compliance

package
v0.0.0-...-37924c6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 21, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditEntry 

type AuditEntry struct {
	ID         string         `json:"id"`
	Timestamp  time.Time      `json:"timestamp"`
	ActorID    string         `json:"actor_id"`
	ActorType  string         `json:"actor_type"` // "user", "system", "api_key"
	Action     string         `json:"action"`     // "create", "read", "update", "delete", "execute", "login", "logout"
	Resource   string         `json:"resource"`   // "workflow", "company", "organization", "project", "api_key"
	ResourceID string         `json:"resource_id"`
	TenantID   string         `json:"tenant_id"` // company/org scope
	Details    map[string]any `json:"details,omitempty"`
	IPAddress  string         `json:"ip_address,omitempty"`
	UserAgent  string         `json:"user_agent,omitempty"`
	Success    bool           `json:"success"`
	ErrorMsg   string         `json:"error_message,omitempty"`
}

AuditEntry represents an auditable action in the system.

type AuditEventCollector 

type AuditEventCollector interface {
	CollectEvents(ctx context.Context, start, end time.Time) ([]audit.Event, error)
}

AuditEventCollector reads audit events for the reporting period.

type AuditFilter 

type AuditFilter struct {
	ActorID   string     `json:"actor_id,omitempty"`
	Action    string     `json:"action,omitempty"`
	Resource  string     `json:"resource,omitempty"`
	TenantID  string     `json:"tenant_id,omitempty"`
	StartTime *time.Time `json:"start_time,omitempty"`
	EndTime   *time.Time `json:"end_time,omitempty"`
	Success   *bool      `json:"success,omitempty"`
	Limit     int        `json:"limit,omitempty"`
	Offset    int        `json:"offset,omitempty"`
}

AuditFilter specifies criteria for querying audit entries.

type AuditLog 

type AuditLog interface {
	Record(ctx context.Context, entry *AuditEntry) error
	Query(ctx context.Context, filter AuditFilter) ([]*AuditEntry, error)
	Count(ctx context.Context, filter AuditFilter) (int64, error)
	Export(ctx context.Context, filter AuditFilter, format string) ([]byte, error) // format: "json", "csv"
}

AuditLog interface for recording and querying audit entries.

type AuditTrailSummary 

type AuditTrailSummary struct {
	TotalEvents      int            `json:"total_events"`
	EventsByType     map[string]int `json:"events_by_type"`
	AuthFailures     int            `json:"auth_failures"`
	DataAccessEvents int            `json:"data_access_events"`
	ConfigChanges    int            `json:"config_changes"`
}

AuditTrailSummary summarizes the audit trail for the reporting period.

type CheckConfig 

type CheckConfig struct {
	EncryptionEnabled  bool `json:"encryption_enabled"`
	AuditLoggingActive bool `json:"audit_logging_active"`
	TLSEnabled         bool `json:"tls_enabled"`
	BackupEnabled      bool `json:"backup_enabled"`
	AccessControlled   bool `json:"access_controlled"`
	RetentionDays      int  `json:"retention_days"`
}

CheckConfig holds the configuration state used for compliance checks.

type ComplianceHandler 

type ComplianceHandler struct {
	// contains filtered or unexported fields
}

ComplianceHandler serves SOC2 compliance endpoints over HTTP.

func NewComplianceHandler 

func NewComplianceHandler(auditLog AuditLog, registry *ControlRegistry, retention *RetentionManager) *ComplianceHandler

NewComplianceHandler creates a new compliance HTTP handler.

func (*ComplianceHandler) RegisterComplianceRoutes 

func (h *ComplianceHandler) RegisterComplianceRoutes(mux *http.ServeMux)

RegisterComplianceRoutes registers SOC2 compliance API endpoints on the given mux.

type ComplianceReport 

type ComplianceReport struct {
	GeneratedAt   time.Time      `json:"generated_at"`
	TotalControls int            `json:"total_controls"`
	Implemented   int            `json:"implemented"`
	Partial       int            `json:"partial"`
	Planned       int            `json:"planned"`
	NotApplicable int            `json:"not_applicable"`
	Score         float64        `json:"score"` // percentage of implemented controls
	ByCategory    map[string]int `json:"by_category"`
	Controls      []*SOC2Control `json:"controls"`
}

ComplianceReport is the output of a SOC2 compliance assessment.

type Control 

type Control struct {
	ID          string        `json:"id"`
	Framework   Framework     `json:"framework"`
	Category    string        `json:"category"`
	Description string        `json:"description"`
	Status      ControlStatus `json:"status"`
	Details     string        `json:"details,omitempty"`
}

Control represents a single compliance control check.

type ControlRegistry 

type ControlRegistry struct {
	// contains filtered or unexported fields
}

ControlRegistry manages SOC2 controls and evidence.

func NewControlRegistry 

func NewControlRegistry() *ControlRegistry

NewControlRegistry creates a new empty control registry.

func (*ControlRegistry) AddEvidence 

func (r *ControlRegistry) AddEvidence(controlID string, evidence EvidenceItem) error

AddEvidence attaches an evidence item to a control.

func (*ControlRegistry) ComplianceScore 

func (r *ControlRegistry) ComplianceScore() float64

ComplianceScore returns the percentage of applicable controls that are implemented.

func (*ControlRegistry) GenerateReport 

func (r *ControlRegistry) GenerateReport() *ComplianceReport

GenerateReport produces a ComplianceReport summarizing the current control states.

func (*ControlRegistry) Get 

func (r *ControlRegistry) Get(id string) (*SOC2Control, bool)

Get retrieves a control by ID.

func (*ControlRegistry) List 

func (r *ControlRegistry) List(category string) []*SOC2Control

List returns controls, optionally filtered by category. If category is empty, all controls are returned.

func (*ControlRegistry) Register 

func (r *ControlRegistry) Register(control *SOC2Control)

Register adds or replaces a control in the registry.

func (*ControlRegistry) RegisterDefaults 

func (r *ControlRegistry) RegisterDefaults()

RegisterDefaults registers all standard SOC2 Trust Services Criteria controls.

func (*ControlRegistry) UpdateStatus 

func (r *ControlRegistry) UpdateStatus(id string, status SOC2ControlStatus) error

UpdateStatus changes the status of a control.

type ControlStatus 

type ControlStatus string

ControlStatus indicates whether a compliance control is satisfied. 

const (
	StatusPass    ControlStatus = "pass"
	StatusFail    ControlStatus = "fail"
	StatusWarning ControlStatus = "warning"
)

type DataRetentionPolicy 

type DataRetentionPolicy struct {
	Name           string `json:"name"`
	DataType       string `json:"data_type"` // "audit_logs", "executions", "events", "dlq_entries"
	RetentionDays  int    `json:"retention_days"`
	ArchiveEnabled bool   `json:"archive_enabled"`
	ArchiveFormat  string `json:"archive_format"` // "json", "parquet"
}

DataRetentionPolicy defines how long data is kept.

func DefaultPolicies 

func DefaultPolicies() []*DataRetentionPolicy

DefaultPolicies returns sensible default retention policies for common data types.

type EvidenceItem 

type EvidenceItem struct {
	Type        string    `json:"type"` // "automated_test", "config", "log", "document", "screenshot"
	Description string    `json:"description"`
	Source      string    `json:"source"` // file path, URL, or test name
	CollectedAt time.Time `json:"collected_at"`
	Valid       bool      `json:"valid"`
}

EvidenceItem represents a piece of evidence supporting a SOC2 control.

type Framework 

type Framework string

Framework identifies a compliance framework. 

const (
	FrameworkSOC2  Framework = "SOC2"
	FrameworkHIPAA Framework = "HIPAA"
)

type Generator 

type Generator struct {
	// contains filtered or unexported fields
}

Generator creates compliance reports.

func NewGenerator 

func NewGenerator(collector AuditEventCollector, cfg CheckConfig) *Generator

NewGenerator creates a new compliance report generator.

func (*Generator) Generate 

func (g *Generator) Generate(ctx context.Context, start, end time.Time) (*Report, error)

Generate produces a compliance report for the given time period.

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler serves compliance reports over HTTP.

func NewHandler 

func NewHandler(gen *Generator) *Handler

NewHandler creates a new compliance HTTP handler.

func (*Handler) RegisterRoutes 

func (h *Handler) RegisterRoutes(mux *http.ServeMux)

RegisterRoutes registers compliance endpoints on the given mux.

type InMemoryAuditLog 

type InMemoryAuditLog struct {
	// contains filtered or unexported fields
}

InMemoryAuditLog stores audit entries in memory. Suitable for testing and development; not for production use.

func NewInMemoryAuditLog 

func NewInMemoryAuditLog() *InMemoryAuditLog

NewInMemoryAuditLog creates a new in-memory audit log.

func (*InMemoryAuditLog) Count 

func (l *InMemoryAuditLog) Count(_ context.Context, filter AuditFilter) (int64, error)

Count returns the number of entries matching the filter.

func (*InMemoryAuditLog) Export 

func (l *InMemoryAuditLog) Export(ctx context.Context, filter AuditFilter, format string) ([]byte, error)

Export returns entries matching the filter in the given format ("json" or "csv").

func (*InMemoryAuditLog) Query 

func (l *InMemoryAuditLog) Query(_ context.Context, filter AuditFilter) ([]*AuditEntry, error)

Query returns entries matching the filter.

func (*InMemoryAuditLog) Record 

func (l *InMemoryAuditLog) Record(_ context.Context, entry *AuditEntry) error

Record adds an audit entry. It assigns an ID and timestamp if missing.

type InMemoryCollector 

type InMemoryCollector struct {
	Events []audit.Event
}

InMemoryCollector collects events from a slice (useful for testing).

func (*InMemoryCollector) CollectEvents 

func (c *InMemoryCollector) CollectEvents(_ context.Context, start, end time.Time) ([]audit.Event, error)

CollectEvents filters events within the given time range.

type Report 

type Report struct {
	GeneratedAt time.Time `json:"generated_at"`
	PeriodStart time.Time `json:"period_start"`
	PeriodEnd   time.Time `json:"period_end"`
	Controls    []Control `json:"controls"`
	Summary     Summary   `json:"summary"`
}

Report is a full compliance report covering one or more frameworks.

type RetentionManager 

type RetentionManager struct {
	// contains filtered or unexported fields
}

RetentionManager enforces data retention policies.

func NewRetentionManager 

func NewRetentionManager(logger *slog.Logger) *RetentionManager

NewRetentionManager creates a new RetentionManager. If logger is nil, a default logger is used.

func (*RetentionManager) AddPolicy 

func (m *RetentionManager) AddPolicy(policy *DataRetentionPolicy)

AddPolicy registers a retention policy for a specific data type. If a policy for the data type already exists, it is replaced.

func (*RetentionManager) GetPolicy 

func (m *RetentionManager) GetPolicy(dataType string) (*DataRetentionPolicy, bool)

GetPolicy retrieves the policy for a given data type.

func (*RetentionManager) ListPolicies 

func (m *RetentionManager) ListPolicies() []*DataRetentionPolicy

ListPolicies returns all registered retention policies.

func (*RetentionManager) ShouldRetain 

func (m *RetentionManager) ShouldRetain(dataType string, createdAt time.Time) bool

ShouldRetain returns true if data of the given type created at createdAt should still be retained according to the policy. If no policy exists for the data type, the data is retained (conservative default).

type SOC2Control 

type SOC2Control struct {
	ID          string            `json:"id"`       // e.g., "CC6.1", "CC7.2"
	Category    string            `json:"category"` // "Security", "Availability", "Processing Integrity", "Confidentiality", "Privacy"
	Title       string            `json:"title"`
	Description string            `json:"description"`
	Status      SOC2ControlStatus `json:"status"`
	Evidence    []EvidenceItem    `json:"evidence"`
	Owner       string            `json:"owner"`
	LastReview  time.Time         `json:"last_review"`
}

SOC2Control represents a SOC2 Trust Services Criteria control.

type SOC2ControlStatus 

type SOC2ControlStatus string

ControlStatus indicates the implementation state of a SOC2 control. 

const (
	ControlStatusImplemented   SOC2ControlStatus = "implemented"
	ControlStatusPartial       SOC2ControlStatus = "partial"
	ControlStatusPlanned       SOC2ControlStatus = "planned"
	ControlStatusNotApplicable SOC2ControlStatus = "not_applicable"
)

type SQLiteAuditLog 

type SQLiteAuditLog struct {
	// contains filtered or unexported fields
}

SQLiteAuditLog persists audit entries in a SQLite database.

func NewSQLiteAuditLog 

func NewSQLiteAuditLog(dbPath string) (*SQLiteAuditLog, error)

NewSQLiteAuditLog opens (or creates) the SQLite database at dbPath and initializes the audit_entries table.

func (*SQLiteAuditLog) Close 

func (s *SQLiteAuditLog) Close() error

Close closes the underlying database connection.

func (*SQLiteAuditLog) Count 

func (s *SQLiteAuditLog) Count(ctx context.Context, filter AuditFilter) (int64, error)

Count returns the number of entries matching the filter.

func (*SQLiteAuditLog) Export 

func (s *SQLiteAuditLog) Export(ctx context.Context, filter AuditFilter, format string) ([]byte, error)

Export returns entries matching the filter serialized in the given format.

func (*SQLiteAuditLog) Query 

func (s *SQLiteAuditLog) Query(ctx context.Context, filter AuditFilter) ([]*AuditEntry, error)

Query returns entries matching the filter.

func (*SQLiteAuditLog) Record 

func (s *SQLiteAuditLog) Record(_ context.Context, entry *AuditEntry) error

Record inserts an audit entry into the database.

type Summary 

type Summary struct {
	Total    int `json:"total"`
	Passed   int `json:"passed"`
	Failed   int `json:"failed"`
	Warnings int `json:"warnings"`
}

Summary aggregates counts across all controls.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.