Tyler King
420a4e2ea0
Critical fixes: - F-01: SatScope array form support (single pointer → slice with polymorphic JSON) - F-02: Add governance-intent@guildhouse.dev as 10th Shellstream extension - F-06: Replace os.Exit(1) stubs with go-plugin Serve() boilerplate in all cmd/ - F-13: Validate SatScope.ResourcePattern is non-empty High priority: - F-03: Add normative Accord policy syntax note to credential-governance.md §8.2 - F-04: Replace OID XXXXX placeholder with explicit PEN reference and IANA TODO - F-05: Document CredentialComposer hook mapping in spec and plugin-types.md - F-07/F-08: Commit CI pipeline (.github/workflows/ci.yaml) - F-09: Add hashicorp/go-plugin v1.6.3 to go.mod Medium priority: - F-10: Wire sample-ssh-cert-extensions.json fixture into shellstream tests - F-11: Cross-reference merkle proof depth limit (256 leaves) in governance spec - F-12: Add YAML format clarification headers to deploy configs - F-14: Expand README with project status, docs links, and quick-start Low priority: - F-15: Standardize "SSH SVID" → "SSH-SVID" terminology across docs - F-16: Add GovernanceEpochSeconds to PluginConfig and deploy configs - F-17: Add troubleshooting section to deployment.md, error handling to OIDC docs Global: Rename all extension keys from @guildhouse.io to @guildhouse.dev Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
35 lines
1.3 KiB
Go
35 lines
1.3 KiB
Go
// Governance Notifier — SPIRE Notifier plugin.
|
|
//
|
|
// Runs in SPIRE Server. Notifies the Guildhouse GovernanceService of credential
|
|
// lifecycle events (issue, rotate, revoke) and submits MutationEnvelopes to the
|
|
// NotaryService for merkle anchoring.
|
|
package main
|
|
|
|
import (
|
|
"github.com/hashicorp/go-plugin"
|
|
)
|
|
|
|
// handshakeConfig is the HandshakeConfig for this plugin.
|
|
// TODO: replace with SPIRE Plugin SDK handshake once
|
|
// github.com/spiffe/spire-plugin-sdk is added as a dependency.
|
|
var handshakeConfig = plugin.HandshakeConfig{
|
|
ProtocolVersion: 1,
|
|
MagicCookieKey: "ServerAgent",
|
|
MagicCookieValue: "GuildhouseSpire",
|
|
}
|
|
|
|
func main() {
|
|
// TODO: register GovernanceNotifier as a GRPCPlugin implementing
|
|
// the SPIRE Notifier interface. The plugin will:
|
|
// 1. Receive credential lifecycle notifications from SPIRE Server
|
|
// 2. Construct a CreateIntentRequest for the credential event
|
|
// 3. Call GovernanceService.CreateIntent
|
|
// 4. If ceremony required, monitor CeremonyService for resolution
|
|
// 5. Construct MutationEnvelope (RFC 8785 JCS → domain-separated SHA-256)
|
|
// 6. Submit merkle leaf to NotaryService.CreateAnchor
|
|
plugin.Serve(&plugin.ServeConfig{
|
|
HandshakeConfig: handshakeConfig,
|
|
Plugins: map[string]plugin.Plugin{},
|
|
GRPCServer: plugin.DefaultGRPCServer,
|
|
})
|
|
}
|