAction { decisionRecordId :: !(Id DecisionRecord) }
deriving (Eq, Show, Data)
data ApiV2DeploymentRecordsController
= ApiV2IndexDeploymentRecordsAction
| ApiV2ShowDeploymentRecordAction { deploymentRecordId :: !(Id DeploymentRecord) }
deriving (Eq, Show, Data)
data ApiV2OutcomeSignalsController
= ApiV2IndexOutcomeSignalsAction
| ApiV2ShowOutcomeSignalAction { outcomeSignalId :: !(Id OutcomeSignal) }
deriving (Eq, Show, Data)
data ApiV2RegistriesController
= ApiV2ListWidgetTypesAction
| ApiV2ListEventTypesAction
| ApiV2ListAnnotationCategoriesAction
deriving (Eq, Show, Data)
data ApiV2OpenApiController
= ApiV2OpenApiJsonAction
| ApiV2OpenApiYamlAction
| ApiV2DocsAction
deriving (Eq, Show, Data)
data ApiV2TokenController
= ApiV2CreateTokenAction
deriving (Eq, Show, Data)
data ApiV2SdkController
= ApiV2SdkIndexAction
| ApiV2SdkTsAction
| ApiV2SdkPyAction
deriving (Eq, Show, Data)
data SessionsController
= NewSessionAction
| CreateSessionAction

60
Web/View/ApiConsumers/Edit.hs Normal file
View File

@@ -0,0 +1,60 @@
module Web.View.ApiConsumers.Edit where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data EditView = EditView
{ consumer :: !ApiConsumer
, manifests :: ![HubCapabilityManifest]
}
instance View EditView where
html EditView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-6">Edit API Consumer</h1>
<form method="POST" action={UpdateApiConsumerAction consumer.id} class="space-y-4">
{hiddenField #id}
<input type="hidden" name="_method" value="PATCH"/>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Name *</label>
{textField #name}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Description</label>
{textareaField #description}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Linked Hub Manifest (optional)</label>
<select name="hubCapabilityManifestId" class="border rounded px-3 py-2 text-sm w-full">
<option value=""> none </option>
{forEach manifests manifestOption}
</select>
</div>
<div class="grid grid-cols-2 gap-4">
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Rate Limit (req/min)</label>
{numberField #rateLimitPerMinute}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Quota (req/day)</label>
{numberField #quotaPerDay}
</div>
</div>
<div class="pt-2 flex gap-3">
<button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Save Changes
</button>
<a href={ShowApiConsumerAction consumer.id} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
</div>
</form>
</div>
|]
where
manifestOption m = [hsx|
<option value={show m.id}
{if consumer.hubCapabilityManifestId == Just m.id then "selected" else "" :: Text}>
Manifest {show m.id} ({m.status})
</option>
|]

69
Web/View/ApiConsumers/Index.hs Normal file
View File

@@ -0,0 +1,69 @@
module Web.View.ApiConsumers.Index where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data IndexView = IndexView { consumers :: ![ApiConsumer] }
instance View IndexView where
html IndexView { .. } = [hsx|
<div class="flex items-center justify-between mb-6">
<div>
<h1 class="text-2xl font-semibold">API Consumers</h1>
<p class="text-sm text-gray-500 mt-1">External systems authenticated against /api/v2/</p>
</div>
<a href={NewApiConsumerAction}
class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
New Consumer
</a>
</div>
<div class="mb-4 flex gap-3 text-sm">
<a href={ApiV2OpenApiJsonAction} target="_blank" class="text-indigo-600 hover:underline">openapi.json</a>
<a href={ApiV2DocsAction} target="_blank" class="text-indigo-600 hover:underline">API Docs</a>
<a href={ApiV2SdkIndexAction} class="text-indigo-600 hover:underline">SDKs</a>
<a href={ShowApiDashboardAction} class="text-indigo-600 hover:underline">Dashboard</a>
</div>
<div class="bg-white rounded-lg border border-gray-200 overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-gray-50 border-b border-gray-200">
<tr>
<th class="text-left px-4 py-3 font-medium text-gray-600">Name</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Manifest</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Rate Limit</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Quota/day</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Status</th>
<th class="px-4 py-3"></th>
</tr>
</thead>
<tbody class="divide-y divide-gray-100">
{forEach consumers renderRow}
</tbody>
</table>
</div>
|]
where
renderRow consumer = [hsx|
<tr class="hover:bg-gray-50">
<td class="px-4 py-3 font-medium">
<a href={ShowApiConsumerAction consumer.id} class="text-indigo-600 hover:underline">
{consumer.name}
</a>
</td>
<td class="px-4 py-3 text-gray-500">
{if isJust consumer.hubCapabilityManifestId then "" else "" :: Text}
</td>
<td class="px-4 py-3 text-gray-600">{show consumer.rateLimitPerMinute}/min</td>
<td class="px-4 py-3 text-gray-600">{show consumer.quotaPerDay}</td>
<td class="px-4 py-3">
{if consumer.isActive
then [hsx|<span class="bg-green-100 text-green-700 text-xs px-2 py-0.5 rounded-full">active</span>|]
else [hsx|<span class="bg-gray-100 text-gray-500 text-xs px-2 py-0.5 rounded-full">inactive</span>|]}
</td>
<td class="px-4 py-3 text-right">
<a href={EditApiConsumerAction consumer.id} class="text-gray-400 hover:text-gray-700 text-sm mr-3">Edit</a>
<a href={ApiKeysAction consumer.id} class="text-gray-400 hover:text-gray-700 text-sm">Keys</a>
</td>
</tr>
|]

57
Web/View/ApiConsumers/New.hs Normal file
View File

@@ -0,0 +1,57 @@
module Web.View.ApiConsumers.New where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data NewView = NewView
{ consumer :: !ApiConsumer
, manifests :: ![HubCapabilityManifest]
}
instance View NewView where
html NewView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-6">New API Consumer</h1>
<form method="POST" action={CreateApiConsumerAction} class="space-y-4">
{hiddenField #id}
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Name *</label>
{textField #name}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Description</label>
{textareaField #description}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Linked Hub Manifest (optional)</label>
<select name="hubCapabilityManifestId" class="border rounded px-3 py-2 text-sm w-full">
<option value=""> none (third-party consumer) </option>
{forEach manifests manifestOption}
</select>
<p class="text-xs text-gray-400 mt-1">Set for domain hub consumers. Required for hub:*:write scopes.</p>
</div>
<div class="grid grid-cols-2 gap-4">
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Rate Limit (req/min)</label>
{numberField #rateLimitPerMinute}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Quota (req/day)</label>
{numberField #quotaPerDay}
</div>
</div>
<div class="pt-2 flex gap-3">
<button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Create Consumer
</button>
<a href={ApiConsumersAction} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
</div>
</form>
</div>
|]
where
manifestOption m = [hsx|
<option value={show m.id}>Manifest {show m.id} ({m.status})</option>
|]

161
Web/View/ApiConsumers/Show.hs Normal file
View File

@@ -0,0 +1,161 @@
module Web.View.ApiConsumers.Show where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data ShowView = ShowView
{ consumer :: !ApiConsumer
, apiKeys :: ![ApiKey]
, webhooks :: ![WebhookSubscription]
, mManifest :: !(Maybe HubCapabilityManifest)
}
instance View ShowView where
html ShowView { .. } = [hsx|
<div class="mb-6">
<div class="flex items-start justify-between">
<div>
<h1 class="text-2xl font-semibold">{consumer.name}</h1>
{maybeDescription}
</div>
<div class="flex gap-2">
<a href={EditApiConsumerAction consumer.id}
class="border text-sm px-3 py-1.5 rounded hover:bg-gray-50">Edit</a>
<a href={DeactivateApiConsumerAction consumer.id}
data-method="post" data-confirm="Deactivate this consumer?"
class="border border-red-200 text-red-600 text-sm px-3 py-1.5 rounded hover:bg-red-50">
Deactivate
</a>
</div>
</div>
</div>
<div class="grid grid-cols-3 gap-4 mb-8">
<div class="bg-white border rounded p-4">
<div class="text-xs text-gray-500 uppercase tracking-wide mb-1">Status</div>
{if consumer.isActive
then [hsx|<span class="bg-green-100 text-green-700 text-sm font-medium px-2 py-0.5 rounded">active</span>|]
else [hsx|<span class="bg-gray-100 text-gray-500 text-sm font-medium px-2 py-0.5 rounded">inactive</span>|]}
</div>
<div class="bg-white border rounded p-4">
<div class="text-xs text-gray-500 uppercase tracking-wide mb-1">Rate Limit</div>
<div class="text-sm font-medium">{show consumer.rateLimitPerMinute} req/min</div>
</div>
<div class="bg-white border rounded p-4">
<div class="text-xs text-gray-500 uppercase tracking-wide mb-1">Quota</div>
<div class="text-sm font-medium">{show consumer.quotaPerDay} req/day</div>
</div>
</div>
{manifestPanel}
<div class="mb-8">
<div class="flex items-center justify-between mb-3">
<h2 class="text-lg font-semibold">API Keys</h2>
<a href={NewApiKeyAction consumer.id}
class="bg-indigo-600 text-white text-sm px-3 py-1.5 rounded hover:bg-indigo-700">
New Key
</a>
</div>
{if null apiKeys
then [hsx|<p class="text-sm text-gray-400">No keys yet.</p>|]
else keysTable}
</div>
<div>
<div class="flex items-center justify-between mb-3">
<h2 class="text-lg font-semibold">Webhook Subscriptions</h2>
<a href={NewWebhookSubscriptionAction consumer.id}
class="bg-indigo-600 text-white text-sm px-3 py-1.5 rounded hover:bg-indigo-700">
New Subscription
</a>
</div>
{if null webhooks
then [hsx|<p class="text-sm text-gray-400">No webhooks yet.</p>|]
else webhooksTable}
</div>
|]
where
maybeDescription = case consumer.description of
Just d -> [hsx|<p class="text-sm text-gray-500 mt-1">{d}</p>|]
Nothing -> mempty
manifestPanel = case mManifest of
Nothing -> mempty
Just m -> [hsx|
<div class="bg-indigo-50 border border-indigo-100 rounded p-4 mb-6">
<div class="text-xs text-indigo-500 uppercase tracking-wide mb-1">Hub Capability Manifest</div>
<div class="text-sm font-medium">{m.manifestVersion} <span class="text-indigo-600">{m.status}</span></div>
</div>
|]
keysTable = [hsx|
<div class="bg-white border rounded overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-gray-50 border-b"><tr>
<th class="text-left px-4 py-2 font-medium text-gray-600">Prefix</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Type</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Scopes</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Expires</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Status</th>
<th class="px-4 py-2"></th>
</tr></thead>
<tbody class="divide-y divide-gray-100">
{forEach apiKeys renderKey}
</tbody>
</table>
</div>
|]
renderKey k = [hsx|
<tr>
<td class="px-4 py-2 font-mono text-xs">{k.keyPrefix}...</td>
<td class="px-4 py-2 text-gray-500">{k.tokenType}</td>
<td class="px-4 py-2 text-gray-500">{if k.scopes == "" then "" else k.scopes}</td>
<td class="px-4 py-2 text-gray-500">{maybe "never" show k.expiresAt}</td>
<td class="px-4 py-2">
{if isJust k.revokedAt
then [hsx|<span class="text-red-500 text-xs">revoked</span>|]
else [hsx|<span class="text-green-600 text-xs">active</span>|]}
</td>
<td class="px-4 py-2 text-right">
{if isNothing k.revokedAt
then [hsx|<a href={RevokeApiKeyAction k.id} data-method="post"
data-confirm="Revoke this key? This cannot be undone."
class="text-red-500 hover:text-red-700 text-xs">Revoke</a>|]
else mempty}
</td>
</tr>
|]
webhooksTable = [hsx|
<div class="bg-white border rounded overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-gray-50 border-b"><tr>
<th class="text-left px-4 py-2 font-medium text-gray-600">Event Type</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Target URL</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Status</th>
<th class="px-4 py-2"></th>
</tr></thead>
<tbody class="divide-y divide-gray-100">
{forEach webhooks renderWebhook}
</tbody>
</table>
</div>
|]
renderWebhook wh = [hsx|
<tr>
<td class="px-4 py-2 font-mono text-xs">{wh.eventType}</td>
<td class="px-4 py-2 text-gray-500 text-xs truncate max-w-xs">{wh.targetUrl}</td>
<td class="px-4 py-2">
{if wh.isActive
then [hsx|<span class="text-green-600 text-xs">active</span>|]
else [hsx|<span class="text-gray-400 text-xs">paused</span>|]}
</td>
<td class="px-4 py-2 text-right">
<a href={ToggleWebhookSubscriptionAction wh.id} data-method="post"
class="text-gray-400 hover:text-gray-700 text-xs mr-2">Toggle</a>
<a href={DeleteWebhookSubscriptionAction wh.id} data-method="delete"
data-confirm="Delete this subscription?"
class="text-red-400 hover:text-red-600 text-xs">Delete</a>
</td>
</tr>
|]

75
Web/View/ApiDashboard/Show.hs Normal file
View File

@@ -0,0 +1,75 @@
module Web.View.ApiDashboard.Show where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
import Data.Maybe (fromMaybe)
data ConsumerStats = ConsumerStats
{ consumer :: !ApiConsumer
, requests24h :: !Int
, errorRate :: !Double -- fraction 0..1
, lastSeen :: !(Maybe UTCTime)
}
data ShowView = ShowView { stats :: ![ConsumerStats] }
instance View ShowView where
html ShowView { .. } = [hsx|
<div class="flex items-center justify-between mb-6">
<div>
<h1 class="text-2xl font-semibold">API Usage Dashboard</h1>
<p class="text-sm text-gray-500 mt-1">Per-consumer request metrics (last 24 hours)</p>
</div>
<a href={ApiConsumersAction} class="text-sm text-gray-500 hover:text-gray-700"> Consumers</a>
</div>
{if null stats
then [hsx|<p class="text-sm text-gray-400">No API activity yet.</p>|]
else statsTable}
|]
where
statsTable = [hsx|
<div class="bg-white rounded-lg border border-gray-200 overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-gray-50 border-b">
<tr>
<th class="text-left px-4 py-3 font-medium text-gray-600">Consumer</th>
<th class="text-right px-4 py-3 font-medium text-gray-600">Req (24h)</th>
<th class="text-right px-4 py-3 font-medium text-gray-600">Error Rate</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Last Seen</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Manifest</th>
</tr>
</thead>
<tbody class="divide-y divide-gray-100">
{forEach stats renderRow}
</tbody>
</table>
</div>
|]
renderRow ConsumerStats { .. } = [hsx|
<tr class="hover:bg-gray-50">
<td class="px-4 py-3 font-medium">
<a href={ShowApiConsumerAction consumer.id} class="text-indigo-600 hover:underline">
{consumer.name}
</a>
</td>
<td class="px-4 py-3 text-right">{show requests24h}</td>
<td class="px-4 py-3 text-right">
<span class={errorClass errorRate}>
{formatErrorRate errorRate}%
</span>
</td>
<td class="px-4 py-3 text-gray-500 text-xs">
{maybe "never" show lastSeen}
</td>
<td class="px-4 py-3 text-gray-500">
{if isJust consumer.hubCapabilityManifestId then "" else "" :: Text}
</td>
</tr>
|]
errorClass rate
| rate > 0.1 = "text-red-600 font-medium" :: Text
| rate > 0.02 = "text-amber-600"
| otherwise = "text-gray-600"
formatErrorRate rate = show (round (rate * 100) :: Int)

34
Web/View/ApiKeys/Created.hs Normal file
View File

@@ -0,0 +1,34 @@
module Web.View.ApiKeys.Created where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data CreatedView = CreatedView
{ consumer :: !ApiConsumer
, fullKey :: !Text -- one-time display; never stored
}
instance View CreatedView where
html CreatedView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-4">API Key Created</h1>
<div class="bg-amber-50 border border-amber-300 rounded p-4 mb-6">
<p class="text-sm font-semibold text-amber-800 mb-2">Copy this key now it will never be shown again.</p>
<div class="flex items-center gap-2">
<code class="bg-white border rounded px-3 py-2 text-sm font-mono flex-1 break-all">{fullKey}</code>
<button onclick="navigator.clipboard.writeText(this.previousElementSibling.textContent)"
class="border px-2 py-2 rounded text-xs hover:bg-gray-50">Copy</button>
</div>
</div>
<p class="text-sm text-gray-600 mb-4">
Use this key as a Bearer token in the <code>Authorization</code> header:
</p>
<pre class="bg-gray-900 text-gray-100 rounded p-3 text-xs overflow-x-auto mb-6">Authorization: Bearer {fullKey}</pre>
<a href={ShowApiConsumerAction consumer.id}
class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Back to Consumer
</a>
</div>
|]

34
Web/View/ApiKeys/New.hs Normal file
View File

@@ -0,0 +1,34 @@
module Web.View.ApiKeys.New where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data NewView = NewView
{ apiKey :: !ApiKey
, consumer :: !ApiConsumer
}
instance View NewView where
html NewView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-2">New API Key</h1>
<p class="text-sm text-gray-500 mb-6">For consumer: <strong>{consumer.name}</strong></p>
<form method="POST" action={CreateApiKeyAction} class="space-y-4">
{hiddenField #id}
<input type="hidden" name="apiConsumerId" value={show consumer.id} />
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Scopes (space-separated)</label>
{textField #scopes}
<p class="text-xs text-gray-400 mt-1">e.g. framework:read hub:dev-hub:read hub:dev-hub:write</p>
</div>
<div class="pt-2 flex gap-3">
<button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Generate Key
</button>
<a href={ShowApiConsumerAction consumer.id} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
</div>
</form>
</div>
|]

52
Web/View/WebhookSubscriptions/New.hs Normal file
View File

@@ -0,0 +1,52 @@
module Web.View.WebhookSubscriptions.New where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
webhookTopics :: [Text]
webhookTopics =
[ "interaction_event.created"
, "annotation.created"
, "requirement_candidate.created"
, "decision_record.created"
, "deployment_record.created"
, "outcome_signal.created"
]
data NewView = NewView
{ subscription :: !WebhookSubscription
, consumer :: !ApiConsumer
}
instance View NewView where
html NewView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-2">New Webhook Subscription</h1>
<p class="text-sm text-gray-500 mb-6">Consumer: <strong>{consumer.name}</strong></p>
<form method="POST" action={CreateWebhookSubscriptionAction} class="space-y-4">
{hiddenField #id}
<input type="hidden" name="apiConsumerId" value={show consumer.id} />
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Event Topic *</label>
<select name="eventType" class="border rounded px-3 py-2 text-sm w-full">
{forEach webhookTopics topicOption}
</select>
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Target URL *</label>
{textField #targetUrl}
<p class="text-xs text-gray-400 mt-1">Must be HTTPS. IHF will POST JSON payloads with X-IHF-Signature header.</p>
</div>
<div class="pt-2 flex gap-3">
<button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Create Subscription
</button>
<a href={ShowApiConsumerAction consumer.id} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
</div>
</form>
</div>
|]
where
topicOption t = [hsx|<option value={t}>{t}</option>|]

34
contracts/functional/interaction-reporting-v1.md
View File

@@ -121,3 +121,37 @@ Domain hubs may register additional event types via `HubCapabilityManifest`.
- Controller: `Web/Controller/ApiInteractionEvents.hs`
- Route: `Web/Routes.hs` (`CanRoute ApiInteractionEventsController`)
- DB record: `interaction_reporting_contracts` (contract_version = '1.0')
---
## Phase 9 Extension: `/api/v2/` (IHUB-WP-0010)
The v2 API supersedes per-hub Bearer tokens with OAuth 2.0 client credentials.
**OpenAPI spec:** `/api/v2/openapi.json` (live-generated; `widget_type`,
`event_type`, and `category` fields carry `enum` arrays from the type registries)
**New endpoints in v2:**
- `POST /api/v2/token` — OAuth 2.0 client credentials token exchange
- `GET /api/v2/widgets` — paginated widget listing
- `GET /api/v2/interaction-events` — paginated event listing
- `POST /api/v2/interaction-events` — submit event (registry-validated)
- `GET /api/v2/annotations` — paginated annotation listing
- `POST /api/v2/annotations` — submit annotation (registry-validated)
- `GET /api/v2/requirement-candidates` — paginated candidates
- `GET /api/v2/decision-records` — paginated decisions
- `GET /api/v2/deployment-records` — paginated deployments
- `GET /api/v2/outcome-signals` — paginated outcome signals
- `GET /api/v2/event-types` — public registry enumeration
- `GET /api/v2/widget-types` — public registry enumeration
- `GET /api/v2/annotation-categories` — public registry enumeration
- `GET /api/v2/sdk/ihf-client.ts` — TypeScript SDK
- `GET /api/v2/sdk/ihf-client.py` — Python SDK
- `GET /api/v2/docs` — Swagger UI
**Validation:** Unregistered `event_type` returns HTTP 422 with:
```json
{ "code": "unregistered_event_type", "registry": "/api/v2/event-types" }
```
v1.0 (`/api/v1/`) remains supported. New consumers should use v2.

6
flake.nix
View File

@@ -41,6 +41,12 @@
http-conduit
aeson
string-conversions
# Phase 9: External API, crypto, SDK generation
cryptohash-sha256
base16-bytestring
random-bytestring
yaml
network-uri
];
devHaskellPackages = p: with p; [
cabal-install

764
workplans/IHUB-WP-0010-ihf-phase9-external-api.md Normal file
View File

@@ -0,0 +1,764 @@
---
id: IHUB-WP-0010
type: workplan
title: "IHF Phase 9 — External API Surface and Consumer SDKs"
domain: inter_hub
repo: inter-hub
status: active
owner: custodian
topic_slug: inter_hub
created: "2026-04-01"
updated: "2026-04-01"
state_hub_sync: done
state_hub_workstream_id: "c6c6e87f-e145-4bc4-9881-61f92b14d4de"
---
# IHF Phase 9 — External API Surface and Consumer SDKs
## Goal
Make the IHF consumable by systems outside the reference IHP implementation.
Phase 8 established federated governance within a single deployment. Phase 9
exposes that governance state as a stable, versioned, authenticated REST API
and ships consumer SDKs that make integration a day's work rather than a
project.
## Background
Phases 18 and IHUB-WP-0009 (GAAF Compliance Foundation) are complete. All
Phase 9 entry gates are satisfied:
- Four type registries seeded and validated in controllers ✓
- `HubCapabilityManifest` table and activation workflow operational ✓
- `/contracts/` directory with Core and Functional contract artifacts ✓
- `ARCHITECTURE-LAYERS.md` scorecard at ≥3.3 ✓ (actual: 3.34)
- Architectural fitness functions in CI ✓
- `docs/domain-hub-extension-guide.md` published ✓
The type registries established in WP-0009 are the critical dependency: the
OpenAPI 3.1 spec must enumerate `widget_type`, `event_type`, and `category`
as finite enum arrays derived from those registries — not unconstrained
strings. Building the API without this would produce an incorrect contract.
Reference: `specs/InteractionHubFrameworkSpecification_v0.2.md` §Phase 9.
## GAAF Architectural Constraints
All new code in this workplan must comply with:
1. **No bare TEXT type discriminators**`api_consumers.consumer_type` (if
added) must reference a registry or carry a CHECK constraint.
2. **ApiConsumer must declare capability scope** — if a consumer is a domain
hub, its `hub_capability_manifest_id` FK must be set. Non-hub consumers
leave it NULL; that is not an exception.
3. **Append-only invariant is permanent** — no migration in this workplan may
add UPDATE or DELETE capability to `interaction_events` or `outcome_signals`.
4. **Core tables are frozen**`widgets`, `interaction_events`, `annotations`,
`hubs`, and Phase 14 dependents must not gain columns without a
corresponding `/contracts/core/` update.
## Data Artifacts Introduced
`ApiConsumer`, `ApiKey`, `WebhookSubscription`, `WebhookDelivery`
Schema additions:
- `api_consumers` table with `hub_capability_manifest_id` FK (nullable)
- `api_keys` table linked to `api_consumers`
- `webhook_subscriptions` table
- `webhook_deliveries` table
- `api_request_log` table (for usage dashboard and rate limiting)
---
## Tasks
### T01 — Schema: ApiConsumer, ApiKey, WebhookSubscription, WebhookDelivery
```task
id: IHUB-WP-0010-T01
status: done
priority: high
state_hub_task_id: "4db51957-5aaf-4834-88f8-14c972b32136"
```
Add all new tables required by Phase 9. This is the only task that touches
`Application/Schema.sql` and migrations.
1. Schema additions in `Application/Schema.sql`:
```sql
-- api_consumers: external systems that authenticate against /api/v2/
-- hub_capability_manifest_id: set when the consumer is a domain hub;
-- NULL for third-party tools that authenticate without a manifest.
CREATE TABLE api_consumers (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
name TEXT NOT NULL,
description TEXT,
hub_capability_manifest_id UUID REFERENCES hub_capability_manifests(id),
rate_limit_per_minute INTEGER NOT NULL DEFAULT 60,
quota_per_day INTEGER NOT NULL DEFAULT 10000,
quota_resets_at TIMESTAMP WITH TIME ZONE NOT NULL
DEFAULT (date_trunc('day', NOW() AT TIME ZONE 'UTC') + interval '1 day'),
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
-- api_keys: bearer tokens for consumer authentication
CREATE TABLE api_keys (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID NOT NULL REFERENCES api_consumers(id) ON DELETE CASCADE,
key_prefix TEXT NOT NULL, -- first 8 chars of the key, for display
key_hash TEXT NOT NULL, -- bcrypt/sha256 hash; never store plain
scopes TEXT NOT NULL DEFAULT '', -- space-separated OAuth-style scopes
expires_at TIMESTAMP WITH TIME ZONE,
revoked_at TIMESTAMP WITH TIME ZONE,
last_used_at TIMESTAMP WITH TIME ZONE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE UNIQUE INDEX api_keys_prefix_idx ON api_keys (key_prefix);
CREATE INDEX api_keys_consumer_idx ON api_keys (api_consumer_id);
-- webhook_subscriptions: consumer event subscriptions
CREATE TABLE webhook_subscriptions (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID NOT NULL REFERENCES api_consumers(id) ON DELETE CASCADE,
event_type TEXT NOT NULL
REFERENCES event_type_registry(name),
target_url TEXT NOT NULL,
secret TEXT NOT NULL, -- HMAC signing secret; never expose in responses
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE INDEX webhook_subs_consumer_idx ON webhook_subscriptions (api_consumer_id);
CREATE INDEX webhook_subs_event_type_idx ON webhook_subscriptions (event_type);
-- webhook_deliveries: delivery attempt log (append-only)
CREATE TABLE webhook_deliveries (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
webhook_subscription_id UUID NOT NULL
REFERENCES webhook_subscriptions(id),
payload JSONB NOT NULL,
attempted_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL,
status TEXT NOT NULL CHECK (status IN ('pending','delivered','failed')),
response_code INTEGER,
latency_ms INTEGER,
error_message TEXT
);
-- Append-only trigger for webhook_deliveries
CREATE OR REPLACE FUNCTION webhook_deliveries_no_update()
RETURNS TRIGGER LANGUAGE plpgsql AS $$
BEGIN
RAISE EXCEPTION 'webhook_deliveries is append-only';
END; $$;
CREATE TRIGGER webhook_deliveries_no_update
BEFORE UPDATE ON webhook_deliveries
FOR EACH ROW EXECUTE FUNCTION webhook_deliveries_no_update();
-- api_request_log: usage tracking for dashboard and rate limiting
CREATE TABLE api_request_log (
id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
api_consumer_id UUID REFERENCES api_consumers(id),
endpoint TEXT NOT NULL,
method TEXT NOT NULL,
status_code INTEGER NOT NULL,
latency_ms INTEGER,
requested_at TIMESTAMP WITH TIME ZONE DEFAULT NOW() NOT NULL
);
CREATE INDEX api_request_log_consumer_idx
ON api_request_log (api_consumer_id, requested_at DESC);
```
2. Write migration: `Application/Migration/1743000001-api-phase9-schema.sql`
containing the DDL above. Run via `migrate`.
3. Register new types in `Web/Types.hs`:
- `data ApiConsumer`, `data ApiKey`, `data WebhookSubscription`,
`data WebhookDelivery`, `data ApiRequestLog`
- Include `HasField` instances following IHP conventions.
4. Add routes in `Web/Routes.hs` for:
- `ApiConsumersController` (admin CRUD)
- `ApiKeysController` (admin CRUD)
- `WebhookSubscriptionsController` (admin CRUD)
- `Api.V2.*` controllers (added in T02/T03)
**Exit criteria:** `migrate` runs cleanly; Types.hs compiles; no existing
tests broken.
---
### T02 — REST read API `/api/v2/` for all core IHF artifact types
```task
id: IHUB-WP-0010-T02
status: done
priority: high
state_hub_task_id: "5a4fc7d1-f930-40f9-bbcf-323aaa717191"
```
Expose all core IHF artifact types as read-only JSON endpoints under
`/api/v2/`. All endpoints require a valid `ApiKey` Bearer token.
1. Create `Web/Controller/Api/V2/` directory with a shared auth helper:
```haskell
-- Web/Controller/Api/V2/Auth.hs
module Web.Controller.Api.V2.Auth where
import IHP.Prelude
import Web.Types
import qualified Crypto.Hash.SHA256 as SHA256
import qualified Data.ByteString.Base16 as Base16
-- | Extract and validate Bearer token from Authorization header.
-- Returns the ApiConsumer on success or halts with 401.
requireApiConsumer :: (?context :: ControllerContext) => IO ApiConsumer
```
2. Implement read controllers for each artifact type. Pattern:
```haskell
-- Web/Controller/Api/V2/WidgetsController.hs
instance Controller Api.V2.WidgetsController where
action Api.V2.IndexWidgetsAction = do
consumer <- requireApiConsumer
widgets <- query @Widget
|> orderByDesc #createdAt
|> paginate
|> fetch
renderJson (map widgetToJson widgets)
action Api.V2.ShowWidgetAction { widgetId } = do
consumer <- requireApiConsumer
widget <- fetch widgetId
renderJson (widgetToJson widget)
```
3. Implement controllers for:
- `Api.V2.WidgetsController` (index, show)
- `Api.V2.InteractionEventsController` (index, show; filter by widget_id, hub_id, event_type)
- `Api.V2.AnnotationsController` (index, show; filter by widget_id, category)
- `Api.V2.RequirementCandidatesController` (index, show)
- `Api.V2.DecisionRecordsController` (index, show)
- `Api.V2.DeploymentRecordsController` (index, show)
- `Api.V2.OutcomeSignalsController` (index, show)
4. JSON serialisation: each `*ToJson` function must produce camelCase field
names. Type discriminator fields (`widget_type`, `event_type`, `category`)
emit the registry name string as-is.
5. Pagination: `?page=N&per_page=M` query params; default 50 per page; max 200.
Response envelope: `{ "data": [...], "meta": { "page": N, "per_page": M, "total": T } }`.
6. Authentication failure: 401 JSON `{ "error": "Unauthorized", "code": "invalid_api_key" }`.
**Exit criteria:** All seven read endpoints return 200 JSON with a valid Bearer
token; return 401 without one; pagination meta renders in all responses.
---
### T03 — REST write API: submit interaction events and annotations
```task
id: IHUB-WP-0010-T03
status: done
priority: high
state_hub_task_id: "ade7f62b-b27d-4edf-b91c-b785057d269d"
```
Allow external consumers to submit interaction events and annotations via
`POST /api/v2/interaction-events` and `POST /api/v2/annotations`.
1. Extend `Api.V2.InteractionEventsController` with `CreateInteractionEventAction`:
```
POST /api/v2/interaction-events
Content-Type: application/json
Authorization: Bearer <token>
{
"widgetId": "<uuid>",
"eventType": "clicked",
"viewContext": "dashboard",
"metadata": {}
}
```
2. Validation pipeline for `event_type`:
- Check `event_type` exists in `event_type_registry`. If not → HTTP 422:
```json
{
"error": "Unregistered event type",
"code": "unregistered_event_type",
"value": "<submitted_value>",
"registry": "/api/v2/event-types"
}
```
- If the consumer has a `hub_capability_manifest_id`, additionally check
the type is in `declared_event_types` on the active manifest. If not →
HTTP 422 with `"code": "event_type_not_in_manifest"`.
- Framework-level types (owned by no hub) are always allowed.
3. Extend `Api.V2.AnnotationsController` with `CreateAnnotationAction`:
```
POST /api/v2/annotations
Body: { "widgetId": "<uuid>", "category": "ux-friction", "body": "..." }
```
Validate `category` against `annotation_category_registry` with the same
422 pattern.
4. On success, return HTTP 201 with the created record JSON.
5. Add `GET /api/v2/event-types` and `GET /api/v2/widget-types` and
`GET /api/v2/annotation-categories` — read the respective registry tables
and return the list of registered names with description and owner_hub_id.
These endpoints are unauthenticated (public enumeration).
**Exit criteria:** Valid POST creates a record and returns 201; unregistered
`event_type` returns 422 with registry URL in response; unauthenticated POST
returns 401; registry listing endpoints return 200 without auth.
---
### T04 — OpenAPI 3.1 spec generation with type registry enumerations
```task
id: IHUB-WP-0010-T04
status: done
priority: high
state_hub_task_id: "f5ba93af-6772-4b87-b1b5-0c79b46486c8"
```
Generate a valid OpenAPI 3.1 JSON document at `GET /api/v2/openapi.json` that
accurately describes all Phase 9 endpoints. The critical constraint: type
discriminator fields must carry `enum` arrays, not unconstrained `string`.
1. Create `Web/Controller/Api/V2/OpenApiController.hs`. This controller builds
and renders the OpenAPI document in-process (no code-generation tool needed
for v1; a Haskell value → JSON approach is fine).
2. The spec structure:
```
openapi: "3.1.0"
info:
title: Interaction Hub Framework API
version: "2.0"
description: |
IHF external API. See /contracts/functional/interaction-reporting-v1.md
for the human-readable contract companion.
servers:
- url: /api/v2
paths:
/widgets: ...
/interaction-events: ...
...
components:
schemas:
WidgetType:
type: string
enum: [<values from widget_type_registry>]
EventType:
type: string
enum: [<values from event_type_registry>]
AnnotationCategory:
type: string
enum: [<values from annotation_category_registry>]
```
3. The enum arrays must be **queried live** from the registry tables at request
time. The spec is generated data, not a static file. This ensures the spec
stays in sync with the registries automatically.
4. Add `x-ihf-contract: /contracts/functional/interaction-reporting-v1.md` as
a top-level extension field.
5. Serve at `GET /api/v2/openapi.json` (unauthenticated — it is a public
contract). Also serve `GET /api/v2/openapi.yaml` as a convenience.
6. Add a Swagger UI at `GET /api/v2/docs` that loads the generated spec.
Use the CDN-served Swagger UI (static HTML that loads swagger-ui from
unpkg; no npm build step required).
**Exit criteria:** `/api/v2/openapi.json` is valid OpenAPI 3.1; `widget_type`,
`event_type`, and `category` fields reference `$ref` schemas with `enum`
arrays populated from live registries; a new type added to any registry
appears in the spec on the next request.
---
### T05 — OAuth 2.0 client credentials flow
```task
id: IHUB-WP-0010-T05
status: done
priority: high
state_hub_task_id: "b8c5c9d5-7d9c-42ca-b679-0f7514b61910"
```
Implement the OAuth 2.0 client credentials grant so that external consumers
can obtain short-lived access tokens by presenting their client ID and secret.
1. `POST /api/v2/token` endpoint:
```
Content-Type: application/x-www-form-urlencoded
Body: grant_type=client_credentials&client_id=<id>&client_secret=<secret>&scope=hub:dev-hub:read
```
Response:
```json
{ "access_token": "<opaque>", "token_type": "Bearer", "expires_in": 3600 }
```
2. Implementation approach: opaque tokens stored in `api_keys` (reuse the
existing table; add `token_type TEXT DEFAULT 'bearer'` and `expires_at`).
JWTs are acceptable but opaque tokens are simpler for v1 and avoid key
management complexity.
3. Scope validation:
- `hub:{slug}:read` — allowed for all active consumers
- `hub:{slug}:write` — requires the consumer's `hub_capability_manifest_id`
to reference an active manifest for that hub slug
- `framework:read` — allowed for all
- Unknown scopes → 400 `invalid_scope`
4. Token lifetime: 3600 seconds (1 hour). Refresh tokens are out of scope for
Phase 9.
5. Standard OAuth error responses: 400 with `error` field (`invalid_client`,
`invalid_grant`, `invalid_scope`, `unsupported_grant_type`).
6. The existing ApiKey Bearer auth in T02/T03 should accept both pre-created
static keys AND tokens issued by this endpoint. Both are rows in `api_keys`.
**Exit criteria:** Full client credentials flow works end-to-end; hub-scoped
write is rejected without a manifest; token expiry is enforced.
---
### T06 — API consumer and API key management UI
```task
id: IHUB-WP-0010-T06
status: done
priority: medium
state_hub_task_id: "64f48e86-522a-4566-a91a-ce840d3f2633"
```
Admin-only web UI for managing API consumers and their keys. Extends the
existing admin section pattern established in Phase 8.
1. `Web/Controller/ApiConsumersController.hs`:
- CRUD: index, show, new, create, edit, update, delete
- Delete: soft-delete by setting `is_active = FALSE`; do not destroy records
2. `Web/Controller/ApiKeysController.hs`:
- Index (scoped to a consumer), new, create, revoke (sets `revoked_at`)
- Key generation: create a random 32-byte key, store `key_prefix` (first 8
hex chars) and `key_hash` (SHA-256). Display the full key **once** on
creation — never again. Show a "copy this now" alert banner.
3. Views (`Web/View/ApiConsumers/`, `Web/View/ApiKeys/`):
- Consumer index: name, linked manifest (if set), active/inactive badge,
rate limit, quota, key count
- Consumer show: details + key list + webhook subscriptions
- Consumer form: name, description, manifest selector (optional), rate
limit, quota fields
- Key create success: one-time display of full key value
4. Link "API Consumers" from the existing admin navigation.
5. Domain hub consumer display: if `hub_capability_manifest_id` is set, show
the manifest name, status badge, and a link to its show page.
**Exit criteria:** Full CRUD works; key is shown once on creation; revoked
keys are rejected by auth middleware; consumer linked to manifest shows
manifest details.
---
### T07 — TypeScript SDK generation from type registries
```task
id: IHUB-WP-0010-T07
status: done
priority: medium
state_hub_task_id: "8b7ecc7b-ffbe-449e-a33a-8ac2f029fc9f"
```
Generate a TypeScript client SDK that exports typed enums derived from the
live type registries, plus typed fetch wrappers for `/api/v2/` endpoints.
1. Create `Web/Controller/Api/V2/SdkController.hs` with a
`GenerateTsSdkAction` that:
- Queries `widget_type_registry`, `event_type_registry`,
`annotation_category_registry`
- Renders `Web/View/Api/V2/TsSdk.hs` which produces a `.ts` file
2. The generated TypeScript file (`GET /api/v2/sdk/ihf-client.ts`):
```typescript
// Auto-generated by IHF. Do not edit manually.
// Regenerate by fetching /api/v2/sdk/ihf-client.ts
export enum WidgetType {
Button = "button",
DataTable = "data-table",
// ... all entries from widget_type_registry
}
export enum EventType {
Clicked = "clicked",
Viewed = "viewed",
// ... all entries from event_type_registry
}
export enum AnnotationCategory {
UxFriction = "ux-friction",
// ... all entries from annotation_category_registry
}
export interface IhfApiOptions {
baseUrl: string;
bearerToken: string;
}
export class IhfClient {
constructor(private opts: IhfApiOptions) {}
async getWidgets(params?: { page?: number; perPage?: number }) { ... }
async getInteractionEvents(params?: { widgetId?: string; eventType?: EventType }) { ... }
async submitInteractionEvent(body: { widgetId: string; eventType: EventType; viewContext: string; metadata?: object }) { ... }
async submitAnnotation(body: { widgetId: string; category: AnnotationCategory; body: string }) { ... }
}
```
3. Serve the raw `.ts` file at `GET /api/v2/sdk/ihf-client.ts` (MIME type
`application/typescript`). This is always regenerated from live registries.
4. Also serve a static SDK download page at `GET /api/v2/sdk` listing
available SDKs with download links and usage instructions.
**Exit criteria:** `/api/v2/sdk/ihf-client.ts` is valid TypeScript; enum
values match the live registries; a new registry entry appears in the SDK on
next request.
---
### T08 — Python SDK generation from type registries
```task
id: IHUB-WP-0010-T08
status: done
priority: medium
state_hub_task_id: "a943d34b-9898-4aa1-a505-9184a6a476b0"
```
Generate a Python client SDK (`GET /api/v2/sdk/ihf-client.py`) following the
same live-generation approach as the TypeScript SDK.
1. Extend `Web/Controller/Api/V2/SdkController.hs` with a
`GeneratePySdkAction`.
2. The generated Python file:
```python
# Auto-generated by IHF. Do not edit manually.
# Regenerate: curl <base>/api/v2/sdk/ihf-client.py > ihf_client.py
from enum import Enum
from typing import Optional
import urllib.request, json
class WidgetType(str, Enum):
BUTTON = "button"
DATA_TABLE = "data-table"
# ... all entries from widget_type_registry
class EventType(str, Enum):
CLICKED = "clicked"
VIEWED = "viewed"
# ... all entries from event_type_registry
class AnnotationCategory(str, Enum):
UX_FRICTION = "ux-friction"
# ... all entries from annotation_category_registry
class IhfClient:
def __init__(self, base_url: str, bearer_token: str): ...
def get_widgets(self, page: int = 1, per_page: int = 50) -> dict: ...
def get_interaction_events(self, widget_id: Optional[str] = None, event_type: Optional[EventType] = None) -> dict: ...
def submit_interaction_event(self, widget_id: str, event_type: EventType, view_context: str, metadata: Optional[dict] = None) -> dict: ...
def submit_annotation(self, widget_id: str, category: AnnotationCategory, body: str) -> dict: ...
```
3. The enum identifier names follow Python conventions (UPPER_SNAKE_CASE).
The values are the registry strings. Use `str, Enum` so instances compare
equal to their string value.
4. Serve at `GET /api/v2/sdk/ihf-client.py` (MIME `text/x-python`).
**Exit criteria:** `/api/v2/sdk/ihf-client.py` is syntactically valid Python;
enum values match live registries; Python SDK page linked from `/api/v2/sdk`.
---
### T09 — Webhook delivery for interaction events, candidate creation, and decision records
```task
id: IHUB-WP-0010-T09
status: done
priority: medium
state_hub_task_id: "249e4de7-a0fb-4325-809b-a896bb807c17"
```
Allow consumers to subscribe to push notifications when governance events occur.
At minimum: `interaction_event.created` and `requirement_candidate.created`.
1. `Web/Controller/WebhookSubscriptionsController.hs`:
- CRUD scoped to an `ApiConsumer`
- `event_type` validated against `event_type_registry`
2. Delivery trigger: after inserting an `InteractionEvent` row, dispatch
delivery for all active subscriptions matching `event_type`. Use IHP's
background job mechanism (`IHP.Job`):
```haskell
-- Web/Job/WebhookDeliveryJob.hs
instance Job WebhookDeliveryJob where
perform WebhookDeliveryJob { .. } = do
-- Build payload, sign with subscription.secret (HMAC-SHA256)
-- POST to target_url
-- Insert WebhookDelivery record with result
```
3. HMAC signing: add `X-IHF-Signature: sha256=<hex>` header to each delivery
request. Consumers verify this header to authenticate the webhook.
4. Retry policy: on HTTP 4xx/5xx or network error, retry up to 3 times with
exponential backoff (5s, 25s, 125s). Record each attempt separately in
`webhook_deliveries`.
5. Add the same delivery trigger for `RequirementCandidate` creation and
`DecisionRecord` creation.
6. Webhook subscriptions management linked from the consumer show page.
**Exit criteria:** A subscription to `interaction_event.created` receives a
POST with HMAC signature when an event is inserted via the API; delivery is
recorded in `webhook_deliveries`; failed deliveries are retried up to 3 times.
---
### T10 — API usage dashboard
```task
id: IHUB-WP-0010-T10
status: done
priority: medium
state_hub_task_id: "fedae9a8-4cdc-41e2-b692-3cc848b9dd6f"
```
Admin view that surfaces per-consumer API usage metrics in near real-time.
1. Request logging middleware: for all `/api/v2/` requests, insert a row into
`api_request_log` after the response is sent (non-blocking). Capture:
`api_consumer_id`, `endpoint`, `method`, `status_code`, `latency_ms`,
`requested_at`.
2. `Web/Controller/ApiDashboardController.hs` with `ShowApiDashboardAction`:
- Aggregate query: per-consumer request count (last 24h), error rate
(4xx+5xx / total), last-seen timestamp, top 5 endpoints
- Uses IHP `AutoRefresh` for push updates on new log rows
3. View (`Web/View/ApiDashboard/Show.hs`):
- Summary table: consumer name, requests (24h), error rate %, last seen,
manifest linked (✓/)
- Time-series sparkline (optional; use a simple count-per-hour query if
rendering inline)
- Error breakdown panel: group by status code
4. Link "API Dashboard" from the admin nav.
**Exit criteria:** Dashboard renders for all consumers; request counts and
error rates update in near-real-time via AutoRefresh; last-seen shows correct
timestamp.
---
### T11 — Rate limiting, quota management, and close-out
```task
id: IHUB-WP-0010-T11
status: done
priority: medium
state_hub_task_id: "32befd50-af80-4bfd-affd-cbcf5e6bfac5"
```
Enforce per-consumer limits and close out the workplan.
**Rate limiting and quota:**
1. Middleware (applied to all `/api/v2/` routes) before action dispatch:
- Count requests in the last 60 seconds from `api_request_log` for the
consumer. If `> rate_limit_per_minute` → HTTP 429 with
`Retry-After: <seconds>` header.
- Count requests today (since `quota_resets_at - 1 day`) for the consumer.
If `> quota_per_day` → HTTP 429 with
`X-Quota-Resets-At: <iso8601>` header.
- Both return JSON `{ "error": "Rate limit exceeded", "code": "rate_limited" }`
or `"code": "quota_exceeded"`.
2. Quota reset: add a daily job `Web/Job/QuotaResetJob.hs` that runs at
00:00 UTC and updates `quota_resets_at` to the next midnight for all
consumers.
**Close-out:**
3. Update `CLAUDE.md`:
- Change `Active Workplan` section to point to the next workplan (Phase 10:
IHUB-WP-0011 when created) or mark Phase 9 as complete.
- Add IHUB-WP-0010 to the "Completed workplans" list.
4. Update `SCOPE.md` to reflect Phase 9 completion.
5. Update `ARCHITECTURE-LAYERS.md`:
- Add `ApiConsumer`, `ApiKey`, `WebhookSubscription`, `WebhookDelivery`,
`ApiRequestLog` to the Extensions layer.
- Update scorecard (Phase 9 adds external API surface — likely improves
Cross-layer and Configuration scores).
- Set next review date.
6. Update `/contracts/functional/interaction-reporting-v1.md` to reference
the live OpenAPI spec URL (`/api/v2/openapi.json`) and confirm the Phase 9
endpoint list.
7. Mark all exit criteria verified in this workplan file.
8. Sync task completions to state hub.
**Exit criteria (Phase 9 complete when all of these are true):**
- [ ] All core IHF artifact types are readable via `/api/v2/`
- [ ] Interaction events and annotations are writable via `/api/v2/`
- [ ] OpenAPI spec generated; `widget_type`, `event_type`, `category` carry
`enum` arrays from live registries
- [ ] TypeScript SDK at `/api/v2/sdk/ihf-client.ts` exports correct enums
- [ ] Python SDK at `/api/v2/sdk/ihf-client.py` exports correct enums
- [ ] Webhook delivery confirmed for `interaction_event.created` and
`requirement_candidate.created`
- [ ] API usage dashboard renders correctly with AutoRefresh
- [ ] OAuth client credentials flow works end-to-end
- [ ] Submission of an unregistered `event_type` returns HTTP 422 with
registry-referenced error
- [ ] Rate limiting returns 429 with `Retry-After`
- [ ] CLAUDE.md updated; IHUB-WP-0010 listed as complete