code.oscarkilo.com/okg #a1b608958af930fdc13c1afc37a73dfbff3ab70e

Hash:

a1b608958af930fdc13c1afc37a73dfbff3ab70e

Author:

Date:

Fri Jun 5 16:16:49 2026 -0400

Message:

okg/who: add AppDataEntry + AppData field; document position Two prep moves: 1. AppDataEntry type with App/Key/Value/Timestamp fields, referenced by Profile.AppData (previously omitted) and User.AppData (newly added). 2. User struct gains an AppData field. Stays strictly public-safe — no internal-only fields. README.md picks up a "Position" section framing okg as the public entry point for external callers (agents, scripts, anything outside Oscar Kilo's infrastructure). Also scrubs implementation-internal references from package docs and inline comments — okg's source is itself world-public.

diff --git a/README.md b/README.md
index c8f3f6d..fc267cd 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,19 @@ services into one binary. Today: git ops against
Designed for both humans and AI agents (Claude, OpenClaw) to
use directly from the command line.

+## Position
+
+okg is world-public. It runs anywhere — on developer laptops,
+in cloud workers, in agent sandboxes — and authenticates
+against OscarKilo services with a Klex API key saved to
+`~/.config/okg/config.json`. The wire formats it sends and
+decodes are deliberately limited to fields that are safe to
+expose outside any data center.
+
+If you're writing an LLM agent, an automation script, or
+anything else that runs outside Oscar Kilo's infrastructure,
+okg is the entry point.
+
## Install

```bash
diff --git a/chat/chat.go b/chat/chat.go
index 29ca0fa..c31a40e 100644
--- a/chat/chat.go
+++ b/chat/chat.go
@@ -1,16 +1,10 @@
-// Package chat is the public HTTP client for OscarKilo's //chat
-// service.
+// Package chat is the public HTTP client for OscarKilo's chat
+// service. It is used by `okg` and any other tool that talks
+// to oscarkilo.com over the network.
//
-// Wire types mirror //clients/chat's domain types (Message,
-// Filter) and //chat/server's request/response wrappers
-// (SendRequest, SearchRequest, SearchResponse). The
-// duplication is deliberate — okg is world-public, //clients
-// is intra-cluster — and will get the same dot-import
-// treatment as //okg/who when both packages stabilize.
-//
-// The HTTP struct is named HTTPClient (not Client) so a future
-// `import . "oscarkilo.com/okg/chat"` inside //clients/chat
-// doesn't collide with that package's existing Client type.
+// The struct here is named HTTPClient (not just Client) so
+// applications can wrap it in their own Client abstractions
+// without name collision.
package chat

import "time"
@@ -27,9 +21,9 @@ func NewHTTPClient(host, apiKey string) *HTTPClient {
return &HTTPClient{Client: rest.NewClient(host, apiKey)}
}

-// Message mirrors //clients/chat.Message. No JSON tags — the
-// server marshals with default Go field names (PascalCase).
-// FUTURE: snake_case once //clients/chat gets JSON tags.
+// Message is a single chat message. No JSON tags — the server
+// marshals with default Go field names (PascalCase). FUTURE:
+// switch to snake_case once the server adds JSON tags.
type Message struct {
From string
To string
@@ -58,7 +52,7 @@ type SearchRequest struct {
To string `json:"to,omitempty"`
}

-// SearchResponse mirrors //chat/server.SearchResponse.
+// SearchResponse is the body of POST /chat/search's response.
type SearchResponse struct {
Messages []*Message `json:"messages"`
}
diff --git a/who/who.go b/who/who.go
index a37d71c..d3999c7 100644
--- a/who/who.go
+++ b/who/who.go
@@ -1,17 +1,14 @@
// Package who is the public HTTP client for OscarKilo's //who
-// service. It is the world-public side of //who, used by
-// `okg` and any other tool that talks to oscarkilo.com over
-// the network.
+// service. It is used by `okg` and any other tool that talks
+// to oscarkilo.com over the network.
//
-// //clients/who (intra-cluster, has the in-process MockClient,
-// the /internal/* calls, the dev/prod factory) will eventually
-// import this package via `import . "oscarkilo.com/okg/who"`
-// so the two share types and request paths. To make that dot
-// import work, the struct here is named HTTPClient — leaving
-// the unqualified `Client` name free for //clients/who's
-// existing interface.
+// The struct here is named HTTPClient (not just Client) so
+// applications can wrap it in their own Client abstractions
+// without name collision.
package who

+import "time"
+
import "oscarkilo.com/okg/internal/rest"

// HTTPClient talks to a //who server over HTTPS. Embeds the
@@ -24,22 +21,32 @@ func NewHTTPClient(host, apiKey string) *HTTPClient {
return &HTTPClient{Client: rest.NewClient(host, apiKey)}
}

+// ---- Common types ----
+
+// AppDataEntry is one user-scoped app-data record served by
+// //who (per-user key/value, namespaced by app).
+type AppDataEntry struct {
+ App string `json:"app"`
+ Key string `json:"key"`
+ Value string `json:"value"`
+ Timestamp time.Time `json:"timestamp"`
+}
+
// ---- Caller identity ----

// Profile is the caller's //who profile. Mirrors the
// JSON-serialized subset of //who.Profile that GET
-// /login/profile/get returns. Extra fields the server may
-// return (ApiKeys, Logins, AppData, timestamps) are decoded
-// permissively if added later; we just don't expose them here
-// until okg has a use for them.
+// /login/profile/get returns. ApiKeys, Logins, and timestamps
+// are not exposed here yet — add when okg has a use.
type Profile struct {
- Owid string `json:"owid"`
- Username string `json:"username"`
- Name string `json:"name"`
- Email string `json:"email"`
- PortraitUrl string `json:"portrait_url"`
- OwnerOwid string `json:"owner_owid"`
- Groups []string `json:"groups"`
+ Owid string `json:"owid"`
+ Username string `json:"username"`
+ Name string `json:"name"`
+ Email string `json:"email"`
+ PortraitUrl string `json:"portrait_url"`
+ OwnerOwid string `json:"owner_owid"`
+ Groups []string `json:"groups"`
+ AppData []AppDataEntry `json:"app_data,omitempty"`
}

// GetProfile returns the caller's own profile, identified by
@@ -55,7 +62,7 @@ func (c *HTTPClient) GetProfile() (*Profile, error) {
// ---- Groups ----

// Group describes a //who group (a named entity with members).
-// Mirrors the listedGroup shape in //who/server/groups_list.go.
+// Matches the row shape in /groups/list's response.
type Group struct {
Owid string `json:"owid"`
Username string `json:"username"`
@@ -158,11 +165,12 @@ func (c *HTTPClient) DeleteGroup(req DeleteGroupRequest) error {

// ---- Authz ----

-// User is a thin //who-user identifier used inside AuthzEntry.
-// Mirrors the Owid/Username subset of //clients/who.User.
+// User is the public //who-user identifier. It carries only
+// the fields safe to expose to external callers.
type User struct {
- Owid string `json:"owid"`
- Username string `json:"username"`
+ Owid string `json:"owid"`
+ Username string `json:"username"`
+ AppData []AppDataEntry `json:"appdata,omitempty"`
}

// AuthzEntry is one row of GET /authz/list: the URI, its owner

# okg — Oscar Kilo Goodness

A command-line tool that bundles Oscar Kilo's externally usable

services into one binary. Today: git ops against

[klee](https://code.oscarkilo.com), and LLM embeddings against

[klex](https://oscarkilo.com/klex). More LLM utilities (`one`,

`exemplary`) coming as the legacy `klex-git` binaries fold in.

Designed for both humans and AI agents (Claude, OpenClaw) to

use directly from the command line.

## Position

okg is world-public. It runs anywhere — on developer laptops,

in cloud workers, in agent sandboxes — and authenticates

against OscarKilo services with a Klex API key saved to

`~/.config/okg/config.json`. The wire formats it sends and

decodes are deliberately limited to fields that are safe to

expose outside any data center.

If you're writing an LLM agent, an automation script, or

anything else that runs outside Oscar Kilo's infrastructure,

okg is the entry point.

## Install

```bash

go install oscarkilo.com/okg@latest

```

Or build from source:

```bash

git clone https://code.oscarkilo.com/okg

cd okg && go build .

```

## Setup

By default okg talks to the production klee host

(`https://code.oscarkilo.com`); the only setup you need is your

API key. `okg auth login` saves it to

`~/.config/okg/config.json`.

```bash

# Non-interactive (for agents and scripts).

okg auth login --key sk-...

cat ~/.klex.key | okg auth login # equivalent, ps-safe

# Interactive (prompts for host then key).

okg auth login

```

Override the host for dev/local work with `--host` on `auth login`.

## Commands

```

okg repo list

okg pr list [--state open|closed]

okg pr create --head BRANCH [--base master] --title TITLE [--body BODY]

okg pr view NUMBER

okg pr diff NUMBER

okg pr comment NUMBER --body BODY [--approve | --request-changes]

okg pr merge NUMBER

okg pr close NUMBER

okg pr reopen NUMBER

okg auth login [--key KEY] [--host HOST]

okg group list [--json]

okg group create NAME [--full-name TEXT] [--owner USER]

okg group add-member GROUP USER [USER ...]

okg group remove-member GROUP USER [USER ...]

okg group members GROUP [--json]

okg group delete NAME

okg authz list [--json]

okg authz set URI OWNER READER

okg authz delete URI

okg chat send TO TEXT

okg chat fetch [--to GROUP] [--json]

okg embed [--model NAME] [--dims N] [--full-path]

(reads stdin → vectors on stdout)

okg one [--model NAME] [--system-file FILE] \

[--prompt-file FILE] [--attach FILE] \

[--format text|json|jsonindent] [--fast-fail]

(reads stdin as a JSON MessagesRequest)

```

### Coming next

- `okg exemplary` — few-shot batch runner (from

`klex-git/exemplary`).

Once that lands, the standalone `klex-git` binaries are

deprecated.

100

deprecated.

101

### Flags

102

### Flags

103

- `--repo REPO` overrides auto-detected repo name

104

- `--repo REPO` overrides auto-detected repo name

(normally parsed from `git remote get-url origin`)

105

(normally parsed from `git remote get-url origin`)

- `--json` outputs raw JSON for any command

106

- `--json` outputs raw JSON for any command

- `OKG_REPO` env var also overrides repo detection

107

- `OKG_REPO` env var also overrides repo detection

108

## Repo Detection

109

## Repo Detection

110

Like `gh`, okg detects the repo from the current directory's

111

Like `gh`, okg detects the repo from the current directory's

git remote:

112

git remote:

100

113

101

```

114

```

102

git remote get-url origin

115

git remote get-url origin

103

→ https://code.oscarkilo.com/widget.git

116

→ https://code.oscarkilo.com/widget.git

104

→ repo = "widget"

117

→ repo = "widget"

105

```

118

```

106

119

107

## Dependencies

120

## Dependencies

108

121

109

- `oscarkilo.com/klex-git` for the LLM API client (transitional;

122

- `oscarkilo.com/klex-git` for the LLM API client (transitional;

110

to be folded in once all `klex-git` binaries have moved here).

123

to be folded in once all `klex-git` binaries have moved here).

111

- Otherwise Go standard library only.

124

- Otherwise Go standard library only.

// Package chat is the public HTTP client for OscarKilo's //chat

// Package chat is the public HTTP client for OscarKilo's chat

// service.

// service. It is used by `okg` and any other tool that talks

// to oscarkilo.com over the network.

// Wire types mirror //clients/chat's domain types (Message,

// The struct here is named HTTPClient (not just Client) so

// Filter) and //chat/server's request/response wrappers

// applications can wrap it in their own Client abstractions

// (SendRequest, SearchRequest, SearchResponse). The

// without name collision.

// duplication is deliberate — okg is world-public, //clients

// is intra-cluster — and will get the same dot-import

// treatment as //okg/who when both packages stabilize.

// The HTTP struct is named HTTPClient (not Client) so a future

// `import . "oscarkilo.com/okg/chat"` inside //clients/chat

// doesn't collide with that package's existing Client type.

package chat

import "time"

import "oscarkilo.com/okg/internal/rest"

// HTTPClient talks to a //chat server over HTTPS. Embeds the

// shared rest helpers; chat-specific methods live below.

type HTTPClient struct {

*rest.Client

}

func NewHTTPClient(host, apiKey string) *HTTPClient {

return &HTTPClient{Client: rest.NewClient(host, apiKey)}

}

// Message mirrors //clients/chat.Message. No JSON tags — the

// Message is a single chat message. No JSON tags — the server

// server marshals with default Go field names (PascalCase).

// marshals with default Go field names (PascalCase). FUTURE:

// FUTURE: snake_case once //clients/chat gets JSON tags.

// switch to snake_case once the server adds JSON tags.

type Message struct {

From string

To string

Text string

CreatedAt time.Time

}

// SendRequest is the body for POST /chat/send.

type SendRequest struct {

To string `json:"to"`

Text string `json:"text"`

}

// Send posts a message to a //chat group. The caller must have

// post rights on chat://<to>#post.

func (c *HTTPClient) Send(req SendRequest) (*Message, error) {

var msg Message

if err := c.PostJSON("/chat/send", req, &msg); err != nil {

return nil, err

}

return &msg, nil

}

// SearchRequest is the body for POST /chat/search.

type SearchRequest struct {

To string `json:"to,omitempty"`

}

// SearchResponse mirrors //chat/server.SearchResponse.

// SearchResponse is the body of POST /chat/search's response.

type SearchResponse struct {

Messages []*Message `json:"messages"`

}

// Search returns messages matching the filter. The caller must

// have read rights on chat://<To>#read (otherwise the result

// is empty, not an error — per //chat's policy).

func (c *HTTPClient) Search(

req SearchRequest,

) ([]*Message, error) {

var res SearchResponse

if err := c.PostJSON(

"/chat/search", req, &res); err != nil {

return nil, err

}

return res.Messages, nil

}

// Package who is the public HTTP client for OscarKilo's //who

// service. It is the world-public side of //who, used by

// service. It is used by `okg` and any other tool that talks

// `okg` and any other tool that talks to oscarkilo.com over

// to oscarkilo.com over the network.

// the network.

// //clients/who (intra-cluster, has the in-process MockClient,

// The struct here is named HTTPClient (not just Client) so

// the /internal/* calls, the dev/prod factory) will eventually

// applications can wrap it in their own Client abstractions

// import this package via `import . "oscarkilo.com/okg/who"`

// without name collision.

// so the two share types and request paths. To make that dot

// import work, the struct here is named HTTPClient — leaving

// the unqualified `Client` name free for //clients/who's

// existing interface.

package who

import "time"

import "oscarkilo.com/okg/internal/rest"

// HTTPClient talks to a //who server over HTTPS. Embeds the

// shared rest helpers; who-specific methods live below.

type HTTPClient struct {

*rest.Client

}

func NewHTTPClient(host, apiKey string) *HTTPClient {

return &HTTPClient{Client: rest.NewClient(host, apiKey)}

}

// ---- Common types ----

// AppDataEntry is one user-scoped app-data record served by

// //who (per-user key/value, namespaced by app).

type AppDataEntry struct {

App string `json:"app"`

Key string `json:"key"`

Value string `json:"value"`

Timestamp time.Time `json:"timestamp"`

}

// ---- Caller identity ----

// Profile is the caller's //who profile. Mirrors the

// JSON-serialized subset of //who.Profile that GET

// /login/profile/get returns. Extra fields the server may

// /login/profile/get returns. ApiKeys, Logins, and timestamps

// return (ApiKeys, Logins, AppData, timestamps) are decoded

// are not exposed here yet — add when okg has a use.

// permissively if added later; we just don't expose them here

// until okg has a use for them.

type Profile struct {

Owid string `json:"owid"`

Username string `json:"username"`

Name string `json:"name"`

Email string `json:"email"`

PortraitUrl string `json:"portrait_url"`

OwnerOwid string `json:"owner_owid"`

Groups []string `json:"groups"`

AppData []AppDataEntry `json:"app_data,omitempty"`

}

// GetProfile returns the caller's own profile, identified by

// the Bearer key.

func (c *HTTPClient) GetProfile() (*Profile, error) {

var p Profile

if err := c.GetJSON("/login/profile/get", &p); err != nil {

return nil, err

}

return &p, nil

}

// ---- Groups ----

// Group describes a //who group (a named entity with members).

// Mirrors the listedGroup shape in //who/server/groups_list.go.

// Matches the row shape in /groups/list's response.

type Group struct {

Owid string `json:"owid"`

Username string `json:"username"`

Name string `json:"name"`

OwnerOwid string `json:"owner_owid"`

OwnerUsername string `json:"owner_username"`

}

type listGroupsResponse struct {

Groups []Group `json:"groups"`

}

// ListGroups returns the groups visible to the caller.

func (c *HTTPClient) ListGroups() ([]Group, error) {

var res listGroupsResponse

if err := c.GetJSON("/groups/list", &res); err != nil {

return nil, err

}

return res.Groups, nil

}

// CreateGroupRequest is the body for POST /groups/add. Username

// is the group's //who username (e.g. "team"); Name is the

// human-facing display name; OwnerUsername is the user who'll

// own the new group.

type CreateGroupRequest struct {

Username string `json:"username"`

Name string `json:"name"`

OwnerUsername string `json:"owner_username"`

}

// CreateGroup creates a new //who group.

func (c *HTTPClient) CreateGroup(req CreateGroupRequest) error {

return c.PostJSON("/groups/add", req, nil)

}

100

}

101

// JoinGroupsRequest is the body for POST /groups/join. The

102

// JoinGroupsRequest is the body for POST /groups/join. The

// server adds every (GroupUsernames[i], MemberUsernames[j])

103

// server adds every (GroupUsernames[i], MemberUsernames[j])

// pair, requiring the caller to be an owner of each group.

104

// pair, requiring the caller to be an owner of each group.

type JoinGroupsRequest struct {

105

type JoinGroupsRequest struct {

GroupUsernames []string `json:"group_usernames"`

106

GroupUsernames []string `json:"group_usernames"`

100

MemberUsernames []string `json:"member_usernames"`

107

MemberUsernames []string `json:"member_usernames"`

101

}

108

}

102

109

103

// JoinGroups adds members to groups (all pairwise combinations).

110

// JoinGroups adds members to groups (all pairwise combinations).

104

func (c *HTTPClient) JoinGroups(req JoinGroupsRequest) error {

111

func (c *HTTPClient) JoinGroups(req JoinGroupsRequest) error {

105

return c.PostJSON("/groups/join", req, nil)

112

return c.PostJSON("/groups/join", req, nil)

106

}

113

}

107

114

108

// GroupMembersResponse is the response from POST

115

// GroupMembersResponse is the response from POST

109

// /groups/members. Up lists the groups that contain the queried

116

// /groups/members. Up lists the groups that contain the queried

110

// entity (each level as a slice of owids). Down lists its

117

// entity (each level as a slice of owids). Down lists its

111

// members the same way. Usernames maps every owid mentioned to

118

// members the same way. Usernames maps every owid mentioned to

112

// its //who username.

119

// its //who username.

113

type GroupMembersResponse struct {

120

type GroupMembersResponse struct {

114

Up [][]string `json:"up"`

121

Up [][]string `json:"up"`

115

Down [][]string `json:"down"`

122

Down [][]string `json:"down"`

116

Usernames map[string]string `json:"usernames"`

123

Usernames map[string]string `json:"usernames"`

117

}

124

}

118

125

119

// GroupMembers returns membership DAG navigation for the given

126

// GroupMembers returns membership DAG navigation for the given

120

// entity owid. For a group, Down enumerates its members.

127

// entity owid. For a group, Down enumerates its members.

121

func (c *HTTPClient) GroupMembers(

128

func (c *HTTPClient) GroupMembers(

122

ownerOwid string,

129

ownerOwid string,

123

) (*GroupMembersResponse, error) {

130

) (*GroupMembersResponse, error) {

124

var res GroupMembersResponse

131

var res GroupMembersResponse

125

err := c.PostJSON("/groups/members",

132

err := c.PostJSON("/groups/members",

126

map[string]string{"owid": ownerOwid}, &res)

133

map[string]string{"owid": ownerOwid}, &res)

127

if err != nil {

134

if err != nil {

128

return nil, err

135

return nil, err

129

}

136

}

130

return &res, nil

137

return &res, nil

131

}

138

}

132

139

133

// LeaveGroupRequest is the body for POST /groups/leave. Both

140

// LeaveGroupRequest is the body for POST /groups/leave. Both

134

// IDs are owids (obfuscated wids); to translate from usernames,

141

// IDs are owids (obfuscated wids); to translate from usernames,

135

// call ListGroups + GroupMembers first.

142

// call ListGroups + GroupMembers first.

136

type LeaveGroupRequest struct {

143

type LeaveGroupRequest struct {

137

GroupOwid string `json:"group_owid"`

144

GroupOwid string `json:"group_owid"`

138

MemberOwid string `json:"member_owid"`

145

MemberOwid string `json:"member_owid"`

139

}

146

}

140

147

141

// LeaveGroup removes a member from a group. The caller must own

148

// LeaveGroup removes a member from a group. The caller must own

142

// the group.

149

// the group.

143

func (c *HTTPClient) LeaveGroup(req LeaveGroupRequest) error {

150

func (c *HTTPClient) LeaveGroup(req LeaveGroupRequest) error {

144

return c.PostJSON("/groups/leave", req, nil)

151

return c.PostJSON("/groups/leave", req, nil)

145

}

152

}

146

153

147

// DeleteGroupRequest is the body for POST /groups/delete. Owid

154

// DeleteGroupRequest is the body for POST /groups/delete. Owid

148

// is the group's obfuscated wid.

155

// is the group's obfuscated wid.

149

type DeleteGroupRequest struct {

156

type DeleteGroupRequest struct {

150

Owid string `json:"owid"`

157

Owid string `json:"owid"`

151

}

158

}

152

159

153

// DeleteGroup destroys a group. The caller must own it (or be a

160

// DeleteGroup destroys a group. The caller must own it (or be a

154

// //who admin).

161

// //who admin).

155

func (c *HTTPClient) DeleteGroup(req DeleteGroupRequest) error {

162

func (c *HTTPClient) DeleteGroup(req DeleteGroupRequest) error {

156

return c.PostJSON("/groups/delete", req, nil)

163

return c.PostJSON("/groups/delete", req, nil)

157

}

164

}

158

165

159

// ---- Authz ----

166

// ---- Authz ----

160

167

161

// User is a thin //who-user identifier used inside AuthzEntry.

168

// User is the public //who-user identifier. It carries only

162

// Mirrors the Owid/Username subset of //clients/who.User.

169

// the fields safe to expose to external callers.

163

type User struct {

170

type User struct {

164

Owid string `json:"owid"`

171

Owid string `json:"owid"`

165

Username string `json:"username"`

172

Username string `json:"username"`

173

AppData []AppDataEntry `json:"appdata,omitempty"`

166

}

174

}

167

175

168

// AuthzEntry is one row of GET /authz/list: the URI, its owner

176

// AuthzEntry is one row of GET /authz/list: the URI, its owner

169

// and reader, and the caller's effective rights on it.

177

// and reader, and the caller's effective rights on it.

170

type AuthzEntry struct {

178

type AuthzEntry struct {

171

Uri string `json:"uri"`

179

Uri string `json:"uri"`

172

Owner *User `json:"owner"`

180

Owner *User `json:"owner"`

173

Reader *User `json:"reader"`

181

Reader *User `json:"reader"`

174

IsOwner bool `json:"is_owner"`

182

IsOwner bool `json:"is_owner"`

175

IsReader bool `json:"is_reader"`

183

IsReader bool `json:"is_reader"`

176

}

184

}

177

185

178

type listAuthzResponse struct {

186

type listAuthzResponse struct {

179

Uris []AuthzEntry `json:"uris"`

187

Uris []AuthzEntry `json:"uris"`

180

}

188

}

181

189

182

// ListAuthz returns all authz URIs visible to the caller.

190

// ListAuthz returns all authz URIs visible to the caller.

183

func (c *HTTPClient) ListAuthz() ([]AuthzEntry, error) {

191

func (c *HTTPClient) ListAuthz() ([]AuthzEntry, error) {

184

var res listAuthzResponse

192

var res listAuthzResponse

185

if err := c.GetJSON("/authz/list", &res); err != nil {

193

if err := c.GetJSON("/authz/list", &res); err != nil {

186

return nil, err

194

return nil, err

187

}

195

}

188

return res.Uris, nil

196

return res.Uris, nil

189

}

197

}

190

198

191

// AuthzSetRequest is the body for POST /authz/set. Both

199

// AuthzSetRequest is the body for POST /authz/set. Both

192

// usernames must be non-empty and known to //who; the public

200

// usernames must be non-empty and known to //who; the public

193

// endpoint does not honor the "anyone" sentinel.

201

// endpoint does not honor the "anyone" sentinel.

194

type AuthzSetRequest struct {

202

type AuthzSetRequest struct {

195

Uri string `json:"uri"`

203

Uri string `json:"uri"`

196

OwnerUsername string `json:"owner_username"`

204

OwnerUsername string `json:"owner_username"`

197

ReaderUsername string `json:"reader_username"`

205

ReaderUsername string `json:"reader_username"`

198

}

206

}

199

207

200

// SetAuthz writes an authz entry. The caller must be an owner

208

// SetAuthz writes an authz entry. The caller must be an owner

201

// of the URI (or a //who admin).

209

// of the URI (or a //who admin).

202

func (c *HTTPClient) SetAuthz(req AuthzSetRequest) error {

210

func (c *HTTPClient) SetAuthz(req AuthzSetRequest) error {

203

return c.PostJSON("/authz/set", req, nil)

211

return c.PostJSON("/authz/set", req, nil)

204

}

212

}

205

213

206

// AuthzDeleteRequest is the body for POST /authz/delete.

214

// AuthzDeleteRequest is the body for POST /authz/delete.

207

type AuthzDeleteRequest struct {

215

type AuthzDeleteRequest struct {

208

Uri string `json:"uri"`

216

Uri string `json:"uri"`

209

}

217

}

210

218

211

// DeleteAuthz removes an authz entry. The caller must own the URI.

219

// DeleteAuthz removes an authz entry. The caller must own the URI.

212

func (c *HTTPClient) DeleteAuthz(req AuthzDeleteRequest) error {

220

func (c *HTTPClient) DeleteAuthz(req AuthzDeleteRequest) error {

213

return c.PostJSON("/authz/delete", req, nil)

221

return c.PostJSON("/authz/delete", req, nil)

214

}

222

}