Documentation
¶
Index ¶
- Constants
- func GenerateKeyPair() (ed25519.PublicKey, ed25519.PrivateKey, error)
- func LoadTrustedKeys(paths []string) ([]ed25519.PublicKey, error)
- func MarshalPrivateKeyPEM(priv ed25519.PrivateKey) []byte
- func MarshalPublicKeyPEM(pub ed25519.PublicKey) []byte
- func ParsePrivateKeyPEM(data []byte) (ed25519.PrivateKey, error)
- func ParsePublicKeyPEM(data []byte) (ed25519.PublicKey, error)
- func Sign(privateKey ed25519.PrivateKey, data []byte) []byte
- func SignFile(privateKey ed25519.PrivateKey, filePath string) error
- func ValidTier(tier string) bool
- func Verify(publicKey ed25519.PublicKey, data, signature []byte) bool
- func VerifyFile(trustedKeys []ed25519.PublicKey, filePath string) error
- func VerifyWithAnyKey(trustedKeys []ed25519.PublicKey, data, signature []byte) bool
- type PermissionEngine
Constants ¶
const PEMTypePrivateKey = "DENKEEPER ED25519 PRIVATE KEY"
PEMTypePrivateKey is the PEM block type for Ed25519 private keys.
const PEMTypePublicKey = "DENKEEPER ED25519 PUBLIC KEY"
PEMTypePublicKey is the PEM block type for Ed25519 public keys.
const SignatureFileExtension = ".sig"
SignatureFileExtension is the file extension for detached Ed25519 signatures.
Variables ¶
This section is empty.
Functions ¶
func GenerateKeyPair ¶ added in v0.1.0
func GenerateKeyPair() (ed25519.PublicKey, ed25519.PrivateKey, error)
GenerateKeyPair creates a new Ed25519 key pair.
func LoadTrustedKeys ¶ added in v0.1.0
LoadTrustedKeys reads a list of PEM public key files and returns the parsed keys. Returns an error if any file cannot be read or parsed.
func MarshalPrivateKeyPEM ¶ added in v0.1.0
func MarshalPrivateKeyPEM(priv ed25519.PrivateKey) []byte
MarshalPrivateKeyPEM encodes an Ed25519 private key as PEM.
func MarshalPublicKeyPEM ¶ added in v0.1.0
MarshalPublicKeyPEM encodes an Ed25519 public key as PEM.
func ParsePrivateKeyPEM ¶ added in v0.1.0
func ParsePrivateKeyPEM(data []byte) (ed25519.PrivateKey, error)
ParsePrivateKeyPEM decodes a PEM-encoded Ed25519 private key.
func ParsePublicKeyPEM ¶ added in v0.1.0
ParsePublicKeyPEM decodes a PEM-encoded Ed25519 public key.
func Sign ¶ added in v0.1.0
func Sign(privateKey ed25519.PrivateKey, data []byte) []byte
Sign produces an Ed25519 signature over the given data.
func SignFile ¶ added in v0.1.0
func SignFile(privateKey ed25519.PrivateKey, filePath string) error
SignFile reads a file and writes a detached Ed25519 signature to filePath.sig.
func Verify ¶ added in v0.1.0
Verify checks an Ed25519 signature against the given data and public key.
func VerifyFile ¶ added in v0.1.0
VerifyFile reads a file and its detached signature (.sig), then verifies the signature against the trusted keys. Returns nil if verification succeeds.
Types ¶
type PermissionEngine ¶
type PermissionEngine struct {
// contains filtered or unexported fields
}
PermissionEngine controls what actions the agent is allowed to perform. The allowlist is determined by the configured permission tier.
func NewDenyAll ¶
func NewDenyAll() *PermissionEngine
NewDenyAll creates a permission engine that denies every action. Intended for testing scenarios where no permissions should be granted.
func NewPermissionEngine ¶
func NewPermissionEngine(tier string) (*PermissionEngine, error)
NewPermissionEngine creates a permission engine for the given tier. Valid tiers: "autonomous", "supervised", "restricted".
func (*PermissionEngine) CanExecute ¶
func (p *PermissionEngine) CanExecute(action string) bool
CanExecute checks if an action is allowed under the current tier.
func (*PermissionEngine) Tier ¶
func (p *PermissionEngine) Tier() string
Tier returns the current permission tier.
Source Files