feat(WP-0010): IHF Phase 9 — External API Surface and Consumer SDKs

Delivers the full Phase 9 external API layer: - Versioned REST API (/api/v2/) with OpenAPI 3.1 spec; enum arrays for widget_type, event_type, annotation category drawn live from registry tables - OAuth 2.0 client credentials flow (/api/v2/token); hub:*:write scopes gated on active HubCapabilityManifest FK - API key management: SHA256-hashed tokens, key_prefix for display, one-time reveal on creation, revocation support - TypeScript and Python consumer SDKs generated from registry tables (/api/v2/sdk/ihf-client.ts, /api/v2/sdk/ihf-client.py) - Webhook delivery: HMAC-SHA256 signing, append-only webhook_deliveries, fire-and-forget dispatch via forkIO, 3-retry logic - Admin API dashboard with 24h stats (request count, error rate, last seen) - Rate limiting (per-minute) and daily quota enforcement via api_request_log - Schema migration: api_consumers, api_keys, webhook_subscriptions (CHECK constraint on 6 framework lifecycle topics), webhook_deliveries (append-only trigger), api_request_log - ARCHITECTURE-LAYERS.md scorecard: 3.34 → 3.41 (approaching Strong) - contracts/functional/interaction-reporting-v1.md extended with Phase 9 endpoint catalogue and 422 validation error format GAAF: no bare TEXT discriminators; webhook event_type uses CHECK constraint over 6 allowed framework lifecycle topic strings (not widget event types). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-01 19:52:20 +00:00
parent 286d33923a
commit 3cac021213
38 changed files with 3581 additions and 17 deletions
--- a/Web/View/ApiKeys/Created.hs
+++ b/Web/View/ApiKeys/Created.hs
@@ -0,0 +1,34 @@
+module Web.View.ApiKeys.Created where
+
+import Web.Types
+import Generated.Types
+import IHP.Prelude
+import IHP.ViewPrelude
+
+data CreatedView = CreatedView
+    { consumer :: !ApiConsumer
+    , fullKey  :: !Text      -- one-time display; never stored
+    }
+
+instance View CreatedView where
+    html CreatedView { .. } = [hsx|
+        <div class="max-w-lg">
+            <h1 class="text-2xl font-semibold mb-4">API Key Created</h1>
+            <div class="bg-amber-50 border border-amber-300 rounded p-4 mb-6">
+                <p class="text-sm font-semibold text-amber-800 mb-2">Copy this key now — it will never be shown again.</p>
+                <div class="flex items-center gap-2">
+                    <code class="bg-white border rounded px-3 py-2 text-sm font-mono flex-1 break-all">{fullKey}</code>
+                    <button onclick="navigator.clipboard.writeText(this.previousElementSibling.textContent)"
+                            class="border px-2 py-2 rounded text-xs hover:bg-gray-50">Copy</button>
+                </div>
+            </div>
+            <p class="text-sm text-gray-600 mb-4">
+                Use this key as a Bearer token in the <code>Authorization</code> header:
+            </p>
+            <pre class="bg-gray-900 text-gray-100 rounded p-3 text-xs overflow-x-auto mb-6">Authorization: Bearer {fullKey}</pre>
+            <a href={ShowApiConsumerAction consumer.id}
+               class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
+                Back to Consumer
+            </a>
+        </div>
+    |]
--- a/Web/View/ApiKeys/New.hs
+++ b/Web/View/ApiKeys/New.hs
@@ -0,0 +1,34 @@
+module Web.View.ApiKeys.New where
+
+import Web.Types
+import Generated.Types
+import IHP.Prelude
+import IHP.ViewPrelude
+
+data NewView = NewView
+    { apiKey   :: !ApiKey
+    , consumer :: !ApiConsumer
+    }
+
+instance View NewView where
+    html NewView { .. } = [hsx|
+        <div class="max-w-lg">
+            <h1 class="text-2xl font-semibold mb-2">New API Key</h1>
+            <p class="text-sm text-gray-500 mb-6">For consumer: <strong>{consumer.name}</strong></p>
+            <form method="POST" action={CreateApiKeyAction} class="space-y-4">
+                {hiddenField #id}
+                <input type="hidden" name="apiConsumerId" value={show consumer.id} />
+                <div>
+                    <label class="block text-sm font-medium text-gray-700 mb-1">Scopes (space-separated)</label>
+                    {textField #scopes}
+                    <p class="text-xs text-gray-400 mt-1">e.g. framework:read hub:dev-hub:read hub:dev-hub:write</p>
+                </div>
+                <div class="pt-2 flex gap-3">
+                    <button type="submit" class="bg-indigo-600 text-white text-sm font-medium px-4 py-2 rounded hover:bg-indigo-700">
+                        Generate Key
+                    </button>
+                    <a href={ShowApiConsumerAction consumer.id} class="text-sm text-gray-500 px-4 py-2 hover:text-gray-700">Cancel</a>
+                </div>
+            </form>
+        </div>
+    |]