Documentation
¶
Overview ¶
Package workspacetrust records which workspace roots the user has explicitly trusted, so Zero can gate project-scoped executable config (hooks, plugins) behind an opt-in per workspace and fail closed on any error.
Trust is keyed on the normalized absolute workspace root (filepath.Abs then filepath.EvalSymlinks), and membership is an EXACT match: a nested repo or subdirectory under a trusted root is NOT trusted, so trusting a monorepo root does not implicitly trust a vendored dependency or submodule that ships its own .zero/. The store is a plaintext JSON file at <UserConfigDir>/zero/trust.json; it holds workspace paths, not secrets, so it is not encrypted, but it is written atomically with restrictive permissions (dir 0o700, file 0o600).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsTrusted ¶
IsTrusted reports whether workspaceRoot's own normalized root is in the trust store. It is an EXACT membership check: no ancestor or subtree walk, so a nested repo under a trusted root is not trusted. An empty root returns (false, nil). A missing store returns (false, nil). A store that exists but cannot be read returns (false, non-nil) so callers fail closed.
func List ¶
List returns the sorted normalized trusted roots. A missing store returns an empty slice and a nil error.
Types ¶
This section is empty.