mirror of
https://github.com/vxcontrol/cloud.git
synced 2026-07-19 11:51:48 -04:00
237 lines
9.2 KiB
Go
237 lines
9.2 KiB
Go
// Package cloud provides enterprise-grade Go SDK for secure integration with VXControl Cloud Platform.
|
|
//
|
|
// The VXControl Cloud Platform offers a comprehensive suite of cybersecurity services
|
|
// accessible through secure, PoW-protected APIs. This package enables developers to integrate
|
|
// their security tools and applications with advanced cybersecurity services including
|
|
// update management, package distribution, AI-powered troubleshooting, and comprehensive
|
|
// data anonymization.
|
|
//
|
|
// # Architecture
|
|
//
|
|
// The cloud package consists of several core components:
|
|
//
|
|
// - sdk: Main SDK package for API integration with 24 strongly-typed function patterns
|
|
// - models: Type-safe data models with built-in validation for all API interactions
|
|
// - anonymizer: Comprehensive PII/secrets masking engine with 300+ pattern recognition
|
|
// - system: Cross-platform utilities for stable installation ID generation
|
|
// - examples: Production-ready integration examples and usage patterns
|
|
//
|
|
// # Quick Start
|
|
//
|
|
// Basic usage involves configuring API endpoints and building the SDK:
|
|
//
|
|
// import (
|
|
// "github.com/vxcontrol/cloud/sdk"
|
|
// "github.com/vxcontrol/cloud/models"
|
|
// "github.com/vxcontrol/cloud/system"
|
|
// )
|
|
//
|
|
// // Define client structure with API functions
|
|
// type Client struct {
|
|
// UpdatesCheck sdk.CallReqBytesRespBytes
|
|
// ReportError sdk.CallReqBytesRespBytes
|
|
// }
|
|
//
|
|
// // Configure endpoints
|
|
// configs := []sdk.CallConfig{
|
|
// {
|
|
// Calls: []any{&client.UpdatesCheck},
|
|
// Host: "update.pentagi.com",
|
|
// Name: "updates_check",
|
|
// Path: "/api/v1/updates/check",
|
|
// Method: sdk.CallMethodPOST,
|
|
// },
|
|
// }
|
|
//
|
|
// // Initialize SDK — populates all typed call functions
|
|
// err := sdk.Build(configs,
|
|
// sdk.WithClient("MySecTool", "1.0.0"),
|
|
// sdk.WithInstallationID(system.GetInstallationID()),
|
|
// sdk.WithLicenseKey("your-license-key"),
|
|
// )
|
|
//
|
|
// // Optional: probe endpoints without making real API calls
|
|
// statuses, err := sdk.Check(context.Background(), configs,
|
|
// sdk.WithClient("MySecTool", "1.0.0"),
|
|
// sdk.WithLicenseKey("your-license-key"),
|
|
// )
|
|
// // statuses["updates_check"].IsReachable(), .AllowedRPM(), .LastError(), .Recheck(ctx)
|
|
//
|
|
// # Core Features
|
|
//
|
|
// Security-First Design:
|
|
// - Memory-hard proof-of-work protection against abuse and DDoS attacks
|
|
// - NaCL (Curve25519) key exchange with AES-CBC PoW signatures and CRC32 integrity
|
|
// - AES-GCM end-to-end streaming encryption with forward secrecy
|
|
// - Ed25519 package-integrity validation (models/signature.go)
|
|
// - Stable machine identification for installation tracking
|
|
// - Mandatory PII/secrets anonymization for AI troubleshooting
|
|
// - Structured rate-limit and quota errors (*RateLimitError / *QuotaError) with
|
|
// server-advertised Retry-After; use RetryAfterOf(err) to extract it
|
|
//
|
|
// Type Safety:
|
|
// - 24 strongly-typed function patterns covering all request/response scenarios
|
|
// - Comprehensive Go models with built-in validation (IValid interface)
|
|
// - Automatic query parameter generation (IQuery interface)
|
|
// - Database integration support with SQL driver interfaces
|
|
//
|
|
// Performance Optimized:
|
|
// - HTTP/2 support with automatic protocol negotiation
|
|
// - Connection pooling and streaming architecture
|
|
// - Memory-efficient processing for large data transfers
|
|
// - Dynamic difficulty scaling based on server load
|
|
//
|
|
// # Available Services
|
|
//
|
|
// Production Services:
|
|
// - Update Service: Component update checking with changelogs
|
|
// - Package Service: Secure package downloads with signature validation
|
|
// - Support Service: Automated error reporting with AI assistance
|
|
// - AI Investigation: Interactive troubleshooting with comprehensive anonymization
|
|
//
|
|
// Development Services:
|
|
// - Threat Intelligence: IOC/IOA database access and threat analysis
|
|
// - Vulnerability Assessment: CVE database integration and security scanning
|
|
// - Knowledge Base: Cybersecurity knowledge search and best practices
|
|
// - Computational Resources: Cloud-based intensive task processing
|
|
//
|
|
// # Data Anonymization
|
|
//
|
|
// The anonymizer package provides comprehensive protection for sensitive data:
|
|
//
|
|
// import "github.com/vxcontrol/cloud/anonymizer"
|
|
//
|
|
// // Initialize anonymizer
|
|
// anon, err := anonymizer.NewAnonymizer(nil)
|
|
// if err != nil {
|
|
// return err
|
|
// }
|
|
//
|
|
// // Anonymize sensitive data structures
|
|
// sensitiveData := map[string]any{
|
|
// "user_email": "admin@company.com",
|
|
// "api_key": "sk-1234567890abcdef",
|
|
// "database_url": "postgres://user:pass@host:5432/db",
|
|
// }
|
|
//
|
|
// if err := anon.Anonymize(&sensitiveData); err != nil {
|
|
// return err
|
|
// }
|
|
// // Result: emails, credentials, URLs automatically masked
|
|
//
|
|
// Pattern Recognition:
|
|
// - 300+ built-in patterns across General, PII, and Secrets categories
|
|
// - Automatic detection of credentials, API keys, database URLs, IP addresses
|
|
// - Structure-preserving anonymization maintains analytical value for AI
|
|
// - Reflection-based processing for complex Go structures and nested data
|
|
//
|
|
// # Package Validation
|
|
//
|
|
// Cryptographic signature validation ensures package integrity:
|
|
//
|
|
// import "github.com/vxcontrol/cloud/models"
|
|
//
|
|
// // Validate package signatures
|
|
// signature := models.SignatureValue("base64-signature")
|
|
// if err := signature.ValidateFile("package.tar.gz"); err != nil {
|
|
// return fmt.Errorf("package validation failed: %w", err)
|
|
// }
|
|
//
|
|
// // Stream-based validation for large files
|
|
// reader := signature.ValidateWrapReader(file)
|
|
// // Process data while validating...
|
|
// if err := reader.Valid(); err != nil {
|
|
// return fmt.Errorf("signature validation failed: %w", err)
|
|
// }
|
|
//
|
|
// Signature Features:
|
|
// - Ed25519 cryptographic signatures with SHA-512 hashing
|
|
// - Streaming validation for large files without memory accumulation
|
|
// - Built-in base64 encoding/decoding with validation
|
|
// - Database integration support for signature storage
|
|
//
|
|
// # System Utilities
|
|
//
|
|
// Cross-platform machine identification for stable installation tracking:
|
|
//
|
|
// import "github.com/vxcontrol/cloud/system"
|
|
//
|
|
// // Generate stable installation ID
|
|
// installationID := system.GetInstallationID()
|
|
// // Returns same UUID for same machine across application restarts
|
|
//
|
|
// // Use in SDK configuration
|
|
// err := sdk.Build(configs,
|
|
// sdk.WithClient("MyApp", "1.0.0"),
|
|
// sdk.WithInstallationID(installationID),
|
|
// )
|
|
//
|
|
// Platform Support:
|
|
// - Linux: /var/lib/dbus/machine-id + SMBIOS data (when available)
|
|
// - macOS: IOPlatformUUID from hardware registry via ioreg
|
|
// - Windows: Registry MachineGuid + system product information via WMI
|
|
//
|
|
// Features:
|
|
// - Deterministic: Same machine always generates same UUID
|
|
// - Cross-Platform: Works on Linux, macOS, Windows
|
|
// - Fallback Logic: Uses hostname when machine ID unavailable
|
|
// - UUID Format: RFC4122 compliant UUID v3 (MD5-based)
|
|
// - Performance: ~17ms generation time (acceptable for SDK initialization)
|
|
//
|
|
// # Examples
|
|
//
|
|
// Complete integration examples are available in the examples/ directory:
|
|
//
|
|
// - examples/check-update: Update service integration with component management
|
|
// - examples/download-installer: Package downloads with streaming signature validation
|
|
// - examples/report-errors: Support workflow with automated data anonymization
|
|
//
|
|
// # License
|
|
//
|
|
// # Copyright (c) 2026 PentAGI Development Team
|
|
//
|
|
// This software is licensed under the **MIT License**.
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
// of this software and associated documentation files (the "Software"), to deal
|
|
// in the Software without restriction, including without limitation the rights
|
|
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
// copies of the Software, and to permit persons to whom the Software is
|
|
// furnished to do so, subject to the following conditions:
|
|
//
|
|
// The above copyright notice and this permission notice shall be included in all
|
|
// copies or substantial portions of the Software.
|
|
//
|
|
// What this means for developers:
|
|
//
|
|
// Free to use in any project (open source, commercial, proprietary)
|
|
// No licensing fees for the SDK code itself
|
|
// Modify and distribute freely with attribution
|
|
// Integrate into commercial products without restrictions
|
|
//
|
|
// See LICENSE file for complete MIT license terms.
|
|
//
|
|
// # VXControl Cloud Services Access
|
|
//
|
|
// Important: While the SDK code is free (MIT), accessing VXControl Cloud Services
|
|
// requires a valid License Key and compliance with separate Terms of Service.
|
|
//
|
|
// The SDK provides client-side functionality to integrate with VXControl Cloud Platform,
|
|
// but actual access to sensitive cybersecurity data, threat intelligence, vulnerability
|
|
// information, and AI-powered assistance requires:
|
|
//
|
|
// Valid License Key for API authentication
|
|
// Compliance with VXControl Cloud Services Terms of Service
|
|
// Authorized security testing and defensive cybersecurity use only
|
|
// Responsible handling of obtained sensitive information
|
|
//
|
|
// Cloud Services Usage Model:
|
|
//
|
|
// SDK Code: MIT licensed, free to use and modify
|
|
// Cloud API Access: Requires License Key (contact info@vxcontrol.com)
|
|
// Service Tiers: Free, Professional, and Enterprise levels available
|
|
// Usage Restrictions: Governed by separate Terms of Service
|
|
//
|
|
// Before using cloud services, read: TERMS_OF_SERVICE.md
|
|
package cloud
|