Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

permissions

package

Go to main page

Versions in this module

v0

v0.2.0

May 15, 2026

Changes in this version

+ var BannedPrefixes = []string

+ var ErrCircuitBreakerOpen = errors.New(...)

+ func DefaultBlockedCommands() []string

+ func DefaultBlockedPaths() []string

+ func DetectEncoding(text string) string

+ func DetectSuspiciousPatterns(content string) []string

+ func FormatChanges(result *SanitizeResult) string

+ func FormatCheckResult(result *CheckResult) string

+ func FormatHistory(history []*ApprovalRequest, limit int) string

+ func FormatRequest(req *ApprovalRequest) string

+ func FormatResult(result *ScanResult) string

+ func FormatViolation(v *BoundaryViolation) string

+ func IsSuspicious(content string) bool

+ func SanitizeFilePath(path string) (string, error)

+ func SanitizeJSON(input string) string

+ func StripANSI(text string) string

+ func WrapExternalContent(content string, opts WrapOptions) string

+ func WrapWebContent(content string, source ContentSource) string

+ type Action string

+ const ActionAllow

+ const ActionAsk

+ const ActionDeny

+ type ApprovalPolicy struct

+ AutoApprove bool

+ MaxPending int

+ Name string

+ RequireReason bool

+ RiskLevel string

+ Timeout time.Duration

+ Tools []string

+ type ApprovalRequest struct

+ Args map[string]interface{}

+ CreatedAt time.Time

+ Description string

+ ExpiresAt time.Time

+ ID string

+ Reason string

+ Risk string

+ Status string

+ Tool string

+ type ApprovalWorkflow struct

+ History []*ApprovalRequest

+ Pending []*ApprovalRequest

+ Policies []ApprovalPolicy

+ PromptFn func(*ApprovalRequest) (bool, string)

+ func NewApprovalWorkflow(promptFn func(*ApprovalRequest) (bool, string)) *ApprovalWorkflow

+ func (wf *ApprovalWorkflow) AddPolicy(policy ApprovalPolicy)

+ func (wf *ApprovalWorkflow) Approve(id, reason string) error

+ func (wf *ApprovalWorkflow) CheckPolicy(tool string, risk string) *ApprovalPolicy

+ func (wf *ApprovalWorkflow) Deny(id, reason string) error

+ func (wf *ApprovalWorkflow) ExpirePending()

+ func (wf *ApprovalWorkflow) GetPending() []*ApprovalRequest

+ func (wf *ApprovalWorkflow) IsApproved(id string) bool

+ func (wf *ApprovalWorkflow) RequestApproval(tool string, args map[string]interface{}, risk string) (*ApprovalRequest, error)

+ type BoundaryChecker struct

+ AllowedCommands []string

+ AllowedPaths []string

+ BlockedCommands []string

+ BlockedPaths []string

+ FilesModified int

+ MaxFileSize int64

+ MaxFiles int

+ ProjectRoot string

+ func NewBoundaryChecker(projectRoot string) *BoundaryChecker

+ func (bc *BoundaryChecker) CheckCommand(command string) *BoundaryViolation

+ func (bc *BoundaryChecker) CheckEnvironment(key string) *BoundaryViolation

+ func (bc *BoundaryChecker) CheckFileCount() *BoundaryViolation

+ func (bc *BoundaryChecker) CheckFileSize(path string, size int64) *BoundaryViolation

+ func (bc *BoundaryChecker) CheckNetwork(host string, port int) *BoundaryViolation

+ func (bc *BoundaryChecker) CheckPath(path string) *BoundaryViolation

+ func (bc *BoundaryChecker) IsWithinProject(path string) bool

+ func (bc *BoundaryChecker) RecordModification(path string)

+ func (bc *BoundaryChecker) RecordViolation(v *BoundaryViolation)

+ func (bc *BoundaryChecker) Summary() string

+ type BoundaryViolation struct

+ Allowed string

+ Attempted string

+ Description string

+ Severity string

+ Type string

+ type Canonicalizer struct

+ func NewCanonicalizer() *Canonicalizer

+ func (c *Canonicalizer) Canonicalize(command string) string

+ func (c *Canonicalizer) ExtractBaseCommand(command string) string

+ func (c *Canonicalizer) ExtractSubcommand(command string) string

+ func (c *Canonicalizer) GeneratePattern(command string) string

+ func (c *Canonicalizer) IsBannedPrefix(command string) bool

+ func (c *Canonicalizer) IsEquivalent(cmd1, cmd2 string) bool

+ type CheckResult struct

+ Advisories []string

+ CheckedAt time.Time

+ Package string

+ Recommendation string

+ Safe bool

+ Severity string

+ type ContentSource string

+ const SourceAPI

+ const SourceBrowser

+ const SourceEmail

+ const SourceUnknown

+ const SourceWebFetch

+ const SourceWebSearch

+ const SourceWebhook

+ type Destination struct

+ Host string

+ Port int

+ Protocol string

+ Source string

+ Suspicious bool

+ type EgressAttempt struct

+ Allowed bool

+ Command string

+ Destinations []Destination

+ Reason string

+ type EgressInspector struct

+ AllowedDomains []string

+ AllowedProtocols []string

+ BlockedDomains []string

+ func NewEgressInspector() *EgressInspector

+ func (e *EgressInspector) AddAllowed(domain string)

+ func (e *EgressInspector) AddBlocked(domain string)

+ func (e *EgressInspector) ExtractNetcat(command string) []string

+ func (e *EgressInspector) ExtractSSHDests(command string) []string

+ func (e *EgressInspector) ExtractURLs(command string) []string

+ func (e *EgressInspector) FormatAttempt(attempt *EgressAttempt) string

+ func (e *EgressInspector) Inspect(command string) *EgressAttempt

+ func (e *EgressInspector) IsAllowed(host string) bool

+ func (e *EgressInspector) IsSuspicious(command string) bool

+ type Guardian struct

+ ChatFn func(ctx context.Context, prompt string) (string, error)

+ Enabled bool

+ MaxConsecutiveDenials int

+ Model string

+ Provider string

+ Timeout time.Duration

+ func NewGuardian(chatFn func(context.Context, string) (string, error)) *Guardian

+ func (g *Guardian) ResetCircuitBreaker()

+ func (g *Guardian) Review(ctx context.Context, req GuardianRequest) (*GuardianDecision, error)

+ type GuardianDecision struct

+ Allowed bool

+ Confidence float64

+ Reason string

+ type GuardianRequest struct

+ Arguments map[string]interface{}

+ ConversationContext string

+ ProjectDescription string

+ ToolName string

+ type InjectionPattern struct

+ Category string

+ Name string

+ Pattern *regexp.Regexp

+ Severity string

+ type InjectionScanner struct

+ Patterns []*InjectionPattern

+ Threshold float64

+ func NewInjectionScanner() *InjectionScanner

+ func (s *InjectionScanner) DetectUnicodeAttacks(text string) []Threat

+ func (s *InjectionScanner) IsHighEntropy(text string) bool

+ func (s *InjectionScanner) Scan(text string) *ScanResult

+ func (s *InjectionScanner) ScanToolOutput(output string) *ScanResult

+ type InputSanitizer struct

+ MaxLength int

+ NormalizeUnicode bool

+ StripInvisible bool

+ func NewInputSanitizer() *InputSanitizer

+ func (s *InputSanitizer) Sanitize(input string) *SanitizeResult

+ type MalwareEntry struct

+ Advisory string

+ DateAdded time.Time

+ Description string

+ Ecosystem string

+ Package string

+ Severity string

+ type OSVChecker struct

+ Cache map[string]*CheckResult

+ CacheTTL time.Duration

+ KnownMalware map[string]*MalwareEntry

+ func NewOSVChecker() *OSVChecker

+ func (c *OSVChecker) CheckCommand(command string) *CheckResult

+ func (c *OSVChecker) CheckPackage(name, ecosystem string) *CheckResult

+ func (c *OSVChecker) DetectSuspiciousName(name string) []string

+ func (c *OSVChecker) IsTyposquat(name, ecosystem string) bool

+ func (c *OSVChecker) RefreshDatabase() error

type Rule

+ Reason string

+ func ParseRuleLine(line string) (*Rule, error)

+ type RuleSet struct

+ Rules []Rule

+ func NewRuleSet() *RuleSet

+ func (rs *RuleSet) AddRule(rule Rule)

+ func (rs *RuleSet) Evaluate(toolName string, args map[string]interface{}) Action

+ func (rs *RuleSet) LoadFromFile(path string) error

+ func (rs *RuleSet) RemoveRule(index int) error

+ func (rs *RuleSet) SaveToFile(path string) error

+ type SanitizeChange struct

+ Original string

+ Position int

+ Replacement string

+ Type string

+ func NormalizeHomoglyphs(text string) (string, []SanitizeChange)

+ func StripInvisibleChars(text string) (string, []SanitizeChange)

+ type SanitizeResult struct

+ Changes []SanitizeChange

+ Clean string

+ Original string

+ WasModified bool

+ type ScanResult struct

+ IsSafe bool

+ Recommendation string

+ Score float64

+ Threats []Threat

+ type Threat struct

+ Category string

+ Match string

+ Pattern string

+ Position int

+ Severity string

+ type WrapOptions struct

+ IncludeWarning bool

+ Sender string

+ Source ContentSource

+ Subject string

v0.1.0

May 12, 2026

Changes in this version

+ func DefaultPath(projectDir string) string

+ func Save(path string, rules []Rule) error

+ type AskRecord struct

+ Allowed bool

+ Count int

+ Summary string

+ ToolName string

+ type AutoModeState struct

+ func NewAutoModeState() *AutoModeState

+ func (a *AutoModeState) Record(toolName, summary string, allowed bool)

+ func (a *AutoModeState) ShouldAutoAllow(toolName, summary string) (bool, bool)

+ type BypassKillswitch struct

+ func NewBypassKillswitch() *BypassKillswitch

+ func (b *BypassKillswitch) Disable()

+ func (b *BypassKillswitch) Enable()

+ func (b *BypassKillswitch) IsEnabled() bool

+ type Classifier struct

+ func NewClassifier() *Classifier

+ func (c *Classifier) Classify(command string) string

+ type Rule struct

+ Action string

+ Pattern string

+ Tool string

+ func Load(path string) ([]Rule, error)

+ type ShadowedRuleDetector struct

+ func (d *ShadowedRuleDetector) DetectShadowedRules(allowRules, denyRules []string) []string