Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

policy

package

Go to main page

Versions in this module

v0

v0.7.2

Apr 8, 2026

v0.7.1

Apr 8, 2026

Changes in this version

+ var ModePresets = map[string][]TrustRule

+ type Action string

+ const Allow

+ const Ask

+ const Deny

+ type GlobMatcher struct

+ func NewGlobMatcher(allow, deny []string) *GlobMatcher

+ func (gm *GlobMatcher) Check(path string) Action

+ type PermissionGrant struct

+ Action Action

+ CreatedAt time.Time

+ GrantedBy string

+ ID int64

+ Pattern string

+ Scope string

+ type PermissionStore struct

+ func NewPermissionStore(db *sql.DB) (*PermissionStore, error)

+ func (ps *PermissionStore) Check(toolName, scope string) (Action, bool)

+ func (ps *PermissionStore) Grant(pattern string, action Action, scope, grantedBy string) error

+ func (ps *PermissionStore) List() ([]PermissionGrant, error)

+ func (ps *PermissionStore) Revoke(pattern, scope string) error

+ type PolicyEngine interface

+ IsAllowed func(ctx context.Context, toolName, agentID, teamID string) (bool, string)

+ type RatchetPromptPattern struct

+ Action string

+ Match string

+ Name string

+ type RatchetTrustConfig struct

+ Mode string

+ Prompts []RatchetPromptPattern

+ ProviderArgs map[string][]string

+ Rules []RatchetTrustRule

+ type RatchetTrustRule struct

+ Action string

+ Pattern string

+ type TrustEngine struct

+ func NewTrustEngine(mode string, rules []TrustRule, policyDB PolicyEngine) *TrustEngine

+ func (te *TrustEngine) AddRule(rule TrustRule)

+ func (te *TrustEngine) Evaluate(ctx context.Context, toolName string, args map[string]any) Action

+ func (te *TrustEngine) EvaluateCommand(cmd string) Action

+ func (te *TrustEngine) EvaluatePath(path string) Action

+ func (te *TrustEngine) EvaluateScoped(ctx context.Context, toolName string, args map[string]any, scope string) Action

+ func (te *TrustEngine) GrantPersistent(pattern string, action Action, scope, grantedBy string) error

+ func (te *TrustEngine) Mode() string

+ func (te *TrustEngine) Rules() []TrustRule

+ func (te *TrustEngine) SetMode(mode string) []TrustRule

+ func (te *TrustEngine) SetPermissionStore(ps *PermissionStore)

+ type TrustRule struct

+ Action Action

+ Pattern string

+ Scope string

+ func ParseClaudeCodeSettings(data []byte) ([]TrustRule, error)

+ func ParseRatchetTrustConfig(cfg RatchetTrustConfig) []TrustRule