Production: Go
git clone https://github.com/AEEF-AI/aeef-production.git
The Production tier for Go deploys a Dockerized Chi HTTP server alongside gRPC services, with comprehensive CI workflows, drift detection, incident response automation, and Prometheus-native monitoring.
Full Platform Walkthrough
Application Architecture
production-go/
cmd/
server/ # HTTP server entrypoint (Chi)
grpc-server/ # gRPC server entrypoint
worker/ # Background worker process
internal/
api/ # HTTP handlers
grpc/ # gRPC service implementations
domain/ # Business logic
middleware/ # Auth, logging, metrics
monitoring/ # Health checks, Prometheus exporters
tests/
unit/ # Table-driven unit tests
integration/ # API contract tests
e2e/ # End-to-end scenario tests
load/ # k6 load test scripts
docker/
Dockerfile # Multi-stage production build
Dockerfile.dev # Development with hot reload (air)
.github/
workflows/
ci.yml # Full 10-stage CI pipeline
drift.yml # Scheduled drift detection
incident.yml # Incident response automation
docker-compose.yml
docker-compose.monitoring.yml
Dockerized Deployment
Multi-stage Dockerfile producing a minimal scratch-based image:
# Build stage
FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /bin/server ./cmd/server
# Production stage
FROM scratch
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /bin/server /bin/server
USER 65534:65534
EXPOSE 8080 9090
ENTRYPOINT ["/bin/server"]
Docker Compose Stack
services:
api:
build:
context: .
dockerfile: docker/Dockerfile
ports:
- "8080:8080" # HTTP
- "9090:9090" # gRPC
environment:
- AEEF_OVERLAY=ksa
depends_on: [postgres, redis]
worker:
build:
context: .
dockerfile: docker/Dockerfile
command: ["/bin/worker"]
depends_on: [redis, postgres]
postgres:
image: postgres:16-alpine
redis:
image: redis:7-alpine
CI Pipeline
The Production Go pipeline extends the Transformation pipeline to 10 stages:
golangci-lint --> go-vet --> go-test-unit --> go-mutesting -->
go-test-integration --> govulncheck --> license-check --> SBOM --> schema-validate --> provenance
Integration Tests
- name: Integration Tests
run: |
docker compose up -d postgres redis
go test -tags=integration -race -v ./tests/integration/...
env:
DATABASE_URL: postgres://postgres:test@localhost:5432/aeef_test?sslmode=disable
SBOM Generation
- name: Generate SBOM
run: |
go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
cyclonedx-gomod mod -json -output sbom.json
Load Tests
- name: Load Tests
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
run: |
docker compose up -d
k6 run tests/load/api-load.js --vus 100 --duration 60s
Monitoring Integration
Go applications export Prometheus metrics natively:
package monitoring
import (
"net/http"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
)
var (
AIContributions = prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "aeef_ai_contributions_total",
Help: "Total AI-assisted code contributions",
},
[]string{"tool", "agent_role"},
)
QualityGateDuration = prometheus.NewHistogramVec(
prometheus.HistogramOpts{
Name: "aeef_quality_gate_seconds",
Help: "Time spent in quality gate checks",
Buckets: prometheus.DefBuckets,
},
[]string{"gate_name"},
)
)
func init() {
prometheus.MustRegister(AIContributions, QualityGateDuration)
}
func MetricsHandler() http.Handler {
return promhttp.Handler()
}
Health Check Endpoint
func HealthHandler(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
checks := map[string]string{
"database": "ok",
"redis": "ok",
"aeef": "ok",
}
if err := db.PingContext(r.Context()); err != nil {
checks["database"] = "degraded"
w.WriteHeader(http.StatusServiceUnavailable)
}
json.NewEncoder(w).Encode(checks)
}
}
Drift Detection
Go-specific drift detection validates toolchain and configuration consistency:
- name: Check golangci-lint Config Drift
run: |
go run scripts/drift-detect/main.go --category linting \
--baseline .aeef/baselines/golangci.json \
--current .golangci.yml
- name: Check Go Module Drift
run: |
go run scripts/drift-detect/main.go --category dependencies \
--baseline .aeef/baselines/go-mod.json \
--current go.mod
gRPC Service Governance
gRPC services follow additional governance controls:
- Proto schema validation in CI ensures backward compatibility
- gRPC interceptors enforce authentication, logging, and rate limiting
- Service contracts define allowed RPC methods per agent role
func AEEFUnaryInterceptor() grpc.UnaryServerInterceptor {
return func(
ctx context.Context,
req interface{},
info *grpc.UnaryServerInfo,
handler grpc.UnaryHandler,
) (interface{}, error) {
// Log AI agent metadata
md, _ := metadata.FromIncomingContext(ctx)
if agentID := md.Get("x-aeef-agent-id"); len(agentID) > 0 {
slog.Info("agent rpc", "agent", agentID[0], "method", info.FullMethod)
}
// Enforce rate limits
if err := rateLimit(ctx, info.FullMethod); err != nil {
return nil, status.Error(codes.ResourceExhausted, "rate limit exceeded")
}
return handler(ctx, req)
}
}
Next Steps
- Set up monitoring: Monitoring Setup
- Apply sovereign overlays: Sovereign Compliance Overlays
- Configure incident response: Incident Response Automation