coulomb/inter-hub
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(WP-0010): IHF Phase 9 — External API Surface and Consumer SDKs
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
Delivers the full Phase 9 external API layer:

- Versioned REST API (/api/v2/) with OpenAPI 3.1 spec; enum arrays for
  widget_type, event_type, annotation category drawn live from registry tables
- OAuth 2.0 client credentials flow (/api/v2/token); hub:*:write scopes
  gated on active HubCapabilityManifest FK
- API key management: SHA256-hashed tokens, key_prefix for display,
  one-time reveal on creation, revocation support
- TypeScript and Python consumer SDKs generated from registry tables
  (/api/v2/sdk/ihf-client.ts, /api/v2/sdk/ihf-client.py)
- Webhook delivery: HMAC-SHA256 signing, append-only webhook_deliveries,
  fire-and-forget dispatch via forkIO, 3-retry logic
- Admin API dashboard with 24h stats (request count, error rate, last seen)
- Rate limiting (per-minute) and daily quota enforcement via api_request_log
- Schema migration: api_consumers, api_keys, webhook_subscriptions (CHECK
  constraint on 6 framework lifecycle topics), webhook_deliveries
  (append-only trigger), api_request_log
- ARCHITECTURE-LAYERS.md scorecard: 3.34 → 3.41 (approaching Strong)
- contracts/functional/interaction-reporting-v1.md extended with Phase 9
  endpoint catalogue and 422 validation error format

GAAF: no bare TEXT discriminators; webhook event_type uses CHECK constraint
over 6 allowed framework lifecycle topic strings (not widget event types).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-04-01 19:52:20 +00:00
parent 286d33923a
commit 3cac021213
38 changed files with 3581 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
Web/View/ApiConsumers/Edit.hs Normal file
View File

@@ -0,0 +1,60 @@
module Web.View.ApiConsumers.Edit where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data EditView = EditView
{ consumer :: !ApiConsumer
, manifests :: ![HubCapabilityManifest]
}
instance View EditView where
html EditView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-6">Edit API Consumer</h1>
<form method="POST" action={UpdateApiConsumerAction consumer.id} class="space-y-4">
{hiddenField #id}
<input type="hidden" name="_method" value="PATCH"/>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Name *</label>
{textField #name}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Description</label>
{textareaField #description}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Linked Hub Manifest (optional)</label>
<select name="hubCapabilityManifestId" class="border rounded px-3 py-2 text-sm w-full">
<option value=""> none </option>
{forEach manifests manifestOption}
</select>
</div>
<div class="grid grid-cols-2 gap-4">
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Rate Limit (req/min)</label>
{numberField #rateLimitPerMinute}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Quota (req/day)</label>
{numberField #quotaPerDay}
</div>
</div>
<div class="pt-2 flex gap-3">
<button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Save Changes
</button>
<a href={ShowApiConsumerAction consumer.id} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
</div>
</form>
</div>
|]
where
manifestOption m = [hsx|
<option value={show m.id}
{if consumer.hubCapabilityManifestId == Just m.id then "selected" else "" :: Text}>
Manifest {show m.id} ({m.status})
</option>
|]

69
Web/View/ApiConsumers/Index.hs Normal file
View File

@@ -0,0 +1,69 @@
module Web.View.ApiConsumers.Index where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data IndexView = IndexView { consumers :: ![ApiConsumer] }
instance View IndexView where
html IndexView { .. } = [hsx|
<div class="flex items-center justify-between mb-6">
<div>
<h1 class="text-2xl font-semibold">API Consumers</h1>
<p class="text-sm text-gray-500 mt-1">External systems authenticated against /api/v2/</p>
</div>
<a href={NewApiConsumerAction}
class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
New Consumer
</a>
</div>
<div class="mb-4 flex gap-3 text-sm">
<a href={ApiV2OpenApiJsonAction} target="_blank" class="text-indigo-600 hover:underline">openapi.json</a>
<a href={ApiV2DocsAction} target="_blank" class="text-indigo-600 hover:underline">API Docs</a>
<a href={ApiV2SdkIndexAction} class="text-indigo-600 hover:underline">SDKs</a>
<a href={ShowApiDashboardAction} class="text-indigo-600 hover:underline">Dashboard</a>
</div>
<div class="bg-white rounded-lg border border-gray-200 overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-gray-50 border-b border-gray-200">
<tr>
<th class="text-left px-4 py-3 font-medium text-gray-600">Name</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Manifest</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Rate Limit</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Quota/day</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Status</th>
<th class="px-4 py-3"></th>
</tr>
</thead>
<tbody class="divide-y divide-gray-100">
{forEach consumers renderRow}
</tbody>
</table>
</div>
|]
where
renderRow consumer = [hsx|
<tr class="hover:bg-gray-50">
<td class="px-4 py-3 font-medium">
<a href={ShowApiConsumerAction consumer.id} class="text-indigo-600 hover:underline">
{consumer.name}
</a>
</td>
<td class="px-4 py-3 text-gray-500">
{if isJust consumer.hubCapabilityManifestId then "" else "" :: Text}
</td>
<td class="px-4 py-3 text-gray-600">{show consumer.rateLimitPerMinute}/min</td>
<td class="px-4 py-3 text-gray-600">{show consumer.quotaPerDay}</td>
<td class="px-4 py-3">
{if consumer.isActive
then [hsx|<span class="bg-green-100 text-green-700 text-xs px-2 py-0.5 rounded-full">active</span>|]
else [hsx|<span class="bg-gray-100 text-gray-500 text-xs px-2 py-0.5 rounded-full">inactive</span>|]}
</td>
<td class="px-4 py-3 text-right">
<a href={EditApiConsumerAction consumer.id} class="text-gray-400 hover:text-gray-700 text-sm mr-3">Edit</a>
<a href={ApiKeysAction consumer.id} class="text-gray-400 hover:text-gray-700 text-sm">Keys</a>
</td>
</tr>
|]

57
Web/View/ApiConsumers/New.hs Normal file
View File

@@ -0,0 +1,57 @@
module Web.View.ApiConsumers.New where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data NewView = NewView
{ consumer :: !ApiConsumer
, manifests :: ![HubCapabilityManifest]
}
instance View NewView where
html NewView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-6">New API Consumer</h1>
<form method="POST" action={CreateApiConsumerAction} class="space-y-4">
{hiddenField #id}
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Name *</label>
{textField #name}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Description</label>
{textareaField #description}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Linked Hub Manifest (optional)</label>
<select name="hubCapabilityManifestId" class="border rounded px-3 py-2 text-sm w-full">
<option value=""> none (third-party consumer) </option>
{forEach manifests manifestOption}
</select>
<p class="text-xs text-gray-400 mt-1">Set for domain hub consumers. Required for hub:*:write scopes.</p>
</div>
<div class="grid grid-cols-2 gap-4">
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Rate Limit (req/min)</label>
{numberField #rateLimitPerMinute}
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Quota (req/day)</label>
{numberField #quotaPerDay}
</div>
</div>
<div class="pt-2 flex gap-3">
<button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Create Consumer
</button>
<a href={ApiConsumersAction} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
</div>
</form>
</div>
|]
where
manifestOption m = [hsx|
<option value={show m.id}>Manifest {show m.id} ({m.status})</option>
|]

161
Web/View/ApiConsumers/Show.hs Normal file
View File

@@ -0,0 +1,161 @@
module Web.View.ApiConsumers.Show where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data ShowView = ShowView
{ consumer :: !ApiConsumer
, apiKeys :: ![ApiKey]
, webhooks :: ![WebhookSubscription]
, mManifest :: !(Maybe HubCapabilityManifest)
}
instance View ShowView where
html ShowView { .. } = [hsx|
<div class="mb-6">
<div class="flex items-start justify-between">
<div>
<h1 class="text-2xl font-semibold">{consumer.name}</h1>
{maybeDescription}
</div>
<div class="flex gap-2">
<a href={EditApiConsumerAction consumer.id}
class="border text-sm px-3 py-1.5 rounded hover:bg-gray-50">Edit</a>
<a href={DeactivateApiConsumerAction consumer.id}
data-method="post" data-confirm="Deactivate this consumer?"
class="border border-red-200 text-red-600 text-sm px-3 py-1.5 rounded hover:bg-red-50">
Deactivate
</a>
</div>
</div>
</div>
<div class="grid grid-cols-3 gap-4 mb-8">
<div class="bg-white border rounded p-4">
<div class="text-xs text-gray-500 uppercase tracking-wide mb-1">Status</div>
{if consumer.isActive
then [hsx|<span class="bg-green-100 text-green-700 text-sm font-medium px-2 py-0.5 rounded">active</span>|]
else [hsx|<span class="bg-gray-100 text-gray-500 text-sm font-medium px-2 py-0.5 rounded">inactive</span>|]}
</div>
<div class="bg-white border rounded p-4">
<div class="text-xs text-gray-500 uppercase tracking-wide mb-1">Rate Limit</div>
<div class="text-sm font-medium">{show consumer.rateLimitPerMinute} req/min</div>
</div>
<div class="bg-white border rounded p-4">
<div class="text-xs text-gray-500 uppercase tracking-wide mb-1">Quota</div>
<div class="text-sm font-medium">{show consumer.quotaPerDay} req/day</div>
</div>
</div>
{manifestPanel}
<div class="mb-8">
<div class="flex items-center justify-between mb-3">
<h2 class="text-lg font-semibold">API Keys</h2>
<a href={NewApiKeyAction consumer.id}
class="bg-indigo-600 text-white text-sm px-3 py-1.5 rounded hover:bg-indigo-700">
New Key
</a>
</div>
{if null apiKeys
then [hsx|<p class="text-sm text-gray-400">No keys yet.</p>|]
else keysTable}
</div>
<div>
<div class="flex items-center justify-between mb-3">
<h2 class="text-lg font-semibold">Webhook Subscriptions</h2>
<a href={NewWebhookSubscriptionAction consumer.id}
class="bg-indigo-600 text-white text-sm px-3 py-1.5 rounded hover:bg-indigo-700">
New Subscription
</a>
</div>
{if null webhooks
then [hsx|<p class="text-sm text-gray-400">No webhooks yet.</p>|]
else webhooksTable}
</div>
|]
where
maybeDescription = case consumer.description of
Just d -> [hsx|<p class="text-sm text-gray-500 mt-1">{d}</p>|]
Nothing -> mempty
manifestPanel = case mManifest of
Nothing -> mempty
Just m -> [hsx|
<div class="bg-indigo-50 border border-indigo-100 rounded p-4 mb-6">
<div class="text-xs text-indigo-500 uppercase tracking-wide mb-1">Hub Capability Manifest</div>
<div class="text-sm font-medium">{m.manifestVersion} <span class="text-indigo-600">{m.status}</span></div>
</div>
|]
keysTable = [hsx|
<div class="bg-white border rounded overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-gray-50 border-b"><tr>
<th class="text-left px-4 py-2 font-medium text-gray-600">Prefix</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Type</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Scopes</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Expires</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Status</th>
<th class="px-4 py-2"></th>
</tr></thead>
<tbody class="divide-y divide-gray-100">
{forEach apiKeys renderKey}
</tbody>
</table>
</div>
|]
renderKey k = [hsx|
<tr>
<td class="px-4 py-2 font-mono text-xs">{k.keyPrefix}...</td>
<td class="px-4 py-2 text-gray-500">{k.tokenType}</td>
<td class="px-4 py-2 text-gray-500">{if k.scopes == "" then "" else k.scopes}</td>
<td class="px-4 py-2 text-gray-500">{maybe "never" show k.expiresAt}</td>
<td class="px-4 py-2">
{if isJust k.revokedAt
then [hsx|<span class="text-red-500 text-xs">revoked</span>|]
else [hsx|<span class="text-green-600 text-xs">active</span>|]}
</td>
<td class="px-4 py-2 text-right">
{if isNothing k.revokedAt
then [hsx|<a href={RevokeApiKeyAction k.id} data-method="post"
data-confirm="Revoke this key? This cannot be undone."
class="text-red-500 hover:text-red-700 text-xs">Revoke</a>|]
else mempty}
</td>
</tr>
|]
webhooksTable = [hsx|
<div class="bg-white border rounded overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-gray-50 border-b"><tr>
<th class="text-left px-4 py-2 font-medium text-gray-600">Event Type</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Target URL</th>
<th class="text-left px-4 py-2 font-medium text-gray-600">Status</th>
<th class="px-4 py-2"></th>
</tr></thead>
<tbody class="divide-y divide-gray-100">
{forEach webhooks renderWebhook}
</tbody>
</table>
</div>
|]
renderWebhook wh = [hsx|
<tr>
<td class="px-4 py-2 font-mono text-xs">{wh.eventType}</td>
<td class="px-4 py-2 text-gray-500 text-xs truncate max-w-xs">{wh.targetUrl}</td>
<td class="px-4 py-2">
{if wh.isActive
then [hsx|<span class="text-green-600 text-xs">active</span>|]
else [hsx|<span class="text-gray-400 text-xs">paused</span>|]}
</td>
<td class="px-4 py-2 text-right">
<a href={ToggleWebhookSubscriptionAction wh.id} data-method="post"
class="text-gray-400 hover:text-gray-700 text-xs mr-2">Toggle</a>
<a href={DeleteWebhookSubscriptionAction wh.id} data-method="delete"
data-confirm="Delete this subscription?"
class="text-red-400 hover:text-red-600 text-xs">Delete</a>
</td>
</tr>
|]

75
Web/View/ApiDashboard/Show.hs Normal file
View File

@@ -0,0 +1,75 @@
module Web.View.ApiDashboard.Show where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
import Data.Maybe (fromMaybe)
data ConsumerStats = ConsumerStats
{ consumer :: !ApiConsumer
, requests24h :: !Int
, errorRate :: !Double -- fraction 0..1
, lastSeen :: !(Maybe UTCTime)
}
data ShowView = ShowView { stats :: ![ConsumerStats] }
instance View ShowView where
html ShowView { .. } = [hsx|
<div class="flex items-center justify-between mb-6">
<div>
<h1 class="text-2xl font-semibold">API Usage Dashboard</h1>
<p class="text-sm text-gray-500 mt-1">Per-consumer request metrics (last 24 hours)</p>
</div>
<a href={ApiConsumersAction} class="text-sm text-gray-500 hover:text-gray-700"> Consumers</a>
</div>
{if null stats
then [hsx|<p class="text-sm text-gray-400">No API activity yet.</p>|]
else statsTable}
|]
where
statsTable = [hsx|
<div class="bg-white rounded-lg border border-gray-200 overflow-hidden">
<table class="w-full text-sm">
<thead class="bg-gray-50 border-b">
<tr>
<th class="text-left px-4 py-3 font-medium text-gray-600">Consumer</th>
<th class="text-right px-4 py-3 font-medium text-gray-600">Req (24h)</th>
<th class="text-right px-4 py-3 font-medium text-gray-600">Error Rate</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Last Seen</th>
<th class="text-left px-4 py-3 font-medium text-gray-600">Manifest</th>
</tr>
</thead>
<tbody class="divide-y divide-gray-100">
{forEach stats renderRow}
</tbody>
</table>
</div>
|]
renderRow ConsumerStats { .. } = [hsx|
<tr class="hover:bg-gray-50">
<td class="px-4 py-3 font-medium">
<a href={ShowApiConsumerAction consumer.id} class="text-indigo-600 hover:underline">
{consumer.name}
</a>
</td>
<td class="px-4 py-3 text-right">{show requests24h}</td>
<td class="px-4 py-3 text-right">
<span class={errorClass errorRate}>
{formatErrorRate errorRate}%
</span>
</td>
<td class="px-4 py-3 text-gray-500 text-xs">
{maybe "never" show lastSeen}
</td>
<td class="px-4 py-3 text-gray-500">
{if isJust consumer.hubCapabilityManifestId then "" else "" :: Text}
</td>
</tr>
|]
errorClass rate
| rate > 0.1 = "text-red-600 font-medium" :: Text
| rate > 0.02 = "text-amber-600"
| otherwise = "text-gray-600"
formatErrorRate rate = show (round (rate * 100) :: Int)

34
Web/View/ApiKeys/Created.hs Normal file
View File

@@ -0,0 +1,34 @@
module Web.View.ApiKeys.Created where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data CreatedView = CreatedView
{ consumer :: !ApiConsumer
, fullKey :: !Text -- one-time display; never stored
}
instance View CreatedView where
html CreatedView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-4">API Key Created</h1>
<div class="bg-amber-50 border border-amber-300 rounded p-4 mb-6">
<p class="text-sm font-semibold text-amber-800 mb-2">Copy this key now it will never be shown again.</p>
<div class="flex items-center gap-2">
<code class="bg-white border rounded px-3 py-2 text-sm font-mono flex-1 break-all">{fullKey}</code>
<button onclick="navigator.clipboard.writeText(this.previousElementSibling.textContent)"
class="border px-2 py-2 rounded text-xs hover:bg-gray-50">Copy</button>
</div>
</div>
<p class="text-sm text-gray-600 mb-4">
Use this key as a Bearer token in the <code>Authorization</code> header:
</p>
<pre class="bg-gray-900 text-gray-100 rounded p-3 text-xs overflow-x-auto mb-6">Authorization: Bearer {fullKey}</pre>
<a href={ShowApiConsumerAction consumer.id}
class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Back to Consumer
</a>
</div>
|]

34
Web/View/ApiKeys/New.hs Normal file
View File

@@ -0,0 +1,34 @@
module Web.View.ApiKeys.New where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
data NewView = NewView
{ apiKey :: !ApiKey
, consumer :: !ApiConsumer
}
instance View NewView where
html NewView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-2">New API Key</h1>
<p class="text-sm text-gray-500 mb-6">For consumer: <strong>{consumer.name}</strong></p>
<form method="POST" action={CreateApiKeyAction} class="space-y-4">
{hiddenField #id}
<input type="hidden" name="apiConsumerId" value={show consumer.id} />
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Scopes (space-separated)</label>
{textField #scopes}
<p class="text-xs text-gray-400 mt-1">e.g. framework:read hub:dev-hub:read hub:dev-hub:write</p>
</div>
<div class="pt-2 flex gap-3">
<button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Generate Key
</button>
<a href={ShowApiConsumerAction consumer.id} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
</div>
</form>
</div>
|]

52
Web/View/WebhookSubscriptions/New.hs Normal file
View File

@@ -0,0 +1,52 @@
module Web.View.WebhookSubscriptions.New where
import Web.Types
import Generated.Types
import IHP.Prelude
import IHP.ViewPrelude
webhookTopics :: [Text]
webhookTopics =
[ "interaction_event.created"
, "annotation.created"
, "requirement_candidate.created"
, "decision_record.created"
, "deployment_record.created"
, "outcome_signal.created"
]
data NewView = NewView
{ subscription :: !WebhookSubscription
, consumer :: !ApiConsumer
}
instance View NewView where
html NewView { .. } = [hsx|
<div class="max-w-lg">
<h1 class="text-2xl font-semibold mb-2">New Webhook Subscription</h1>
<p class="text-sm text-gray-500 mb-6">Consumer: <strong>{consumer.name}</strong></p>
<form method="POST" action={CreateWebhookSubscriptionAction} class="space-y-4">
{hiddenField #id}
<input type="hidden" name="apiConsumerId" value={show consumer.id} />
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Event Topic *</label>
<select name="eventType" class="border rounded px-3 py-2 text-sm w-full">
{forEach webhookTopics topicOption}
</select>
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Target URL *</label>
{textField #targetUrl}
<p class="text-xs text-gray-400 mt-1">Must be HTTPS. IHF will POST JSON payloads with X-IHF-Signature header.</p>
</div>
<div class="pt-2 flex gap-3">
<button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
Create Subscription
</button>
<a href={ShowApiConsumerAction consumer.id} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
</div>
</form>
</div>
|]
where
topicOption t = [hsx|<option value={t}>{t}</option>|]