Request Context Carrier

Every request carries a structured context through the middleware, handler, store, and plugin chain.

RequestContext Struct

// Set by middleware, available to all handlers and downstream calls
type RequestContext struct {
    RequestID   string      // Unique per request (X-Request-Id or generated UUID)
    UserID      uuid.UUID   // Authenticated user
    RealmID     uuid.UUID   // Resolved realm (after ResolveRealm)
    RealmSlug   string      // Realm slug
    Permissions []string    // Evaluated RBAC capabilities for this request
    StartTime   time.Time   // For duration tracking
    AuthMethod  string      // "token" | "oidc" | "k8s"
}

Propagation Path

HTTP Request
  -> RequestID middleware (generates/extracts X-Request-Id)
  -> Auth middleware (sets UserID, AuthMethod)
  -> Handler (resolves Realm, sets RealmID/RealmSlug)
  -> Store calls (receives context)
  -> Plugin calls (receives ArcanContext with RequestID, UserID, RealmID)
  -> Audit dispatch (receives full context)

The RequestContext is stored in Go's context.Context using typed keys (not string keys). Retrieved via middleware.GetRequestContext(ctx).

ArcanContext for Plugins

Plugins receive an ArcanContext (see Engine Standard) which includes identity fields (RequestID, UserID, RealmID) and host functions (SQL, HTTP, Store, Audit). Plugins don't receive permissions -- the core already authorized the request.

RequestContext Struct​

Propagation Path​

ArcanContext for Plugins​

RequestContext Struct

Propagation Path

ArcanContext for Plugins