chore(release): prepare for v0.5.0 (#295)

## [0.5.0] - 2026-03-12

### 🚀 Features

- *(client)* Add API key authentication for /authz endpoint (#294)

### ⚙️ Miscellaneous Tasks

- *(deps)* Update golang:1.25.5 docker digest to 3a01526 (#271)
- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.24.0 (#273)
- *(deps)* Update dependency go to v1.25.6 (#274)
- *(deps)* Update golang docker tag to v1.25.6 (#275)
- Remove GitLab CI configuration
- Add code coverage integration
- *(deps)* Update dependency go to v1.25.7 (#279)
- *(deps)* Update dependency go to v1.26.0 (#280)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.9.0 (#281)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.0 (#282)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.1 (#283)
- *(deps)* Update dependency go to v1.26.1 (#286)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.1 (#288)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.2 (#290)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.3 (#292)

<!-- generated by git-cliff -->

---

**Note:** Please use **Squash Merge** when merging this PR.

Reviewed-on: #295
Co-authored-by: Unbound Releaser <releaser@unbound.se>
Co-committed-by: Unbound Releaser <releaser@unbound.se>

.gitea/workflows/ci.yaml

@@ -0,0 +1,85 @@
+name: authz_client
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: 'stable'
+      - name: Run tests
+        run: go test -race -coverprofile=coverage.txt ./...
+
+      - name: Check coverage
+        uses: vladopajic/go-test-coverage@v2
+        with:
+          config: ./.testcoverage.yml
+
+      # Download baseline coverage from main branch (for PRs)
+      - name: Download baseline coverage
+        if: gitea.event_name == 'pull_request'
+        uses: actions/download-artifact@v3
+        with:
+          name: coverage-baseline
+          path: ./baseline
+        continue-on-error: true
+
+      # Compare coverage against baseline (for PRs)
+      - name: Compare coverage
+        if: gitea.event_name == 'pull_request'
+        run: |
+          CURRENT=$(go tool cover -func=coverage.txt | grep "^total:" | awk '{print $NF}' | tr -d '%')
+          if [ -f ./baseline/coverage.txt ]; then
+            BASE=$(go tool cover -func=./baseline/coverage.txt | grep "^total:" | awk '{print $NF}' | tr -d '%')
+            echo "Base coverage: ${BASE}%"
+            echo "Current coverage: ${CURRENT}%"
+            if [ "$(echo "$CURRENT < $BASE" | bc -l)" -eq 1 ]; then
+              echo "::error::Coverage decreased from ${BASE}% to ${CURRENT}%"
+              exit 1
+            fi
+            echo "Coverage maintained or improved: ${BASE}% -> ${CURRENT}%"
+          else
+            echo "No baseline coverage found, skipping comparison"
+            echo "Current coverage: ${CURRENT}%"
+          fi
+
+      # Upload coverage as baseline (only on main)
+      - name: Upload coverage baseline
+        if: gitea.ref == 'refs/heads/main'
+        uses: actions/upload-artifact@v3
+        with:
+          name: coverage-baseline
+          path: coverage.txt
+          retention-days: 90
+
+      # Post coverage to PR comment
+      - name: Post coverage comment
+        if: gitea.event_name == 'pull_request'
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          GITEA_URL: ${{ gitea.server_url }}
+        run: |
+          COVERAGE=$(go tool cover -func=coverage.txt | grep "^total:" | awk '{print $NF}')
+          curl -X POST "${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
+            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Content-Type: application/json" \
+            -d "{\"body\": \"## Coverage Report\n\nTotal coverage: **${COVERAGE}**\"}"
+
+  vulnerabilities:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: 'stable'
+      - name: Check vulnerabilities
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          govulncheck ./...

.gitea/workflows/pre-commit.yaml

@@ -0,0 +1,25 @@
+name: pre-commit
+permissions: read-all
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    env:
+      SKIP: no-commit-to-branch
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: stable
+      - uses: actions/setup-python@v6
+        with:
+          python-version: '3.14'
+      - name: Install goimports
+        run: go install golang.org/x/tools/cmd/goimports@latest
+      - uses: pre-commit/action@v3.0.1

.gitea/workflows/release.yaml

@@ -0,0 +1,9 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  release:
+    uses: unboundsoftware/shared-workflows/.gitea/workflows/Release.yml@main

.gitignore

@@ -1,2 +1,4 @@
 .idea
+.claude
 /release
+coverage.txt

.gitlab-ci.yml

@@ -1,41 +0,0 @@
-variables:
-  GOCACHE: "${CI_PROJECT_DIR}/_go/cache"
-
-before_script:
-  - mkdir -p ${CI_PROJECT_DIR}/_go/{pkg,bin,cache}
-  - rm -rf /go/pkg || true
-  - mkdir -p /go
-  - ln -s ${CI_PROJECT_DIR}/_go/pkg /go/pkg
-  - ln -s ${CI_PROJECT_DIR}/_go/bin /go/bin
-
-cache:
-  key: "$CI_COMMIT_REF_NAME"
-  paths:
-    - _go
-  untracked: true
-
-stages:
-  - deps
-  - test
-
-deps:
-  stage: deps
-  image: golang:1.13
-  script:
-    - go get -mod=readonly
-
-test:
-  stage: test
-  dependencies:
-    - deps
-  image: golang:1.13
-  script:
-    - go fmt $(go list ./...)
-    - go vet $(go list ./...)
-    - unset "${!CI@}"
-    - CGO_ENABLED=1 go test -p 1 -mod=readonly -race -coverprofile=.testCoverage.txt -covermode=atomic -coverpkg=$(go list ./... | tr '\n' , | sed 's/,$//') ./...
-    - go tool cover -html=.testCoverage.txt -o coverage.html
-    - go tool cover -func=.testCoverage.txt
-  artifacts:
-    paths:
-      - coverage.html

.golangci.yml

@@ -0,0 +1,22 @@
+version: "2"
+run:
+  allow-parallel-runners: true
+linters:
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

.pre-commit-config.yaml

@@ -0,0 +1,39 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v6.0.0
+  hooks:
+  - id: trailing-whitespace
+  - id: end-of-file-fixer
+  - id: check-yaml
+    args:
+    - --allow-multiple-documents
+  - id: check-added-large-files
+- repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
+  rev: v9.24.0
+  hooks:
+  - id: commitlint
+    stages: [ commit-msg ]
+    additional_dependencies: [ '@commitlint/config-conventional' ]
+- repo: https://github.com/dnephin/pre-commit-golang
+  rev: v0.5.1
+  hooks:
+  - id: go-mod-tidy
+  - id: go-imports
+    args:
+    - -local
+    - gitea.unbound.se/shiny/authz_client
+- repo: https://github.com/lietu/go-pre-commit
+  rev: v1.0.0
+  hooks:
+  - id: go-test
+  - id: gofumpt
+- repo: https://github.com/golangci/golangci-lint
+  rev: v2.11.3
+  hooks:
+  - id: golangci-lint-full
+- repo: https://github.com/gitleaks/gitleaks
+  rev: v8.30.0
+  hooks:
+  - id: gitleaks

.testcoverage.yml

@@ -0,0 +1,13 @@
+# Coverage configuration for go-test-coverage
+# https://github.com/vladopajic/go-test-coverage
+
+profile: coverage.txt
+
+threshold:
+  file: 0
+  package: 0
+  total: 0
+
+exclude:
+  paths:
+    - _test\.go$

.version

@@ -0,0 +1,3 @@
+{
+  "version": "v0.5.0"
+}

CHANGELOG.md

@@ -0,0 +1,456 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.5.0] - 2026-03-12
+
+### 🚀 Features
+
+- *(client)* Add API key authentication for /authz endpoint (#294)
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang:1.25.5 docker digest to 3a01526 (#271)
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.24.0 (#273)
+- *(deps)* Update dependency go to v1.25.6 (#274)
+- *(deps)* Update golang docker tag to v1.25.6 (#275)
+- Remove GitLab CI configuration
+- Add code coverage integration
+- *(deps)* Update dependency go to v1.25.7 (#279)
+- *(deps)* Update dependency go to v1.26.0 (#280)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.9.0 (#281)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.0 (#282)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.1 (#283)
+- *(deps)* Update dependency go to v1.26.1 (#286)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.1 (#288)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.2 (#290)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.3 (#292)
+
+## [0.4.1] - 2026-01-09
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update actions/setup-python action to v6
+- Migrate module path to gitea.unbound.se
+
+## [0.4.0] - 2026-01-09
+
+### 🚀 Features
+
+- Migrate from GitLab CI to Gitea Actions
+
+### 🚜 Refactor
+
+- Update module path to new repository location
+
+### 📚 Documentation
+
+- Add CLAUDE.md for Claude Code integration
+
+### 🧪 Testing
+
+- Add concurrent fetch and read tests for privileges
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang:1.25.3 docker digest to 9ac0edc
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.6.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.29.0
+- *(deps)* Update dependency go to v1.25.4
+- *(deps)* Update golang docker tag to v1.25.4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.6.2
+- *(deps)* Update golang:1.25.4 docker digest to efe81fa
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.29.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.30.0
+- *(deps)* Update dependency go to v1.25.5
+- *(deps)* Update golang docker tag to v1.25.5
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.7.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.7.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.7.2
+- *(deps)* Update golang:1.25.5 docker digest to 0c27bcf
+- *(deps)* Update golang:1.25.5 docker digest to ad03ba9
+- *(deps)* Update actions/setup-go action to v6
+- *(deps)* Update actions/checkout action to v6
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.8.0
+- Add pre-commit and release workflows
+
+## [0.3.1] - 2025-11-02
+
+### 🐛 Bug Fixes
+
+- Change to write lock for thread safety in json unmarshal
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang:1.25.1 docker digest to 53f7808
+- *(deps)* Update pre-commit hook lietu/go-pre-commit to v1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.5.0
+- *(deps)* Update golang:1.25.1 docker digest to 12640a4
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.23.0
+- *(deps)* Update dependency go to v1.25.2
+- *(deps)* Update golang docker tag to v1.25.2
+- *(deps)* Update dependency go to v1.25.3
+- *(deps)* Update golang docker tag to v1.25.3
+- Add default configuration for git-cliff
+- *(deps)* Update golang:1.25.3 docker digest to 69d1009
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.6.0
+
+## [0.3.0] - 2025-09-06
+
+### 🚀 Features
+
+- *(ci)* Add defaults pipeline template for CI workflow
+- Add salary privilege to privilege management system
+
+### 🐛 Bug Fixes
+
+- *(deps)* Update module github.com/sparetimecoders/goamqp to v0.3.3
+- *(deps)* Update module github.com/stretchr/testify to v1.11.0
+- *(deps)* Update module github.com/stretchr/testify to v1.11.1
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.5
+- *(deps)* Update golang:1.24.2 docker digest to bf7899c
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.25.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.25.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.6
+- *(deps)* Update dependency go to v1.24.3
+- *(deps)* Update golang docker tag to v1.24.3
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.26.0
+- *(deps)* Update golang:1.24.3 docker digest to f255a7d
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.27.0
+- *(deps)* Update dependency go to v1.24.4
+- *(deps)* Update golang docker tag to v1.24.4
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.27.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.27.2
+- *(deps)* Update golang:1.24.4 docker digest to 3494bbe
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.2.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.2.1
+- *(deps)* Update golang:1.24.4 docker digest to 9f820b6
+- *(deps)* Update dependency go to v1.24.5
+- *(deps)* Update golang docker tag to v1.24.5
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.2.2
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.28.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.3.0
+- *(deps)* Update golang:1.24.5 docker digest to 0a156a4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.3.1
+- *(deps)* Update dependency go to v1.24.6
+- *(deps)* Update golang docker tag to v1.24.6
+- *(deps)* Update pre-commit hook pre-commit/pre-commit-hooks to v6
+- *(deps)* Update golang:1.24.6 docker digest to 958bfd1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.4.0
+- *(deps)* Update golang docker tag to v1.25.0
+- *(deps)* Update dependency go to v1.25.0
+- *(deps)* Update golang:1.25.0 docker digest to f6b9e1a
+- *(deps)* Update dependency go to v1.25.1
+- *(deps)* Update golang docker tag to v1.25.1
+
+## [0.2.0] - 2025-04-11
+
+### 🚀 Features
+
+- Add timeout configuration to golangci-lint
+- Add setup method for privilege event consumers
+
+### 🐛 Bug Fixes
+
+- *(deps)* Update module github.com/stretchr/testify to v1.10.0
+- *(ci)* Update go image to amd64 architecture version
+- *(deps)* Update module github.com/sparetimecoders/goamqp to v0.3.2
+
+### 🚜 Refactor
+
+- *(ci)* Remove pre-commit job and add new template
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update pre-commit hook pre-commit/pre-commit-hooks to v5
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.20.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.2
+- *(deps)* Pin golang docker tag to ad5c126
+- *(deps)* Pin unbound/pre-commit docker tag to 92fce44
+- *(deps)* Update golang docker tag to v1.23.3
+- *(deps)* Update unbound/pre-commit docker digest to 596abf5
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.62.0
+- *(deps)* Update golang:1.23.3 docker digest to 8956c08
+- *(deps)* Update unbound/pre-commit docker digest to e78425c
+- *(deps)* Update golang:1.23.3 docker digest to 3694e36
+- *(deps)* Update golang:1.23.3 docker digest to b2ca381
+- *(deps)* Update golang:1.23.3 docker digest to 2660218
+- *(deps)* Update golang:1.23.3 docker digest to c2d828f
+- *(deps)* Update golang:1.23.3 docker digest to 73f06be
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.62.2
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.19.0
+- *(deps)* Update golang:1.23.3 docker digest to ee5f0ad
+- *(deps)* Update golang:1.23.3 docker digest to b4aabba
+- *(deps)* Update golang:1.23.3 docker digest to 2b01164
+- *(deps)* Update golang:1.23.3 docker digest to 017ec6b
+- *(deps)* Update golang docker tag to v1.23.4
+- *(deps)* Update golang:1.23.4 docker digest to 574185e
+- *(deps)* Update golang:1.23.4 docker digest to 7003184
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.20.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.3
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.4
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.22.0
+- *(deps)* Update golang:1.23.4 docker digest to 7ea4c9d
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.22.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.3
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.4
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.23.0
+- *(deps)* Update golang:1.23.4 docker digest to 3b1a7de
+- *(deps)* Update golang:1.23.4 docker digest to 08e1417
+- *(deps)* Update golang:1.23.4 docker digest to 585103a
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.23.1
+- *(deps)* Update golang:1.23.4 docker digest to 5305905
+- *(deps)* Update golang:1.23.4 docker digest to 9820aca
+- *(deps)* Update golang docker tag to v1.23.5
+- *(deps)* Update golang:1.23.5 docker digest to 8c10f21
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.23.2
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.23.3
+- *(deps)* Update golang:1.23.5 docker digest to e213430
+- *(deps)* Update golang docker tag to v1.23.6
+- *(deps)* Update golang:1.23.6 docker digest to 958bd2e
+- *(deps)* Update golang:1.23.6 docker digest to 9271129
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.2
+- *(deps)* Update golang docker tag to v1.24.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.5
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.21.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.24.0
+- *(deps)* Update golang:1.24.0 docker digest to 4a3f101
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.6
+- *(deps)* Update golang docker tag to v1.24.1
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.22.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.7
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.8
+- *(deps)* Update golang:1.24.1 docker digest to 5ecf333
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.24.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.0.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.0.2
+- *(deps)* Update golang docker tag to v1.24.2
+- *(deps)* Update golang:1.24.2 docker digest to aebb7df
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.24.3
+
+## [0.1.4] - 2024-10-05
+
+### 🐛 Bug Fixes
+
+- *(deps)* Update module github.com/stretchr/testify to v1.9.0
+- *(deps)* Update module github.com/sparetimecoders/goamqp to v0.3.1
+
+### ⚙️ Miscellaneous Tasks
+
+- Update to Go 1.21.6
+- Update to Go 1.22.0
+- *(deps)* Update node.js to v20
+- *(deps)* Update pre-commit hook devopshq/gitlab-ci-linter to v1.0.6
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.11.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.56.2
+- *(deps)* Update pre-commit hook lietu/go-pre-commit to v0.1.0
+- *(deps)* Update pre-commit hook pre-commit/pre-commit-hooks to v4.5.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.12.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.13.0
+- *(deps)* Update golang docker tag to v1.22.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.57.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.57.1
+- Add gitleaks to pre-commit setup
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.18.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.57.2
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.14.0
+- *(deps)* Update golang docker tag to v1.22.2
+- *(deps)* Update pre-commit hook pre-commit/pre-commit-hooks to v4.6.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.15.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.16.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.58.0
+- *(deps)* Update golang docker tag to v1.22.3
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.58.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.58.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.59.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.18.3
+- *(deps)* Update golang docker tag to v1.22.4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.59.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.18.4
+- *(deps)* Update golang docker tag to v1.22.5
+- *(deps)* Update golang docker tag to v1.22.6
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.60.1
+- *(deps)* Update golang docker tag to v1.23.0
+- Update golangci-lint to use full version
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.60.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.60.3
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.17.0
+- *(deps)* Update golang docker tag to v1.23.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.61.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.18.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.19.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.19.2
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.19.3
+- *(deps)* Update golang docker tag to v1.23.2
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.20.0
+- Add release flow
+- Remove old release job
+
+### Build
+
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.2.1 to 0.3.0
+
+## [0.1.3] - 2023-12-26
+
+### 🐛 Bug Fixes
+
+- Prohibit concurrent read/write
+
+### ⚙️ Miscellaneous Tasks
+
+- Update Go version
+- Make releases handle multi-line release notes
+- Update to Go 1.20.7
+- Update pre-commit versions
+- Update to Golang 1.21.0
+- Update to Go 1.21.1 for vulnerabilities
+- Use 1.21.1 in go.mod for Dependabot
+- Update to go 1.21.3 and remove patch level
+- Update version of Go
+
+### Build
+
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.4 to 0.1.5
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.5 to 0.2.0
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.2.0 to 0.2.1
+
+## [0.1.2] - 2023-06-04
+
+### ⚙️ Miscellaneous Tasks
+
+- Update pre-commit and fix golangci-lint
+- Update golangci-lint
+
+### Build
+
+- *(deps)* Bump github.com/stretchr/testify from 1.8.2 to 1.8.3
+- *(deps)* Bump github.com/stretchr/testify from 1.8.3 to 1.8.4
+
+## [0.1.1] - 2023-05-11
+
+### 🐛 Bug Fixes
+
+- Run builds with Go 1.19.2 to fix vulnerabilities
+
+### ⚙️ Miscellaneous Tasks
+
+- Add vulnerability-check
+- Replace deprecated ioutil.ReadAll
+- Add pre-commit and remove those checks from test step
+- Add local module to pre-commit config
+- Add release handling
+- Update to Go 1.19.5
+- Change dependabot rebase strategy
+- Update to golang 1.20.1
+- Update Go verion for vulnerabilities scan
+- Update to Go 1.20.3
+- Update Go version and fix gitlabci lint
+
+### Build
+
+- *(deps)* Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.1 to 0.1.2
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.2 to 0.1.3
+- *(deps)* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.3 to 0.1.4
+
+## [0.1.0] - 2022-07-20
+
+### 🐛 Bug Fixes
+
+- Pipeline
+
+### ⚙️ Miscellaneous Tasks
+
+- Add dependabot config
+- *(deps)* Bump gitlab.com/sparetimecoders/goamqp from 0.3.1 to 0.3.2
+- *(deps)* Bump github.com/stretchr/testify from 1.4.0 to 1.7.0
+- Remove dependabot-standalone
+- Change to codecov binary instead of bash uploader
+- *(deps)* Bump gitlab.com/sparetimecoders/goamqp from 0.3.2 to 0.4.0
+- Switch to moved goamqp
+
+### Build
+
+- Add params to codecov
+- *(deps)* Bump github.com/stretchr/testify from 1.7.0 to 1.7.1
+- *(deps)* Bump gitlab.com/sparetimecoders/goamqp from 0.4.0 to 0.5.0
+- *(deps)* Bump github.com/stretchr/testify from 1.7.1 to 1.7.2
+- *(deps)* Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
+- *(deps)* Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
+- *(deps)* Bump github.com/stretchr/testify from 1.7.5 to 1.8.0
+
+## [0.0.8] - 2021-05-15
+
+### ⚙️ Miscellaneous Tasks
+
+- Add codecov upload
+- Simplify pipeline
+- Change coverage badge to codecov.io
+- Add CI workflows
+- Rename master -> main
+- Group imports
+- Update to latest version of goamqp
+
+## [0.0.7] - 2020-04-12
+
+### 🐛 Bug Fixes
+
+- Update to Go 1.14 to fix test errors
+- Use go mod download
+- Sort companies before comparing since map-iteration is not stable
+
+## [0.0.6] - 2020-04-12
+
+### 🐛 Bug Fixes
+
+- Path to repo
+
+### ⚙️ Miscellaneous Tasks
+
+- Add tests
+- Modify event structure
+
+## [0.0.5] - 2019-12-31
+
+### 🚀 Features
+
+- Add handling of removed privilege
+
+## [0.0.4] - 2019-12-08
+
+### 🚀 Features
+
+- Add name and registration number to event
+
+## [0.0.3] - 2019-11-22
+
+### 🐛 Bug Fixes
+
+- Print unexpected messages
+
+## [0.0.2] - 2019-11-06
+
+### 🚀 Features
+
+- Initial version
+
+### 🐛 Bug Fixes
+
+- Rename module
+
+<!-- generated by git-cliff -->

CLAUDE.md

@@ -0,0 +1,46 @@
+# authz_client
+
+Shared Go library for authorization service client integration.
+
+## Shared Documentation
+
+@../docs/claude/architecture.md
+@../docs/claude/go-services.md
+@../docs/claude/conventions.md
+
+## Library Information
+
+### Purpose
+
+Provides a client for the authz-service, handling privilege management for users across companies. Used by all microservices that need to check user permissions.
+
+### Usage
+
+```go
+import client "gitea.unbound.se/shiny/authz_client"
+
+// Create handler with options
+handler := client.New(client.WithBaseURL("http://authz-service"))
+
+// Check user privileges
+privileges := handler.Get(email, companyID)
+if privileges.Invoicing {
+    // User has invoicing privileges
+}
+```
+
+### Privileges
+
+The `CompanyPrivileges` struct contains permission flags:
+- `Admin` - Administrative access
+- `Company` - Company management
+- `Consumer` - Consumer/customer access
+- `Time` - Time tracking
+- `Invoicing` - Invoice management
+- `Accounting` - Accounting access
+- `Supplier` - Supplier management
+- `Salary` - Salary/payroll access
+
+### Event Handling
+
+Implements `goamqp` message handlers to receive privilege update events from the authz-service, keeping the local privilege cache up-to-date.

README.md

@@ -1,3 +1 @@
 # Shiny authz-client
-
-[![Build Status](https://gitlab.com/unboundsoftware/shiny/authz-client/badges/master/pipeline.svg)](https://gitlab.com/unboundsoftware/shiny/authz-client/commits/master)[![coverage report](https://gitlab.com/unboundsoftware/shiny/authz-client/badges/master/coverage.svg)](https://gitlab.com/unboundsoftware/shiny/authz-client/commits/master)

client.go

@@ -3,9 +3,12 @@ package client
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"reflect"
+	"sync"
+
+	"github.com/sparetimecoders/goamqp"
 )
 
 // CompanyPrivileges contains the privileges for a combination of email address and company id
@@ -17,36 +20,16 @@ type CompanyPrivileges struct {
 	Invoicing  bool `json:"invoicing"`
 	Accounting bool `json:"accounting"`
 	Supplier   bool `json:"supplier"`
-}
-
-// PrivilegeAdded is the event sent when a new privilege is added
-type PrivilegeAdded struct {
-	Email              string `json:"email"`
-	CompanyID          string `json:"companyId"`
-	Name               string `json:"name"`
-	RegistrationNumber string `json:"registrationNumber"`
-	Admin              bool   `json:"admin"`
-	Company            bool   `json:"company"`
-	Consumer           bool   `json:"consumer"`
-	Time               bool   `json:"time"`
-	Invoicing          bool   `json:"invoicing"`
-	Accounting         bool   `json:"accounting"`
-	Supplier           bool   `json:"supplier"`
-}
-
-// PrivilegeRemoved is the event sent when a privilege is removed
-type PrivilegeRemoved struct {
-	Email              string `json:"email"`
-	CompanyID          string `json:"companyId"`
-	Name               string `json:"name"`
-	RegistrationNumber string `json:"registrationNumber"`
+	Salary     bool `json:"salary"`
 }
 
 // PrivilegeHandler processes PrivilegeAdded-events and fetches the initial set of privileges from an authz-service
 type PrivilegeHandler struct {
+	*sync.RWMutex
 	client     *http.Client
 	baseURL    string
-	privileges map[string]map[string]CompanyPrivileges
+	apiKey     string
+	privileges map[string]map[string]*CompanyPrivileges
 }
 
 // OptsFunc is used to configure the PrivilegeHandler
@@ -59,12 +42,20 @@ func WithBaseURL(url string) OptsFunc {
 	}
 }
 
+// WithAPIKey sets an API key used as a Bearer token when fetching privileges
+func WithAPIKey(key string) OptsFunc {
+	return func(handler *PrivilegeHandler) {
+		handler.apiKey = key
+	}
+}
+
 // New creates a new PrivilegeHandler. Pass OptsFuncs to configure.
 func New(opts ...OptsFunc) *PrivilegeHandler {
 	handler := &PrivilegeHandler{
+		RWMutex:    &sync.RWMutex{},
 		client:     &http.Client{},
 		baseURL:    "http://authz-service",
-		privileges: map[string]map[string]CompanyPrivileges{},
+		privileges: map[string]map[string]*CompanyPrivileges{},
 	}
 	for _, opt := range opts {
 		opt(handler)
@@ -74,16 +65,27 @@ func New(opts ...OptsFunc) *PrivilegeHandler {
 
 // Fetch the initial set of privileges from an authz-service
 func (h *PrivilegeHandler) Fetch() error {
-	resp, err := h.client.Get(fmt.Sprintf("%s/authz", h.baseURL))
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/authz", h.baseURL), nil)
 	if err != nil {
 		return err
 	}
 
-	buff, err := ioutil.ReadAll(resp.Body)
+	if h.apiKey != "" {
+		req.Header.Set("Authorization", "Bearer "+h.apiKey)
+	}
+
+	resp, err := h.client.Do(req)
 	if err != nil {
 		return err
 	}
 
+	buff, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	h.Lock()
+	defer h.Unlock()
 	err = json.Unmarshal(buff, &h.privileges)
 	if err != nil {
 		return err
@@ -91,52 +93,86 @@ func (h *PrivilegeHandler) Fetch() error {
 	return nil
 }
 
+func (h *PrivilegeHandler) Setup() []goamqp.Setup {
+	return []goamqp.Setup{
+		goamqp.TransientEventStreamConsumer("User.Added", h.Process, UserAdded{}),
+		goamqp.TransientEventStreamConsumer("User.Removed", h.Process, UserRemoved{}),
+		goamqp.TransientEventStreamConsumer("Privilege.Added", h.Process, PrivilegeAdded{}),
+		goamqp.TransientEventStreamConsumer("Privilege.Removed", h.Process, PrivilegeRemoved{}),
+	}
+}
+
 // Process privilege-related events and update the internal state
-func (h *PrivilegeHandler) Process(msg interface{}) bool {
+func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface{}, error) {
+	h.Lock()
+	defer h.Unlock()
+
 	switch ev := msg.(type) {
+	case *UserAdded:
+		if priv, exists := h.privileges[ev.Email]; exists {
+			priv[ev.CompanyID] = &CompanyPrivileges{}
+		} else {
+			h.privileges[ev.Email] = map[string]*CompanyPrivileges{
+				ev.CompanyID: {},
+			}
+		}
+		return nil, nil
+	case *UserRemoved:
+		if priv, exists := h.privileges[ev.Email]; exists {
+			delete(priv, ev.CompanyID)
+		}
+		return nil, nil
 	case *PrivilegeAdded:
-		h.setPrivileges(ev)
-		return true
+		h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, true)
+		return nil, nil
 	case *PrivilegeRemoved:
-		h.removePrivileges(ev)
-		return true
+		h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, false)
+		return nil, nil
 	default:
 		fmt.Printf("Got unexpected message type (%s): '%+v'\n", reflect.TypeOf(msg).String(), msg)
-		return false
+		return nil, fmt.Errorf("unexpected event type: '%s'", reflect.TypeOf(msg))
 	}
 }
 
-func (h *PrivilegeHandler) setPrivileges(ev *PrivilegeAdded) {
-	if priv, exists := h.privileges[ev.Email]; exists {
-		priv[ev.CompanyID] = CompanyPrivileges{
-			Admin:      ev.Admin,
-			Company:    ev.Company,
-			Consumer:   ev.Consumer,
-			Time:       ev.Time,
-			Invoicing:  ev.Invoicing,
-			Accounting: ev.Accounting,
-			Supplier:   ev.Supplier,
+func (h *PrivilegeHandler) setPrivileges(email, companyId string, privilege Privilege, set bool) {
+	if priv, exists := h.privileges[email]; exists {
+		if c, exists := priv[companyId]; exists {
+			switch privilege {
+			case PrivilegeAdmin:
+				c.Admin = set
+			case PrivilegeCompany:
+				c.Company = set
+			case PrivilegeConsumer:
+				c.Consumer = set
+			case PrivilegeTime:
+				c.Time = set
+			case PrivilegeInvoicing:
+				c.Invoicing = set
+			case PrivilegeAccounting:
+				c.Accounting = set
+			case PrivilegeSupplier:
+				c.Supplier = set
+			case PrivilegeSalary:
+				c.Salary = set
+			}
+		} else {
+			priv[companyId] = &CompanyPrivileges{}
+			h.setPrivileges(email, companyId, privilege, set)
 		}
 	} else {
-		h.privileges[ev.Email] = map[string]CompanyPrivileges{
-			ev.CompanyID: {},
-		}
-		h.setPrivileges(ev)
-	}
-}
-
-func (h *PrivilegeHandler) removePrivileges(ev *PrivilegeRemoved) {
-	if priv, exists := h.privileges[ev.Email]; exists {
-		delete(priv, ev.CompanyID)
+		h.privileges[email] = map[string]*CompanyPrivileges{}
+		h.setPrivileges(email, companyId, privilege, set)
 	}
 }
 
 // CompaniesByUser return a slice of company ids matching the provided email and predicate func
 func (h *PrivilegeHandler) CompaniesByUser(email string, predicate func(privileges CompanyPrivileges) bool) []string {
+	h.RLock()
+	defer h.RUnlock()
 	var result []string
 	if p, exists := h.privileges[email]; exists {
 		for k, v := range p {
-			if predicate(v) {
+			if predicate(*v) {
 				result = append(result, k)
 			}
 		}
@@ -146,9 +182,11 @@ func (h *PrivilegeHandler) CompaniesByUser(email string, predicate func(privileg
 
 // IsAllowed return true if the provided predicate return true for the privileges matching the provided email and companyID, return false otherwise
 func (h *PrivilegeHandler) IsAllowed(email, companyID string, predicate func(privileges CompanyPrivileges) bool) bool {
+	h.RLock()
+	defer h.RUnlock()
 	if p, exists := h.privileges[email]; exists {
 		if v, exists := p[companyID]; exists {
-			return predicate(v)
+			return predicate(*v)
 		}
 	}
 

client_test.go

@@ -2,18 +2,98 @@ package client
 
 import (
 	"fmt"
-	"github.com/stretchr/testify/assert"
 	"net/http"
 	"net/http/httptest"
+	"sort"
+	"sync"
 	"testing"
+
+	"github.com/sparetimecoders/goamqp"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestPrivilegeHandler_Process_InvalidType(t *testing.T) {
 	handler := New(WithBaseURL("base"))
 
-	result := handler.Process("abc")
+	result, err := handler.Process("abc", goamqp.Headers{})
 
-	assert.False(t, result)
+	assert.Nil(t, result)
+	assert.EqualError(t, err, "unexpected event type: 'string'")
+}
+
+func TestPrivilegeHandler_Process_PrivilegeRemoved(t *testing.T) {
+	handler := New(WithBaseURL("base"))
+
+	result, err := handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeAdmin,
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
+
+	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin
+	})
+
+	assert.Equal(t, []string{"abc-123"}, companies)
+
+	result, err = handler.Process(&PrivilegeRemoved{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeAdmin,
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
+
+	companies = handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin
+	})
+
+	assert.Empty(t, companies)
+}
+
+func TestPrivilegeHandler_Process_UserAdded_And_UserRemoved(t *testing.T) {
+	handler := New(WithBaseURL("base"))
+
+	result, err := handler.Process(&UserAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
+
+	result, err = handler.Process(&UserAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-456",
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
+
+	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return true
+	})
+	sort.Strings(companies)
+	assert.Equal(t, []string{"abc-123", "abc-456"}, companies)
+
+	result, err = handler.Process(&UserRemoved{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
+
+	result, err = handler.Process(&UserRemoved{
+		Email:     "jim@example.org",
+		CompanyID: "abc-456",
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
+
+	companies = handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return true
+	})
+	assert.Empty(t, companies)
 }
 
 func TestPrivilegeHandler_GetCompanies_Email_Not_Found(t *testing.T) {
@@ -29,41 +109,48 @@ func TestPrivilegeHandler_GetCompanies_Email_Not_Found(t *testing.T) {
 func TestPrivilegeHandler_GetCompanies_No_Companies_Found(t *testing.T) {
 	handler := New(WithBaseURL("base"))
 
-	result := handler.Process(&PrivilegeAdded{
-		Email:      "jim@example.org",
-		CompanyID:  "abc-123",
-		Admin:      false,
-		Company:    false,
-		Consumer:   false,
-		Time:       false,
-		Invoicing:  false,
-		Accounting: false,
-		Supplier:   false,
-	})
-	assert.True(t, result)
+	result, err := handler.Process(&UserAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
 
 	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
 		return privileges.Admin
 	})
 
 	assert.Empty(t, companies)
+
+	companies = handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return true
+	})
+
+	assert.Equal(t, []string{"abc-123"}, companies)
+
+	result, err = handler.Process(&UserRemoved{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
+
+	companies = handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return true
+	})
+	assert.Empty(t, companies)
 }
 
 func TestPrivilegeHandler_GetCompanies_Company_With_Company_Access_Found(t *testing.T) {
 	handler := New(WithBaseURL("base"))
 
-	result := handler.Process(&PrivilegeAdded{
-		Email:      "jim@example.org",
-		CompanyID:  "abc-123",
-		Admin:      false,
-		Company:    true,
-		Consumer:   false,
-		Time:       false,
-		Invoicing:  false,
-		Accounting: false,
-		Supplier:   false,
-	})
-	assert.True(t, result)
+	result, err := handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeCompany,
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
 
 	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
 		return privileges.Company
@@ -75,26 +162,128 @@ func TestPrivilegeHandler_GetCompanies_Company_With_Company_Access_Found(t *test
 func TestPrivilegeHandler_GetCompanies_Company_With_Admin_Access_Found(t *testing.T) {
 	handler := New(WithBaseURL("base"))
 
-	result := handler.Process(&PrivilegeAdded{
-		Email:      "jim@example.org",
-		CompanyID:  "abc-123",
-		Admin:      true,
-		Company:    false,
-		Consumer:   false,
-		Time:       false,
-		Invoicing:  false,
-		Accounting: false,
-		Supplier:   false,
-	})
-	assert.True(t, result)
+	result, err := handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeConsumer,
+	}, goamqp.Headers{})
+	assert.Nil(t, result)
+	assert.NoError(t, err)
 
 	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
-		return privileges.Admin
+		return privileges.Consumer
 	})
 
 	assert.Equal(t, []string{"abc-123"}, companies)
 }
 
+func TestPrivilegeHandler_IsAllowed_Return_False_If_No_Privileges(t *testing.T) {
+	handler := New(WithBaseURL("base"))
+
+	result := handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Company
+	})
+
+	assert.False(t, result)
+}
+
+func TestPrivilegeHandler_IsAllowed_Return_True_If_Privilege_Exists(t *testing.T) {
+	handler := New(WithBaseURL("base"))
+
+	_, _ = handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeTime,
+	}, goamqp.Headers{})
+
+	result := handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Time
+	})
+
+	assert.True(t, result)
+
+	_, _ = handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeInvoicing,
+	}, goamqp.Headers{})
+
+	result = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Invoicing
+	})
+
+	assert.True(t, result)
+
+	_, _ = handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeAccounting,
+	}, goamqp.Headers{})
+
+	result = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Accounting
+	})
+
+	assert.True(t, result)
+
+	_, _ = handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeSupplier,
+	}, goamqp.Headers{})
+
+	result = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Supplier
+	})
+
+	assert.True(t, result)
+
+	_, _ = handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeSalary,
+	}, goamqp.Headers{})
+
+	result = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Salary
+	})
+
+	assert.True(t, result)
+}
+
+func TestPrivilegeHandler_Fetch_Sends_Authorization_Header_When_APIKey_Set(t *testing.T) {
+	var receivedAuth string
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		receivedAuth = r.Header.Get("Authorization")
+		_, _ = w.Write([]byte("{}"))
+	}))
+	defer server.Close()
+
+	handler := New(
+		WithBaseURL(server.URL),
+		WithAPIKey("my-secret-key"),
+	)
+
+	err := handler.Fetch()
+	assert.NoError(t, err)
+	assert.Equal(t, "Bearer my-secret-key", receivedAuth)
+}
+
+func TestPrivilegeHandler_Fetch_No_Authorization_Header_Without_APIKey(t *testing.T) {
+	var receivedAuth string
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		receivedAuth = r.Header.Get("Authorization")
+		_, _ = w.Write([]byte("{}"))
+	}))
+	defer server.Close()
+
+	handler := New(WithBaseURL(server.URL))
+
+	err := handler.Fetch()
+	assert.NoError(t, err)
+	assert.Empty(t, receivedAuth)
+}
+
 func TestPrivilegeHandler_Fetch_Error_Response(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(500)
@@ -106,7 +295,7 @@ func TestPrivilegeHandler_Fetch_Error_Response(t *testing.T) {
 	server.Close()
 
 	err := handler.Fetch()
-	assert.EqualError(t, err, fmt.Sprintf("Get http://%s/authz: dial tcp %s: connect: connection refused", baseURL, baseURL))
+	assert.EqualError(t, err, fmt.Sprintf("Get \"http://%s/authz\": dial tcp %s: connect: connection refused", baseURL, baseURL))
 }
 
 func TestPrivilegeHandler_Fetch_Error_Unreadable_Body(t *testing.T) {
@@ -146,7 +335,8 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
       "time": true,
       "invoicing": true,
       "accounting": false,
-      "supplier": false
+      "supplier": false,
+      "salary": true
     }
   }
 }`
@@ -160,7 +350,7 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
 
 	err := handler.Fetch()
 	assert.NoError(t, err)
-	expectedPrivileges := map[string]map[string]CompanyPrivileges{
+	expectedPrivileges := map[string]map[string]*CompanyPrivileges{
 		"jim@example.org": {
 			"00010203-0405-4607-8809-0a0b0c0d0e0f": {
 				Admin:      false,
@@ -170,8 +360,291 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
 				Invoicing:  true,
 				Accounting: false,
 				Supplier:   false,
+				Salary:     true,
 			},
 		},
 	}
 	assert.Equal(t, expectedPrivileges, handler.privileges)
 }
+
+func TestPrivilegeHandler_Fetch_Concurrent_Fetches(t *testing.T) {
+	privileges := `
+{
+  "jim@example.org": {
+    "00010203-0405-4607-8809-0a0b0c0d0e0f": {
+      "admin": false,
+      "company": true,
+      "consumer": false,
+      "time": true,
+      "invoicing": true,
+      "accounting": false,
+      "supplier": false,
+      "salary": true
+    }
+  }
+}`
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(privileges))
+	}))
+	defer server.Close()
+
+	baseURL := server.Listener.Addr().String()
+	handler := New(WithBaseURL(fmt.Sprintf("http://%s", baseURL)))
+
+	// Run multiple Fetch calls concurrently to test thread-safety
+	var wg sync.WaitGroup
+	errors := make(chan error, 10)
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			if err := handler.Fetch(); err != nil {
+				errors <- err
+			}
+		}()
+	}
+
+	wg.Wait()
+	close(errors)
+
+	// Check no errors occurred
+	for err := range errors {
+		assert.NoError(t, err)
+	}
+
+	// Verify privileges were set correctly
+	expectedPrivileges := map[string]map[string]*CompanyPrivileges{
+		"jim@example.org": {
+			"00010203-0405-4607-8809-0a0b0c0d0e0f": {
+				Admin:      false,
+				Company:    true,
+				Consumer:   false,
+				Time:       true,
+				Invoicing:  true,
+				Accounting: false,
+				Supplier:   false,
+				Salary:     true,
+			},
+		},
+	}
+	assert.Equal(t, expectedPrivileges, handler.privileges)
+}
+
+func TestPrivilegeHandler_Concurrent_Fetch_And_Read(t *testing.T) {
+	privileges := `
+{
+  "jim@example.org": {
+    "abc-123": {
+      "admin": true,
+      "company": true,
+      "consumer": false,
+      "time": false,
+      "invoicing": false,
+      "accounting": false,
+      "supplier": false,
+      "salary": false
+    }
+  }
+}`
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(privileges))
+	}))
+	defer server.Close()
+
+	baseURL := server.Listener.Addr().String()
+	handler := New(WithBaseURL(fmt.Sprintf("http://%s", baseURL)))
+
+	var wg sync.WaitGroup
+	errors := make(chan error, 100)
+
+	// Start multiple Fetch operations
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			if err := handler.Fetch(); err != nil {
+				errors <- err
+			}
+		}()
+	}
+
+	// Concurrently read privileges while Fetch is running
+	for i := 0; i < 50; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+				return privileges.Admin
+			})
+		}()
+	}
+
+	// Concurrently check privileges while Fetch is running
+	for i := 0; i < 50; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+				return privileges.Admin
+			})
+		}()
+	}
+
+	wg.Wait()
+	close(errors)
+
+	// Check no errors occurred
+	for err := range errors {
+		assert.NoError(t, err)
+	}
+
+	// Verify privileges are correct after all concurrent operations
+	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin
+	})
+	assert.Equal(t, []string{"abc-123"}, companies)
+
+	isAllowed := handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin && privileges.Company
+	})
+	assert.True(t, isAllowed)
+}
+
+func TestPrivilegeHandler_Concurrent_Process_And_Read(t *testing.T) {
+	handler := New(WithBaseURL("base"))
+
+	var wg sync.WaitGroup
+
+	// Concurrently add privileges via Process
+	for i := 0; i < 100; i++ {
+		wg.Add(1)
+		companyID := fmt.Sprintf("company-%d", i%10)
+		go func(id string) {
+			defer wg.Done()
+			_, _ = handler.Process(&PrivilegeAdded{
+				Email:     "jim@example.org",
+				CompanyID: id,
+				Privilege: PrivilegeAdmin,
+			}, goamqp.Headers{})
+		}(companyID)
+	}
+
+	// Concurrently read privileges while Process is running
+	for i := 0; i < 100; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+				return privileges.Admin
+			})
+		}()
+	}
+
+	wg.Wait()
+
+	// Verify all companies were added
+	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin
+	})
+	sort.Strings(companies)
+
+	expected := make([]string, 10)
+	for i := 0; i < 10; i++ {
+		expected[i] = fmt.Sprintf("company-%d", i)
+	}
+	sort.Strings(expected)
+
+	assert.Equal(t, expected, companies)
+}
+
+func TestPrivilegeHandler_Concurrent_Multiple_Operations(t *testing.T) {
+	privileges := `
+{
+  "jim@example.org": {
+    "initial-company": {
+      "admin": true,
+      "company": true,
+      "consumer": false,
+      "time": false,
+      "invoicing": false,
+      "accounting": false,
+      "supplier": false,
+      "salary": false
+    }
+  }
+}`
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(privileges))
+	}))
+	defer server.Close()
+
+	baseURL := server.Listener.Addr().String()
+	handler := New(WithBaseURL(fmt.Sprintf("http://%s", baseURL)))
+
+	var wg sync.WaitGroup
+
+	// Fetch
+	for i := 0; i < 5; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.Fetch()
+		}()
+	}
+
+	// Process PrivilegeAdded
+	for i := 0; i < 20; i++ {
+		wg.Add(1)
+		go func(idx int) {
+			defer wg.Done()
+			_, _ = handler.Process(&PrivilegeAdded{
+				Email:     "jane@example.org",
+				CompanyID: fmt.Sprintf("company-%d", idx%5),
+				Privilege: PrivilegeCompany,
+			}, goamqp.Headers{})
+		}(i)
+	}
+
+	// CompaniesByUser reads
+	for i := 0; i < 50; i++ {
+		wg.Add(1)
+		email := "jim@example.org"
+		if i%2 == 0 {
+			email = "jane@example.org"
+		}
+		go func(e string) {
+			defer wg.Done()
+			_ = handler.CompaniesByUser(e, func(privileges CompanyPrivileges) bool {
+				return privileges.Admin || privileges.Company
+			})
+		}(email)
+	}
+
+	// IsAllowed reads
+	for i := 0; i < 50; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.IsAllowed("jim@example.org", "initial-company", func(privileges CompanyPrivileges) bool {
+				return privileges.Admin
+			})
+		}()
+	}
+
+	wg.Wait()
+
+	// Verify final state is consistent
+	jimCompanies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin
+	})
+	assert.Contains(t, jimCompanies, "initial-company")
+
+	janeCompanies := handler.CompaniesByUser("jane@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Company
+	})
+	sort.Strings(janeCompanies)
+
+	expectedJane := []string{"company-0", "company-1", "company-2", "company-3", "company-4"}
+	assert.Equal(t, expectedJane, janeCompanies)
+}

cliff.toml

@@ -0,0 +1,80 @@
+# git-cliff ~ default configuration file
+# https://git-cliff.org/docs/configuration
+#
+# Lines starting with "#" are comments.
+# Configuration options are organized into tables and keys.
+# See documentation for more information on available options.
+
+[changelog]
+# template for the changelog header
+header = """
+# Changelog\n
+All notable changes to this project will be documented in this file.\n
+"""
+# template for the changelog body
+# https://keats.github.io/tera/docs/#introduction
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | striptags | trim | upper_first }}
+    {% for commit in commits %}
+        - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
+            {% if commit.breaking %}[**breaking**] {% endif %}\
+            {{ commit.message | upper_first }}\
+    {% endfor %}
+{% endfor %}\n
+"""
+# template for the changelog footer
+footer = """
+<!-- generated by git-cliff -->
+"""
+# remove the leading and trailing s
+trim = true
+# postprocessors
+postprocessors = [
+  # { pattern = '<REPO>', replace = "https://github.com/orhun/git-cliff" }, # replace repository URL
+]
+# render body even when there are no releases to process
+# render_always = true
+# output file path
+# output = "test.md"
+
+[git]
+# parse the commits based on https://www.conventionalcommits.org
+conventional_commits = true
+# filter out the commits that are not conventional
+filter_unconventional = true
+# process each line of a commit as an individual commit
+split_commits = false
+# regex for preprocessing the commit messages
+commit_preprocessors = [
+  # Replace issue numbers
+  #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))"},
+  # Check spelling of the commit with https://github.com/crate-ci/typos
+  # If the spelling is incorrect, it will be automatically fixed.
+  #{ pattern = '.*', replace_command = 'typos --write-changes -' },
+]
+# regex for parsing and grouping commits
+commit_parsers = [
+  { message = "^feat", group = "<!-- 0 -->🚀 Features" },
+  { message = "^fix", group = "<!-- 1 -->🐛 Bug Fixes" },
+  { message = "^doc", group = "<!-- 3 -->📚 Documentation" },
+  { message = "^perf", group = "<!-- 4 -->⚡ Performance" },
+  { message = "^refactor", group = "<!-- 2 -->🚜 Refactor" },
+  { message = "^style", group = "<!-- 5 -->🎨 Styling" },
+  { message = "^test", group = "<!-- 6 -->🧪 Testing" },
+  { message = "^chore\\(release\\): prepare for", skip = true },
+  { message = "^chore|^ci", group = "<!-- 7 -->⚙️ Miscellaneous Tasks" },
+  { body = ".*security", group = "<!-- 8 -->🛡️ Security" },
+  { message = "^revert", group = "<!-- 9 -->◀️ Revert" },
+]
+# filter out the commits that are not matched by commit parsers
+filter_commits = false
+# sort the tags topologically
+topo_order = false
+# sort the commits inside sections by oldest/newest order
+sort_commits = "oldest"

events.go

@@ -0,0 +1,64 @@
+package client
+
+// UserAdded is the event sent when a new user is added to a company
+type UserAdded struct {
+	Email     string `json:"email"`
+	CompanyID string `json:"companyId"`
+}
+
+// UserRemoved is the event sent when a user is removed from a company
+type UserRemoved struct {
+	Email     string `json:"email"`
+	CompanyID string `json:"companyId"`
+}
+
+// Privilege is an enumeration of all available privileges
+type Privilege string
+
+const (
+	PrivilegeAdmin      = "ADMIN"
+	PrivilegeCompany    = "COMPANY"
+	PrivilegeConsumer   = "CONSUMER"
+	PrivilegeTime       = "TIME"
+	PrivilegeInvoicing  = "INVOICING"
+	PrivilegeAccounting = "ACCOUNTING"
+	PrivilegeSupplier   = "SUPPLIER"
+	PrivilegeSalary     = "SALARY"
+)
+
+var AllPrivilege = []Privilege{
+	PrivilegeAdmin,
+	PrivilegeCompany,
+	PrivilegeConsumer,
+	PrivilegeTime,
+	PrivilegeInvoicing,
+	PrivilegeAccounting,
+	PrivilegeSupplier,
+	PrivilegeSalary,
+}
+
+func (e Privilege) IsValid() bool {
+	switch e {
+	case PrivilegeAdmin, PrivilegeCompany, PrivilegeConsumer, PrivilegeTime, PrivilegeInvoicing, PrivilegeAccounting, PrivilegeSupplier, PrivilegeSalary:
+		return true
+	}
+	return false
+}
+
+func (e Privilege) String() string {
+	return string(e)
+}
+
+// PrivilegeAdded is the event sent when a new privilege is added
+type PrivilegeAdded struct {
+	Email     string    `json:"email"`
+	CompanyID string    `json:"companyId"`
+	Privilege Privilege `json:"privilege"`
+}
+
+// PrivilegeRemoved is the event sent when a privilege is removed
+type PrivilegeRemoved struct {
+	Email     string    `json:"email"`
+	CompanyID string    `json:"companyId"`
+	Privilege Privilege `json:"privilege"`
+}

events_test.go

@@ -0,0 +1,110 @@
+package client
+
+import "testing"
+
+func TestPrivilege_IsValid(t *testing.T) {
+	tests := []struct {
+		name string
+		e    Privilege
+		want bool
+	}{
+		{
+			name: "Admin",
+			e:    "ADMIN",
+			want: true,
+		},
+		{
+			name: "Company",
+			e:    "COMPANY",
+			want: true,
+		},
+		{
+			name: "Consumer",
+			e:    "CONSUMER",
+			want: true,
+		},
+		{
+			name: "Time",
+			e:    "TIME",
+			want: true,
+		},
+		{
+			name: "Invoicing",
+			e:    "INVOICING",
+			want: true,
+		},
+		{
+			name: "Accounting",
+			e:    "ACCOUNTING",
+			want: true,
+		},
+		{
+			name: "Supplier",
+			e:    "SUPPLIER",
+			want: true,
+		},
+		{
+			name: "Invalid",
+			e:    "BLUTTI",
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.e.IsValid(); got != tt.want {
+				t.Errorf("IsValid() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestPrivilege_String(t *testing.T) {
+	tests := []struct {
+		name string
+		e    Privilege
+		want string
+	}{
+		{
+			name: "Admin",
+			e:    "ADMIN",
+			want: "ADMIN",
+		},
+		{
+			name: "Company",
+			e:    "COMPANY",
+			want: "COMPANY",
+		},
+		{
+			name: "Consumer",
+			e:    "CONSUMER",
+			want: "CONSUMER",
+		},
+		{
+			name: "Time",
+			e:    "TIME",
+			want: "TIME",
+		},
+		{
+			name: "Invoicing",
+			e:    "INVOICING",
+			want: "INVOICING",
+		},
+		{
+			name: "Accounting",
+			e:    "ACCOUNTING",
+			want: "ACCOUNTING",
+		},
+		{
+			name: "Supplier",
+			e:    "SUPPLIER",
+			want: "SUPPLIER",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.e.String(); got != tt.want {
+				t.Errorf("String() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

go.mod

@@ -1,5 +1,19 @@
-module gitlab.com/unboundsoftware/shiny/authz_client
+module gitea.unbound.se/shiny/authz_client
 
-go 1.13
+go 1.22.12
 
-require github.com/stretchr/testify v1.4.0
+toolchain go1.26.1
+
+require (
+	github.com/sparetimecoders/goamqp v0.3.3
+	github.com/stretchr/testify v1.11.1
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rabbitmq/amqp091-go v1.10.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

go.sum

@@ -1,11 +1,20 @@
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/rabbitmq/amqp091-go v1.10.0 h1:STpn5XsHlHGcecLmMFCtg7mqq0RnD+zFr4uzukfVhBw=
+github.com/rabbitmq/amqp091-go v1.10.0/go.mod h1:Hy4jKW5kQART1u+JkDTF9YYOQUHXqMuhrgxOEeS7G4o=
+github.com/sparetimecoders/goamqp v0.3.3 h1:z/nfTPmrjeU/rIVuNOgsVLCimp3WFoNFvS3ZzXRJ6HE=
+github.com/sparetimecoders/goamqp v0.3.3/go.mod h1:W9NRCpWLE+Vruv2dcRSbszNil2O826d2Nv6kAkETW5o=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ]
+}