Refactor Actor to interface and clean up dependencies

.coderabbit.yaml

@@ -1,17 +1,16 @@
 # CodeRabbit Configuration File
 # Reference: https://docs.coderabbit.ai/spec/configuration
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
 
 language: "en-US"
-tone_instruction: "Review code as a senior Go software engineer focusing on library design, modularity interfaces, testing utilities, and decoupling patterns."
 
 reviews:
   profile: "assertive"
+  tone_instructions: "Review code as a senior Go software engineer focusing on library design, modularity interfaces, testing utilities, and decoupling patterns."
   auto_review:
     enabled: true
     drafts: false
   high_level_summary: true
-  reviews_per_file: true
-  collapse_dependency_reviews: true
 
 chat:
   auto_reply: true

CHANGELOG.md

@@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.1.0] - 2026-06-05
+
+### Added
+
+- Initial modular commerce kernel design and MDK decoupled integrations.
+- Decoupled testing harness and interfaces.

SECURITY.md

@@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+For pre-1.0 releases we support the latest release or the latest patch series (e.g., 0.1.x), and for 1.0+ we support the latest major release branch.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within Hyperrr or any of its modules, please do not disclose it publicly. Report it directly by emailing security@hyperrr.org or opening a draft security advisory on GitHub.
+
+We will acknowledge receipt of your report within 48 hours and work with you to patch the issue promptly.

identity.go

@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"time"
 )
 
 // ActorType represents the type of entity performing an action.
@@ -46,32 +45,56 @@ func (m *JSONMap) Scan(value interface{}) error {
 	return json.Unmarshal(bytes, m)
 }
 
-// Actor represents a generic identity in the system.
-type Actor struct {
-	ID        string    `gorm:"primaryKey" json:"id"`
-	Type      ActorType `gorm:"index" json:"type"`
-	Name      string    `json:"name"`
-	Metadata  JSONMap   `gorm:"type:text" json:"metadata,omitempty"`
-	CreatedAt time.Time `json:"created_at"`
-	UpdatedAt time.Time `json:"updated_at"`
+// Actor represents the minimal interface for any security principal or identity.
+type Actor interface {
+	GetID() string
+	GetType() ActorType
+	GetName() string
+	GetMetadata() map[string]string
+}
+
+// BaseActor is a simple, serializable struct that implements mdk.Actor.
+type BaseActor struct {
+	ID       string            `json:"id"`
+	Type     ActorType         `json:"type"`
+	Name     string            `json:"name"`
+	Metadata map[string]string `json:"metadata,omitempty"`
+}
+
+var _ Actor = (*BaseActor)(nil)
+
+func (b *BaseActor) GetID() string {
+	return b.ID
+}
+
+func (b *BaseActor) GetType() ActorType {
+	return b.Type
+}
+
+func (b *BaseActor) GetName() string {
+	return b.Name
+}
+
+func (b *BaseActor) GetMetadata() map[string]string {
+	return b.Metadata
 }
 
 type contextKey struct{}
 var actorKey = contextKey{}
 
 // WithActor stores the Actor in the context.
-func WithActor(ctx context.Context, actor *Actor) context.Context {
+func WithActor(ctx context.Context, actor Actor) context.Context {
 	return context.WithValue(ctx, actorKey, actor)
 }
 
 // ActorFromContext retrieves the Actor from the context.
-func ActorFromContext(ctx context.Context) (*Actor, bool) {
-	actor, ok := ctx.Value(actorKey).(*Actor)
+func ActorFromContext(ctx context.Context) (Actor, bool) {
+	actor, ok := ctx.Value(actorKey).(Actor)
 	return actor, ok
 }
 
 // TokenValidator defines the interface for validating authentication tokens.
 type TokenValidator interface {
-	ValidateToken(ctx context.Context, token string) (*Actor, error)
+	ValidateToken(ctx context.Context, token string) (Actor, error)
 }