prvng_platform/crates/control-center/src/lib.rs

#![allow(
    dead_code,
    unused_imports,
    unused_variables,
    unused_assignments,
    unused
)]

//! Control Center Library
//!
//! Provides JWT authentication, user management, role-based access control,
//! and real-time WebSocket events with SurrealDB integration.

// ============================================================================
// Core Modules (Always Available with 'core' feature)
// ============================================================================

pub mod app_state;
pub mod auth;
pub mod clients;
pub mod config;
pub mod error;
pub mod handlers;
pub mod middleware;
pub mod models;
pub mod services;
pub mod simple_config;
pub mod storage;

// ============================================================================
// Optional Modules (Feature-Gated)
// ============================================================================

// KMS: Key Management System
#[cfg(feature = "kms")]
pub mod kms;

// Audit: Security event logging
#[cfg(feature = "audit")]
pub mod audit;

// MFA: Multi-factor authentication
#[cfg(feature = "mfa")]
pub mod mfa;

// Compliance: Policy evaluation and compliance checking
#[cfg(feature = "compliance")]
pub mod compliance;
#[cfg(feature = "compliance")]
pub mod policies;

// Experimental: Advanced features in development
#[cfg(feature = "experimental")]
pub mod anomaly;
use std::sync::Arc;

// ============================================================================
// Re-exports - Stable API
// ============================================================================

// Core types (always available)
pub use app_state::{
    create_app_state, create_app_state_with_builder, AppStateBuilder, DefaultAppStateBuilder,
};
// Re-export auth module types
pub use auth::{
    jwt::{BlacklistStats, JwtService as NewJwtService, TokenClaims, TokenPair, TokenType},
    password::{PasswordService, PasswordStrength},
    user::{User as NewUser, UserRole, UserService as NewUserService, UserStatus},
    AuthService as NewAuthService,
};
pub use error::{ApiErrorResponse, ControlCenterError, ErrorContext, Result};
// Feature-gated type re-exports
#[cfg(feature = "mfa")]
pub use mfa::{
    MfaDeviceType, MfaService, MfaStatus, MfaVerification, TotpDevice, TotpService, WebAuthnDevice,
    WebAuthnService,
};
// Re-export simple config as the public Config type
pub use simple_config::Config;

// ============================================================================
// Internal Imports
// ============================================================================
use crate::clients::OrchestratorClient;
use crate::error::infrastructure;
use crate::handlers::websocket::WebSocketManager;
#[cfg(feature = "kms")]
use crate::kms::advanced::{AuditBackend, AuditConfig, AuditLogFormat, AuditLogLevel, AuditLogger};
#[cfg(feature = "kms")]
use crate::kms::create_http_kms_client;
use crate::services::{
    AuthService, DatabaseService, DynamicSecretsService, IacDeploymentService, IacDetectionService,
    IacRulesService, JwtService, MonitoringService, PermissionService, RoleService,
    RotationJobConfig, RotationJobScheduler, RotationScheduler, SecretSharing, SecretsService,
    UserService,
};

/// Application state shared across all handlers
#[derive(Clone)]
pub struct AppState {
    pub database_service: Arc<DatabaseService>,
    pub jwt_service: Arc<JwtService>,
    pub auth_service: Arc<AuthService>,
    pub user_service: Arc<UserService>,
    pub role_service: Arc<RoleService>,
    pub permission_service: Arc<PermissionService>,
    pub websocket_manager: Arc<WebSocketManager>,
    pub iac_detection_service: Arc<IacDetectionService>,
    pub iac_rules_service: Arc<IacRulesService>,
    pub iac_deployment_service: Arc<IacDeploymentService>,
    pub secrets_service: Arc<SecretsService>,
    pub dynamic_secrets_service: Arc<DynamicSecretsService>,
    pub rotation_scheduler: Arc<RotationScheduler>,
    pub rotation_job_scheduler: Arc<RotationJobScheduler>,
    pub secret_sharing: Arc<SecretSharing>,
    pub monitoring_service: Arc<MonitoringService>,
    pub orchestrator_client: Arc<OrchestratorClient>,
    pub config: Config,
}

impl AppState {
    /// Create a new application state instance
    pub async fn new(config: Config) -> Result<Self> {
        // Initialize database service
        let database_service = Arc::new(DatabaseService::new(config.database.clone()).await?);

        // Initialize JWT service
        let jwt_service = Arc::new(JwtService::new(config.jwt.clone())?);

        // Initialize user service
        let user_service = Arc::new(UserService::new(database_service.clone()));

        // Initialize role service
        let role_service = Arc::new(RoleService::new(database_service.clone()));

        // Initialize permission service
        let permission_service = Arc::new(PermissionService::new(database_service.clone()));

        // Initialize authentication service
        let auth_service = Arc::new(AuthService::new(
            database_service.clone(),
            jwt_service.clone(),
            user_service.clone(),
        ));

        // Initialize WebSocket manager
        let websocket_manager = Arc::new(WebSocketManager::new());

        // Initialize IaC services
        let iac_detection_service = Arc::new(IacDetectionService::new(database_service.clone()));
        let iac_rules_service = Arc::new(IacRulesService::new(database_service.clone()));
        let iac_deployment_service = Arc::new(IacDeploymentService::new(database_service.clone()));

        // Initialize KMS HTTP Client (for external KMS communication)
        // Configuration: http://localhost:9091 (default KMS service endpoint)
        // Using factory function to reduce coupling to KmsServiceClient
        let kms_client = Arc::new(create_http_kms_client("http://localhost:9091"));

        // Initialize SurrealDB Storage for secrets using config
        let storage = Arc::new(
            crate::storage::surrealdb_storage::SurrealDbPolicyStorage::new(&config)
                .await
                .map_err(|e| {
                    ControlCenterError::Infrastructure(
                        infrastructure::InfrastructureError::Configuration(format!(
                            "Failed to initialize secrets storage: {}",
                            e
                        )),
                    )
                })?,
        );

        // Initialize Audit Logger for secrets operations
        // Create minimal audit config for secrets logging
        let audit_config = AuditConfig {
            enabled: true,
            backend: AuditBackend::Stdout,
            retention_days: 30,
            log_level: AuditLogLevel::Info,
            include_data: false,
            max_file_size_mb: 100,
            format: AuditLogFormat::Json,
            database: None,
            syslog: None,
        };

        let audit_logger = Arc::new(AuditLogger::new(audit_config).await.map_err(|e| {
            ControlCenterError::Infrastructure(infrastructure::InfrastructureError::Internal(
                format!("Failed to initialize audit logger: {}", e),
            ))
        })?);

        // Initialize Secrets Service with all dependencies
        let secrets_service = Arc::new(SecretsService::new(kms_client, storage, audit_logger));

        // Initialize Orchestrator HTTP Client (Phase 2.3)
        // Configuration: orchestrator endpoint (defaults to localhost:9090)
        // TODO: Phase 3 - Add orchestrator_url to Config struct
        let orchestrator_url = "http://localhost:9090".to_string();
        let orchestrator_client = Arc::new(OrchestratorClient::new(orchestrator_url.clone()));

        // Initialize Dynamic Secrets Service (Phase 2.2)
        let dynamic_secrets_service = Arc::new(DynamicSecretsService::new(
            secrets_service.clone(),
            orchestrator_url,
        ));

        // Initialize Rotation Scheduler (Phase 3.1)
        let rotation_scheduler = Arc::new(RotationScheduler::new());

        // Initialize Rotation Job Scheduler (Phase 5)
        let rotation_job_config = RotationJobConfig {
            check_interval_secs: 3600, // Check every hour
            max_concurrent: 5,         // Max 5 concurrent rotations
            auto_start: true,          // Start automatically
        };
        let rotation_job_scheduler = Arc::new(RotationJobScheduler::new(
            rotation_scheduler.clone(),
            rotation_job_config,
        ));

        // Start the rotation job scheduler
        rotation_job_scheduler.start().await?;

        // Initialize Secret Sharing Service (Phase 3.2)
        let secret_sharing = Arc::new(SecretSharing::new());

        // Initialize Monitoring Service (Phase 3.4)
        let monitoring_service = Arc::new(MonitoringService::new());

        Ok(Self {
            database_service,
            jwt_service,
            auth_service,
            user_service,
            role_service,
            permission_service,
            websocket_manager,
            iac_detection_service,
            iac_rules_service,
            iac_deployment_service,
            secrets_service,
            dynamic_secrets_service,
            rotation_scheduler,
            rotation_job_scheduler,
            secret_sharing,
            monitoring_service,
            orchestrator_client,
            config,
        })
    }

    /// Health check for all services
    pub async fn health_check(&self) -> Result<bool> {
        // Check database connection
        self.database_service.health_check().await?;

        // TODO: Add other health checks as needed

        Ok(true)
    }
}
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`#![allow(`
			`dead_code,`
			`unused_imports,`
			`unused_variables,`
			`unused_assignments,`
			`unused`
			`)]`

			`//! Control Center Library`
			`//!`
			`//! Provides JWT authentication, user management, role-based access control,`
			`//! and real-time WebSocket events with SurrealDB integration.`

			`// ============================================================================`
			`// Core Modules (Always Available with 'core' feature)`
			`// ============================================================================`

			`pub mod app_state;`
			`pub mod auth;`
			`pub mod clients;`
			`pub mod config;`
			`pub mod error;`
			`pub mod handlers;`
			`pub mod middleware;`
			`pub mod models;`
			`pub mod services;`
			`pub mod simple_config;`
			`pub mod storage;`

			`// ============================================================================`
			`// Optional Modules (Feature-Gated)`
			`// ============================================================================`

			`// KMS: Key Management System`
			`#[cfg(feature = "kms")]`
			`pub mod kms;`

			`// Audit: Security event logging`
			`#[cfg(feature = "audit")]`
			`pub mod audit;`

			`// MFA: Multi-factor authentication`
			`#[cfg(feature = "mfa")]`
			`pub mod mfa;`

			`// Compliance: Policy evaluation and compliance checking`
			`#[cfg(feature = "compliance")]`
			`pub mod compliance;`
			`#[cfg(feature = "compliance")]`
			`pub mod policies;`

			`// Experimental: Advanced features in development`
			`#[cfg(feature = "experimental")]`
			`pub mod anomaly;`
			`use std::sync::Arc;`

			`// ============================================================================`
			`// Re-exports - Stable API`
			`// ============================================================================`

			`// Core types (always available)`
			`pub use app_state::{`
			`create_app_state, create_app_state_with_builder, AppStateBuilder, DefaultAppStateBuilder,`
			`};`
			`// Re-export auth module types`
			`pub use auth::{`
			`jwt::{BlacklistStats, JwtService as NewJwtService, TokenClaims, TokenPair, TokenType},`
			`password::{PasswordService, PasswordStrength},`
			`user::{User as NewUser, UserRole, UserService as NewUserService, UserStatus},`
			`AuthService as NewAuthService,`
			`};`
			`pub use error::{ApiErrorResponse, ControlCenterError, ErrorContext, Result};`
			`// Feature-gated type re-exports`
			`#[cfg(feature = "mfa")]`
			`pub use mfa::{`
			`MfaDeviceType, MfaService, MfaStatus, MfaVerification, TotpDevice, TotpService, WebAuthnDevice,`
			`WebAuthnService,`
			`};`
			`// Re-export simple config as the public Config type`
			`pub use simple_config::Config;`

			`// ============================================================================`
			`// Internal Imports`
			`// ============================================================================`
			`use crate::clients::OrchestratorClient;`
			`use crate::error::infrastructure;`
			`use crate::handlers::websocket::WebSocketManager;`
			`#[cfg(feature = "kms")]`
			`use crate::kms::advanced::{AuditBackend, AuditConfig, AuditLogFormat, AuditLogLevel, AuditLogger};`
			`#[cfg(feature = "kms")]`
			`use crate::kms::create_http_kms_client;`
			`use crate::services::{`
			`AuthService, DatabaseService, DynamicSecretsService, IacDeploymentService, IacDetectionService,`
			`IacRulesService, JwtService, MonitoringService, PermissionService, RoleService,`
			`RotationJobConfig, RotationJobScheduler, RotationScheduler, SecretSharing, SecretsService,`
			`UserService,`
			`};`

			`/// Application state shared across all handlers`
			`#[derive(Clone)]`
			`pub struct AppState {`
			`pub database_service: Arc<DatabaseService>,`
			`pub jwt_service: Arc<JwtService>,`
			`pub auth_service: Arc<AuthService>,`
			`pub user_service: Arc<UserService>,`
			`pub role_service: Arc<RoleService>,`
			`pub permission_service: Arc<PermissionService>,`
			`pub websocket_manager: Arc<WebSocketManager>,`
			`pub iac_detection_service: Arc<IacDetectionService>,`
			`pub iac_rules_service: Arc<IacRulesService>,`
			`pub iac_deployment_service: Arc<IacDeploymentService>,`
			`pub secrets_service: Arc<SecretsService>,`
			`pub dynamic_secrets_service: Arc<DynamicSecretsService>,`
			`pub rotation_scheduler: Arc<RotationScheduler>,`
			`pub rotation_job_scheduler: Arc<RotationJobScheduler>,`
			`pub secret_sharing: Arc<SecretSharing>,`
			`pub monitoring_service: Arc<MonitoringService>,`
			`pub orchestrator_client: Arc<OrchestratorClient>,`
			`pub config: Config,`
			`}`

			`impl AppState {`
			`/// Create a new application state instance`
			`pub async fn new(config: Config) -> Result<Self> {`
			`// Initialize database service`
			`let database_service = Arc::new(DatabaseService::new(config.database.clone()).await?);`

			`// Initialize JWT service`
			`let jwt_service = Arc::new(JwtService::new(config.jwt.clone())?);`

			`// Initialize user service`
			`let user_service = Arc::new(UserService::new(database_service.clone()));`

			`// Initialize role service`
			`let role_service = Arc::new(RoleService::new(database_service.clone()));`

			`// Initialize permission service`
			`let permission_service = Arc::new(PermissionService::new(database_service.clone()));`

			`// Initialize authentication service`
			`let auth_service = Arc::new(AuthService::new(`
			`database_service.clone(),`
			`jwt_service.clone(),`
			`user_service.clone(),`
			`));`

			`// Initialize WebSocket manager`
			`let websocket_manager = Arc::new(WebSocketManager::new());`

			`// Initialize IaC services`
			`let iac_detection_service = Arc::new(IacDetectionService::new(database_service.clone()));`
			`let iac_rules_service = Arc::new(IacRulesService::new(database_service.clone()));`
			`let iac_deployment_service = Arc::new(IacDeploymentService::new(database_service.clone()));`

			`// Initialize KMS HTTP Client (for external KMS communication)`
			`// Configuration: http://localhost:9091 (default KMS service endpoint)`
			`// Using factory function to reduce coupling to KmsServiceClient`
			`let kms_client = Arc::new(create_http_kms_client("http://localhost:9091"));`

			`// Initialize SurrealDB Storage for secrets using config`
			`let storage = Arc::new(`
			`crate::storage::surrealdb_storage::SurrealDbPolicyStorage::new(&config)`
			`.await`
			`.map_err(\|e\| {`
			`ControlCenterError::Infrastructure(`
			`infrastructure::InfrastructureError::Configuration(format!(`
			`"Failed to initialize secrets storage: {}",`
			`e`
			`)),`
			`)`
			`})?,`
			`);`

			`// Initialize Audit Logger for secrets operations`
			`// Create minimal audit config for secrets logging`
			`let audit_config = AuditConfig {`
			`enabled: true,`
			`backend: AuditBackend::Stdout,`
			`retention_days: 30,`
			`log_level: AuditLogLevel::Info,`
			`include_data: false,`
			`max_file_size_mb: 100,`
			`format: AuditLogFormat::Json,`
			`database: None,`
			`syslog: None,`
			`};`

			`let audit_logger = Arc::new(AuditLogger::new(audit_config).await.map_err(\|e\| {`
			`ControlCenterError::Infrastructure(infrastructure::InfrastructureError::Internal(`
			`format!("Failed to initialize audit logger: {}", e),`
			`))`
			`})?);`

			`// Initialize Secrets Service with all dependencies`
			`let secrets_service = Arc::new(SecretsService::new(kms_client, storage, audit_logger));`

			`// Initialize Orchestrator HTTP Client (Phase 2.3)`
			`// Configuration: orchestrator endpoint (defaults to localhost:9090)`
			`// TODO: Phase 3 - Add orchestrator_url to Config struct`
			`let orchestrator_url = "http://localhost:9090".to_string();`
			`let orchestrator_client = Arc::new(OrchestratorClient::new(orchestrator_url.clone()));`

			`// Initialize Dynamic Secrets Service (Phase 2.2)`
			`let dynamic_secrets_service = Arc::new(DynamicSecretsService::new(`
			`secrets_service.clone(),`
			`orchestrator_url,`
			`));`

			`// Initialize Rotation Scheduler (Phase 3.1)`
			`let rotation_scheduler = Arc::new(RotationScheduler::new());`

			`// Initialize Rotation Job Scheduler (Phase 5)`
			`let rotation_job_config = RotationJobConfig {`
			`check_interval_secs: 3600, // Check every hour`
			`max_concurrent: 5, // Max 5 concurrent rotations`
			`auto_start: true, // Start automatically`
			`};`
			`let rotation_job_scheduler = Arc::new(RotationJobScheduler::new(`
			`rotation_scheduler.clone(),`
			`rotation_job_config,`
			`));`

			`// Start the rotation job scheduler`
			`rotation_job_scheduler.start().await?;`

			`// Initialize Secret Sharing Service (Phase 3.2)`
			`let secret_sharing = Arc::new(SecretSharing::new());`

			`// Initialize Monitoring Service (Phase 3.4)`
			`let monitoring_service = Arc::new(MonitoringService::new());`

			`Ok(Self {`
			`database_service,`
			`jwt_service,`
			`auth_service,`
			`user_service,`
			`role_service,`
			`permission_service,`
			`websocket_manager,`
			`iac_detection_service,`
			`iac_rules_service,`
			`iac_deployment_service,`
			`secrets_service,`
			`dynamic_secrets_service,`
			`rotation_scheduler,`
			`rotation_job_scheduler,`
			`secret_sharing,`
			`monitoring_service,`
			`orchestrator_client,`
			`config,`
			`})`
			`}`

			`/// Health check for all services`
			`pub async fn health_check(&self) -> Result<bool> {`
			`// Check database connection`
			`self.database_service.health_check().await?;`

			`// TODO: Add other health checks as needed`

			`Ok(true)`
			`}`
			`}`