cbc9ad73f7
Reference implementation of GCAP-SPEC-SHELLBOUND-BROKER-0001
in FastAPI. Designed for ISVs and enterprises implementing
the governed shell authorization protocol.
Architecture:
FastAPI + SQLModel + Pydantic + async SQLite
Single container deployment: Dockerfile included
OpenAPI schema at /docs is the machine-readable GSAP contract
Broker Interface (§5):
POST /governance/authorize/ — Issue AC
GET /governance/authorize/{p}/ — Poll elevation
POST /governance/complete/ — Receive CR
GET /governance/session/{id}/ — View chain of custody
POST /governance/elevate/ — JIT elevation
GET /governance/drivers/ — List drivers
Identity Driver Interface (§2.2):
IdentityDriver — abstract base (ISV extension point)
KeycloakDriver — Keycloak implementation
DriverRegistry — driver lookup and registration
Chronicle integration (§1.4):
Optional CloudEvents emission via CHRONICLE_WEBHOOK_URL
Forgejo push event format for receiver compatibility
Models:
Pydantic schemas for AC, CR, Principal, Accord, Operation
SQLModel DB models for persistence
Tests: 6 async tests including full AC→CR cycle
695 lines across 27 files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
27 lines
1.3 KiB
Python
27 lines
1.3 KiB
Python
"""fastapi-gsap: Lightweight GSAP broker — GCAP-SPEC-SHELLBOUND-BROKER-0001."""
|
|
import structlog
|
|
from contextlib import asynccontextmanager
|
|
from fastapi import FastAPI
|
|
from fastapi.middleware.cors import CORSMiddleware
|
|
from gsap_broker.settings import settings
|
|
from gsap_broker.db import init_db
|
|
from gsap_broker.routers import authorize, complete, session, elevate, health, drivers
|
|
|
|
logger = structlog.get_logger()
|
|
|
|
@asynccontextmanager
|
|
async def lifespan(app: FastAPI):
|
|
await init_db()
|
|
logger.info("fastapi-gsap started", broker_did=settings.broker_did)
|
|
yield
|
|
|
|
app = FastAPI(title="fastapi-gsap", description="GSAP broker PoC — GCAP-SPEC-SHELLBOUND-BROKER-0001",
|
|
version="0.1.0", lifespan=lifespan)
|
|
app.add_middleware(CORSMiddleware, allow_origins=settings.cors_origins, allow_credentials=True,
|
|
allow_methods=["*"], allow_headers=["*"])
|
|
app.include_router(authorize.router, prefix="/governance", tags=["AC"])
|
|
app.include_router(complete.router, prefix="/governance", tags=["CR"])
|
|
app.include_router(session.router, prefix="/governance", tags=["Session"])
|
|
app.include_router(elevate.router, prefix="/governance", tags=["Elevation"])
|
|
app.include_router(drivers.router, prefix="/governance", tags=["Drivers"])
|
|
app.include_router(health.router, tags=["Health"])
|