feat(zerotier): add ZeroTier network governance module

Add comprehensive ZeroTier integration for managing network access: - Portal networks: manager-created ZeroTier network bindings - Device registration: user-owned ZeroTier node endpoints - Approval workflows: request/approve/revoke network access - Activation sessions: time-limited network authorization - Kill switch: emergency access revocation - Reconciliation job: sync portal state with ZeroTier controller Includes ZeroTier client SDK supporting both Central and self-hosted controller APIs, with full CRUD operations for networks and members.
2026-03-20 21:50:20 +10:30
parent 49e724222f
commit 1789590167
27 changed files with 4862 additions and 4 deletions
@@ -17,6 +17,9 @@ models.ssh_ca       — CA, KeyType, CertType, CaType, CAPermission,
                      CertificateAuditLog
 models.security     — OrganizationSecurityPolicy, UserSecurityPolicy,
                      MfaPolicyCompliance
+models.zerotier     — PortalNetwork, Device, UserNetworkApproval,
+                      DeviceNetworkMembership, ActivationSession,
+                      ZeroTierMembership, KillSwitchEvent

 All names are re-exported here so that existing code using the flat import
 style (``from gatehouse_app.models import X``) or the old per-file style
@@ -90,9 +93,26 @@ from gatehouse_app.models.ssh_ca.certificate_audit_log import (  # noqa: F401
 )

 # ── Security ──────────────────────────────────────────────────────────────────
-from gatehouse_app.models.security.organization_security_policy import (  # noqa: F401
+from gatehouse_app.models.security.organization_security_policy import (
    OrganizationSecurityPolicy,
 )
+from gatehouse_app.models.security.user_security_policy import (
+    UserSecurityPolicy,
+)
+from gatehouse_app.models.security.mfa_policy_compliance import (
+    MfaPolicyCompliance,
+)
+
+# ── ZeroTier / Portal Network ─────────────────────────────────────────────────
+from gatehouse_app.models.zerotier import (  # noqa: F401
+    PortalNetwork,
+    Device,
+    UserNetworkApproval,
+    DeviceNetworkMembership,
+    ActivationSession,
+    ZeroTierMembership,
+    KillSwitchEvent,
+)
 from gatehouse_app.models.security.user_security_policy import (  # noqa: F401
    UserSecurityPolicy,
 )
@@ -147,4 +167,12 @@ __all__ = [
    "OrganizationSecurityPolicy",
    "UserSecurityPolicy",
    "MfaPolicyCompliance",
+    # ZeroTier
+    "PortalNetwork",
+    "Device",
+    "UserNetworkApproval",
+    "DeviceNetworkMembership",
+    "ActivationSession",
+    "ZeroTierMembership",
+    "KillSwitchEvent",
 ]