Rewrite SDK around the modern Castle API surface#8
Open
bartes wants to merge 1 commit into
Open
Conversation
Replace the prototype Track/Authenticate client with a full SDK: - Scoring: Risk, Filter and Log, with a configurable failover strategy (allow/challenge/deny/throw) on transport errors, timeouts and 5xx for Risk and Filter; Log does not fail over. - Lists and List items APIs (create/get/query/update/delete, batch create, count, archive/unarchive). - Privacy API (request/delete user data) and Events API (schema/query/group). - Webhook signature verification and secure mode signing. - Request context extraction with header allow/deny scrubbing and configurable IP resolution (ip headers, trusted proxies, trust-proxy-chain, depth). - Functional configuration options and a typed error hierarchy. Remove the legacy Track/Authenticate endpoints and client-id extraction. Require Go 1.21+ and replace Travis CI with GitHub Actions.
zuchmanski
approved these changes
Jun 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces the prototype
Track/Authenticateclient with a full SDK covering the current Castle API.Risk(POST /risk),Filter(POST /filter) andLog(POST /log).RiskandFilterapply a configurable failover strategy (allow,challenge,deny,throw) on transport errors, timeouts and 5xx responses, returning a synthetic verdict (failover: true);Logdoes not fail over.CreateList,GetAllLists,GetList,QueryLists,UpdateList,DeleteList;CreateListItem,CreateListItemsBatch,GetListItem,QueryListItems,CountListItems,UpdateListItem,ArchiveListItem,UnarchiveListItem.RequestUserData,DeleteUserData;EventsSchema,QueryEvents,GroupEvents.VerifyWebhook/VerifyWebhookRequest(HMAC-SHA256 over the body, base64,X-Castle-Signature) andSecureModeSignature(hex HMAC-SHA256 of the user id).ContextFromRequestbuilds{ headers, ip, library }with header allowlist/denylist scrubbing (Cookie/Authorizationalways scrubbed,User-Agentalways forwarded) and configurable IP resolution (WithIPHeaders,WithTrustedProxies,WithTrustProxyChain,WithTrustedProxyDepth).allow), header allow/deny lists, IP resolution, do-not-track and a custom*http.Client.APIError(BadRequestError,UnauthorizedError,ForbiddenError,NotFoundError,UserUnauthorizedError,InvalidParametersError,InvalidRequestTokenError,RateLimitError,InternalServerError), plusRequestError,ConfigurationErrorandWebhookVerificationError.Removes the legacy
Track/Authenticateendpoints and the client-id extraction (__cidcookie /X-Castle-Client-Id) from the default context. Requires Go 1.21+ and replaces Travis CI with GitHub Actions.