feat: greenfield Go rewrite (Phase 2A + 2B + 2C core)
Replaces the Python v1 (preserved on archive/python-v1 branch).
Stack: Go 1.23 + chi router + sqlx + MySQL 8. Distroless static
container. 12-factor config from env. Embedded SQL migrations.
Schema (internal/db/migrations/001_init.sql):
- topics: 议题 with 4-timestamp lifecycle (signup_open/close +
debate_start/end), visibility (default private), status state machine,
verdict_schema FK
- signups: agent self-enrollment with willing_camps (JSON array of
pro|con|judge), pre_validated audit flag, (topic,agent) unique
- camps: post-allocation lock (one row per topic+camp) — written by
Phase 2D allocator
- rounds + arguments: chronological debate transcript
- verdicts: judge structured output, one per topic, with token-cost
trail for future budgeting
- agent_keys + system_keys: peppered sha256 hashes, never raw
- verdict_schemas: seeded with binary, claim-resolution (for
analyze-intel), policy-recommendation, free-form
Auth (internal/auth):
- AgentAPIKey: real bearer-token middleware against agent_keys;
best-effort last_used_at touch on success
- OIDCBrowser: Phase 2 stub. Dev mode accepts x-dev-bypass header
(constant-time compare); prod 401s with a Phase-4-pending hint.
Real Keycloak JWKS verification lands with the frontend rewrite.
HTTP API (internal/httpapi):
- /api/healthz — db ping + version + uptime
- GET /api/topics — list with status/visibility/limit/offset filters;
anonymous callers see public only
- GET /api/topics/{id} — visibility-gated (private → 404 hide)
- POST /api/topics — create with RFC3339 lifecycle validation
(signup_open < signup_close <= debate_start < debate_end)
- PUT /api/topics/{id}/visibility — dialectic-admin role gate
- POST /api/topics/{id}/signups — agent self-enroll; rejects when
topic.status != signup_open OR outside signup window; idempotent
upsert per (topic, agent)
- GET /api/topics/{id}/signups — list (any authed caller)
Auth chains:
- optionalAuth: try bearer → try oidc → fall through anonymous
(handlers branch on Caller.Kind == ""). Uses captureWriter to demote
inner 401s to "try next" without leaking response bytes.
- requireAnyAuth: chain that 401s if neither succeeds.
- requireAgent: strict bearer-only (signup POST).
Run: `docker compose -f docker-compose.dev.yml up --build`. Migrations
auto-apply on first connect; idempotent on reboot. README documents
env vars, dev bypass usage, agent-key provisioning SQL, and the
Phase 2D/E/3/4/5 roadmap.
go vet clean, gofmt clean, single 11M static binary.
This commit is contained in:
37
internal/models/signup.go
Normal file
37
internal/models/signup.go
Normal file
@@ -0,0 +1,37 @@
|
||||
package models
|
||||
|
||||
import "time"
|
||||
|
||||
type Signup struct {
|
||||
ID string `db:"id" json:"id"`
|
||||
TopicID string `db:"topic_id" json:"topic_id"`
|
||||
AgentID string `db:"agent_id" json:"agent_id"`
|
||||
WillingCamps []byte `db:"willing_camps" json:"-"` // JSON column; surface as typed via View()
|
||||
PreValidated bool `db:"pre_validated" json:"pre_validated"`
|
||||
CreatedAt time.Time `db:"created_at" json:"created_at"`
|
||||
}
|
||||
|
||||
// SignupView is the JSON-friendly projection that decodes WillingCamps.
|
||||
type SignupView struct {
|
||||
ID string `json:"id"`
|
||||
TopicID string `json:"topic_id"`
|
||||
AgentID string `json:"agent_id"`
|
||||
WillingCamps []Camp `json:"willing_camps"`
|
||||
PreValidated bool `json:"pre_validated"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
}
|
||||
|
||||
func (s *Signup) View() (SignupView, error) {
|
||||
var camps SignupCampsJSON
|
||||
if err := camps.UnmarshalDB(s.WillingCamps); err != nil {
|
||||
return SignupView{}, err
|
||||
}
|
||||
return SignupView{
|
||||
ID: s.ID,
|
||||
TopicID: s.TopicID,
|
||||
AgentID: s.AgentID,
|
||||
WillingCamps: camps,
|
||||
PreValidated: s.PreValidated,
|
||||
CreatedAt: s.CreatedAt,
|
||||
}, nil
|
||||
}
|
||||
78
internal/models/topic.go
Normal file
78
internal/models/topic.go
Normal file
@@ -0,0 +1,78 @@
|
||||
package models
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"time"
|
||||
)
|
||||
|
||||
type Visibility string
|
||||
|
||||
const (
|
||||
VisibilityPublic Visibility = "public"
|
||||
VisibilityPrivate Visibility = "private"
|
||||
)
|
||||
|
||||
type TopicStatus string
|
||||
|
||||
const (
|
||||
TopicStatusCreated TopicStatus = "created"
|
||||
TopicStatusSignupOpen TopicStatus = "signup_open"
|
||||
TopicStatusSignupClosed TopicStatus = "signup_closed"
|
||||
TopicStatusDebating TopicStatus = "debating"
|
||||
TopicStatusCompleted TopicStatus = "completed"
|
||||
TopicStatusCancelled TopicStatus = "cancelled"
|
||||
)
|
||||
|
||||
type Camp string
|
||||
|
||||
const (
|
||||
CampPro Camp = "pro"
|
||||
CampCon Camp = "con"
|
||||
CampJudge Camp = "judge"
|
||||
)
|
||||
|
||||
// AllCamps is the canonical iteration order used by the allocation algorithm.
|
||||
var AllCamps = [3]Camp{CampPro, CampCon, CampJudge}
|
||||
|
||||
type Topic struct {
|
||||
ID string `db:"id" json:"id"`
|
||||
Title string `db:"title" json:"title"`
|
||||
Summary string `db:"summary" json:"summary"`
|
||||
Visibility Visibility `db:"visibility" json:"visibility"`
|
||||
VerdictSchemaID string `db:"verdict_schema_id" json:"verdict_schema_id"`
|
||||
Status TopicStatus `db:"status" json:"status"`
|
||||
SignupOpenAt time.Time `db:"signup_open_at" json:"signup_open_at"`
|
||||
SignupCloseAt time.Time `db:"signup_close_at" json:"signup_close_at"`
|
||||
DebateStartAt time.Time `db:"debate_start_at" json:"debate_start_at"`
|
||||
DebateEndAt time.Time `db:"debate_end_at" json:"debate_end_at"`
|
||||
CreatorUserID string `db:"creator_user_id" json:"creator_user_id"`
|
||||
VisibilityChangedBy *string `db:"visibility_changed_by" json:"visibility_changed_by,omitempty"`
|
||||
VisibilityChangedAt *time.Time `db:"visibility_changed_at" json:"visibility_changed_at,omitempty"`
|
||||
CancelledReason *string `db:"cancelled_reason" json:"cancelled_reason,omitempty"`
|
||||
CreatedAt time.Time `db:"created_at" json:"created_at"`
|
||||
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
|
||||
}
|
||||
|
||||
// IsCampValid returns true iff c is one of pro|con|judge.
|
||||
func IsCampValid(c Camp) bool {
|
||||
for _, k := range AllCamps {
|
||||
if k == c {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// SignupCampsJSON is a typed wrapper around the JSON-stored willing_camps
|
||||
// column. We marshal/unmarshal at the boundary so handlers can work with
|
||||
// the typed slice.
|
||||
type SignupCampsJSON []Camp
|
||||
|
||||
func (s SignupCampsJSON) Marshal() ([]byte, error) { return json.Marshal(s) }
|
||||
func (s *SignupCampsJSON) UnmarshalDB(raw []byte) error {
|
||||
if len(raw) == 0 {
|
||||
*s = nil
|
||||
return nil
|
||||
}
|
||||
return json.Unmarshal(raw, s)
|
||||
}
|
||||
Reference in New Issue
Block a user