Documentation
¶
Index ¶
- Constants
- func AppendTransitionRecord(chain *proof.Chain, transition Transition, eventType string) error
- func ChainPath(statePath string) string
- func LoadChain(path string) (*proof.Chain, error)
- func ParseExpiry(raw string, now time.Time) (time.Time, error)
- func RecordsForAgent(chain *proof.Chain, agentID string) []proof.Record
- func SaveChain(path string, chain *proof.Chain) error
- type Gap
- type GapInput
- type InventoryMutation
- type ObservedTool
- type Transition
- func ApplyInventoryMutation(m manifest.Manifest, mutation InventoryMutation) (manifest.Manifest, Transition, error)
- func ApplyManualState(m manifest.Manifest, agentID, state, approver, scope, reason string, ...) (manifest.Manifest, Transition, error)
- func Reconcile(previous manifest.Manifest, observed []ObservedTool, now time.Time) (manifest.Manifest, []Transition)
Constants ¶
View Source
const ( GapStaleMissing = "stale_missing" GapOwnerlessExposure = "ownerless_exposure" GapInactiveCredentialed = "inactive_but_credentialed" // #nosec G101 -- lifecycle enum label, not credential material. GapOverApproved = "over_approved" GapOrphanedIdentity = "orphaned_identity" GapRevokedStillPresent = "revoked_still_present" GapApprovalExpired = "approval_expired" GapPresenceDrift = "presence_absence_drift" )
Variables ¶
This section is empty.
Functions ¶
func AppendTransitionRecord ¶
func AppendTransitionRecord(chain *proof.Chain, transition Transition, eventType string) error
Types ¶
type Gap ¶ added in v1.3.0
type Gap struct {
GapID string `json:"gap_id" yaml:"gap_id"`
ReasonCode string `json:"reason_code" yaml:"reason_code"`
Severity string `json:"severity" yaml:"severity"`
AgentID string `json:"agent_id" yaml:"agent_id"`
ToolID string `json:"tool_id,omitempty" yaml:"tool_id,omitempty"`
ToolType string `json:"tool_type,omitempty" yaml:"tool_type,omitempty"`
Org string `json:"org" yaml:"org"`
Repo string `json:"repo,omitempty" yaml:"repo,omitempty"`
Location string `json:"location,omitempty" yaml:"location,omitempty"`
Present bool `json:"present" yaml:"present"`
LifecycleState string `json:"lifecycle_state,omitempty" yaml:"lifecycle_state,omitempty"`
ApprovalStatus string `json:"approval_status,omitempty" yaml:"approval_status,omitempty"`
Owner string `json:"owner,omitempty" yaml:"owner,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty" yaml:"ownership_status,omitempty"`
WriteCapable bool `json:"write_capable,omitempty" yaml:"write_capable,omitempty"`
CredentialAccess bool `json:"credential_access,omitempty" yaml:"credential_access,omitempty"`
Message string `json:"message" yaml:"message"`
EvidenceBasis []string `json:"evidence_basis,omitempty" yaml:"evidence_basis,omitempty"`
}
func DetectGaps ¶ added in v1.3.0
type GapInput ¶ added in v1.3.0
type GapInput struct {
Identities []manifest.IdentityRecord
Inventory *agginventory.Inventory
Transitions []Transition
}
type InventoryMutation ¶ added in v1.2.0
type ObservedTool ¶
type Transition ¶
type Transition struct {
AgentID string `json:"agent_id" yaml:"agent_id"`
PreviousState string `json:"previous_state" yaml:"previous_state"`
NewState string `json:"new_state" yaml:"new_state"`
Trigger string `json:"trigger" yaml:"trigger"`
Diff map[string]any `json:"diff,omitempty" yaml:"diff,omitempty"`
Timestamp string `json:"timestamp" yaml:"timestamp"`
}
func ApplyInventoryMutation ¶ added in v1.2.0
func ApplyInventoryMutation(m manifest.Manifest, mutation InventoryMutation) (manifest.Manifest, Transition, error)
func ApplyManualState ¶
func Reconcile ¶
func Reconcile(previous manifest.Manifest, observed []ObservedTool, now time.Time) (manifest.Manifest, []Transition)
Source Files
Click to show internal directories.
Click to hide internal directories.