Documentation
¶
Index ¶
- Constants
- func IsComplianceSummaryError(err error) bool
- func MCPVisibilityWarnings(findings []source.Finding) []string
- func MarkdownLines(markdown string) []string
- func PublicSanitizeFindings(in []risk.ScoredFinding) []risk.ScoredFinding
- func RenderBacklogCSV(backlog *controlbacklog.Backlog) ([]byte, error)
- func RenderCampaignPublicMarkdown(artifact CampaignArtifact) string
- func RenderEvidenceBundleJSON(summary Summary) ([]byte, error)
- func RenderMarkdown(summary Summary) string
- func ResolveGeneratedAtForCLI(snapshot state.Snapshot, generatedAt time.Time) time.Time
- func SelectTopFindings(report risk.Report, requested int) []risk.ScoredFinding
- type ActivationItem
- type ActivationSummary
- type AgentActionBOM
- type AgentActionBOMGraphRefs
- type AgentActionBOMItem
- type AgentActionBOMReachability
- type AgentActionBOMSummary
- type AssessmentSummary
- type AttackPathSummary
- type BuildInput
- type CampaignArtifact
- type CampaignDetector
- type CampaignMethodology
- type CampaignMetrics
- type CampaignOptions
- type CampaignScanInput
- type CampaignScanResult
- type CampaignSegmentBucket
- type CampaignSegments
- type ChecklistItem
- type ControlProofStatus
- type DeltaMetric
- type DeltaSummary
- type EvidenceBundle
- type Headline
- type LifecycleSummary
- type LifecycleTransition
- type MCPList
- type MCPListRow
- type Methodology
- type ProofReference
- type ReasonGroup
- type RecordTypeCount
- type RegressSummary
- type RiskItem
- type Section
- type SegmentMetadata
- type ShareProfile
- type Summary
- type Template
Constants ¶
View Source
const ( MCPTrustTrusted = "trusted" MCPTrustBlocked = "blocked" MCPTrustUnreviewed = "unreviewed" )
View Source
const ( SectionHeadline = "headline_posture" SectionMethodology = "methodology" SectionTopRisks = "top_prioritized_risks" SectionChanges = "change_since_previous" SectionLifecycle = "lifecycle_actions" SectionProof = "proof_verification_footer" SectionNextAction = "next_actions" )
View Source
const AgentActionBOMSchemaVersion = "v1"
View Source
const SummaryVersion = "v1"
Variables ¶
This section is empty.
Functions ¶
func IsComplianceSummaryError ¶ added in v1.0.8
func MCPVisibilityWarnings ¶ added in v1.0.8
func MarkdownLines ¶
func PublicSanitizeFindings ¶
func PublicSanitizeFindings(in []risk.ScoredFinding) []risk.ScoredFinding
func RenderBacklogCSV ¶ added in v1.2.0
func RenderBacklogCSV(backlog *controlbacklog.Backlog) ([]byte, error)
func RenderCampaignPublicMarkdown ¶ added in v1.0.2
func RenderCampaignPublicMarkdown(artifact CampaignArtifact) string
func RenderEvidenceBundleJSON ¶ added in v1.2.0
func RenderMarkdown ¶
func ResolveGeneratedAtForCLI ¶ added in v1.0.8
func SelectTopFindings ¶
func SelectTopFindings(report risk.Report, requested int) []risk.ScoredFinding
Types ¶
type ActivationItem ¶ added in v1.0.9
type ActivationItem struct {
Rank int `json:"rank"`
RiskScore float64 `json:"risk_score"`
FindingType string `json:"finding_type"`
ToolType string `json:"tool_type"`
Severity string `json:"severity"`
Location string `json:"location"`
Repo string `json:"repo"`
NextStep string `json:"next_step"`
ItemClass string `json:"item_class,omitempty"`
WriteCapable bool `json:"write_capable,omitempty"`
ProductionWrite bool `json:"production_write,omitempty"`
ApprovalClassification string `json:"approval_classification,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty"`
}
type ActivationSummary ¶ added in v1.0.9
type ActivationSummary struct {
TargetMode string `json:"target_mode"`
Message string `json:"message"`
EligibleCount int `json:"eligible_count"`
SuppressedPolicyItems bool `json:"suppressed_policy_items,omitempty"`
Reason string `json:"reason,omitempty"`
Items []ActivationItem `json:"items"`
}
func BuildActivation ¶ added in v1.0.9
func BuildActivation(targetMode string, ranked []risk.ScoredFinding, inventory *agginventory.Inventory, actionPaths []risk.ActionPath, limit int) *ActivationSummary
BuildActivation projects a first-value view for local-machine scans without mutating raw risk ranking.
type AgentActionBOM ¶ added in v1.3.0
type AgentActionBOM struct {
BOMID string `json:"bom_id"`
SchemaVersion string `json:"schema_version"`
GeneratedAt string `json:"generated_at"`
Summary AgentActionBOMSummary `json:"summary"`
Items []AgentActionBOMItem `json:"items,omitempty"`
GraphRefs AgentActionBOMGraphRefs `json:"graph_refs,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
ProofRefs []string `json:"proof_refs,omitempty"`
}
func BuildAgentActionBOM ¶ added in v1.3.0
func BuildAgentActionBOM(summary Summary) *AgentActionBOM
type AgentActionBOMGraphRefs ¶ added in v1.3.0
type AgentActionBOMItem ¶ added in v1.3.0
type AgentActionBOMItem struct {
PathID string `json:"path_id"`
AgentID string `json:"agent_id,omitempty"`
Org string `json:"org"`
Repo string `json:"repo"`
ToolType string `json:"tool_type"`
Location string `json:"location,omitempty"`
Owner string `json:"owner,omitempty"`
OwnerSource string `json:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty"`
OwnershipState string `json:"ownership_state,omitempty"`
CredentialAccess bool `json:"credential_access"`
CredentialProvenance *agginventory.CredentialProvenance `json:"credential_provenance,omitempty"`
StandingPrivilege bool `json:"standing_privilege,omitempty"`
StandingPrivilegeReasons []string `json:"standing_privilege_reasons,omitempty"`
ActionClasses []string `json:"action_classes,omitempty"`
ActionReasons []string `json:"action_reasons,omitempty"`
ProductionWrite bool `json:"production_write,omitempty"`
ProductionTargetStatus string `json:"production_target_status,omitempty"`
MatchedProductionTargets []string `json:"matched_production_targets,omitempty"`
ApprovalGap bool `json:"approval_gap"`
ApprovalGapReasons []string `json:"approval_gap_reasons,omitempty"`
PolicyStatus string `json:"policy_status,omitempty"`
PolicyRefs []string `json:"policy_refs,omitempty"`
PolicyMissingReasons []string `json:"policy_missing_reasons,omitempty"`
PolicyStatusReasons []string `json:"policy_status_reasons,omitempty"`
PolicyConfidence string `json:"policy_confidence,omitempty"`
PolicyEvidenceRefs []string `json:"policy_evidence_refs,omitempty"`
ProofCoverage string `json:"proof_coverage,omitempty"`
ProofRefs []string `json:"proof_refs,omitempty"`
RuntimeEvidenceStatus string `json:"runtime_evidence_status,omitempty"`
RuntimeEvidenceClasses []string `json:"runtime_evidence_classes,omitempty"`
RuntimeEvidenceRefs []string `json:"runtime_evidence_refs,omitempty"`
ControlPriority string `json:"control_priority,omitempty"`
RecommendedNextAction string `json:"recommended_next_action,omitempty"`
GraphRefs AgentActionBOMGraphRefs `json:"graph_refs,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
Reachability []AgentActionBOMReachability `json:"reachability,omitempty"`
ReachableServers []AgentActionBOMReachability `json:"reachable_servers,omitempty"`
ReachableTools []AgentActionBOMReachability `json:"reachable_tools,omitempty"`
ReachableAPIs []AgentActionBOMReachability `json:"reachable_apis,omitempty"`
ReachableAgents []AgentActionBOMReachability `json:"reachable_agents,omitempty"`
IntroducedBy *attribution.Result `json:"introduced_by,omitempty"`
}
type AgentActionBOMReachability ¶ added in v1.3.0
type AgentActionBOMReachability struct {
Surface string `json:"surface"`
Name string `json:"name,omitempty"`
Capabilities []string `json:"capabilities,omitempty"`
TrustDepth *agginventory.TrustDepth `json:"trust_depth,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
}
type AgentActionBOMSummary ¶ added in v1.3.0
type AgentActionBOMSummary struct {
TotalItems int `json:"total_items"`
ControlFirstItems int `json:"control_first_items"`
StandingPrivilegeItems int `json:"standing_privilege_items"`
StaticCredentialItems int `json:"static_credential_items"`
ProductionTargetItems int `json:"production_target_items"`
MissingApprovalItems int `json:"missing_approval_items"`
MissingPolicyItems int `json:"missing_policy_items"`
MissingProofItems int `json:"missing_proof_items"`
RuntimeProvenItems int `json:"runtime_proven_items"`
UnresolvedOwnerItems int `json:"unresolved_owner_items"`
}
type AssessmentSummary ¶ added in v1.1.0
type AssessmentSummary struct {
GovernablePathCount int `json:"governable_path_count"`
WriteCapablePathCount int `json:"write_capable_path_count"`
ProductionBackedPathCount int `json:"production_target_backed_path_count"`
TopPathToControlFirst *risk.ActionPath `json:"top_path_to_control_first,omitempty"`
TopExecutionIdentityBacked *risk.ActionPath `json:"top_execution_identity_backed_path,omitempty"`
OwnerlessExposure *risk.OwnerlessExposure `json:"ownerless_exposure,omitempty"`
IdentityExposureSummary *risk.IdentityExposureSummary `json:"identity_exposure_summary,omitempty"`
IdentityToReviewFirst *risk.IdentityActionTarget `json:"identity_to_review_first,omitempty"`
IdentityToRevokeFirst *risk.IdentityActionTarget `json:"identity_to_revoke_first,omitempty"`
ProofChainPath string `json:"proof_chain_path,omitempty"`
}
type AttackPathSummary ¶ added in v1.0.5
type BuildInput ¶
type CampaignArtifact ¶ added in v1.0.2
type CampaignArtifact struct {
SchemaVersion string `json:"schema_version"`
GeneratedAt string `json:"generated_at"`
InputGlob string `json:"input_glob,omitempty"`
Methodology CampaignMethodology `json:"methodology"`
Metrics CampaignMetrics `json:"metrics"`
Segments CampaignSegments `json:"segments"`
Scans []CampaignScanResult `json:"scans"`
}
func AggregateCampaign ¶ added in v1.0.2
func AggregateCampaign(inputs []CampaignScanInput, generatedAt time.Time) CampaignArtifact
func AggregateCampaignWithOptions ¶ added in v1.0.2
func AggregateCampaignWithOptions(inputs []CampaignScanInput, generatedAt time.Time, opts CampaignOptions) CampaignArtifact
type CampaignDetector ¶ added in v1.0.2
type CampaignMethodology ¶ added in v1.0.2
type CampaignMethodology struct {
WrkrVersion string `json:"wrkr_version"`
ScanCount int `json:"scan_count"`
RepoCount int `json:"repo_count"`
FileCountProcessed int `json:"file_count_processed"`
Detectors []CampaignDetector `json:"detectors"`
}
type CampaignMetrics ¶ added in v1.0.2
type CampaignMetrics struct {
ReposScanned int `json:"repos_scanned"`
ToolsDetectedTotal int `json:"tools_detected_total"`
WriteCapableTools int `json:"write_capable_tools"`
CredentialAccessTools int `json:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools"`
ApprovedTools int `json:"approved_tools"`
UnapprovedTools int `json:"unapproved_tools"`
UnknownTools int `json:"unknown_tools"`
UnknownToSecurityTools int `json:"unknown_to_security_tools"`
UnknownToSecurityAgents int `json:"unknown_to_security_agents"`
UnknownToSecurityWriteCapableAgents int `json:"unknown_to_security_write_capable_agents"`
SecurityVisibilityReference string `json:"security_visibility_reference"`
ApprovedPercent float64 `json:"approved_percent"`
UnapprovedPercent float64 `json:"unapproved_percent"`
UnknownPercent float64 `json:"unknown_percent"`
UnapprovedPerApproved *float64 `json:"unapproved_per_approved"`
ProductionWriteStatus string `json:"production_write_status"`
ProductionWriteTools *int `json:"production_write_tools"`
}
type CampaignOptions ¶ added in v1.0.2
type CampaignOptions struct {
SegmentMetadata map[string]SegmentMetadata
}
type CampaignScanInput ¶ added in v1.0.2
type CampaignScanInput struct {
Path string
Target source.Target
SourceManifest source.Manifest
Inventory *agginventory.Inventory
PrivilegeBudget agginventory.PrivilegeBudget
Findings []source.Finding
}
type CampaignScanResult ¶ added in v1.0.2
type CampaignScanResult struct {
Path string `json:"path"`
TargetMode string `json:"target_mode"`
TargetValue string `json:"target_value"`
RepoCount int `json:"repo_count"`
ToolsDetected int `json:"tools_detected"`
WriteCapableTools int `json:"write_capable_tools"`
CredentialAccessTool int `json:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools"`
}
type CampaignSegmentBucket ¶ added in v1.0.2
type CampaignSegments ¶ added in v1.0.2
type CampaignSegments struct {
OrgSizeBands []CampaignSegmentBucket `json:"org_size_bands"`
IndustryBands []CampaignSegmentBucket `json:"industry_bands"`
}
type ChecklistItem ¶
type ControlProofStatus ¶ added in v1.3.0
type ControlProofStatus struct {
LinkedActionPathID string `json:"linked_action_path_id,omitempty"`
Repo string `json:"repo,omitempty"`
Path string `json:"path,omitempty"`
ControlID string `json:"control_id"`
BacklogItemID string `json:"backlog_item_id"`
AgentID string `json:"agent_id,omitempty"`
Status string `json:"status"`
ExistingProof []string `json:"existing_proof,omitempty"`
MissingProof []string `json:"missing_proof,omitempty"`
RecordIDs []string `json:"record_ids,omitempty"`
}
func BuildControlProofStatus ¶ added in v1.3.0
func BuildControlProofStatus(snapshot state.Snapshot, chain *proof.Chain) []ControlProofStatus
type DeltaMetric ¶
type DeltaSummary ¶
type DeltaSummary struct {
RiskScoreTrend DeltaMetric `json:"risk_score_trend"`
ProfileComplianceDelta DeltaMetric `json:"profile_compliance_delta"`
PostureScoreTrend DeltaMetric `json:"posture_score_trend_delta"`
}
type EvidenceBundle ¶ added in v1.2.0
type EvidenceBundle struct {
ReportBundleVersion string `json:"report_bundle_version"`
GeneratedAt string `json:"generated_at"`
Template string `json:"template"`
ControlBacklog *controlbacklog.Backlog `json:"control_backlog,omitempty"`
ControlPathGraph *aggattack.ControlPathGraph `json:"control_path_graph,omitempty"`
RuntimeEvidence *ingest.Summary `json:"runtime_evidence,omitempty"`
AgentActionBOM *AgentActionBOM `json:"agent_action_bom,omitempty"`
ComplianceSummary any `json:"compliance_summary"`
Proof ProofReference `json:"proof"`
NextActions []ChecklistItem `json:"next_actions"`
}
func BuildEvidenceBundle ¶ added in v1.2.0
func BuildEvidenceBundle(summary Summary) EvidenceBundle
type LifecycleSummary ¶
type LifecycleSummary struct {
IdentityCount int `json:"identity_count"`
UnderReviewCount int `json:"under_review_count"`
RevokedCount int `json:"revoked_count"`
DeprecatedCount int `json:"deprecated_count"`
PendingActionCount int `json:"pending_action_count"`
Gaps []lifecycle.Gap `json:"gaps,omitempty"`
RecentTransitions []LifecycleTransition `json:"recent_transitions"`
}
type LifecycleTransition ¶
type MCPList ¶ added in v1.0.8
type MCPList struct {
Status string `json:"status"`
GeneratedAt string `json:"generated_at"`
Rows []MCPListRow `json:"rows"`
Warnings []string `json:"warnings,omitempty"`
}
type MCPListRow ¶ added in v1.0.8
type MCPListRow struct {
ServerName string `json:"server_name"`
Org string `json:"org"`
Repo string `json:"repo"`
Location string `json:"location"`
Transport string `json:"transport"`
RequestedPermissions []string `json:"requested_permissions,omitempty"`
PrivilegeSurface []string `json:"privilege_surface,omitempty"`
GatewayCoverage string `json:"gateway_coverage"`
TrustDepth *agginventory.TrustDepth `json:"trust_depth,omitempty"`
TrustStatus string `json:"trust_status"`
RiskNote string `json:"risk_note"`
}
type Methodology ¶ added in v1.0.2
type Methodology struct {
WrkrVersion string `json:"wrkr_version"`
ScanStartedAt string `json:"scan_started_at"`
ScanCompletedAt string `json:"scan_completed_at"`
ScanDurationSeconds float64 `json:"scan_duration_seconds"`
RepoCount int `json:"repo_count"`
FileCountProcessed int `json:"file_count_processed"`
DetectorCount int `json:"detector_count"`
CommandSet []string `json:"command_set"`
SampleDefinition string `json:"sample_definition"`
ExclusionCriteria []string `json:"exclusion_criteria"`
}
type ProofReference ¶
type ProofReference struct {
ChainPath string `json:"chain_path"`
HeadHash string `json:"head_hash"`
RecordCount int `json:"record_count"`
RecordTypeCounts []RecordTypeCount `json:"record_type_counts"`
CanonicalFindingKeys []string `json:"canonical_finding_keys"`
}
type ReasonGroup ¶
type RecordTypeCount ¶
type RegressSummary ¶
type RegressSummary struct {
BaselineProvided bool `json:"baseline_provided"`
DriftDetected bool `json:"drift_detected"`
ReasonCount int `json:"reason_count"`
ReasonGroups []ReasonGroup `json:"reason_groups"`
}
type RiskItem ¶
type RiskItem struct {
Rank int `json:"rank"`
CanonicalKey string `json:"canonical_key"`
Score float64 `json:"risk_score"`
FindingType string `json:"finding_type"`
Severity string `json:"severity"`
ToolType string `json:"tool_type"`
Org string `json:"org"`
Repo string `json:"repo"`
Location string `json:"location"`
PathID string `json:"path_id,omitempty"`
RecommendedAction string `json:"recommended_action,omitempty"`
WriteCapable bool `json:"write_capable,omitempty"`
ProductionWrite bool `json:"production_write,omitempty"`
Rationale []string `json:"rationale"`
Remediation string `json:"remediation"`
}
type SegmentMetadata ¶ added in v1.0.2
type ShareProfile ¶
type ShareProfile string
const ( )
func ParseShareProfile ¶
func ParseShareProfile(raw string) (ShareProfile, bool)
type Summary ¶
type Summary struct {
SummaryVersion string `json:"summary_version"`
GeneratedAt string `json:"generated_at"`
Template string `json:"template"`
SectionOrder []string `json:"section_order"`
Sections []Section `json:"sections"`
Headline Headline `json:"headline"`
AssessmentSummary *AssessmentSummary `json:"assessment_summary,omitempty"`
Methodology Methodology `json:"methodology"`
TopRisks []RiskItem `json:"top_risks"`
PrivilegeBudget agginventory.PrivilegeBudget `json:"privilege_budget"`
SecurityVisibility agginventory.SecurityVisibilitySummary `json:"security_visibility"`
Deltas DeltaSummary `json:"deltas"`
Lifecycle LifecycleSummary `json:"lifecycle"`
RegressDrift *RegressSummary `json:"regress_drift,omitempty"`
AttackPaths AttackPathSummary `json:"attack_paths"`
ComplianceSummary compliance.RollupSummary `json:"compliance_summary"`
ControlBacklog *controlbacklog.Backlog `json:"control_backlog,omitempty"`
RuntimeEvidence *ingest.Summary `json:"runtime_evidence,omitempty"`
AgentActionBOM *AgentActionBOM `json:"agent_action_bom,omitempty"`
Proof ProofReference `json:"proof"`
NextActions []ChecklistItem `json:"next_actions"`
Activation *ActivationSummary `json:"activation,omitempty"`
ActionPaths []risk.ActionPath `json:"action_paths,omitempty"`
ActionPathToControlFirst *risk.ActionPathToControlFirst `json:"action_path_to_control_first,omitempty"`
ControlPathGraph *aggattack.ControlPathGraph `json:"control_path_graph,omitempty"`
ExposureGroups []risk.ExposureGroup `json:"exposure_groups,omitempty"`
SourcePrivacy *sourceprivacy.Contract `json:"source_privacy,omitempty"`
// contains filtered or unexported fields
}
func BuildSummary ¶
func BuildSummary(in BuildInput) (Summary, error)
BuildSummary composes deterministic report sections from scan, risk, score, lifecycle, regress, and proof data. Non-goal guardrail: this path must remain deterministic and non-generative.
type Template ¶
type Template string
const ( TemplateExec Template = "exec" TemplateOperator Template = "operator" TemplateAudit Template = "audit" TemplatePublic Template = "public" TemplateCISO Template = "ciso" TemplateAppSec Template = "appsec" TemplatePlatform Template = "platform" TemplateCustomerDraft Template = "customer-draft" TemplateAgentActionBOM Template = "agent-action-bom" )
func ParseTemplate ¶
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.