intentproof-core

Go services and workers for the IntentProof hosted plane.

Scope

• Ingest API (cmd/ingest)
• Outbox publisher (cmd/outbox-publisher)
• Flow builder (cmd/flow-builder)
• Core packages for ingest, outbox, flow materialization, run processing, and KMS-backed signing glue. Tier 1 CLIs, policy compiler, verifier, and bundle code live in intentproof-tools.

Quick start

1. Export env vars from HOSTED_INGEST_RUNBOOK.md.
2. Apply migrations: ./scripts/migrate-up.sh.
3. Start services:
   • go run ./cmd/ingest
   • go run ./cmd/outbox-publisher
   • go run ./cmd/flow-builder

Validation

• Unit tests: go test ./...
• Coverage (excludes scripts/ benchmark CLI):
  go test -tags=test -coverprofile=coverage.out $(go list ./... | grep -v '/scripts$')
• Coverage threshold check: ./scripts/check-coverage.sh coverage.out 95
  (CI gate; target is 95% in a follow-up slice)
• Spec conformance check: ./scripts/check-spec-conformance.sh
• Policy fixture test example:
  • Run from ../intentproof-tools: go run ./cmd/intentproof policy test ../intentproof-core/examples/policies/refund-flow
• Hosted-ingest checks:
  • ./scripts/verify-hosted-schema.sh
  • ./scripts/check-outbox-latency.sh 100
  • ./scripts/check-activation-latency.sh 60s 5
  • go run ./scripts/ingest-bench.go ...

GitHub Actions runs this validation on pull requests and on pushes to main.

The CI conformance check uses the pinned SPEC_REF commit from IntentProof/intentproof-spec.

Contributing

Issues welcome. See CONTRIBUTING.md.

License

Business Source License 1.1 (LICENSE).