notify

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultHTTPTimeout = 10 * time.Second

DefaultHTTPTimeout is the timeout for webhook and Slack HTTP requests.

View Source 
const DefaultQueueSize = 256

DefaultQueueSize is the buffered channel size for the dispatch worker pool. If notifications arrive faster than workers can send, excess events are dropped and DroppedEvents is incremented.

View Source 
const DefaultWorkers = 8

DefaultWorkers is the number of concurrent dispatch goroutines.

Variables

View Source 
var DroppedEvents uint64

DroppedEvents counts events discarded because the dispatch queue was full. Exposed as a package-level atomic so callers/metrics can observe it.

Functions

This section is empty.

Types

type ConsoleNotifier 

type ConsoleNotifier struct {
	Filter string
}

ConsoleNotifier prints events to stdout.

func (*ConsoleNotifier) Notify 

func (c *ConsoleNotifier) Notify(event Event) error

type Dispatcher 

type Dispatcher struct {
	// contains filtered or unexported fields
}

Dispatcher fans out events to multiple notifiers using a bounded worker pool.

Lifecycle: NewDispatcher* spawns N worker goroutines and creates a cancellable context. Close cancels that context (so in-flight webhook / Slack HTTP requests unblock immediately) and is guarded by sync.Once so repeated calls — common in shutdown paths that defer Close from multiple owners — do not panic on a re-closed channel.

Closes R3 #6 (sync.Once) and R3 #7 (in-flight HTTP cancellation).

func NewDispatcher 

func NewDispatcher(cfg policy.NotificationCfg) *Dispatcher

NewDispatcher builds a dispatcher from the policy notification config. The dispatcher starts DefaultWorkers goroutines that pull from a bounded queue. Send() never blocks the caller; overflowing events are dropped and counted in DroppedEvents.

func NewDispatcherWithOpts added in v0.5.0 

func NewDispatcherWithOpts(cfg policy.NotificationCfg, workers, queueSize int) *Dispatcher

NewDispatcherWithOpts allows tuning the worker count and queue size. Used primarily by tests.

func (*Dispatcher) Close added in v0.5.0 

func (d *Dispatcher) Close()

Close stops worker goroutines and cancels in-flight HTTP notifications.

Idempotent: guarded by sync.Once so a deferred shutdown that calls Close twice (e.g. signal-handler + main return) does not panic on a re-closed channel. The cancellation also unblocks any webhook/Slack request still waiting on its remote, so graceful shutdown is bounded by the time a single Notify() takes to observe the context (typically µs–ms) rather than by DefaultHTTPTimeout per pending event.

Closes R3 #6 and R3 #7.

func (*Dispatcher) Send 

func (d *Dispatcher) Send(event Event)

Send queues an event for asynchronous dispatch to all matching notifiers. Non-blocking: if the queue is full, events are dropped and counted.

type Event 

type Event struct {
	Type      string               `json:"type"` // "approval_required", "denied", "allowed"
	Timestamp time.Time            `json:"timestamp"`
	Request   policy.ActionRequest `json:"request"`
	Result    policy.CheckResult   `json:"result"`
	// ApprovalURL is set when Type == "approval_required".
	ApprovalURL string `json:"approval_url,omitempty"`
}

Event describes something that happened in the system.

type LogNotifier 

type LogNotifier struct {
	Level  string
	Filter string
}

LogNotifier logs events via the standard logger.

func (*LogNotifier) Notify 

func (l *LogNotifier) Notify(event Event) error

type Notifier 

type Notifier interface {
	Notify(event Event) error
}

Notifier delivers events to external systems.

type Redactor added in v0.5.0 

type Redactor struct {
	// contains filtered or unexported fields
}

Redactor scrubs obvious secret patterns from event payloads before they leave the process. This is a best-effort defense; the authoritative fix is for agents not to pass secrets through as command arguments.

func DefaultRedactor added in v0.5.0 

func DefaultRedactor() *Redactor

DefaultRedactor returns a Redactor pre-loaded with common secret patterns: bearer tokens, AWS-style access keys, GitHub/Slack tokens, and generic KEY=value pairs where the key name contains "secret"/"token"/"password".

func (*Redactor) Redact added in v0.5.0 

func (r *Redactor) Redact(e Event) Event

Redact returns a copy of the event with sensitive substrings replaced by "[REDACTED]" in the command, URL, and reason fields.

func (*Redactor) WithExtraPatterns added in v0.5.0 

func (r *Redactor) WithExtraPatterns(extras []string) (*Redactor, error)

WithExtraPatterns appends operator-supplied regexes to the redactor's pattern list and returns the receiver. An invalid pattern returns an error and leaves the receiver unmodified.

Patterns are evaluated in order: built-in defaults first, then extras. A later pattern can overlap an earlier match — redaction is idempotent.

type SlackNotifier 

type SlackNotifier struct {
	WebhookURL string
	Filter     string
	// contains filtered or unexported fields
}

SlackNotifier posts a formatted message to a Slack incoming webhook.

ctx is the dispatcher-scoped context — see WebhookNotifier for details.

func (*SlackNotifier) Notify 

func (s *SlackNotifier) Notify(event Event) error

type WebhookNotifier 

type WebhookNotifier struct {
	URL    string
	Filter string // only fire for this event type ("" = all)
	// contains filtered or unexported fields
}

WebhookNotifier posts JSON to an arbitrary URL.

ctx is the dispatcher-scoped context. When the dispatcher is Closed, ctx is cancelled and any in-flight HTTP roundtrip returns immediately so graceful shutdown does not stall behind a slow webhook.

func (*WebhookNotifier) Notify 

func (w *WebhookNotifier) Notify(event Event) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.