Documentation
¶
Index ¶
Constants ¶
View Source
const ( ActionBlockedPath = "blocked_path" // file tool blocked due to protected path ActionBlockedCmd = "blocked_cmd" // Bash command blocked due to protected path ActionMasked = "masked" // secret value replaced with placeholder in tool output )
Action constants for audit log entries.
Variables ¶
This section is empty.
Functions ¶
func AppendEntry ¶
AppendEntry appends a new signed entry to .envault/ai-secure.log. The entry's hash chains from the last entry in the log.
func VerifyChain ¶
VerifyChain checks that the hash chain in entries is intact. Returns the first error found, or nil if the chain is valid.
Types ¶
type Entry ¶
type Entry struct {
Time string `json:"t"`
Tool string `json:"tool"`
Action string `json:"action"`
Target string `json:"target"` // file path, command snippet, or masked secret name
Pattern string `json:"pattern"` // matched protect pattern (empty for masked entries)
Prev string `json:"prev"` // hash of the immediately preceding entry
Hash string `json:"hash"` // SHA256 of this entry (fields above, not hash itself)
}
Entry is a single record in the audit log.
func LoadEntries ¶
LoadEntries reads and parses all entries from .envault/ai-secure.log. Returns nil (not an error) when the log does not exist.
Click to show internal directories.
Click to hide internal directories.