core/go - Lethean Network

core/go

Fork 0

generated from lthn/LEM

Commit graph

Author	SHA1	Message	Date
Snider	ec423cfe46	feat: implement Section 21 — Entitlement permission primitive c.Entitled("action", quantity) checks permission before execution. Default: everything permitted (trusted conclave). Consumer packages replace checker via c.SetEntitlementChecker(). - Entitlement struct: Allowed, Unlimited, Limit, Used, Remaining, Reason - NearLimit(threshold), UsagePercent() convenience methods - EntitlementChecker function type — registered by go-entitlements/commerce-matrix - UsageRecorder for consumption tracking after gated actions succeed - Enforcement wired into Action.Run() — one gate for all capabilities - Security audit logging on denials (P11-6) - 16 AX-7 tests including full SaaS gating pattern simulation Maps 1:1 to RFC-004 EntitlementResult and RFC-005 PermissionResult. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-25 16:17:16 +00:00
Snider	028ec84c5e	fix: remove type Task any — untyped IPC replaced by named Actions The old IPC Task system passed `any` through TaskHandler and PerformAsync. Now that named Actions exist with typed signatures (ActionHandler func(context.Context, Options) Result), the untyped layer is dead weight. Changes: - type Task any removed (was in contract.go) - type Task struct is now the composed sequence (action.go) - PerformAsync takes (action string, opts Options) not (t Task) - TaskHandler type removed — use c.Action("name", handler) - RegisterTask removed — use c.Action("name", handler) - PERFORM sugar removed — use c.Action("name").Run() - ActionTaskStarted/Progress/Completed carry typed fields (Action string, Options, Result) not any ActionDef → Action rename also in this commit (same principle: DTOs don't have Run() methods). Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-25 15:57:36 +00:00
Snider	2dff772a40	feat: implement RFC plans 1-5 — Registry[T], Action/Task, Process, primitives Plans 1-5 complete for core/go scope. 456 tests, 84.4% coverage, 100% AX-7 naming. Critical bugs (Plan 1): - P4-3+P7-3: ACTION broadcast calls all handlers with panic recovery - P7-2+P7-4: RunE() with defer ServiceShutdown, Run() delegates - P3-1: Startable/Stoppable return Result (breaking, clean) - P9-1: Zero os/exec — App.Find() rewritten with os.Stat+PATH - I3: Embed() removed, I15: New() comment fixed - I9: CommandLifecycle removed → Command.Managed field Registry[T] (Plan 2): - Universal thread-safe named collection with 3 lock modes - All 5 registries migrated: services, commands, drive, data, lock - Insertion order preserved (fixes P4-1) - c.RegistryOf("name") cross-cutting accessor Action/Task system (Plan 3): - Action type with Run()/Exists(), ActionHandler signature - c.Action("name") dual-purpose accessor (register/invoke) - TaskDef with Steps — sequential chain, async dispatch, previous-input piping - Panic recovery on all Action execution - broadcast() internal, ACTION() sugar Process primitive (Plan 4): - c.Process() returns Action sugar — Run/RunIn/RunWithEnv/Start/Kill/Exists - No deps added — delegates to c.Action("process.*") - Permission-by-registration: no handler = no capability Missing primitives (Plan 5): - core.ID() — atomic counter + crypto/rand suffix - ValidateName() / SanitisePath() — reusable validation - Fs.WriteAtomic() — write-to-temp-then-rename - Fs.NewUnrestricted() / Fs.Root() — legitimate sandbox bypass - AX-7: 456/456 tests renamed to TestFile_Function_{Good,Bad,Ugly} Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-25 15:18:25 +00:00

Author

SHA1

Message

Date

Snider

ec423cfe46

feat: implement Section 21 — Entitlement permission primitive

c.Entitled("action", quantity) checks permission before execution.
Default: everything permitted (trusted conclave).
Consumer packages replace checker via c.SetEntitlementChecker().

- Entitlement struct: Allowed, Unlimited, Limit, Used, Remaining, Reason
- NearLimit(threshold), UsagePercent() convenience methods
- EntitlementChecker function type — registered by go-entitlements/commerce-matrix
- UsageRecorder for consumption tracking after gated actions succeed
- Enforcement wired into Action.Run() — one gate for all capabilities
- Security audit logging on denials (P11-6)
- 16 AX-7 tests including full SaaS gating pattern simulation

Maps 1:1 to RFC-004 EntitlementResult and RFC-005 PermissionResult.

Co-Authored-By: Virgil <virgil@lethean.io>

2026-03-25 16:17:16 +00:00

Snider

028ec84c5e

fix: remove type Task any — untyped IPC replaced by named Actions

The old IPC Task system passed `any` through TaskHandler and
PerformAsync. Now that named Actions exist with typed signatures
(ActionHandler func(context.Context, Options) Result), the untyped
layer is dead weight.

Changes:
- type Task any removed (was in contract.go)
- type Task struct is now the composed sequence (action.go)
- PerformAsync takes (action string, opts Options) not (t Task)
- TaskHandler type removed — use c.Action("name", handler)
- RegisterTask removed — use c.Action("name", handler)
- PERFORM sugar removed — use c.Action("name").Run()
- ActionTaskStarted/Progress/Completed carry typed fields
  (Action string, Options, Result) not any

ActionDef → Action rename also in this commit (same principle:
DTOs don't have Run() methods).

Co-Authored-By: Virgil <virgil@lethean.io>

2026-03-25 15:57:36 +00:00

Snider

2dff772a40

feat: implement RFC plans 1-5 — Registry[T], Action/Task, Process, primitives

Plans 1-5 complete for core/go scope. 456 tests, 84.4% coverage, 100% AX-7 naming.

Critical bugs (Plan 1):
- P4-3+P7-3: ACTION broadcast calls all handlers with panic recovery
- P7-2+P7-4: RunE() with defer ServiceShutdown, Run() delegates
- P3-1: Startable/Stoppable return Result (breaking, clean)
- P9-1: Zero os/exec — App.Find() rewritten with os.Stat+PATH
- I3: Embed() removed, I15: New() comment fixed
- I9: CommandLifecycle removed → Command.Managed field

Registry[T] (Plan 2):
- Universal thread-safe named collection with 3 lock modes
- All 5 registries migrated: services, commands, drive, data, lock
- Insertion order preserved (fixes P4-1)
- c.RegistryOf("name") cross-cutting accessor

Action/Task system (Plan 3):
- Action type with Run()/Exists(), ActionHandler signature
- c.Action("name") dual-purpose accessor (register/invoke)
- TaskDef with Steps — sequential chain, async dispatch, previous-input piping
- Panic recovery on all Action execution
- broadcast() internal, ACTION() sugar

Process primitive (Plan 4):
- c.Process() returns Action sugar — Run/RunIn/RunWithEnv/Start/Kill/Exists
- No deps added — delegates to c.Action("process.*")
- Permission-by-registration: no handler = no capability

Missing primitives (Plan 5):
- core.ID() — atomic counter + crypto/rand suffix
- ValidateName() / SanitisePath() — reusable validation
- Fs.WriteAtomic() — write-to-temp-then-rename
- Fs.NewUnrestricted() / Fs.Root() — legitimate sandbox bypass
- AX-7: 456/456 tests renamed to TestFile_Function_{Good,Bad,Ugly}

Co-Authored-By: Virgil <virgil@lethean.io>

2026-03-25 15:18:25 +00:00

3 commits