feat(WP-0010): IHF Phase 9 — External API Surface and Consumer SDKs

Delivers the full Phase 9 external API layer: - Versioned REST API (/api/v2/) with OpenAPI 3.1 spec; enum arrays for widget_type, event_type, annotation category drawn live from registry tables - OAuth 2.0 client credentials flow (/api/v2/token); hub:*:write scopes gated on active HubCapabilityManifest FK - API key management: SHA256-hashed tokens, key_prefix for display, one-time reveal on creation, revocation support - TypeScript and Python consumer SDKs generated from registry tables (/api/v2/sdk/ihf-client.ts, /api/v2/sdk/ihf-client.py) - Webhook delivery: HMAC-SHA256 signing, append-only webhook_deliveries, fire-and-forget dispatch via forkIO, 3-retry logic - Admin API dashboard with 24h stats (request count, error rate, last seen) - Rate limiting (per-minute) and daily quota enforcement via api_request_log - Schema migration: api_consumers, api_keys, webhook_subscriptions (CHECK constraint on 6 framework lifecycle topics), webhook_deliveries (append-only trigger), api_request_log - ARCHITECTURE-LAYERS.md scorecard: 3.34 → 3.41 (approaching Strong) - contracts/functional/interaction-reporting-v1.md extended with Phase 9 endpoint catalogue and 422 validation error format GAAF: no bare TEXT discriminators; webhook event_type uses CHECK constraint over 6 allowed framework lifecycle topic strings (not widget event types). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-01 19:52:20 +00:00
parent 286d33923a
commit 3cac021213
38 changed files with 3581 additions and 17 deletions
--- a/Web/Types.hs
+++ b/Web/Types.hs
@@ -249,6 +249,98 @@ data HubCapabilityManifestsController
    | RetireManifestAction               { hubCapabilityManifestId :: !(Id HubCapabilityManifest) }
    deriving (Eq, Show, Data)

+-- Phase 9 — External API Surface (IHUB-WP-0010)
+
+data ApiConsumersController
+    = ApiConsumersAction
+    | NewApiConsumerAction
+    | ShowApiConsumerAction  { apiConsumerId :: !(Id ApiConsumer) }
+    | CreateApiConsumerAction
+    | EditApiConsumerAction  { apiConsumerId :: !(Id ApiConsumer) }
+    | UpdateApiConsumerAction { apiConsumerId :: !(Id ApiConsumer) }
+    | DeactivateApiConsumerAction { apiConsumerId :: !(Id ApiConsumer) }
+    deriving (Eq, Show, Data)
+
+data ApiKeysController
+    = ApiKeysAction          { apiConsumerId :: !(Id ApiConsumer) }
+    | NewApiKeyAction        { apiConsumerId :: !(Id ApiConsumer) }
+    | CreateApiKeyAction
+    | RevokeApiKeyAction     { apiKeyId :: !(Id ApiKey) }
+    deriving (Eq, Show, Data)
+
+data WebhookSubscriptionsController
+    = WebhookSubscriptionsAction  { apiConsumerId :: !(Id ApiConsumer) }
+    | NewWebhookSubscriptionAction { apiConsumerId :: !(Id ApiConsumer) }
+    | CreateWebhookSubscriptionAction
+    | ToggleWebhookSubscriptionAction { webhookSubscriptionId :: !(Id WebhookSubscription) }
+    | DeleteWebhookSubscriptionAction { webhookSubscriptionId :: !(Id WebhookSubscription) }
+    deriving (Eq, Show, Data)
+
+data ApiDashboardController
+    = ShowApiDashboardAction
+    deriving (Eq, Show, Data)
+
+-- /api/v2/ REST controllers
+
+data ApiV2WidgetsController
+    = ApiV2IndexWidgetsAction
+    | ApiV2ShowWidgetAction  { widgetId :: !(Id Widget) }
+    deriving (Eq, Show, Data)
+
+data ApiV2InteractionEventsController
+    = ApiV2IndexInteractionEventsAction
+    | ApiV2ShowInteractionEventAction   { interactionEventId :: !(Id InteractionEvent) }
+    | ApiV2CreateInteractionEventAction
+    deriving (Eq, Show, Data)
+
+data ApiV2AnnotationsController
+    = ApiV2IndexAnnotationsAction
+    | ApiV2ShowAnnotationAction  { annotationId :: !(Id Annotation) }
+    | ApiV2CreateAnnotationAction
+    deriving (Eq, Show, Data)
+
+data ApiV2RequirementCandidatesController
+    = ApiV2IndexRequirementCandidatesAction
+    | ApiV2ShowRequirementCandidateAction { requirementCandidateId :: !(Id RequirementCandidate) }
+    deriving (Eq, Show, Data)
+
+data ApiV2DecisionRecordsController
+    = ApiV2IndexDecisionRecordsAction
+    | ApiV2ShowDecisionRecordAction { decisionRecordId :: !(Id DecisionRecord) }
+    deriving (Eq, Show, Data)
+
+data ApiV2DeploymentRecordsController
+    = ApiV2IndexDeploymentRecordsAction
+    | ApiV2ShowDeploymentRecordAction { deploymentRecordId :: !(Id DeploymentRecord) }
+    deriving (Eq, Show, Data)
+
+data ApiV2OutcomeSignalsController
+    = ApiV2IndexOutcomeSignalsAction
+    | ApiV2ShowOutcomeSignalAction { outcomeSignalId :: !(Id OutcomeSignal) }
+    deriving (Eq, Show, Data)
+
+data ApiV2RegistriesController
+    = ApiV2ListWidgetTypesAction
+    | ApiV2ListEventTypesAction
+    | ApiV2ListAnnotationCategoriesAction
+    deriving (Eq, Show, Data)
+
+data ApiV2OpenApiController
+    = ApiV2OpenApiJsonAction
+    | ApiV2OpenApiYamlAction
+    | ApiV2DocsAction
+    deriving (Eq, Show, Data)
+
+data ApiV2TokenController
+    = ApiV2CreateTokenAction
+    deriving (Eq, Show, Data)
+
+data ApiV2SdkController
+    = ApiV2SdkIndexAction
+    | ApiV2SdkTsAction
+    | ApiV2SdkPyAction
+    deriving (Eq, Show, Data)
+
 data SessionsController
    = NewSessionAction
    | CreateSessionAction