relational

package
v0.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 26, 2026 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AgentAuthMethodServiceAccount = "service_account"
	AgentAuthEventOutcomeSuccess  = "success"
	AgentAuthEventOutcomeFailure  = "failure"
)
View Source 
const (
	// RoleAssigneeTypeUser targets a user by email.
	RoleAssigneeTypeUser = "user"
	// RoleAssigneeTypeGroup targets a native CCF group by name.
	RoleAssigneeTypeGroup = "group"
)

Role-assignment assignee discriminators. A grant targets either a single user (matched by email, the subject identifier authz carries) or a native group (matched by the group's policy-facing Name, the token that appears in subject.groups). These mirror the in-memory RoleAssignments.Users / .Groups maps the persisted table supersedes (BCH-1333).

View Source 
const (
	// RoleAssignmentSourceConfig is a grant materialized from authz-roles.yaml. It is managed by
	// the boot reconcile (BCH-1334) and cannot be deleted through the admin API (409).
	RoleAssignmentSourceConfig = "config"
	// RoleAssignmentSourceManual is an ad-hoc admin grant. It is the default for API-created rows
	// and the only source the admin API may delete.
	RoleAssignmentSourceManual = "manual"
)

Role-assignment source discriminators. config and manual grants are the same rows, distinguished only by who owns them: config grants are seeded from authz-roles.yaml by the boot reconcile (BCH-1334) and are immutable through the API; manual grants are ad-hoc admin grants and are the only ones the API may delete.

View Source 
const (
	// GroupSourceManual is an admin-created native group. It is the default and is never auto-removed.
	GroupSourceManual = "manual"
	// GroupSourceSSO is a group materialized by SSO provisioning from a group_mapping value. It is
	// eligible for boot-time cleanup once nothing references it (no mapping, no members, no grants).
	GroupSourceSSO = "sso"
)

Group source discriminators (see UserGroup.Source).

View Source 
const (
	// MembershipSourceManual is an admin-added membership. It is the default for existing rows and
	// the only source an admin may hand-remove.
	MembershipSourceManual = "manual"
	// MembershipSourceSSO is a membership materialized from an SSO IdP group via an SSOGroupMapping.
	// It is reconciled (added/removed) at login and cannot be hand-removed by an admin.
	MembershipSourceSSO = "sso"
)

Membership source discriminators (BCH-1331). A membership records how it came to exist so the SSO sync and the admin API never clobber each other: only the IdP owns sso memberships, only an admin owns manual ones.

View Source 
const (
	// MappingSourceConfig is a mapping declared in a provider's group_mapping. Boot provisioning owns
	// it: it is created/re-pointed to match config and pruned when config drops it.
	MappingSourceConfig = "config"
	// MappingSourceManual is a mapping added at runtime via the admin API. Provisioning never prunes it.
	MappingSourceManual = "manual"
)

SSO group-mapping source discriminators (see SSOGroupMapping.Source).

View Source 
const EvidenceStatusNotSatisfied = "not-satisfied"

EvidenceStatusNotSatisfied is the OSCAL ObjectiveStatus.State value indicating a failed check.

View Source 
const EvidenceStatusSatisfied = "satisfied"

EvidenceStatusSatisfied is the OSCAL ObjectiveStatus.State value indicating a passed check.

Variables

View Source 
var ErrAgentSecretRequired = errors.New("agent secret is required")

Functions

func CleanupOrphanedSSOGroups added in v0.17.0 

func CleanupOrphanedSSOGroups(db *gorm.DB) error

CleanupOrphanedSSOGroups soft-deletes native groups that SSO provisioning created (Source=sso) and that nothing references anymore: no SSOGroupMapping points at them, no user is a member, and no role assignment grants by their name. This is what reclaims a group left behind when a provider's group_mapping value is renamed or removed (e.g. "ccf-authorized-uzers" after a typo'd rename) — the mapping re-points to the new group and the old one becomes an unreferenced orphan.

It is the boot-time SWEEP over every sso group. The per-login de-provision path also cleans up (see ReconcileSSOGroupMemberships → pruneOrphanedSSOGroups), which is what catches a group that only becomes empty when the last member is removed at login — too late for the preceding boot.

It is deliberately conservative:

  • Source=manual groups (admin-created, and all pre-attribution rows) are never touched.
  • A group with any member, mapping, or group role assignment is kept — the same emptiness guard the admin DeleteGroup API enforces, so a group still in use is never silently removed.

Run it AFTER provisioning every provider so a group mapped by one provider is not deleted while another provider's mappings are still being applied.

func ConvertImplementationStatusToOscal added in v0.4.7 

func ConvertImplementationStatusToOscal(data datatypes.JSONType[ImplementationStatus]) *oscalTypes_1_1_3.ImplementationStatus

func ConvertLinksToOscal 

func ConvertLinksToOscal(data datatypes.JSONSlice[Link]) *[]oscaltypes113.Link

func ConvertList 

func ConvertList[in any, out any](list *[]in, mutate func(in) out) []out

func ConvertOscalToImplementationStatus added in v0.4.7 

func ConvertOscalToImplementationStatus(oscal *oscalTypes_1_1_3.ImplementationStatus) datatypes.JSONType[ImplementationStatus]
func ConvertOscalToLinks(data *[]oscaltypes113.Link) datatypes.JSONSlice[Link]

func ConvertOscalToProps 

func ConvertOscalToProps(data *[]oscaltypes113.Property) datatypes.JSONSlice[Prop]

func ConvertPropsToOscal 

func ConvertPropsToOscal(data datatypes.JSONSlice[Prop]) *[]oscaltypes113.Property

func GetEvidenceSearchByFilterQuery 

func GetEvidenceSearchByFilterQuery(latestQuery *gorm.DB, db *gorm.DB, filters ...labelfilter.Filter) (*gorm.DB, error)

func GetLatestEvidenceStreamsQuery 

func GetLatestEvidenceStreamsQuery(db *gorm.DB) *gorm.DB

func GroupNamesForUser added in v0.17.0 

func GroupNamesForUser(db *gorm.DB, userID string) ([]string, error)

GroupNamesForUser returns the names of the native CCF groups the user belongs to, sorted and de-duplicated. It is the single native-membership query shared by the authz group resolver (which unions it with SSO groups for subject.groups) and the builtin admin check (which folds it into its admin-group set). Returns an empty slice when the user has no native memberships.

It resolves in two steps rather than a join because ccf_user_groups.group_id is text while ccf_groups.id is uuid: a column-to-column uuid = text comparison fails in Postgres (see the join-table mismatch in the migrator). A string IN clause sidesteps it — the group_id literals coerce to the uuid column cleanly on Postgres and compare as text on SQLite — and soft-deleted groups are excluded automatically by the gorm DeletedAt scope.

func IsValidImplementationStatusState added in v0.16.0 

func IsValidImplementationStatusState(s ImplementationStatusState) bool

IsValidImplementationStatusState reports whether s is a supported state value.

func NormalizeAssigneeID added in v0.17.0 

func NormalizeAssigneeID(id string) string

NormalizeAssigneeID folds an assignee identifier (email or group name) to the trimmed, lower-cased form stored in and matched against the table, so case never splits a grant.

func ProvisionSSOGroupMappings added in v0.17.0 

func ProvisionSSOGroupMappings(db *gorm.DB, provider string, mapping map[string][]string) error

ProvisionSSOGroupMappings declaratively reconciles one SSO provider's config-declared group mappings into the database (BCH-1331). `mapping` is the provider's group_mapping verbatim: it is keyed by the raw IdP claim group and lists the native CCF group name(s) that claim grants: 

"groups:ccf-admins":             // raw IdP claim (SSOGroupMapping.ExternalGroup)
  - ccf-admins                   // native UserGroup.Name
"hd:example.com":
  - ccf-authorized-users

For each listed native name it creates the UserGroup if absent, then upserts one source=config SSOGroupMapping row keyed by (provider, externalGroup=claim) pointing at that group, and finally PRUNES this provider's source=config rows the config no longer declares (a removed group_mapping entry). Mappings an admin added at runtime (source=manual) are never pruned. It is idempotent and safe to run on every boot; pruning a mapping is what lets the now-unreferenced group be reclaimed by CleanupOrphanedSSOGroups.

Caveat: the (provider, external_group) unique index means one IdP claim maps to exactly one native group. If a claim lists multiple native names, the last one wins (each overwrites the prior row's group_id). Real configs are 1:1; list a native group under several distinct claims instead.

func ReconcileSSOGroupMemberships added in v0.17.0 

func ReconcileSSOGroupMemberships(db *gorm.DB, userID, provider string, idpGroups []string) error

ReconcileSSOGroupMemberships makes the user's sso native memberships attributed to THIS provider exactly match the native groups implied by idpGroups (BCH-1331). It translates each IdP group through the provider's SSOGroupMapping rows, then materializes a source=sso membership (attributed to this provider) for every mapped group the user currently presents and DELETES the memberships this provider granted that the user no longer has. Unmapped IdP groups are ignored. source=manual memberships are never read or written here, so an admin's hand-assignment survives even when it names the same group.

A group_mapping change is therefore treated exactly like the IdP changing the user's groups: if a provider's mapping is removed or re-pointed (e.g. a value renamed from "ccf-authorized-users" to "ccf-authorized-uzers"), that provider stops granting the old group, so on the next login the old membership is removed and the new one added — there is no lingering, un-removable row.

Attribution by provider is what makes this correct when two providers map the SAME native group (the default config has google AND github both mapping "ccf-authorized-users"): the membership records which provider granted it, so renaming GOOGLE's mapping removes google's membership even though github still maps that group. A user genuinely entitled via github re-acquires it on their next github login. Memberships owned by a DIFFERENT provider are left for that provider to reconcile; an unattributed pre-attribution row is treated as the logging-in provider's (so the historical stuck rows self-heal). The row is adopted to the current provider whenever this provider grants the group, keeping ownership current. (user_id, group_id) stays unique: a group has at most one membership row, whose Provider reflects its most recent grantor.

All reads and writes run inside a single transaction so concurrent logins for the same user reconcile atomically.

Types

type Action 

type Action struct {
	UUIDModel

	// Actions only exist on a metadata object. We'll link them straight there with a BelongsTo relationship
	MetadataID uuid.UUID `json:"metadata-id"`

	Date               *time.Time                `json:"date"`
	Type               string                    `json:"type"`   // required
	System             string                    `json:"system"` // required
	Props              datatypes.JSONSlice[Prop] `json:"props"`
	Links              datatypes.JSONSlice[Link] `json:"links"`
	ResponsibleParties []ResponsibleParty        `gorm:"many2many:action_responsible_parties;"`
	Remarks            string                    `json:"remarks"`
}

func (*Action) MarshalOscal 

func (a *Action) MarshalOscal() *oscaltypes113.Action

MarshalOscal converts the Action back to an OSCAL Action

func (*Action) UnmarshalOscal 

func (a *Action) UnmarshalOscal(action oscaltypes113.Action) *Action

type Activity 

type Activity struct {
	UUIDModel
	Title       *string `json:"title,omitempty"`
	Description string  `json:"description,omitempty"` // required
	Remarks     *string `json:"remarks,omitempty"`     // required

	Props datatypes.JSONSlice[Prop] `json:"props,omitempty"`
	Links datatypes.JSONSlice[Link] `json:"links,omitempty"`
	Steps []Step                    `json:"steps,omitempty"`

	RelatedControlsID *uuid.UUID
	RelatedControls   *ReviewedControls `json:"related-controls,omitempty"`
	ResponsibleRoles  []ResponsibleRole `gorm:"polymorphic:Parent" json:"responsible-roles,omitempty"`
}

func (*Activity) MarshalOscal 

func (i *Activity) MarshalOscal() *oscalTypes_1_1_3.Activity

func (*Activity) UnmarshalOscal 

func (i *Activity) UnmarshalOscal(op oscalTypes_1_1_3.Activity) *Activity

type Addition 

type Addition struct {
	UUIDModel
	Position string                         `json:"position"`
	ByID     string                         `json:"by-id"`
	Title    string                         `json:"title"`
	Params   datatypes.JSONSlice[Parameter] `json:"params"`
	Props    datatypes.JSONSlice[Prop]      `json:"props"`
	Links    datatypes.JSONSlice[Link]      `json:"links"`
	Parts    datatypes.JSONSlice[Part]      `json:"parts"`

	AlterationID uuid.UUID
}

func (*Addition) MarshalOscal 

func (a *Addition) MarshalOscal() oscalTypes_1_1_3.Addition

func (*Addition) UnmarshalOscal 

func (a *Addition) UnmarshalOscal(o oscalTypes_1_1_3.Addition) *Addition

type Address 

type Address struct {
	Type       AddressType `json:"type"`
	AddrLines  []string    `json:"lines"`
	City       string      `json:"city"`
	State      string      `json:"state"`
	PostalCode string      `json:"postal-code"`
	Country    string      `json:"country"`
}

func (*Address) MarshalOscal 

func (a *Address) MarshalOscal() *oscaltypes113.Address

MarshalOscal converts the Address back to an OSCAL Address

func (*Address) UnmarshalOscal 

func (a *Address) UnmarshalOscal(oaddress oscaltypes113.Address) *Address

type AddressType 

type AddressType string
const (
	AddressTypeWork AddressType = "work"
	AddressTypeHome AddressType = "home"
)

type Agent added in v0.15.0 

type Agent struct {
	UUIDModel

	CreatedAt time.Time      `json:"createdAt"`
	UpdatedAt time.Time      `json:"updatedAt"`
	DeletedAt gorm.DeletedAt `json:"deletedAt" gorm:"index"`

	Name                string     `json:"name" gorm:"not null"`
	Description         *string    `json:"description,omitempty"`
	IsActive            bool       `json:"isActive" gorm:"default:true"`
	LastAuthenticatedAt *time.Time `json:"lastAuthenticatedAt,omitempty"`

	ServiceAccountKeys []AgentServiceAccountKey `json:"serviceAccountKeys,omitempty"`
}

func (Agent) TableName added in v0.15.0 

func (Agent) TableName() string

type AgentAuthEvent added in v0.15.0 

type AgentAuthEvent struct {
	UUIDModel

	CreatedAt time.Time `json:"createdAt"`

	AgentID      *uuid.UUID `json:"agentId,omitempty" gorm:"type:uuid;index"`
	CredentialID *uuid.UUID `json:"credentialId,omitempty" gorm:"type:uuid;index"`
	AuthMethod   string     `json:"authMethod" gorm:"type:varchar(64);not null;index"`
	Outcome      string     `json:"outcome" gorm:"type:varchar(32);not null;index"`
	Principal    *string    `json:"principal,omitempty"`
	Reason       *string    `json:"reason,omitempty"`
	RemoteAddr   *string    `json:"remoteAddr,omitempty"`
	UserAgent    *string    `json:"userAgent,omitempty"`
}

func (*AgentAuthEvent) BeforeDelete added in v0.15.0 

func (e *AgentAuthEvent) BeforeDelete(_ *gorm.DB) error

func (*AgentAuthEvent) BeforeUpdate added in v0.15.0 

func (e *AgentAuthEvent) BeforeUpdate(_ *gorm.DB) error

func (AgentAuthEvent) TableName added in v0.15.0 

func (AgentAuthEvent) TableName() string

type AgentServiceAccountKey added in v0.15.0 

type AgentServiceAccountKey struct {
	UUIDModel

	CreatedAt time.Time      `json:"createdAt"`
	UpdatedAt time.Time      `json:"updatedAt"`
	DeletedAt gorm.DeletedAt `json:"deletedAt" gorm:"index"`

	AgentID *uuid.UUID `json:"agentId" gorm:"type:uuid;not null;index"`
	Agent   Agent      `json:"-" gorm:"foreignKey:AgentID;references:ID"`

	Name       *string    `json:"name,omitempty"`
	ClientID   string     `json:"clientId" gorm:"uniqueIndex;not null"`
	SecretHash string     `json:"-"`
	LastUsedAt *time.Time `json:"lastUsedAt,omitempty"`
	ExpiresAt  *time.Time `json:"expiresAt,omitempty"`
	RevokedAt  *time.Time `json:"revokedAt,omitempty"`
}

func (*AgentServiceAccountKey) CheckSecret added in v0.15.0 

func (k *AgentServiceAccountKey) CheckSecret(secret string) bool

func (*AgentServiceAccountKey) IsExpired added in v0.15.0 

func (k *AgentServiceAccountKey) IsExpired(at time.Time) bool

func (*AgentServiceAccountKey) IsRevoked added in v0.15.0 

func (k *AgentServiceAccountKey) IsRevoked(at time.Time) bool

func (*AgentServiceAccountKey) SetSecret added in v0.15.0 

func (k *AgentServiceAccountKey) SetSecret(secret string) error

func (AgentServiceAccountKey) TableName added in v0.15.0 

func (AgentServiceAccountKey) TableName() string

type Alteration 

type Alteration struct {
	UUIDModel
	ControlID string                       `json:"control-id"` // required
	Adds      []Addition                   `json:"adds"`
	Removes   datatypes.JSONSlice[Removal] `json:"removes"`

	ModifyID string `json:"modify-id"`
}

func (*Alteration) MarshalOscal 

func (a *Alteration) MarshalOscal() oscalTypes_1_1_3.Alteration

func (*Alteration) UnmarshalOscal 

func (a *Alteration) UnmarshalOscal(o oscalTypes_1_1_3.Alteration) *Alteration

type AssessedControlsSelectControlById 

type AssessedControlsSelectControlById struct {
	UUIDModel
	ControlID  string
	Control    Control     `gorm:"references:ID"`
	Statements []Statement `gorm:"many2many:assessed_controls_select_control_by_id_statements;"`
}

func (*AssessedControlsSelectControlById) MarshalOscal 

func (s *AssessedControlsSelectControlById) MarshalOscal() oscalTypes_1_1_3.AssessedControlsSelectControlById

func (*AssessedControlsSelectControlById) UnmarshalOscal 

func (s *AssessedControlsSelectControlById) UnmarshalOscal(o oscalTypes_1_1_3.AssessedControlsSelectControlById) *AssessedControlsSelectControlById

type AssessmentAsset 

type AssessmentAsset struct {
	UUIDModel

	Components          []SystemComponent    `gorm:"many2many:assessment_asset_components"`
	AssessmentPlatforms []AssessmentPlatform // required

	ParentType string
	ParentID   uuid.UUID
}

func (*AssessmentAsset) MarshalOscal 

func (i *AssessmentAsset) MarshalOscal() *oscalTypes_1_1_3.AssessmentAssets

func (*AssessmentAsset) UnmarshalOscal 

func (i *AssessmentAsset) UnmarshalOscal(op oscalTypes_1_1_3.AssessmentAssets) *AssessmentAsset

type AssessmentAssets 

type AssessmentAssets oscalTypes_1_1_3.AssessmentAssets

AssessmentAssets represents assessment assets in OSCAL.

func (*AssessmentAssets) MarshalOscal 

func (a *AssessmentAssets) MarshalOscal() *oscalTypes_1_1_3.AssessmentAssets

func (*AssessmentAssets) UnmarshalOscal 

func (a *AssessmentAssets) UnmarshalOscal(oa oscalTypes_1_1_3.AssessmentAssets) *AssessmentAssets

type AssessmentLog 

type AssessmentLog struct {
	UUIDModel
	Entries []AssessmentLogEntry
}

func (*AssessmentLog) MarshalOscal 

func (i *AssessmentLog) MarshalOscal() *oscalTypes_1_1_3.AssessmentLog

func (*AssessmentLog) UnmarshalOscal 

func (i *AssessmentLog) UnmarshalOscal(op oscalTypes_1_1_3.AssessmentLog) *AssessmentLog

type AssessmentLogEntry 

type AssessmentLogEntry struct {
	UUIDModel
	AssessmentLogID uuid.UUID

	Title       *string
	Remarks     *string
	Description *string
	Start       *time.Time
	End         *time.Time

	Props        datatypes.JSONSlice[Prop]
	Links        datatypes.JSONSlice[Link]
	LoggedBy     []LoggedBy    `gorm:"polymorphic:Parent"`
	RelatedTasks []RelatedTask `gorm:"polymorphic:Parent"`
}

func (*AssessmentLogEntry) MarshalOscal 

func (i *AssessmentLogEntry) MarshalOscal() *oscalTypes_1_1_3.AssessmentLogEntry

func (*AssessmentLogEntry) UnmarshalOscal 

func (i *AssessmentLogEntry) UnmarshalOscal(op oscalTypes_1_1_3.AssessmentLogEntry) *AssessmentLogEntry

type AssessmentPart 

type AssessmentPart struct {
	UUIDModel
	Name             string
	NS               string
	Class            string
	Title            string
	Prose            string
	Props            datatypes.JSONSlice[Prop]
	Links            datatypes.JSONSlice[Link]
	AssessmentPartID *uuid.UUID
	Parts            []AssessmentPart
}

func (*AssessmentPart) MarshalOscal 

func (p *AssessmentPart) MarshalOscal() *oscalTypes_1_1_3.AssessmentPart

func (*AssessmentPart) UnmarshalOscal 

func (p *AssessmentPart) UnmarshalOscal(data oscalTypes_1_1_3.AssessmentPart) *AssessmentPart

type AssessmentPlan 

type AssessmentPlan struct {
	UUIDModel
	Metadata   Metadata    `gorm:"polymorphic:Parent;"`
	BackMatter *BackMatter `gorm:"polymorphic:Parent;"`
	ImportSSP  datatypes.JSONType[ImportSsp]

	Tasks []Task `gorm:"polymorphic:Parent"`

	ReviewedControlsID uuid.UUID
	ReviewedControls   ReviewedControls

	AssessmentAssetsID *uuid.UUID
	AssessmentAssets   *AssessmentAsset
	AssessmentSubjects []AssessmentSubject `gorm:"many2many:assessment_plan_assessment_subjects"`
	LocalDefinitions   LocalDefinitions    `gorm:"polymorphic:Parent"`

	TermsAndConditionsID *uuid.UUID
	TermsAndConditions   *TermsAndConditions
}

func (*AssessmentPlan) MarshalOscal 

func (i *AssessmentPlan) MarshalOscal() *oscalTypes_1_1_3.AssessmentPlan

func (*AssessmentPlan) UnmarshalOscal 

func (i *AssessmentPlan) UnmarshalOscal(op oscalTypes_1_1_3.AssessmentPlan) *AssessmentPlan

type AssessmentPlatform 

type AssessmentPlatform struct {
	UUIDModel
	AssessmentAssetID uuid.UUID
	AssessmentAsset   AssessmentAsset
	Title             *string
	Remarks           *string
	Props             datatypes.JSONSlice[Prop]
	Links             datatypes.JSONSlice[Link]
	UsesComponents    []UsesComponent
}

func (*AssessmentPlatform) MarshalOscal 

func (i *AssessmentPlatform) MarshalOscal() *oscalTypes_1_1_3.AssessmentPlatform

func (*AssessmentPlatform) UnmarshalOscal 

func (i *AssessmentPlatform) UnmarshalOscal(op oscalTypes_1_1_3.AssessmentPlatform) *AssessmentPlatform

type AssessmentResult 

type AssessmentResult struct {
	UUIDModel
	Metadata   Metadata    `gorm:"polymorphic:Parent;"`
	BackMatter *BackMatter `gorm:"polymorphic:Parent;"`
	ImportAp   datatypes.JSONType[ImportAp]

	LocalDefinitions *LocalDefinitions `gorm:"polymorphic:Parent"`
	Results          []Result
}

func (*AssessmentResult) MarshalOscal 

func (i *AssessmentResult) MarshalOscal() *oscalTypes_1_1_3.AssessmentResults

func (*AssessmentResult) UnmarshalOscal 

func (i *AssessmentResult) UnmarshalOscal(op oscalTypes_1_1_3.AssessmentResults) *AssessmentResult

type AssessmentSubject 

type AssessmentSubject struct {
	// Assessment Subject is a loose reference to some subject.
	// A subject can be a Component, InventoryItem, Location, Party, User, Resource.
	// In our struct we don't store the type, but rather have relations to each of these, and when marhsalling and unmarshalling,
	// setting the type to what we know it is.
	UUIDModel
	SSPID *uuid.UUID `json:"sspId,omitempty" gorm:"type:uuid;index"`

	// Type represents a component, party, location, user, or inventory item.
	// It will likely be updated once we can map it correctly
	Type        string
	Description *string
	Remarks     *string
	Props       datatypes.JSONSlice[Prop]
	Links       datatypes.JSONSlice[Link]

	IncludeAll      *datatypes.JSONType[*IncludeAll]
	IncludeSubjects []SelectSubjectById
	ExcludeSubjects []SelectSubjectById

	Evidence []Evidence `gorm:"many2many:evidence_subjects;"`
}

func (*AssessmentSubject) MarshalOscal 

func (i *AssessmentSubject) MarshalOscal() *oscalTypes_1_1_3.AssessmentSubject

func (*AssessmentSubject) UnmarshalOscal 

func (i *AssessmentSubject) UnmarshalOscal(op oscalTypes_1_1_3.AssessmentSubject) *AssessmentSubject

type AssociatedActivity 

type AssociatedActivity struct {
	UUIDModel
	TaskID  uuid.UUID // Belongs to a task
	Remarks *string

	ActivityID       uuid.UUID
	Activity         Activity
	Props            datatypes.JSONSlice[Prop]
	Links            datatypes.JSONSlice[Link]
	ResponsibleRoles []ResponsibleRole   `gorm:"polymorphic:Parent;"`
	Subjects         []AssessmentSubject `gorm:"many2many:associated_activity_subjects"` // required
}

func (*AssociatedActivity) MarshalOscal 

func (i *AssociatedActivity) MarshalOscal() *oscalTypes_1_1_3.AssociatedActivity

func (*AssociatedActivity) UnmarshalOscal 

func (i *AssociatedActivity) UnmarshalOscal(op oscalTypes_1_1_3.AssociatedActivity) *AssociatedActivity

type AssociatedRisk 

type AssociatedRisk oscalTypes_1_1_3.AssociatedRisk

AssociatedRisk represents an associated risk in OSCAL.

func (*AssociatedRisk) MarshalOscal 

func (a *AssociatedRisk) MarshalOscal() *oscalTypes_1_1_3.AssociatedRisk

func (*AssociatedRisk) UnmarshalOscal 

func (a *AssociatedRisk) UnmarshalOscal(oar oscalTypes_1_1_3.AssociatedRisk) *AssociatedRisk

type Attestation 

type Attestation struct {
	UUIDModel
	ResultID           uuid.UUID
	ResponsibleParties []ResponsibleParty                  `gorm:"many2many:attestation_responsible_parties"`
	Parts              datatypes.JSONSlice[AssessmentPart] // required
}

func (*Attestation) MarshalOscal 

func (i *Attestation) MarshalOscal() *oscalTypes_1_1_3.AttestationStatements

func (*Attestation) UnmarshalOscal 

func (i *Attestation) UnmarshalOscal(op oscalTypes_1_1_3.AttestationStatements) *Attestation

type AuthorizationBoundary 

type AuthorizationBoundary struct {
	UUIDModel
	Description string                    `json:"description"`
	Remarks     string                    `json:"remarks"`
	Props       datatypes.JSONSlice[Prop] `json:"props"`
	Links       datatypes.JSONSlice[Link] `json:"links"`
	Diagrams    []Diagram                 `json:"diagrams" gorm:"polymorphic:Parent;"`

	SystemCharacteristicsId uuid.UUID
}

func (*AuthorizationBoundary) MarshalOscal 

func (ab *AuthorizationBoundary) MarshalOscal() *oscalTypes_1_1_3.AuthorizationBoundary

func (*AuthorizationBoundary) UnmarshalOscal 

func (ab *AuthorizationBoundary) UnmarshalOscal(oab oscalTypes_1_1_3.AuthorizationBoundary) *AuthorizationBoundary

type AuthorizedPrivilege 

type AuthorizedPrivilege struct {
	UUIDModel
	Title              string                      `json:"title"`
	Description        string                      `json:"description"`
	FunctionsPerformed datatypes.JSONSlice[string] `json:"functions-performed"`

	SystemUserId uuid.UUID
}

func (*AuthorizedPrivilege) MarshalOscal 

func (ap *AuthorizedPrivilege) MarshalOscal() *oscalTypes_1_1_3.AuthorizedPrivilege

func (*AuthorizedPrivilege) UnmarshalOscal 

func (ap *AuthorizedPrivilege) UnmarshalOscal(oap oscalTypes_1_1_3.AuthorizedPrivilege) *AuthorizedPrivilege

type BackMatter 

type BackMatter struct {
	UUIDModel
	ParentID   *string
	ParentType *string
	Resources  []BackMatterResource
}

func (*BackMatter) MarshalOscal 

func (b *BackMatter) MarshalOscal() *oscaltypes113.BackMatter

MarshalOscal converts the BackMatter back to an OSCAL BackMatter

func (*BackMatter) UnmarshalOscal 

func (b *BackMatter) UnmarshalOscal(resource oscaltypes113.BackMatter) *BackMatter

type BackMatterResource 

type BackMatterResource struct {
	ID           uuid.UUID                         `gorm:"primary_key"` // required
	BackMatterID uuid.UUID                         `gorm:"primary_key"`
	Title        *string                           `json:"title"`
	Description  *string                           `json:"description"`
	Remarks      *string                           `json:"remarks"`
	Citation     *datatypes.JSONType[Citation]     `json:"citation"`
	Base64       *datatypes.JSONType[Base64]       `json:"base64"`
	Props        datatypes.JSONSlice[Prop]         `json:"props"`
	DocumentIDs  datatypes.JSONSlice[DocumentID]   `json:"document-ids"`
	RLinks       datatypes.JSONSlice[ResourceLink] `json:"rlinks"`
}

func (*BackMatterResource) MarshalOscal 

func (b *BackMatterResource) MarshalOscal() *oscaltypes113.Resource

MarshalOscal converts the BackMatterResource back to an OSCAL Resource

func (*BackMatterResource) UnmarshalOscal 

func (c *BackMatterResource) UnmarshalOscal(resource oscaltypes113.Resource) *BackMatterResource

type Base64 

type Base64 struct {
	Filename  string `json:"filename"`
	MediaType string `json:"media-type"`
	Value     string `json:"value"` // required
}

func (*Base64) MarshalOscal 

func (b *Base64) MarshalOscal() *oscaltypes113.Base64

MarshalOscal converts the Base64 back to an OSCAL Base64

func (*Base64) UnmarshalOscal 

func (b *Base64) UnmarshalOscal(base oscaltypes113.Base64) *Base64

type ByComponent 

type ByComponent struct {
	UUIDModel

	// As ByComponent can be found in Implemented Requirements & Statements, using GORM polymorphism to tell us where to attach
	ParentID   *uuid.UUID `gorm:"type:uuid"`
	ParentType *string

	ComponentUUID        uuid.UUID                                      `gorm:"type:uuid" json:"component-uuid"`
	Description          string                                         `json:"description"`
	Props                datatypes.JSONSlice[Prop]                      `json:"props"`
	Links                datatypes.JSONSlice[Link]                      `json:"links"`
	SetParameters        datatypes.JSONSlice[SetParameter]              `json:"set-parameters"`
	ResponsibleRoles     []ResponsibleRole                              `json:"responsible-parties" gorm:"polymorphic:Parent;"`
	Remarks              string                                         `json:"remarks"`
	ImplementationStatus datatypes.JSONType[ImplementationStatus]       `json:"implementation-status"`
	Export               *Export                                        `json:"export,omitempty"`
	Inherited            []InheritedControlImplementation               `json:"inherited-control-implementations,omitempty"`
	Satisfied            []SatisfiedControlImplementationResponsibility `json:"satisfied"`
}

func (*ByComponent) MarshalOscal 

func (bc *ByComponent) MarshalOscal() *oscalTypes_1_1_3.ByComponent

func (*ByComponent) UnmarshalOscal 

func (bc *ByComponent) UnmarshalOscal(obc oscalTypes_1_1_3.ByComponent) *ByComponent

type CCFRoleAssignment added in v0.17.0 

type CCFRoleAssignment struct {
	UUIDModel

	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	// RoleName is a manifest role (admin/viewer/auditor/contributor/agent or an operator role).
	// The handler validates it against the authz manifest before insert so a typo is rejected
	// rather than silently granting nothing.
	RoleName string `json:"roleName" gorm:"not null;uniqueIndex:idx_ccf_role_assignments_unique,priority:3"`

	// AssigneeType is RoleAssigneeTypeUser or RoleAssigneeTypeGroup.
	AssigneeType string `json:"assigneeType" gorm:"not null;uniqueIndex:idx_ccf_role_assignments_unique,priority:1"`

	// AssigneeID is the user email or the group name, normalized to lower-case.
	AssigneeID string `json:"assigneeId" gorm:"not null;uniqueIndex:idx_ccf_role_assignments_unique,priority:2"`

	// Source is RoleAssignmentSourceConfig (immutable, owned by BCH-1334) or
	// RoleAssignmentSourceManual (admin-owned, deletable). Defaults to manual so an API insert
	// that omits it is an ad-hoc grant.
	Source string `json:"source" gorm:"not null;default:manual"`
}

CCFRoleAssignment is a persisted system-level role grant: it binds one manifest role to one user or group, system-wide (BCH-1333). It is the source of truth the PDP reads a subject's roles from (behind a short-TTL cache, see authz.NewDBRoleResolver), replacing the in-memory authz-roles.yaml. It is deliberately distinct from the workflow-instance-scoped role_assignments table (workflows.RoleAssignment): those grant a step persona within one workflow instance, these grant a global RBAC role.

AssigneeID is normalized to lower-case at write time (emails and group names are matched case-insensitively, exactly as the file-based assignments folded their keys), so the unique index and the PDP lookups both compare exact lower-case values.

func (CCFRoleAssignment) TableName added in v0.17.0 

func (CCFRoleAssignment) TableName() string

type Capability 

type Capability struct {
	UUIDModel          // required
	Description string `json:"description"` // required
	Name        string `json:"name"`        // required
	Remarks     string `json:"remarks"`

	Links                  datatypes.JSONSlice[Link]                   `json:"links"`
	Props                  datatypes.JSONSlice[Prop]                   `json:"props"`
	IncorporatesComponents datatypes.JSONSlice[IncorporatesComponents] `json:"incorporates-components"`
	ControlImplementations []ControlImplementationSet                  `json:"control-implementations" gorm:"many2many:capability_control_implementation_sets"`

	ComponentDefinitionId uuid.UUID
	ComponentDefinition   ComponentDefinition
}

Capability represents a capability in OSCAL. It includes description, name, remarks, links, properties, incorporates components, and control implementations.

func (*Capability) MarshalOscal 

func (c *Capability) MarshalOscal() *oscalTypes_1_1_3.Capability

MarshalOscal converts the relational Capability back into an OSCAL Capability structure.

func (*Capability) UnmarshalOscal 

func (c *Capability) UnmarshalOscal(oc oscalTypes_1_1_3.Capability) *Capability

UnmarshalOscal converts an OSCAL Capability into a relational Capability. It includes links, props, incorporates components, and control implementations.

type Catalog 

type Catalog struct {
	UUIDModel
	Metadata   Metadata                       `json:"metadata" gorm:"polymorphic:Parent;"`
	Params     datatypes.JSONSlice[Parameter] `json:"params"`
	Groups     []Group                        `json:"groups"`
	Controls   []Control                      `json:"controls"`
	BackMatter *BackMatter                    `json:"back-matter,omitempty" gorm:"polymorphic:Parent;"`
}

func (*Catalog) MarshalOscal 

func (c *Catalog) MarshalOscal() *oscalTypes_1_1_3.Catalog

MarshalOscal converts the Catalog back to an OSCAL Catalog

func (*Catalog) UnmarshalOscal 

func (c *Catalog) UnmarshalOscal(ocatalog oscalTypes_1_1_3.Catalog) *Catalog

type Characterization 

type Characterization oscalTypes_1_1_3.Characterization

Characterization represents a characterization in OSCAL.

func (*Characterization) MarshalOscal 

func (c *Characterization) MarshalOscal() *oscalTypes_1_1_3.Characterization

func (*Characterization) UnmarshalOscal 

func (c *Characterization) UnmarshalOscal(oc oscalTypes_1_1_3.Characterization) *Characterization

type Citation 

type Citation struct {
	Text  string `json:"text"` // required
	Props []Prop `json:"props"`
	Links []Link `json:"links"`
}

func (*Citation) MarshalOscal 

func (c *Citation) MarshalOscal() *oscaltypes113.Citation

MarshalOscal converts the Citation back to an OSCAL Citation

func (*Citation) UnmarshalOscal 

func (c *Citation) UnmarshalOscal(cit oscaltypes113.Citation) *Citation

type CombinationRule 

type CombinationRule oscalTypes_1_1_3.CombinationRule

func (*CombinationRule) MarshalOscal 

func (cr *CombinationRule) MarshalOscal() *oscalTypes_1_1_3.CombinationRule

func (*CombinationRule) UnmarshalOscal 

func (cr *CombinationRule) UnmarshalOscal(o oscalTypes_1_1_3.CombinationRule) *CombinationRule

type ComponentDefinition 

type ComponentDefinition struct {
	UUIDModel             // required
	Metadata   Metadata   `json:"metadata" gorm:"polymorphic:Parent;"` // required
	BackMatter BackMatter `json:"back-matter" gorm:"polymorphic:Parent;"`

	ImportComponentDefinitions datatypes.JSONSlice[ImportComponentDefinition] `json:"import-component-definitions"`
	Components                 []DefinedComponent                             `json:"components"`
	Capabilities               []Capability                                   `json:"capabilities"`
}

ComponentDefinition represents a component definition in OSCAL. It includes metadata, back matter, imported component definitions, components, and capabilities.

func (*ComponentDefinition) MarshalOscal 

func (c *ComponentDefinition) MarshalOscal() *oscalTypes_1_1_3.ComponentDefinition

MarshalOscal converts the relational ComponentDefinition back into an OSCAL ComponentDefinition structure.

func (*ComponentDefinition) UnmarshalOscal 

func (c *ComponentDefinition) UnmarshalOscal(ocd oscalTypes_1_1_3.ComponentDefinition) *ComponentDefinition

UnmarshalOscal converts an OSCAL ComponentDefinition into a relational ComponentDefinition. It includes metadata, import component definitions, components, and capabilities.

type Control 

type Control struct {
	CatalogID uuid.UUID                      `gorm:"primary_key"`
	ID        string                         `json:"id" gorm:"primary_key"` // required
	Title     string                         `json:"title"`                 // required
	Class     *string                        `json:"class"`
	Params    datatypes.JSONSlice[Parameter] `json:"params"`
	Parts     datatypes.JSONSlice[Part]      `json:"parts"`
	Props     datatypes.JSONSlice[Prop]      `json:"props,omitempty"`
	Links     datatypes.JSONSlice[Link]      `json:"links,omitempty"`

	ParentID   *string
	ParentType *string

	Controls []Control `json:"controls" gorm:"polymorphic:Parent;"`
	Filters  []Filter  `gorm:"many2many:filter_controls;"`
}

func (*Control) MarshalOscal 

func (c *Control) MarshalOscal() *oscalTypes_1_1_3.Control

MarshalOscal converts the Control back to an OSCAL Control

func (*Control) UnmarshalOscal 

func (c *Control) UnmarshalOscal(data oscalTypes_1_1_3.Control, catalogId uuid.UUID) *Control

type ControlImplementation 

type ControlImplementation struct {
	UUIDModel
	Description             string                            `json:"description"`
	SetParameters           datatypes.JSONSlice[SetParameter] `json:"set-parameters"`
	ImplementedRequirements []ImplementedRequirement          `json:"implemented-requirements"`

	SystemSecurityPlanId uuid.UUID
}

func (*ControlImplementation) MarshalOscal 

func (ci *ControlImplementation) MarshalOscal() *oscalTypes_1_1_3.ControlImplementation

func (*ControlImplementation) UnmarshalOscal 

func (ci *ControlImplementation) UnmarshalOscal(oci oscalTypes_1_1_3.ControlImplementation) *ControlImplementation

type ControlImplementationResponsibility 

type ControlImplementationResponsibility struct {
	UUIDModel
	Description      string                    `json:"description"` // required
	Links            datatypes.JSONSlice[Link] `json:"links"`
	Props            datatypes.JSONSlice[Prop] `json:"props"`
	ProvidedUuid     uuid.UUID                 `json:"provided-uuid"`
	Remarks          string                    `json:"remarks"`
	ResponsibleRoles []ResponsibleRole         `json:"responsible-roles" gorm:"polymorphic:Parent"`

	ExportId uuid.UUID
}

func (*ControlImplementationResponsibility) MarshalOscal 

func (cir *ControlImplementationResponsibility) MarshalOscal() *oscalTypes_1_1_3.ControlImplementationResponsibility

func (*ControlImplementationResponsibility) UnmarshalOscal 

func (cir *ControlImplementationResponsibility) UnmarshalOscal(ocir oscalTypes_1_1_3.ControlImplementationResponsibility) *ControlImplementationResponsibility

type ControlImplementationSet 

type ControlImplementationSet struct {
	UUIDModel                                       // required
	Source        string                            `json:"source"`      // required
	Description   string                            `json:"description"` // required
	SetParameters datatypes.JSONSlice[SetParameter] `json:"set-parameters"`

	ImplementedRequirements []ImplementedRequirementControlImplementation `json:"implemented-requirements"` // required

	Props datatypes.JSONSlice[Prop] `json:"props"`
	Links datatypes.JSONSlice[Link] `json:"links"`

	DefinedComponentID uuid.UUID
	DefinedComponent   DefinedComponent
}

ControlImplementationSet represents a set of control implementations in OSCAL. It includes source, description, set parameters, implemented requirements, properties, and links.

func (*ControlImplementationSet) MarshalOscal 

func (ci *ControlImplementationSet) MarshalOscal() *oscalTypes_1_1_3.ControlImplementationSet

MarshalOscal converts the relational ControlImplementationSet back into an OSCAL ControlImplementationSet structure.

func (*ControlImplementationSet) UnmarshalOscal 

func (ci *ControlImplementationSet) UnmarshalOscal(oci oscalTypes_1_1_3.ControlImplementationSet) *ControlImplementationSet

UnmarshalOscal converts an OSCAL ControlImplementationSet into a relational ControlImplementationSet. It includes set parameters, implemented requirements, props, and links.

type ControlObjectiveSelection 

type ControlObjectiveSelection struct {
	UUIDModel
	ReviewedControlsID uuid.UUID

	Description *string
	Remarks     *string
	Props       datatypes.JSONSlice[Prop]
	Links       datatypes.JSONSlice[Link]

	IncludeAll        *datatypes.JSONType[IncludeAll]
	IncludeObjectives []SelectObjectiveById `gorm:"Polymorphic:Parent;polymorphicValue:included"`
	ExcludeObjectives []SelectObjectiveById `gorm:"Polymorphic:Parent;polymorphicValue:excluded"`
}

func (*ControlObjectiveSelection) MarshalOscal 

func (i *ControlObjectiveSelection) MarshalOscal() *oscalTypes_1_1_3.ReferencedControlObjectives

func (*ControlObjectiveSelection) UnmarshalOscal 

func (i *ControlObjectiveSelection) UnmarshalOscal(op oscalTypes_1_1_3.ReferencedControlObjectives) *ControlObjectiveSelection

type ControlSelection 

type ControlSelection struct {
	UUIDModel
	ReviewedControlsID uuid.UUID
	Description        *string
	Remarks            *string
	Props              datatypes.JSONSlice[Prop]
	Links              datatypes.JSONSlice[Link]

	IncludeAll      *datatypes.JSONType[IncludeAll]
	IncludeControls []AssessedControlsSelectControlById `gorm:"many2many:control_selection_assessed_controls_included"`
	ExcludeControls []AssessedControlsSelectControlById `gorm:"many2many:control_selection_assessed_controls_excluded"`
}

func (*ControlSelection) MarshalOscal 

func (i *ControlSelection) MarshalOscal() *oscalTypes_1_1_3.AssessedControls

func (*ControlSelection) UnmarshalOscal 

func (i *ControlSelection) UnmarshalOscal(op oscalTypes_1_1_3.AssessedControls) *ControlSelection

type ControlStatementImplementation 

type ControlStatementImplementation struct {
	UUIDModel                                  // required
	StatementId      string                    `json:"statement-id"` // required
	Description      string                    `json:"description"`  // required
	Props            datatypes.JSONSlice[Prop] `json:"props"`
	Links            datatypes.JSONSlice[Link] `json:"links"`
	ResponsibleRoles []ResponsibleRole         `json:"responsible-roles" gorm:"polymorphic:Parent;"`
	Remarks          string                    `json:"remarks"`

	ImplementedRequirementControlImplementationId uuid.UUID
}

ControlStatementImplementation represents a control statement implementation in OSCAL. It includes statement ID, description, properties, links, responsible roles, and remarks.

func (*ControlStatementImplementation) MarshalOscal 

func (s *ControlStatementImplementation) MarshalOscal() *oscalTypes_1_1_3.ControlStatementImplementation

MarshalOscal converts the relational ControlStatementImplementation back into an OSCAL ControlStatementImplementation structure.

func (*ControlStatementImplementation) UnmarshalOscal 

func (s *ControlStatementImplementation) UnmarshalOscal(oci oscalTypes_1_1_3.ControlStatementImplementation) *ControlStatementImplementation

UnmarshalOscal converts an OSCAL ControlStatementImplementation into a relational ControlStatementImplementation. It includes props, links, and responsible roles.

type DataFlow 

type DataFlow struct {
	UUIDModel
	Description string                    `json:"description"`
	Remarks     string                    `json:"remarks"`
	Props       datatypes.JSONSlice[Prop] `json:"props"`
	Links       datatypes.JSONSlice[Link] `json:"links"`
	Diagrams    []Diagram                 `json:"diagrams" gorm:"polymorphic:Parent;"`

	SystemCharacteristicsId uuid.UUID
}

func (*DataFlow) MarshalOscal 

func (df *DataFlow) MarshalOscal() *oscalTypes_1_1_3.DataFlow

func (*DataFlow) UnmarshalOscal 

func (df *DataFlow) UnmarshalOscal(odf oscalTypes_1_1_3.DataFlow) *DataFlow

type DefinedComponent 

type DefinedComponent struct {
	UUIDModel          // required
	Type        string `json:"type"`        // required
	Title       string `json:"title"`       // required
	Description string `json:"description"` // required
	Purpose     string `json:"purpose"`
	Remarks     string `json:"remarks"`

	ResponsibleRoles       []ResponsibleRole          `json:"responsible-roles" gorm:"polymorphic:Parent"`
	ControlImplementations []ControlImplementationSet `json:"control-implementations" gorm:"many2many:defined_components_control_implementation_sets"`

	Props     datatypes.JSONSlice[Prop]     `json:"props"`
	Links     datatypes.JSONSlice[Link]     `json:"links"`
	Protocols datatypes.JSONSlice[Protocol] `json:"protocols"`

	ComponentDefinitionID *uuid.UUID
	ComponentDefinition   *ComponentDefinition
}

DefinedComponent represents a defined component in OSCAL. It includes type, title, description, purpose, remarks, responsible roles, control implementations, properties, links, and protocols.

func (*DefinedComponent) MarshalOscal 

func (dc *DefinedComponent) MarshalOscal() *oscalTypes_1_1_3.DefinedComponent

MarshalOscal converts the relational DefinedComponent back into an OSCAL DefinedComponent structure. It includes protocols, control implementations, responsible roles, links, and props.

func (*DefinedComponent) UnmarshalOscal 

func (dc *DefinedComponent) UnmarshalOscal(odc oscalTypes_1_1_3.DefinedComponent) *DefinedComponent

UnmarshalOscal converts an OSCAL DefinedComponent into a relational DefinedComponent. It includes protocols, control implementations, responsible roles, links, and props.

type Diagram 

type Diagram struct {
	UUIDModel
	Description string                    `json:"description"`
	Props       datatypes.JSONSlice[Prop] `json:"props"`
	Links       datatypes.JSONSlice[Link] `json:"links"`
	Caption     string                    `json:"caption"`
	Remarks     string                    `json:"remarks"`

	ParentID   *string
	ParentType *string
}

func (*Diagram) MarshalOscal 

func (d *Diagram) MarshalOscal() *oscalTypes_1_1_3.Diagram

func (*Diagram) UnmarshalOscal 

func (d *Diagram) UnmarshalOscal(od oscalTypes_1_1_3.Diagram) *Diagram

type DocumentID 

type DocumentID struct {
	Scheme     DocumentIDScheme `json:"scheme"`
	Identifier string           `json:"identifier"`
}

func (*DocumentID) MarshalOscal 

func (d *DocumentID) MarshalOscal() *oscaltypes113.DocumentId

MarshalOscal converts the DocumentID back to an OSCAL DocumentId

func (*DocumentID) UnmarshalOscal 

func (d *DocumentID) UnmarshalOscal(id oscaltypes113.DocumentId) *DocumentID

type DocumentIDScheme 

type DocumentIDScheme string
const (
	DocumentIDSchemeDoi DocumentIDScheme = "http://www.doi.org/"
)

type Evidence 

type Evidence struct {
	// ID is the unique ID for this specific observation, and will be used as the primary key in the database.
	UUIDModel

	// UUID needs to remain consistent when automation runs again, but unique for each subject.
	// It represents the "stream" of the same observation being made over time.
	UUID       uuid.UUID                              `gorm:"index:evidence_stream_idx;index:evidence_stream_collected_idx,priority:1" json:"uuid,omitempty"`
	BackMatter *BackMatter                            `gorm:"polymorphic:Parent;" json:"back-matter,omitempty"`
	Signature  *datatypes.JSONType[EvidenceSignature] `json:"signature,omitempty"`

	Title       string  `json:"title"`
	Description string  `json:"description"`
	Remarks     *string `json:"remarks,omitempty"`

	// Assigning labels to Evidence makes it searchable and easily usable in the UI
	Labels []Labels `gorm:"many2many:evidence_labels;" json:"labels"`

	// When did we start collecting the evidence, and when did the process end, and how long is it valid for ?
	Start   time.Time  `json:"start"`
	End     time.Time  `gorm:"index:evidence_stream_collected_idx,priority:2,sort:desc" json:"end"`
	Expires *time.Time `json:"expires,omitempty"`

	Props datatypes.JSONSlice[Prop] `json:"props"`
	Links datatypes.JSONSlice[Link] `json:"links"`

	// Who or What is generating this evidence
	Origins datatypes.JSONSlice[Origin] `json:"origins,omitempty"`

	// What steps did we take to create this evidence
	Activities []Activity `gorm:"many2many:evidence_activities" json:"activities,omitempty"`

	InventoryItems []InventoryItem `gorm:"many2many:evidence_inventory_items" json:"inventory-items,omitempty"`

	// Which components of the subject are being observed. A tool, user, policy etc.
	Components []SystemComponent `gorm:"many2many:evidence_components" json:"components,omitempty"`
	// Who or What are we providing evidence for. What's under test.
	Subjects []AssessmentSubject `gorm:"many2many:evidence_subjects;" json:"subjects,omitempty"`

	// Did we satisfy what was being tested for, or did we fail ?
	Status datatypes.JSONType[oscalTypes_1_1_3.ObjectiveStatus] `json:"status"`
}

type EvidenceQuerier added in v0.13.0 

type EvidenceQuerier interface {
	GetLatestForFilters(filters ...labelfilter.Filter) ([]Evidence, error)
}

EvidenceQuerier provides access to the latest evidence records matching label filters. It is implemented by evidencesvc.EvidenceService in production and by test doubles in unit tests.

type EvidenceSignature added in v0.15.0 

type EvidenceSignature struct {
	Version            string                  `json:"version"`
	SignatureAlgorithm string                  `json:"signature_algorithm"`
	SignedAt           time.Time               `json:"signed_at"`
	ContentHash        Hash                    `json:"content_hash"`
	Signer             EvidenceSignatureSigner `json:"signer"`
	Claims             EvidenceSignatureClaims `json:"claims"`
	JWS                string                  `json:"jws"`
}

type EvidenceSignatureClaims added in v0.15.0 

type EvidenceSignatureClaims struct {
	TokenKind    string     `json:"token_kind,omitempty"`
	Subject      string     `json:"subject,omitempty"`
	Issuer       string     `json:"issuer,omitempty"`
	IssuedAt     *time.Time `json:"issued_at,omitempty"`
	ExpiresAt    *time.Time `json:"expires_at,omitempty"`
	NotBefore    *time.Time `json:"not_before,omitempty"`
	GivenName    string     `json:"given_name,omitempty"`
	FamilyName   string     `json:"family_name,omitempty"`
	AgentID      string     `json:"agent_id,omitempty"`
	CredentialID string     `json:"credential_id,omitempty"`
	AuthMethod   string     `json:"auth_method,omitempty"`
}

type EvidenceSignatureSigner added in v0.15.0 

type EvidenceSignatureSigner struct {
	Type         string `json:"type"`
	ID           string `json:"id,omitempty"`
	Email        string `json:"email,omitempty"`
	Name         string `json:"name,omitempty"`
	CredentialID string `json:"credential_id,omitempty"`
}

type Export 

type Export struct {
	UUIDModel
	Description      string                                `json:"description"`
	Props            datatypes.JSONSlice[Prop]             `json:"props"`
	Links            datatypes.JSONSlice[Link]             `json:"links"`
	Remarks          string                                `json:"remarks"`
	Provided         []ProvidedControlImplementation       `json:"provided"`
	Responsibilities []ControlImplementationResponsibility `json:"responsibilities"`

	ByComponentId uuid.UUID
}

func (*Export) MarshalOscal 

func (e *Export) MarshalOscal() *oscalTypes_1_1_3.Export

func (*Export) UnmarshalOscal 

func (e *Export) UnmarshalOscal(oe oscalTypes_1_1_3.Export) *Export

type Filter 

type Filter struct {
	UUIDModel

	Name       string                                 `json:"name" yaml:"name"`
	SSPID      *uuid.UUID                             `json:"sspId,omitempty" yaml:"ssp_id,omitempty" gorm:"column:ssp_id;type:uuid;index"`
	Filter     datatypes.JSONType[labelfilter.Filter] `json:"filter" yaml:"filter"`
	Controls   []Control                              `json:"controls" gorm:"many2many:filter_controls;"`
	Components []SystemComponent                      `json:"components" gorm:"many2many:filter_system_components;"`

	SystemSecurityPlan *SystemSecurityPlan `json:"-" gorm:"foreignKey:SSPID;references:ID;constraint:OnDelete:CASCADE"`
}

type Finding 

type Finding struct {
	UUIDModel                                                                      // required
	Description                 string                                             `json:"description"` // required
	Title                       string                                             `json:"title"`       // required
	Target                      datatypes.JSONType[oscalTypes_1_1_3.FindingTarget] `json:"target"`      // required
	ImplementationStatementUuid *string                                            `json:"implementation-statement-uuid"`
	Links                       datatypes.JSONSlice[Link]                          `json:"links"`
	Origins                     datatypes.JSONSlice[Origin]                        `json:"origins"`
	Props                       datatypes.JSONSlice[Prop]                          `json:"props"`
	// Database relationships for efficient querying
	RelatedObservations []Observation `gorm:"many2many:finding_related_observations;" json:"-"`
	RelatedRisks        []Risk        `gorm:"many2many:finding_related_risks;" json:"-"`
	// OSCAL compatibility - JSON fields for import/export
	RelatedObservationUUIDs datatypes.JSONSlice[RelatedObservation] `json:"related-observations"`
	RelatedRiskUUIDs        datatypes.JSONSlice[AssociatedRisk]     `json:"related-risks"`
	Remarks                 *string                                 `json:"remarks"`
}

Finding represents a finding in OSCAL.

func (*Finding) MarshalOscal 

func (f *Finding) MarshalOscal() *oscalTypes_1_1_3.Finding

func (*Finding) UnmarshalOscal 

func (f *Finding) UnmarshalOscal(of oscalTypes_1_1_3.Finding) *Finding

type FindingTarget 

type FindingTarget oscalTypes_1_1_3.FindingTarget

FindingTarget represents a finding target in OSCAL.

func (*FindingTarget) MarshalOscal 

func (f *FindingTarget) MarshalOscal() *oscalTypes_1_1_3.FindingTarget

func (*FindingTarget) UnmarshalOscal 

func (f *FindingTarget) UnmarshalOscal(of oscalTypes_1_1_3.FindingTarget) *FindingTarget

type FlatWithoutGrouping 

type FlatWithoutGrouping = map[string]any

type Group 

type Group struct {
	CatalogID uuid.UUID                      `gorm:"primary_key"`
	ID        string                         `json:"id" gorm:"primary_key"` // required
	Class     string                         `json:"class"`
	Title     string                         `json:"title"` // required
	Params    datatypes.JSONSlice[Parameter] `json:"params"`
	Parts     datatypes.JSONSlice[Part]      `json:"parts"`
	Props     datatypes.JSONSlice[Prop]      `json:"props,omitempty"`
	Links     datatypes.JSONSlice[Link]      `json:"links,omitempty"`

	ParentID   *string
	ParentType *string

	Groups   []Group   `json:"groups" gorm:"polymorphic:Parent;"`
	Controls []Control `json:"controls" gorm:"polymorphic:Parent;"`
}

func (*Group) MarshalOscal 

func (c *Group) MarshalOscal() *oscalTypes_1_1_3.Group

MarshalOscal converts the Group back to an OSCAL Group

func (*Group) UnmarshalOscal 

func (c *Group) UnmarshalOscal(data oscalTypes_1_1_3.Group, catalogId uuid.UUID) *Group

type Hash 

type Hash struct {
	Algorithm HashAlgorithm `json:"algorithm"` // required
	Value     string        `json:"value"`     // required
}

func (*Hash) MarshalOscal 

func (h *Hash) MarshalOscal() *oscaltypes113.Hash

MarshalOscal converts the Hash back to an OSCAL Hash

func (*Hash) UnmarshalOscal 

func (h *Hash) UnmarshalOscal(hash oscaltypes113.Hash) *Hash

type HashAlgorithm 

type HashAlgorithm string
const (
	HashAlgorithmSHA_224  HashAlgorithm = "SHA-224"
	HashAlgorithmSHA_256  HashAlgorithm = "SHA-256"
	HashAlgorithmSHA_384  HashAlgorithm = "SHA-384"
	HashAlgorithmSHA_512  HashAlgorithm = "SHA-512"
	HashAlgorithmSHA3_224 HashAlgorithm = "SHA3-224"
	HashAlgorithmSHA3_256 HashAlgorithm = "SHA3-256"
	HashAlgorithmSHA3_384 HashAlgorithm = "SHA3-384"
	HashAlgorithmSHA3_512 HashAlgorithm = "SHA3-512"
)

type HrefMetadata 

type HrefMetadata struct {
	Path         string
	AbsolutePath bool
	RelativePath bool
	Fragment     bool
}

type IdentifiedSubject 

type IdentifiedSubject struct {
	UUIDModel
	RelatedTaskID        uuid.UUID
	SubjectPlaceholderID uuid.UUID
	Subjects             []AssessmentSubject `gorm:"many2many:related_task_subjects;"`
}

func (*IdentifiedSubject) MarshalOscal 

func (i *IdentifiedSubject) MarshalOscal() *oscalTypes_1_1_3.IdentifiedSubject

func (*IdentifiedSubject) UnmarshalOscal 

func (i *IdentifiedSubject) UnmarshalOscal(op oscalTypes_1_1_3.IdentifiedSubject) *IdentifiedSubject

type Impact 

type Impact oscalTypes_1_1_3.Impact

func (*Impact) MarshalOscal 

func (i *Impact) MarshalOscal() *oscalTypes_1_1_3.Impact

func (*Impact) UnmarshalOscal 

func (i *Impact) UnmarshalOscal(osi oscalTypes_1_1_3.Impact) *Impact

type ImplementationStatus 

type ImplementationStatus struct {
	Remarks string                    `json:"remarks,omitempty" yaml:"remarks,omitempty"`
	State   ImplementationStatusState `json:"state" yaml:"state"`
}

ImplementationStatus mirrors oscalTypes_1_1_3.ImplementationStatus but constrains State to a well-defined enum.

func (*ImplementationStatus) MarshalOscal 

func (is *ImplementationStatus) MarshalOscal() *oscalTypes_1_1_3.ImplementationStatus

func (*ImplementationStatus) UnmarshalOscal 

func (is *ImplementationStatus) UnmarshalOscal(ois oscalTypes_1_1_3.ImplementationStatus) *ImplementationStatus

func (*ImplementationStatus) Validate added in v0.16.0 

func (is *ImplementationStatus) Validate() error

Validate checks that State is one of the supported values.

type ImplementationStatusState added in v0.16.0 

type ImplementationStatusState string

ImplementationStatusState represents the well-defined states for an OSCAL implementation status, aligned with OSCAL SSP semantics. 

const (
	ImplementationStatusImplemented   ImplementationStatusState = "implemented"
	ImplementationStatusPartial       ImplementationStatusState = "partial"
	ImplementationStatusPlanned       ImplementationStatusState = "planned"
	ImplementationStatusAlternative   ImplementationStatusState = "alternative"
	ImplementationStatusNotApplicable ImplementationStatusState = "not-applicable"
)

func ValidImplementationStatusStates added in v0.16.0 

func ValidImplementationStatusStates() []ImplementationStatusState

ValidImplementationStatusStates returns the list of supported state values.

type ImplementedComponent 

type ImplementedComponent struct {
	UUIDModel
	ComponentID uuid.UUID `json:"component-uuid"`
	Component   DefinedComponent

	Props              datatypes.JSONSlice[Prop]             `json:"props"`
	Links              datatypes.JSONSlice[Link]             `json:"links"`
	ResponsibleParties datatypes.JSONSlice[ResponsibleParty] `json:"responsible-parties"`
	Remarks            string                                `json:"remarks"`

	InventoryItemId uuid.UUID
}

func (*ImplementedComponent) MarshalOscal 

func (ic *ImplementedComponent) MarshalOscal() oscalTypes_1_1_3.ImplementedComponent

func (*ImplementedComponent) UnmarshalOscal 

func (ic *ImplementedComponent) UnmarshalOscal(oic oscalTypes_1_1_3.ImplementedComponent) *ImplementedComponent

type ImplementedRequirement 

type ImplementedRequirement struct {
	UUIDModel
	ControlImplementationId uuid.UUID

	ControlId        string                            `json:"control-id"`
	Props            datatypes.JSONSlice[Prop]         `json:"props"`
	Links            datatypes.JSONSlice[Link]         `json:"links"`
	SetParameters    datatypes.JSONSlice[SetParameter] `json:"set-parameters"`
	ResponsibleRoles []ResponsibleRole                 `json:"responsible-roles" gorm:"polymorphic:Parent;"`
	Remarks          string                            `json:"remarks"`
	ByComponents     []ByComponent                     `json:"by-components" gorm:"Polymorphic:Parent"`
	Statements       []Statement                       `json:"statements"`
}

func (*ImplementedRequirement) MarshalOscal 

func (ir *ImplementedRequirement) MarshalOscal() *oscalTypes_1_1_3.ImplementedRequirement

func (*ImplementedRequirement) UnmarshalOscal 

func (ir *ImplementedRequirement) UnmarshalOscal(oir oscalTypes_1_1_3.ImplementedRequirement) *ImplementedRequirement

type ImplementedRequirementControlImplementation 

type ImplementedRequirementControlImplementation struct {
	UUIDModel                                          //required
	ControlId        string                            `json:"control-id"`  //required
	Description      string                            `json:"description"` //required
	SetParameters    datatypes.JSONSlice[SetParameter] `json:"set-parameters"`
	Props            datatypes.JSONSlice[Prop]         `json:"props"`
	Links            datatypes.JSONSlice[Link]         `json:"links"`
	Remarks          string                            `json:"remarks"`
	ResponsibleRoles []ResponsibleRole                 `json:"responsible-roles" gorm:"polymorphic:Parent;"` // required
	Statements       []ControlStatementImplementation  `json:"statements"`

	ControlImplementationSetID uuid.UUID
}

ImplementedRequirementControlImplementation represents an implemented requirement in OSCAL. It includes control ID, description, set parameters, properties, links, remarks, responsible roles, and statements.

func (*ImplementedRequirementControlImplementation) MarshalOscal 

func (irci *ImplementedRequirementControlImplementation) MarshalOscal() *oscalTypes_1_1_3.ImplementedRequirementControlImplementation

MarshalOscal converts the relational ImplementedRequirementControlImplementation back into an OSCAL ImplementedRequirementControlImplementation structure.

func (*ImplementedRequirementControlImplementation) UnmarshalOscal 

func (irci *ImplementedRequirementControlImplementation) UnmarshalOscal(oirci oscalTypes_1_1_3.ImplementedRequirementControlImplementation) *ImplementedRequirementControlImplementation

UnmarshalOscal converts an OSCAL ImplementedRequirementControlImplementation into a relational ImplementedRequirementControlImplementation. It includes set parameters, props, links, responsible roles, and statements.

type Import 

type Import struct {
	UUIDModel
	// Href as per the OSCAL docs can be an absolute network path (potentially remote), relative or a URI fragment
	// for the moment to make the system's life easier, it should be a URI fragment to back-matter and try and resolve
	// back to an ingested catalog.
	Href            string                          `json:"href"`
	IncludeAll      datatypes.JSONType[*IncludeAll] `json:"include-all"`
	IncludeControls []SelectControlById             `json:"include-controls" gorm:"Polymorphic:Parent;polymorphicValue:included"`
	ExcludeControls []SelectControlById             `json:"exclude-controls" gorm:"Polymorphic:Parent;polymorphicValue:excluded"`

	ProfileID uuid.UUID
}

func (*Import) MarshalOscal 

func (i *Import) MarshalOscal() oscalTypes_1_1_3.Import

func (*Import) ResolveHref 

func (i *Import) ResolveHref() (*HrefMetadata, error)

ResolveHref attempts to resolve the Href of the Import and checks whether its an absolute path, relative path or a URI fragment. If it is a URI fragment, it will return a flag to indicate to the caller that it should resolve the fragment to a back-matter resource.

func (*Import) UnmarshalOscal 

func (i *Import) UnmarshalOscal(oi oscalTypes_1_1_3.Import) *Import

type ImportAp 

type ImportAp oscalTypes_1_1_3.ImportAp

func (*ImportAp) MarshalOscal 

func (i *ImportAp) MarshalOscal() *oscalTypes_1_1_3.ImportAp

func (*ImportAp) UnmarshalOscal 

func (i *ImportAp) UnmarshalOscal(oip oscalTypes_1_1_3.ImportAp) *ImportAp

type ImportComponentDefinition 

type ImportComponentDefinition oscalTypes_1_1_3.ImportComponentDefinition

ImportComponentDefinition represents an imported component definition in OSCAL. It includes href for the imported component definition.

func (*ImportComponentDefinition) MarshalOscal 

func (icd *ImportComponentDefinition) MarshalOscal() *oscalTypes_1_1_3.ImportComponentDefinition

MarshalOscal converts the relational ImportComponentDefinition back into an OSCAL ImportComponentDefinition structure.

func (*ImportComponentDefinition) UnmarshalOscal 

func (icd *ImportComponentDefinition) UnmarshalOscal(oicd oscalTypes_1_1_3.ImportComponentDefinition) *ImportComponentDefinition

UnmarshalOscal converts an OSCAL ImportComponentDefinition into a relational ImportComponentDefinition.

type ImportProfile 

type ImportProfile oscalTypes_1_1_3.ImportProfile

func (*ImportProfile) MarshalOscal 

func (ip *ImportProfile) MarshalOscal() *oscalTypes_1_1_3.ImportProfile

func (*ImportProfile) UnmarshalOscal 

func (ip *ImportProfile) UnmarshalOscal(oip oscalTypes_1_1_3.ImportProfile) *ImportProfile

type ImportSsp 

type ImportSsp oscalTypes_1_1_3.ImportSsp

func (*ImportSsp) MarshalOscal 

func (i *ImportSsp) MarshalOscal() *oscalTypes_1_1_3.ImportSsp

func (*ImportSsp) UnmarshalOscal 

func (i *ImportSsp) UnmarshalOscal(oip oscalTypes_1_1_3.ImportSsp) *ImportSsp

type IncludeAll 

type IncludeAll = map[string]any

type IncorporatesComponents 

type IncorporatesComponents oscalTypes_1_1_3.IncorporatesComponent

IncorporatesComponents represents incorporated components in OSCAL. It includes component UUID and description.

func (*IncorporatesComponents) MarshalOscal 

func (ic *IncorporatesComponents) MarshalOscal() *oscalTypes_1_1_3.IncorporatesComponent

MarshalOscal converts the relational IncorporatesComponents back into an OSCAL IncorporatesComponent structure.

func (*IncorporatesComponents) UnmarshalOscal 

func (ic *IncorporatesComponents) UnmarshalOscal(iic oscalTypes_1_1_3.IncorporatesComponent) *IncorporatesComponents

UnmarshalOscal converts an OSCAL IncorporatesComponent into a relational IncorporatesComponents.

type InformationType 

type InformationType struct {
	UUIDModel
	Title                 string                                             `json:"title"`
	Description           string                                             `json:"description"`
	Props                 datatypes.JSONSlice[Prop]                          `json:"props"`
	Links                 datatypes.JSONSlice[Link]                          `json:"links"`
	ConfidentialityImpact *datatypes.JSONType[Impact]                        `json:"confidentiality-impact"`
	IntegrityImpact       *datatypes.JSONType[Impact]                        `json:"integrity-impact"`
	AvailabilityImpact    *datatypes.JSONType[Impact]                        `json:"availability-impact"`
	Categorizations       datatypes.JSONSlice[InformationTypeCategorization] `json:"categorizations"`

	SystemInformationId uuid.UUID
}

func (*InformationType) MarshalOscal 

func (it *InformationType) MarshalOscal() *oscalTypes_1_1_3.InformationType

func (*InformationType) UnmarshalOscal 

func (it *InformationType) UnmarshalOscal(oit oscalTypes_1_1_3.InformationType) *InformationType

type InformationTypeCategorization 

type InformationTypeCategorization oscalTypes_1_1_3.InformationTypeCategorization

func (*InformationTypeCategorization) MarshalOscal 

func (itc *InformationTypeCategorization) MarshalOscal() *oscalTypes_1_1_3.InformationTypeCategorization

func (*InformationTypeCategorization) UnmarshalOscal 

func (itc *InformationTypeCategorization) UnmarshalOscal(oitc oscalTypes_1_1_3.InformationTypeCategorization) *InformationTypeCategorization

type InheritedControlImplementation 

type InheritedControlImplementation struct {
	UUIDModel                                  //required
	ProvidedUuid     uuid.UUID                 `json:"provided-uuid"`
	Description      string                    `json:"description"` //required
	Links            datatypes.JSONSlice[Link] `json:"links"`
	Props            datatypes.JSONSlice[Prop] `json:"props"`
	ResponsibleRoles []ResponsibleRole         `json:"responsible-roles" gorm:"polymorphic:Parent"`

	ByComponentId uuid.UUID
}

func (*InheritedControlImplementation) MarshalOscal 

func (i *InheritedControlImplementation) MarshalOscal() *oscalTypes_1_1_3.InheritedControlImplementation

func (*InheritedControlImplementation) UnmarshalOscal 

func (i *InheritedControlImplementation) UnmarshalOscal(oi oscalTypes_1_1_3.InheritedControlImplementation) *InheritedControlImplementation

type InventoryItem 

type InventoryItem struct {
	UUIDModel
	Description           string                                `json:"description"`
	Props                 datatypes.JSONSlice[Prop]             `json:"props"`
	Links                 datatypes.JSONSlice[Link]             `json:"links"`
	ResponsibleParties    datatypes.JSONSlice[ResponsibleParty] `json:"responsible-parties"`
	Remarks               string                                `json:"remarks"`
	ImplementedComponents []ImplementedComponent                `json:"implemented-components"`

	SystemImplementationId uuid.UUID

	Evidence []Evidence `gorm:"many2many:evidence_inventory_items"`
}

func (*InventoryItem) MarshalOscal 

func (ii *InventoryItem) MarshalOscal() oscalTypes_1_1_3.InventoryItem

func (*InventoryItem) UnmarshalOscal 

func (ii *InventoryItem) UnmarshalOscal(oii oscalTypes_1_1_3.InventoryItem) *InventoryItem

type Labels 

type Labels struct {
	Name  string `gorm:"primaryKey" json:"name"`
	Value string `gorm:"primaryKey" json:"value"`
}

type LeveragedAuthorization 

type LeveragedAuthorization struct {
	UUIDModel
	Title          string                    `json:"title"`
	PartyUUID      uuid.UUID                 `json:"party-uuid"`
	DateAuthorized time.Time                 `json:"date-authorized"`
	Remarks        string                    `json:"remarks"`
	Props          datatypes.JSONSlice[Prop] `json:"props"`
	Links          datatypes.JSONSlice[Link] `json:"links"`

	SystemImplementationId uuid.UUID
}

func (*LeveragedAuthorization) MarshalOscal 

func (la *LeveragedAuthorization) MarshalOscal() *oscalTypes_1_1_3.LeveragedAuthorization

MarshalOscal converts the LeveragedAuthorization back to an OSCAL LeveragedAuthorization

func (*LeveragedAuthorization) UnmarshalOscal 

func (la *LeveragedAuthorization) UnmarshalOscal(ola oscalTypes_1_1_3.LeveragedAuthorization) *LeveragedAuthorization
type Link oscaltypes113.Link

func (*Link) UnmarshalOscal 

func (l *Link) UnmarshalOscal(data oscaltypes113.Link) *Link

type LocalDefinitions 

type LocalDefinitions struct {
	UUIDModel

	Remarks              *string
	Components           []SystemComponent `gorm:"many2many:local_definition_components"`
	InventoryItems       []InventoryItem   `gorm:"many2many:local_definition_inventory_items"`
	Users                []SystemUser      `gorm:"many2many:local_definition_users"`
	ObjectivesAndMethods []LocalObjective  `gorm:"many2many:local_definition_objectives"`
	Activities           []Activity        `gorm:"many2many:local_definition_activities"`

	ParentID   uuid.UUID
	ParentType string
}

func (*LocalDefinitions) MarshalOscal 

func (i *LocalDefinitions) MarshalOscal() *oscalTypes_1_1_3.LocalDefinitions

func (*LocalDefinitions) UnmarshalOscal 

func (i *LocalDefinitions) UnmarshalOscal(op oscalTypes_1_1_3.LocalDefinitions) *LocalDefinitions

type LocalObjective 

type LocalObjective struct {
	UUIDModel

	ControlID string  // required
	Control   Control `gorm:"references:ID"`

	Description *string
	Remarks     *string
	Props       datatypes.JSONSlice[Prop]
	Links       datatypes.JSONSlice[Link]

	Parts datatypes.JSONSlice[Part] // required
}

func (*LocalObjective) MarshalOscal 

func (i *LocalObjective) MarshalOscal() *oscalTypes_1_1_3.LocalObjective

func (*LocalObjective) UnmarshalOscal 

func (i *LocalObjective) UnmarshalOscal(op oscalTypes_1_1_3.LocalObjective) *LocalObjective

type Location 

type Location struct {
	UUIDModel
	Title            *string                              `json:"title"`
	Address          *datatypes.JSONType[Address]         `json:"address"`
	EmailAddresses   datatypes.JSONSlice[string]          `json:"email-addresses"`
	TelephoneNumbers datatypes.JSONSlice[TelephoneNumber] `json:"telephone-numbers"`
	Urls             datatypes.JSONSlice[string]          `json:"urls"`
	Props            datatypes.JSONSlice[Prop]            `json:"props"`
	Links            datatypes.JSONSlice[Link]            `json:"links"`
	Remarks          *string                              `json:"remarks"`
}

func (*Location) MarshalOscal 

func (l *Location) MarshalOscal() *oscaltypes113.Location

MarshalOscal converts the Location back to an OSCAL Location

func (*Location) UnmarshalOscal 

func (l *Location) UnmarshalOscal(olocation oscaltypes113.Location) *Location

type LoggedBy 

type LoggedBy struct {
	PartyID uuid.UUID
	Party   Party

	RoleID string
	Role   Role

	ParentType string
	ParentID   uuid.UUID
}

func (*LoggedBy) MarshalOscal 

func (i *LoggedBy) MarshalOscal() *oscalTypes_1_1_3.LoggedBy

func (*LoggedBy) UnmarshalOscal 

func (i *LoggedBy) UnmarshalOscal(op oscalTypes_1_1_3.LoggedBy) *LoggedBy

type Matching 

type Matching oscalTypes_1_1_3.Matching

func (*Matching) MarshalOscal 

func (m *Matching) MarshalOscal() *oscalTypes_1_1_3.Matching

func (*Matching) UnmarshalOscal 

func (m *Matching) UnmarshalOscal(om oscalTypes_1_1_3.Matching) *Matching

type Merge 

type Merge struct {
	UUIDModel
	Combine datatypes.JSONType[*CombinationRule]     `json:"combine"`
	AsIs    bool                                     `json:"as-is"`
	Flat    datatypes.JSONType[*FlatWithoutGrouping] `json:"flat"`

	ProfileID uuid.UUID
}

func (*Merge) MarshalOscal 

func (m *Merge) MarshalOscal() *oscalTypes_1_1_3.Merge

func (*Merge) UnmarshalOscal 

func (m *Merge) UnmarshalOscal(o oscalTypes_1_1_3.Merge) *Merge

type Metadata 

type Metadata struct {
	UUIDModel

	// Metadata is shared across many resources, and so it mapped using a polymorphic relationship
	ParentID   *string
	ParentType *string

	Title              string                          `json:"title"`
	Published          *time.Time                      `json:"published"`
	LastModified       *time.Time                      `json:"last-modified"`
	Version            string                          `json:"version"`
	OscalVersion       string                          `json:"oscal-version"`
	DocumentIDs        datatypes.JSONSlice[DocumentID] `json:"document-ids"` // -> DocumentID
	Props              datatypes.JSONSlice[Prop]       `json:"props"`
	Links              datatypes.JSONSlice[Link]       `json:"links"`
	ResponsibleParties []ResponsibleParty              `gorm:"many2many:metadata_responsible_parties;"`
	Revisions          []Revision                      `json:"revisions"`
	Roles              []Role                          `json:"roles" gorm:"many2many:metadata_roles"`
	Locations          []Location                      `json:"locations" gorm:"many2many:metadata_locations"`
	Parties            []Party                         `json:"parties" gorm:"many2many:metadata_parties"`
	Actions            []Action                        `json:"actions"`
	Remarks            string                          `json:"remarks"`
}

func (*Metadata) MarshalOscal 

func (m *Metadata) MarshalOscal() *oscaltypes113.Metadata

MarshalOscal converts the Metadata back to an OSCAL Metadata

func (*Metadata) UnmarshalOscal 

func (m *Metadata) UnmarshalOscal(metadata oscaltypes113.Metadata) *Metadata

type MitigatingFactor 

type MitigatingFactor oscalTypes_1_1_3.MitigatingFactor

MitigatingFactor represents a mitigating factor in OSCAL.

func (*MitigatingFactor) MarshalOscal 

func (m *MitigatingFactor) MarshalOscal() *oscalTypes_1_1_3.MitigatingFactor

func (*MitigatingFactor) UnmarshalOscal 

func (m *MitigatingFactor) UnmarshalOscal(om oscalTypes_1_1_3.MitigatingFactor) *MitigatingFactor

type Modify 

type Modify struct {
	UUIDModel
	SetParameters []ParameterSetting `json:"set-parameters"`
	Alters        []Alteration       `json:"alters"`

	ProfileID uuid.UUID
}

func (*Modify) MarshalOscal 

func (m *Modify) MarshalOscal() *oscalTypes_1_1_3.Modify

func (*Modify) UnmarshalOscal 

func (m *Modify) UnmarshalOscal(o oscalTypes_1_1_3.Modify) *Modify

type NetworkArchitecture 

type NetworkArchitecture struct {
	UUIDModel
	Description string                    `json:"description"`
	Remarks     string                    `json:"remarks"`
	Props       datatypes.JSONSlice[Prop] `json:"props"`
	Links       datatypes.JSONSlice[Link] `json:"links"`
	Diagrams    []Diagram                 `json:"diagrams" gorm:"polymorphic:Parent;"`

	SystemCharacteristicsId uuid.UUID
}

func (*NetworkArchitecture) MarshalOscal 

func (na *NetworkArchitecture) MarshalOscal() *oscalTypes_1_1_3.NetworkArchitecture

func (*NetworkArchitecture) UnmarshalOscal 

func (na *NetworkArchitecture) UnmarshalOscal(ona oscalTypes_1_1_3.NetworkArchitecture) *NetworkArchitecture

type Observation 

type Observation struct {
	UUIDModel                                              // required
	Collected        time.Time                             `json:"collected" gorm:"index"` // required, indexed
	Description      string                                `json:"description"`            // required
	Methods          datatypes.JSONSlice[string]           `json:"methods"`                // required, stored as JSON array
	Expires          *time.Time                            `json:"expires" gorm:"index"`   // Indexed for date queries
	Links            datatypes.JSONSlice[Link]             `json:"links"`
	Origins          datatypes.JSONSlice[Origin]           `json:"origins"`
	Props            datatypes.JSONSlice[Prop]             `json:"props"`
	RelevantEvidence datatypes.JSONSlice[RelevantEvidence] `json:"relevant-evidence"`
	Remarks          *string                               `json:"remarks"`
	Subjects         datatypes.JSONSlice[SubjectReference] `json:"subjects"`
	Title            *string                               `json:"title"`
	Types            datatypes.JSONSlice[string]           `json:"types"` // stored as JSON array
}

Observation represents an observation in OSCAL.

func (*Observation) MarshalOscal 

func (o *Observation) MarshalOscal() *oscalTypes_1_1_3.Observation

func (*Observation) UnmarshalOscal 

func (o *Observation) UnmarshalOscal(oo oscalTypes_1_1_3.Observation) *Observation

type Origin 

type Origin oscalTypes_1_1_3.Origin

Origin represents an origin in OSCAL.

func (*Origin) MarshalOscal 

func (o *Origin) MarshalOscal() *oscalTypes_1_1_3.Origin

func (*Origin) UnmarshalOscal 

func (o *Origin) UnmarshalOscal(oo oscalTypes_1_1_3.Origin) *Origin

type Parameter 

type Parameter struct {
	ID          string                                   `json:"id"`
	Class       *string                                  `json:"class"`
	Label       *string                                  `json:"label"`
	Usage       *string                                  `json:"usage"`
	Remarks     *string                                  `json:"remarks"`
	Constraints datatypes.JSONSlice[ParameterConstraint] `json:"constraints"`
	Guidelines  datatypes.JSONSlice[ParameterGuideline]  `json:"guidelines"`
	Select      *datatypes.JSONType[ParameterSelection]  `json:"select"`
	Values      datatypes.JSONSlice[string]              `json:"values"`
	Props       datatypes.JSONSlice[Prop]                `json:"props,omitempty"`
	Links       datatypes.JSONSlice[Link]                `json:"links,omitempty"`
}

func (*Parameter) MarshalOscal 

func (l *Parameter) MarshalOscal() *oscalTypes_1_1_3.Parameter

MarshalOscal converts the Parameter back to an OSCAL Parameter

func (*Parameter) UnmarshalOscal 

func (l *Parameter) UnmarshalOscal(data oscalTypes_1_1_3.Parameter) *Parameter

type ParameterConstraint 

type ParameterConstraint struct {
	Description string                    `json:"description"`
	Tests       []ParameterConstraintTest `json:"tests"`
}

func (*ParameterConstraint) MarshalOscal 

func (l *ParameterConstraint) MarshalOscal() *oscalTypes_1_1_3.ParameterConstraint

func (*ParameterConstraint) UnmarshalOscal 

func (l *ParameterConstraint) UnmarshalOscal(data oscalTypes_1_1_3.ParameterConstraint) *ParameterConstraint

type ParameterConstraintTest 

type ParameterConstraintTest struct {
	Expression string `json:"expression"`
	Remarks    string `json:"remarks"`
}

func (*ParameterConstraintTest) MarshalOscal 

func (l *ParameterConstraintTest) MarshalOscal() *oscalTypes_1_1_3.ConstraintTest

func (*ParameterConstraintTest) UnmarshalOscal 

func (l *ParameterConstraintTest) UnmarshalOscal(data oscalTypes_1_1_3.ConstraintTest) *ParameterConstraintTest

type ParameterGuideline 

type ParameterGuideline struct {
	Prose string `json:"prose"`
}

func (*ParameterGuideline) MarshalOscal 

func (l *ParameterGuideline) MarshalOscal() *oscalTypes_1_1_3.ParameterGuideline

func (*ParameterGuideline) UnmarshalOscal 

func (l *ParameterGuideline) UnmarshalOscal(data oscalTypes_1_1_3.ParameterGuideline) *ParameterGuideline

type ParameterSelection 

type ParameterSelection struct {
	HowMany ParameterSelectionCount `json:"how-many"`
	Choice  []string                `json:"choice"`
}

func (*ParameterSelection) MarshalOscal 

func (l *ParameterSelection) MarshalOscal() *oscalTypes_1_1_3.ParameterSelection

MarshalOscal converts the ParameterSelection back to an OSCAL ParameterSelection

func (*ParameterSelection) UnmarshalOscal 

func (l *ParameterSelection) UnmarshalOscal(data oscalTypes_1_1_3.ParameterSelection) *ParameterSelection

type ParameterSelectionCount 

type ParameterSelectionCount string
const (
	ParameterSelectionCountOne       ParameterSelectionCount = "one"
	ParameterSelectionCountOneOrMore ParameterSelectionCount = "one-or-more"
)

type ParameterSetting 

type ParameterSetting struct {
	UUIDModel
	ParamID     string                                   `json:"param-id"` // required
	Class       string                                   `json:"class"`
	DependsOn   string                                   `json:"depends-on"`
	Props       datatypes.JSONSlice[Prop]                `json:"props"`
	Links       datatypes.JSONSlice[Link]                `json:"links"`
	Label       string                                   `json:"label"`
	Constraints datatypes.JSONSlice[ParameterConstraint] `json:"constraints"`
	Guidelines  datatypes.JSONSlice[ParameterGuideline]  `json:"guidelines"`
	Values      datatypes.JSONSlice[string]              `json:"values"`
	Select      *datatypes.JSONType[ParameterSelection]  `json:"select"`

	ModifyID uuid.UUID
}

func (*ParameterSetting) MarshalOscal 

func (p *ParameterSetting) MarshalOscal() oscalTypes_1_1_3.ParameterSetting

func (*ParameterSetting) UnmarshalOscal 

func (p *ParameterSetting) UnmarshalOscal(o oscalTypes_1_1_3.ParameterSetting) *ParameterSetting

type Part 

type Part struct {
	ID     string                    `json:"id"`
	Name   string                    `json:"name"`
	NS     string                    `json:"ns"`
	Class  string                    `json:"class"`
	Title  string                    `json:"title"`
	Prose  string                    `json:"prose"`
	Props  datatypes.JSONSlice[Prop] `json:"props,omitempty"`
	Links  datatypes.JSONSlice[Link] `json:"links,omitempty"`
	PartID string                    `json:"part_id"`
	Parts  []Part                    `json:"parts"` // -> Part

}

func (*Part) MarshalOscal 

func (p *Part) MarshalOscal() *oscalTypes_1_1_3.Part

func (*Part) UnmarshalOscal 

func (p *Part) UnmarshalOscal(data oscalTypes_1_1_3.Part) *Part

type Party 

type Party struct {
	UUIDModel
	Type                  PartyType                            `json:"type"`
	Name                  *string                              `json:"name"`
	ShortName             *string                              `json:"short-name"`
	ExternalIds           datatypes.JSONSlice[PartyExternalID] `json:"external-ids"`
	Props                 datatypes.JSONSlice[Prop]            `json:"props"`
	Links                 datatypes.JSONSlice[Link]            `json:"links"`
	EmailAddresses        datatypes.JSONSlice[string]          `json:"email-addresses"`
	TelephoneNumbers      datatypes.JSONSlice[TelephoneNumber] `json:"telephone-numbers"`
	Addresses             datatypes.JSONSlice[Address]         `json:"addresses"`
	Locations             []Location                           `json:"locations" gorm:"many2many:party_locations;"`
	MemberOfOrganizations []Party                              `json:"member-of-organizations" gorm:"many2many:party_member_of_organisations;"` // -> Party
	Remarks               *string                              `json:"remarks"`
}

func (*Party) BeforeCreate 

func (p *Party) BeforeCreate(db *gorm.DB) error

func (*Party) MarshalOscal 

func (p *Party) MarshalOscal() *oscaltypes113.Party

MarshalOscal converts the Party back to an OSCAL Party

func (*Party) UnmarshalOscal 

func (p *Party) UnmarshalOscal(oparty oscaltypes113.Party) *Party

type PartyExternalID 

type PartyExternalID struct {
	ID     string                `json:"id"`
	Scheme PartyExternalIDScheme `json:"scheme"`
}

func (*PartyExternalID) MarshalOscal 

func (p *PartyExternalID) MarshalOscal() *oscaltypes113.PartyExternalIdentifier

MarshalOscal converts the PartyExternalID back to an OSCAL PartyExternalIdentifier

func (*PartyExternalID) UnmarshalOscal 

func (p *PartyExternalID) UnmarshalOscal(oid oscaltypes113.PartyExternalIdentifier) *PartyExternalID

type PartyExternalIDScheme 

type PartyExternalIDScheme string
const PartyExternalIDSchemeOrchid PartyExternalIDScheme = "http://orcid.org/"

type PartyType 

type PartyType string
const (
	PartyTypePerson       PartyType = "person"
	PartyTypeOrganization PartyType = "organization"
)

type PlanOfActionAndMilestones 

type PlanOfActionAndMilestones struct {
	UUIDModel
	Metadata   Metadata   `json:"metadata" gorm:"polymorphic:Parent;"`
	BackMatter BackMatter `json:"back-matter" gorm:"polymorphic:Parent;"`

	// Simple fields stored as JSON
	ImportSsp        datatypes.JSONType[ImportSsp]                                 `json:"import-ssp"`
	SystemId         datatypes.JSONType[SystemId]                                  `json:"system-id"`
	LocalDefinitions datatypes.JSONType[PlanOfActionAndMilestonesLocalDefinitions] `json:"local-definitions"`

	// Complex entities as proper tables with polymorphic relationships
	PoamItems []PoamItem `gorm:"foreignKey:PlanOfActionAndMilestonesID"`

	Observations []Observation `gorm:"many2many:poam_observations;"`
	Risks        []Risk        `gorm:"many2many:poam_risks;"`
	Findings     []Finding     `gorm:"many2many:poam_findings;"`
}

PlanOfActionAndMilestones represents a plan of action and milestones in OSCAL It includes metadata, import-ssp, system-id, local-definitions, observations, risks, findings, poam-items, and back-matter.

func (*PlanOfActionAndMilestones) MarshalOscal 

func (p *PlanOfActionAndMilestones) MarshalOscal() *oscalTypes_1_1_3.PlanOfActionAndMilestones

MarshalOscal converts the relational PlanOfActionAndMilestones back into an OSCAL PlanOfActionAndMilestones structure.

func (*PlanOfActionAndMilestones) UnmarshalOscal 

func (p *PlanOfActionAndMilestones) UnmarshalOscal(opam oscalTypes_1_1_3.PlanOfActionAndMilestones) *PlanOfActionAndMilestones

UnmarshalOscal converts an OSCAL PlanOfActionAndMilestones into a relational PlanOfActionAndMilestones. It includes metadata, import-ssp, system-id, local-definitions, observations, risks, findings, poam-items, and back-matter.

type PlanOfActionAndMilestonesLocalDefinitions 

type PlanOfActionAndMilestonesLocalDefinitions struct {
	AssessmentAssets datatypes.JSONType[oscalTypes_1_1_3.AssessmentAssets] `json:"assessment-assets"`
	Components       datatypes.JSONSlice[oscalTypes_1_1_3.SystemComponent] `json:"components" gorm:"type:json"`
	InventoryItems   datatypes.JSONSlice[oscalTypes_1_1_3.InventoryItem]   `json:"inventory-items" gorm:"type:json"`
	Remarks          string                                                `json:"remarks"`
}

PlanOfActionAndMilestonesLocalDefinitions represents local definitions in POAM.

func (*PlanOfActionAndMilestonesLocalDefinitions) MarshalOscal 

func (p *PlanOfActionAndMilestonesLocalDefinitions) MarshalOscal() *oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions

func (*PlanOfActionAndMilestonesLocalDefinitions) UnmarshalOscal 

func (p *PlanOfActionAndMilestonesLocalDefinitions) UnmarshalOscal(op oscalTypes_1_1_3.PlanOfActionAndMilestonesLocalDefinitions) *PlanOfActionAndMilestonesLocalDefinitions

type PoamItem 

type PoamItem struct {
	PlanOfActionAndMilestonesID uuid.UUID                           `gorm:"primary_key"`
	UUID                        string                              `json:"uuid" gorm:"primary_key"`
	Title                       string                              `json:"title"`       // required
	Description                 string                              `json:"description"` // required
	Props                       datatypes.JSONSlice[Prop]           `json:"props"`
	Links                       datatypes.JSONSlice[Link]           `json:"links"`
	Origins                     datatypes.JSONSlice[PoamItemOrigin] `json:"origins"`
	// Database relationships for efficient querying
	RelatedFindings     []Finding     `gorm:"many2many:poam_item_related_findings;" json:"-"`
	RelatedObservations []Observation `gorm:"many2many:poam_item_related_observations;" json:"-"`
	RelatedRisks        []Risk        `gorm:"many2many:poam_item_related_risks;" json:"-"`
	// OSCAL compatibility - JSON fields for import/export
	RelatedFindingUUIDs     datatypes.JSONSlice[RelatedFinding]     `json:"related-findings"`
	RelatedObservationUUIDs datatypes.JSONSlice[RelatedObservation] `json:"related-observations"`
	RelatedRiskUUIDs        datatypes.JSONSlice[AssociatedRisk]     `json:"related-risks"`
	Remarks                 *string                                 `json:"remarks"`
}

PoamItem represents a POAM item in OSCAL.

func (*PoamItem) MarshalOscal 

func (p *PoamItem) MarshalOscal() *oscalTypes_1_1_3.PoamItem

func (*PoamItem) UnmarshalOscal 

func (p *PoamItem) UnmarshalOscal(op oscalTypes_1_1_3.PoamItem, planID uuid.UUID) *PoamItem

type PoamItemOrigin 

type PoamItemOrigin oscalTypes_1_1_3.PoamItemOrigin

PoamItemOrigin represents a POAM item origin in OSCAL.

func (*PoamItemOrigin) MarshalOscal 

func (p *PoamItemOrigin) MarshalOscal() *oscalTypes_1_1_3.PoamItemOrigin

func (*PoamItemOrigin) UnmarshalOscal 

func (p *PoamItemOrigin) UnmarshalOscal(op oscalTypes_1_1_3.PoamItemOrigin) *PoamItemOrigin

type Profile 

type Profile struct {
	UUIDModel
	Metadata   Metadata    `json:"metadata" gorm:"Polymorphic:Parent"`
	BackMatter *BackMatter `json:"back-matter" gorm:"Polymorphic:Parent"`
	Imports    []Import    `json:"imports"`
	Merge      *Merge      `json:"merge"`
	Modify     *Modify     `json:"modify"`
	Controls   []Control   `json:"controls" gorm:"many2many:profile_controls;"`
}

func (*Profile) MarshalOscal 

func (p *Profile) MarshalOscal() *oscalTypes_1_1_3.Profile

MarshalOscal converts the Profile struct into an oscalTypes_1_1_3.Profile.

func (*Profile) UnmarshalOscal 

func (p *Profile) UnmarshalOscal(op oscalTypes_1_1_3.Profile) *Profile

UnmarshalOscal take type of oscalTypes_1_1_3.Profile from go-oscal and converts it into a relational model within the struct while returning a pointer to itself

type Prop 

type Prop oscaltypes113.Property

func (*Prop) UnmarshalOscal 

func (p *Prop) UnmarshalOscal(data oscaltypes113.Property) *Prop

type Protocol 

type Protocol oscaltypes113.Protocol

func (*Protocol) MarshalOscal 

func (p *Protocol) MarshalOscal() *oscaltypes113.Protocol

func (*Protocol) UnmarshalOscal 

func (p *Protocol) UnmarshalOscal(op oscaltypes113.Protocol) *Protocol

type ProvidedControlImplementation 

type ProvidedControlImplementation struct {
	UUIDModel
	Description      string                    `json:"description"`
	Links            datatypes.JSONSlice[Link] `json:"links"`
	Props            datatypes.JSONSlice[Prop] `json:"props"`
	Remarks          string                    `json:"remarks"`
	ResponsibleRoles []ResponsibleRole         `json:"responsible-roles" gorm:"polymorphic:Parent;"`

	ExportId uuid.UUID
}

func (*ProvidedControlImplementation) MarshalOscal 

func (pci *ProvidedControlImplementation) MarshalOscal() *oscalTypes_1_1_3.ProvidedControlImplementation

func (*ProvidedControlImplementation) UnmarshalOscal 

func (pci *ProvidedControlImplementation) UnmarshalOscal(opci oscalTypes_1_1_3.ProvidedControlImplementation) *ProvidedControlImplementation

type RelatedFinding 

type RelatedFinding oscalTypes_1_1_3.RelatedFinding

RelatedFinding represents a related finding in OSCAL.

func (*RelatedFinding) MarshalOscal 

func (r *RelatedFinding) MarshalOscal() *oscalTypes_1_1_3.RelatedFinding

func (*RelatedFinding) UnmarshalOscal 

func (r *RelatedFinding) UnmarshalOscal(orf oscalTypes_1_1_3.RelatedFinding) *RelatedFinding

type RelatedObservation 

type RelatedObservation oscalTypes_1_1_3.RelatedObservation

RelatedObservation represents a related observation in OSCAL.

func (*RelatedObservation) MarshalOscal 

func (r *RelatedObservation) MarshalOscal() *oscalTypes_1_1_3.RelatedObservation

func (*RelatedObservation) UnmarshalOscal 

func (r *RelatedObservation) UnmarshalOscal(oro oscalTypes_1_1_3.RelatedObservation) *RelatedObservation

type RelatedTask 

type RelatedTask struct {
	UUIDModel
	Task               Task
	TaskID             uuid.UUID
	Remarks            *string
	Props              datatypes.JSONSlice[Prop]
	Links              datatypes.JSONSlice[Link]
	ResponsibleParties []ResponsibleParty  `gorm:"many2many:related_task_responsible_parties;"`
	Subjects           []AssessmentSubject `gorm:"many2many:related_task_subjects;"`
	IdentifiedSubject  *IdentifiedSubject

	ParentType string
	ParentID   uuid.UUID
}

func (*RelatedTask) MarshalOscal 

func (i *RelatedTask) MarshalOscal() *oscalTypes_1_1_3.RelatedTask

func (*RelatedTask) UnmarshalOscal 

func (i *RelatedTask) UnmarshalOscal(op oscalTypes_1_1_3.RelatedTask) *RelatedTask

type RelevantEvidence 

type RelevantEvidence oscalTypes_1_1_3.RelevantEvidence

RelevantEvidence represents relevant evidence in OSCAL.

func (*RelevantEvidence) MarshalOscal 

func (r *RelevantEvidence) MarshalOscal() *oscalTypes_1_1_3.RelevantEvidence

func (*RelevantEvidence) UnmarshalOscal 

func (r *RelevantEvidence) UnmarshalOscal(ore oscalTypes_1_1_3.RelevantEvidence) *RelevantEvidence

type Removal 

type Removal oscalTypes_1_1_3.Removal

func (*Removal) MarshalOscal 

func (r *Removal) MarshalOscal() oscalTypes_1_1_3.Removal

func (*Removal) UnmarshalOscal 

func (r *Removal) UnmarshalOscal(o oscalTypes_1_1_3.Removal) *Removal
type ResourceLink struct {
	Href      string `json:"href"` // required
	MediaType string `json:"media-type"`
	Hashes    []Hash `json:"hashes"`
}

func (*ResourceLink) MarshalOscal 

func (r *ResourceLink) MarshalOscal() *oscaltypes113.ResourceLink

MarshalOscal converts the ResourceLink back to an OSCAL ResourceLink

func (*ResourceLink) UnmarshalOscal 

func (r *ResourceLink) UnmarshalOscal(orlink oscaltypes113.ResourceLink)

type Response 

type Response oscalTypes_1_1_3.Response

Response represents a response in OSCAL.

func (*Response) MarshalOscal 

func (r *Response) MarshalOscal() *oscalTypes_1_1_3.Response

func (*Response) UnmarshalOscal 

func (r *Response) UnmarshalOscal(or oscalTypes_1_1_3.Response) *Response

type ResponsibleParty 

type ResponsibleParty struct {
	UUIDModel
	Props   datatypes.JSONSlice[Prop] `json:"props"`
	Links   datatypes.JSONSlice[Link] `json:"links"`
	Remarks string                    `json:"remarks"`

	RoleID  string `json:"role-id"` // required
	Role    Role
	Parties []ResponsiblePartyParties

	// Polymorphic relationship - allows ResponsibleParty to belong to different parent types
	ParentID   *uuid.UUID
	ParentType string
}

func (*ResponsibleParty) MarshalOscal 

func (r *ResponsibleParty) MarshalOscal() *oscaltypes113.ResponsibleParty

func (*ResponsibleParty) UnmarshalOscal 

func (r *ResponsibleParty) UnmarshalOscal(or oscaltypes113.ResponsibleParty) *ResponsibleParty

type ResponsiblePartyParties 

type ResponsiblePartyParties struct {
	ResponsiblePartyID *uuid.UUID `gorm:"primaryKey"`
	PartyID            *uuid.UUID `gorm:"primaryKey"`
}

type ResponsibleRole 

type ResponsibleRole struct {
	UUIDModel
	RoleID  string                    `json:"role-id"` // required
	Props   datatypes.JSONSlice[Prop] `json:"props"`
	Links   datatypes.JSONSlice[Link] `json:"links"`
	Remarks string                    `json:"remarks"`

	Parties []Party `gorm:"many2many:responsible_role_parties;"`
	Role    Role

	ParentID   *uuid.UUID
	ParentType string
}

func (*ResponsibleRole) MarshalOscal 

func (rr *ResponsibleRole) MarshalOscal() *oscaltypes113.ResponsibleRole

func (*ResponsibleRole) UnmarshalOscal 

func (rr *ResponsibleRole) UnmarshalOscal(or oscaltypes113.ResponsibleRole) *ResponsibleRole

type Result 

type Result struct {
	UUIDModel
	AssessmentResultID uuid.UUID
	Title              string // required
	Description        string // required
	Remarks            *string
	Start              *time.Time
	End                *time.Time
	Props              datatypes.JSONSlice[Prop]
	Links              datatypes.JSONSlice[Link]
	LocalDefinitionsID uuid.UUID
	LocalDefinitions   LocalDefinitions
	ReviewedControlsID uuid.UUID
	ReviewedControls   ReviewedControls
	Attestations       []Attestation
	AssessmentLogID    *uuid.UUID
	AssessmentLog      *AssessmentLog

	// Shared entities now using polymorphic associations
	Observations []Observation `gorm:"many2many:result_observations;"`
	Findings     []Finding     `gorm:"many2many:result_findings;"`
	Risks        []Risk        `gorm:"many2many:result_risks;"`
}

func (*Result) MarshalOscal 

func (i *Result) MarshalOscal() *oscalTypes_1_1_3.Result

func (*Result) UnmarshalOscal 

func (i *Result) UnmarshalOscal(op oscalTypes_1_1_3.Result) *Result

type ReviewedControls 

type ReviewedControls struct {
	UUIDModel
	Description                *string
	Remarks                    *string
	Props                      datatypes.JSONSlice[Prop]
	Links                      datatypes.JSONSlice[Link]
	ControlSelections          []ControlSelection // required
	ControlObjectiveSelections []ControlObjectiveSelection
}

func (*ReviewedControls) MarshalOscal 

func (i *ReviewedControls) MarshalOscal() *oscalTypes_1_1_3.ReviewedControls

func (*ReviewedControls) UnmarshalOscal 

func (i *ReviewedControls) UnmarshalOscal(op oscalTypes_1_1_3.ReviewedControls) *ReviewedControls

type Revision 

type Revision struct {
	// Only version is required
	UUIDModel

	// Revision only exist on a metadata object. We'll link them straight there with a BelongsTo relationship
	MetadataID uuid.UUID `json:"metadata-id"`

	Title        *string                   `json:"title"`
	Published    *time.Time                `json:"published"`
	LastModified *time.Time                `json:"last-modified"`
	Version      string                    `json:"version"` // required
	OscalVersion *string                   `json:"oscal-version"`
	Props        datatypes.JSONSlice[Prop] `json:"props"`
	Links        datatypes.JSONSlice[Link] `json:"links"`
	Remarks      *string                   `json:"remarks"`
}

func (*Revision) MarshalOscal 

func (r *Revision) MarshalOscal() *oscaltypes113.RevisionHistoryEntry

MarshalOscal converts the Revision back to an OSCAL RevisionHistoryEntry

func (*Revision) UnmarshalOscal 

func (r *Revision) UnmarshalOscal(entry oscaltypes113.RevisionHistoryEntry) *Revision

type Risk 

type Risk struct {
	UUIDModel                                                        // required
	Title               string                                       `json:"title"`               // required
	Description         string                                       `json:"description"`         // required
	Statement           string                                       `json:"statement"`           // required
	Status              string                                       `json:"status" gorm:"index"` // required, indexed
	Props               datatypes.JSONSlice[Prop]                    `json:"props"`
	Links               datatypes.JSONSlice[Link]                    `json:"links"`
	Origins             datatypes.JSONSlice[Origin]                  `json:"origins"`
	ThreatIds           datatypes.JSONSlice[ThreatId]                `json:"threat-ids"`
	Characterizations   datatypes.JSONSlice[Characterization]        `json:"characterizations"`
	MitigatingFactors   datatypes.JSONSlice[MitigatingFactor]        `json:"mitigating-factors"`
	Deadline            *time.Time                                   `json:"deadline" gorm:"index"` // Indexed for date queries
	Remediations        datatypes.JSONSlice[Response]                `json:"remediations"`
	RiskLog             datatypes.JSONType[oscalTypes_1_1_3.RiskLog] `json:"risk-log"`
	RelatedObservations datatypes.JSONSlice[RelatedObservation]      `json:"related-observations"`
}

Risk represents a risk in OSCAL. It includes uuid, title, description, statement, props, links, status, origins, threat-ids, characterizations, mitigating-factors, deadline, remediations, risk-log, and related-observations.

func (*Risk) MarshalOscal 

func (r *Risk) MarshalOscal() *oscalTypes_1_1_3.Risk

MarshalOscal converts the relational Risk back into an OSCAL Risk structure.

func (*Risk) UnmarshalOscal 

func (r *Risk) UnmarshalOscal(or oscalTypes_1_1_3.Risk) *Risk

UnmarshalOscal converts an OSCAL Risk into a relational Risk.

type RiskLog 

type RiskLog oscalTypes_1_1_3.RiskLog

RiskLog represents a risk log in OSCAL.

func (*RiskLog) MarshalOscal 

func (r *RiskLog) MarshalOscal() *oscalTypes_1_1_3.RiskLog

func (*RiskLog) UnmarshalOscal 

func (r *RiskLog) UnmarshalOscal(or oscalTypes_1_1_3.RiskLog) *RiskLog

type Risks 

type Risks = []Risk

type Role 

type Role struct {
	ID          string                    `json:"id" gorm:"primary_key;"`
	Title       string                    `json:"title"`
	ShortName   *string                   `json:"short-name"`
	Description *string                   `json:"description"`
	Props       datatypes.JSONSlice[Prop] `json:"props"`
	Links       datatypes.JSONSlice[Link] `json:"links"`
	Remarks     *string                   `json:"remarks"`
}

func (*Role) MarshalOscal 

func (r *Role) MarshalOscal() *oscaltypes113.Role

MarshalOscal converts the Role back to an OSCAL Role

func (*Role) UnmarshalOscal 

func (r *Role) UnmarshalOscal(entry oscaltypes113.Role) *Role

type SSOGroupMapping added in v0.17.0 

type SSOGroupMapping struct {
	UUIDModel

	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	Provider      string `json:"provider" gorm:"not null;uniqueIndex:idx_ccf_sso_group_mappings_provider_group,priority:1"`
	ExternalGroup string `json:"externalGroup" gorm:"not null;uniqueIndex:idx_ccf_sso_group_mappings_provider_group,priority:2"`
	GroupID       string `json:"groupId" gorm:"not null;index"`

	// Source records who owns the mapping: MappingSourceConfig (declared in a provider's
	// group_mapping and reconciled by boot provisioning) or MappingSourceManual (added at runtime via
	// the admin API). It defaults to config so pre-attribution rows — all of which came from config
	// provisioning — are reconciled declaratively: provisioning prunes config rows the config no
	// longer declares, while manual rows are never auto-removed.
	Source string `json:"source" gorm:"not null;default:config"`

	Group UserGroup `json:"group,omitempty" gorm:"foreignKey:GroupID;references:ID"`
}

SSOGroupMapping unifies an external IdP group with a native UserGroup. At login the SSO sync translates the user's IdP groups through these (Provider, ExternalGroup) rows and materializes the mapped native group as a source=sso membership (BCH-1331); authorization then reads only those native memberships. Unmapped IdP groups are intentionally dropped — they never become memberships and never reach subject.groups.

func (SSOGroupMapping) TableName added in v0.17.0 

func (SSOGroupMapping) TableName() string
type SSOUserLink struct {
	UUIDModel

	CreatedAt time.Time      `json:"createdAt"`
	UpdatedAt time.Time      `json:"updatedAt"`
	DeletedAt gorm.DeletedAt `json:"deletedAt" gorm:"index"`

	UserID     string    `json:"userId" gorm:"not null;index"`
	Provider   string    `json:"provider" gorm:"not null;index"`
	ExternalID string    `json:"externalId" gorm:"not null"`
	Email      string    `json:"email"`
	Groups     string    `json:"groups"`
	LastSync   time.Time `json:"lastSync"`

	User User `json:"user,omitempty" gorm:"foreignKey:UserID;references:ID"`
}

func (SSOUserLink) TableName added in v0.5.0 

func (SSOUserLink) TableName() string

type SSPProfile added in v0.16.0 

type SSPProfile struct {
	SystemSecurityPlanID uuid.UUID `gorm:"primaryKey;type:uuid" json:"system_security_plan_id"`
	ProfileID            uuid.UUID `gorm:"primaryKey;type:uuid;index" json:"profile_id"`
}

SSPProfile is the join-table model for the many-to-many relationship between SystemSecurityPlan and Profile.

type SatisfiedControlImplementationResponsibility 

type SatisfiedControlImplementationResponsibility struct {
	UUIDModel
	ResponsibilityUuid uuid.UUID                 `json:"responsibility-uuid"`
	Description        string                    `json:"description"`
	Props              datatypes.JSONSlice[Prop] `json:"props"`
	Links              datatypes.JSONSlice[Link] `json:"links"`
	ResponsibleRoles   []ResponsibleRole         `json:"responsible-roles" gorm:"polymorphic:Parent"`
	Remarks            string                    `json:"remarks"`

	ByComponentId uuid.UUID `json:"by-component-id"`
}

func (*SatisfiedControlImplementationResponsibility) MarshalOscal 

func (s *SatisfiedControlImplementationResponsibility) MarshalOscal() *oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility

func (*SatisfiedControlImplementationResponsibility) UnmarshalOscal 

func (s *SatisfiedControlImplementationResponsibility) UnmarshalOscal(os oscalTypes_1_1_3.SatisfiedControlImplementationResponsibility) *SatisfiedControlImplementationResponsibility

type SecurityImpactLevel 

type SecurityImpactLevel oscalTypes_1_1_3.SecurityImpactLevel

func (*SecurityImpactLevel) MarshalOscal 

func (s *SecurityImpactLevel) MarshalOscal() *oscalTypes_1_1_3.SecurityImpactLevel

func (*SecurityImpactLevel) UnmarshalOscal 

func (s *SecurityImpactLevel) UnmarshalOscal(osi oscalTypes_1_1_3.SecurityImpactLevel) *SecurityImpactLevel

type SelectControlById 

type SelectControlById struct {
	UUIDModel
	WithChildControls string                        `json:"with-child-controls"`
	WithIds           datatypes.JSONSlice[string]   `json:"with-ids"`
	Matching          datatypes.JSONSlice[Matching] `json:"matching"`

	ParentID   uuid.UUID
	ParentType string
}

func (*SelectControlById) MarshalOscal 

func (s *SelectControlById) MarshalOscal() oscalTypes_1_1_3.SelectControlById

func (*SelectControlById) UnmarshalOscal 

func (s *SelectControlById) UnmarshalOscal(o oscalTypes_1_1_3.SelectControlById) *SelectControlById

type SelectObjectiveById 

type SelectObjectiveById struct {
	UUIDModel
	Objective string // required

	ParentID   uuid.UUID
	ParentType string
}

func (*SelectObjectiveById) MarshalOscal 

func (i *SelectObjectiveById) MarshalOscal() *oscalTypes_1_1_3.SelectObjectiveById

func (*SelectObjectiveById) UnmarshalOscal 

func (i *SelectObjectiveById) UnmarshalOscal(op oscalTypes_1_1_3.SelectObjectiveById) *SelectObjectiveById

type SelectSubjectById 

type SelectSubjectById struct {
	UUIDModel
	AssessmentSubjectID uuid.UUID

	// SubjectUUID technically represents a UUID of a component, party, location, user, or inventory item.
	// It will likely be updated once we can map it correctly
	SubjectUUID uuid.UUID
	Remarks     *string
	Props       datatypes.JSONSlice[Prop]
	Links       datatypes.JSONSlice[Link]
}

func (*SelectSubjectById) MarshalOscal 

func (i *SelectSubjectById) MarshalOscal() *oscalTypes_1_1_3.SelectSubjectById

func (*SelectSubjectById) UnmarshalOscal 

func (i *SelectSubjectById) UnmarshalOscal(op oscalTypes_1_1_3.SelectSubjectById) *SelectSubjectById

type SetParameter 

type SetParameter oscaltypes113.SetParameter

func (*SetParameter) MarshalOscal 

func (sp *SetParameter) MarshalOscal() *oscaltypes113.SetParameter

func (*SetParameter) UnmarshalOscal 

func (sp *SetParameter) UnmarshalOscal(osp oscaltypes113.SetParameter) *SetParameter

type SlackLinkAttempt added in v0.15.0 

type SlackLinkAttempt struct {
	UUIDModel

	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	State  string `json:"state" gorm:"size:256;not null;uniqueIndex:idx_ccf_slack_link_attempts_expires_at_state,priority:1"`
	UserID string `json:"userId" gorm:"not null;index"`

	ExpiresAt time.Time `json:"expiresAt" gorm:"not null;uniqueIndex:idx_ccf_slack_link_attempts_expires_at_state,priority:2"`
}

SlackLinkAttempt stores one-time OAuth state for Slack profile linking.

func (SlackLinkAttempt) TableName added in v0.15.0 

func (SlackLinkAttempt) TableName() string
type SlackUserLink struct {
	UUIDModel

	CreatedAt time.Time      `json:"createdAt"`
	UpdatedAt time.Time      `json:"updatedAt"`
	DeletedAt gorm.DeletedAt `json:"deletedAt" gorm:"index"`

	UserID string `json:"userId" gorm:"not null;uniqueIndex:idx_ccf_slack_user_links_user,WHERE:deleted_at IS NULL"`

	SlackUserID string `json:"slackUserId" gorm:"not null;uniqueIndex:idx_ccf_slack_user_links_identity,WHERE:deleted_at IS NULL"`
	SlackTeamID string `json:"slackTeamId" gorm:"not null;uniqueIndex:idx_ccf_slack_user_links_identity,WHERE:deleted_at IS NULL"`

	SlackTeamDomain  string `json:"slackTeamDomain"`
	SlackTeamName    string `json:"slackTeamName"`
	SlackDisplayName string `json:"slackDisplayName"`
	SlackEmail       string `json:"slackEmail"`

	LastLinkedAt time.Time `json:"lastLinkedAt"`

	User User `json:"user,omitempty" gorm:"foreignKey:UserID;references:ID"`
}

SlackUserLink associates a CCF user with a Slack account.

func (SlackUserLink) TableName added in v0.15.0 

func (SlackUserLink) TableName() string

type Statement 

type Statement struct {
	UUIDModel
	StatementId      string                    `json:"statement-id"`
	Props            datatypes.JSONSlice[Prop] `json:"props"`
	Links            datatypes.JSONSlice[Link] `json:"links"`
	ResponsibleRoles []ResponsibleRole         `json:"responsible-roles" gorm:"polymorphic:Parent"`
	ByComponents     []ByComponent             `json:"by-components,omitempty" gorm:"polymorphic:Parent"`
	Remarks          string                    `json:"remarks"`

	ImplementedRequirementId uuid.UUID
}

func (*Statement) MarshalOscal 

func (s *Statement) MarshalOscal() *oscalTypes_1_1_3.Statement

func (*Statement) UnmarshalOscal 

func (s *Statement) UnmarshalOscal(os oscalTypes_1_1_3.Statement) *Statement

type Status 

type Status oscalTypes_1_1_3.Status

func (*Status) MarshalOscal 

func (s *Status) MarshalOscal() *oscalTypes_1_1_3.Status

func (*Status) UnmarshalOscal 

func (s *Status) UnmarshalOscal(osi oscalTypes_1_1_3.Status) *Status

type Step 

type Step struct {
	UUIDModel
	ActivityID uuid.UUID

	Title       *string `json:"title,omitempty"`
	Description string  `json:"description,omitempty"` // required
	Remarks     *string `json:"remarks,omitempty"`

	Props datatypes.JSONSlice[Prop] `json:"props,omitempty"`
	Links datatypes.JSONSlice[Link] `json:"links,omitempty"`

	ResponsibleRoles []ResponsibleRole `gorm:"polymorphic:Parent;" json:"responsible-roles,omitempty"`

	ReviewedControlsID *uuid.UUID
	ReviewedControls   *ReviewedControls `json:"reviewed-controls,omitempty"`
}

func (*Step) MarshalOscal 

func (i *Step) MarshalOscal() *oscalTypes_1_1_3.Step

func (*Step) UnmarshalOscal 

func (i *Step) UnmarshalOscal(op oscalTypes_1_1_3.Step) *Step

type SubjectReference 

type SubjectReference oscalTypes_1_1_3.SubjectReference

SubjectReference represents a subject reference in OSCAL.

func (*SubjectReference) MarshalOscal 

func (s *SubjectReference) MarshalOscal() *oscalTypes_1_1_3.SubjectReference

func (*SubjectReference) UnmarshalOscal 

func (s *SubjectReference) UnmarshalOscal(os oscalTypes_1_1_3.SubjectReference) *SubjectReference

type SystemCharacteristics 

type SystemCharacteristics struct {
	UUIDModel
	SystemName               string     `json:"system-name"`
	SystemNameShort          string     `json:"system-name-short"`
	Description              string     `json:"description"`
	DateAuthorized           *time.Time `json:"date-authorized"`
	SecuritySensitivityLevel string     `json:"security-sensitivity-level"`
	Remarks                  string     `json:"remarks"`

	SystemIds             datatypes.JSONSlice[SystemId]         `json:"system-ids"`
	Status                datatypes.JSONType[Status]            `json:"status"`
	SystemInformation     datatypes.JSONType[SystemInformation] `json:"system-information"`
	AuthorizationBoundary *AuthorizationBoundary                `json:"authorization-boundary"`
	NetworkArchitecture   *NetworkArchitecture
	DataFlow              *DataFlow
	SecurityImpactLevel   *datatypes.JSONType[SecurityImpactLevel] `json:"security-impact-level"`
	Links                 datatypes.JSONSlice[Link]                `json:"links"`
	Props                 datatypes.JSONSlice[Prop]                `json:"props"`
	ResponsibleParties    datatypes.JSONSlice[ResponsibleParty]    `json:"responsible-parties"`

	SystemSecurityPlanId uuid.UUID
}

func (*SystemCharacteristics) MarshalOscal 

func (sc *SystemCharacteristics) MarshalOscal() *oscalTypes_1_1_3.SystemCharacteristics

MarshalOscal converts the SystemCharacteristics back to an OSCAL SystemCharacteristics

func (*SystemCharacteristics) UnmarshalOscal 

func (sc *SystemCharacteristics) UnmarshalOscal(osc oscalTypes_1_1_3.SystemCharacteristics) *SystemCharacteristics

type SystemComponent 

type SystemComponent struct {
	UUIDModel
	Type             string                                    `json:"type"`
	Title            string                                    `json:"title"`
	Description      string                                    `json:"description"`
	Purpose          string                                    `json:"purpose"`
	Status           datatypes.JSONType[SystemComponentStatus] `json:"status"`
	ResponsibleRoles []ResponsibleRole                         `json:"responsible-roles" gorm:"polymorphic:Parent;"`
	Protocols        datatypes.JSONSlice[Protocol]             `json:"protocols"`
	Remarks          string                                    `json:"remarks"`
	Props            datatypes.JSONSlice[Prop]                 `json:"props"`
	Links            datatypes.JSONSlice[Link]                 `json:"links"`

	SystemImplementationId uuid.UUID
	DefinedComponentID     *uuid.UUID `json:"definedComponentId,omitempty" gorm:"type:uuid;index"`

	Evidence []Evidence `gorm:"many2many:evidence_components"`
	Filters  []Filter   `gorm:"many2many:filter_system_components;"`
}

func (*SystemComponent) MarshalOscal 

func (sc *SystemComponent) MarshalOscal() *oscalTypes_1_1_3.SystemComponent

MarshalOscal converts the SystemComponent back to an OSCAL SystemComponent

func (*SystemComponent) UnmarshalOscal 

func (sc *SystemComponent) UnmarshalOscal(osc oscalTypes_1_1_3.SystemComponent) *SystemComponent

type SystemComponentStatus 

type SystemComponentStatus oscalTypes_1_1_3.SystemComponentStatus

func (*SystemComponentStatus) MarshalOscal 

func (s *SystemComponentStatus) MarshalOscal() *oscalTypes_1_1_3.SystemComponentStatus

func (*SystemComponentStatus) UnmarshalOscal 

func (s *SystemComponentStatus) UnmarshalOscal(os oscalTypes_1_1_3.SystemComponentStatus) *SystemComponentStatus

type SystemComponentSuggestion added in v0.13.0 

type SystemComponentSuggestion struct {
	Name                  string    `json:"name"`
	Type                  string    `json:"type"`
	Description           string    `json:"description"`
	Purpose               string    `json:"purpose"`
	DefinedComponentID    uuid.UUID `json:"definedComponentId"`
	ComponentDefinitionID uuid.UUID `json:"componentDefinitionId"`
}

SystemComponentSuggestion represents a DefinedComponent that can be added to the SSP as a SystemComponent.

type SystemComponentSuggestionService added in v0.13.0 

type SystemComponentSuggestionService struct {
	// contains filtered or unexported fields
}

SystemComponentSuggestionService provides methods to suggest and apply SystemComponent suggestions from DefinedComponents.

func NewSystemComponentSuggestionService added in v0.13.0 

func NewSystemComponentSuggestionService(db *gorm.DB, evidenceSvc EvidenceQuerier) *SystemComponentSuggestionService

NewSystemComponentSuggestionService creates a new SystemComponentSuggestionService.

func (*SystemComponentSuggestionService) ApplyForImplementedRequirement added in v0.13.0 

func (s *SystemComponentSuggestionService) ApplyForImplementedRequirement(
	sspID uuid.UUID,
	implReqID uuid.UUID,
) error

ApplyForImplementedRequirement creates missing SystemComponents for all suggestions related to the given ImplementedRequirement and links each one via a ByComponent entry. Idempotent: re-running is safe.

func (*SystemComponentSuggestionService) ApplyForSSP added in v0.13.0 

func (s *SystemComponentSuggestionService) ApplyForSSP(sspID uuid.UUID) error

ApplyForSSP iterates all ImplementedRequirements for the SSP and applies component suggestions for each.

func (*SystemComponentSuggestionService) ApplyForStatement added in v0.13.0 

func (s *SystemComponentSuggestionService) ApplyForStatement(
	sspID uuid.UUID,
	implReqID uuid.UUID,
	stmtID uuid.UUID,
) error

ApplyForStatement creates missing SystemComponents for all suggestions related to the parent ImplementedRequirement and links each one to the statement via ByComponent.

func (*SystemComponentSuggestionService) ApplySuggestionForImplementedRequirement added in v0.13.0 

func (s *SystemComponentSuggestionService) ApplySuggestionForImplementedRequirement(
	sspID uuid.UUID,
	implReqID uuid.UUID,
	componentDefinitionID uuid.UUID,
	definedComponentID uuid.UUID,
) error

ApplySuggestionForImplementedRequirement creates or reuses a SystemComponent for the provided suggestion and links it to the ImplementedRequirement via ByComponent.

func (*SystemComponentSuggestionService) ApplySuggestionForStatement added in v0.13.0 

func (s *SystemComponentSuggestionService) ApplySuggestionForStatement(
	sspID uuid.UUID,
	implReqID uuid.UUID,
	stmtID uuid.UUID,
	componentDefinitionID uuid.UUID,
	definedComponentID uuid.UUID,
) error

ApplySuggestionForStatement creates or reuses a SystemComponent for the provided suggestion and links it to the Statement via ByComponent.

func (*SystemComponentSuggestionService) SuggestForImplementedRequirement added in v0.13.0 

func (s *SystemComponentSuggestionService) SuggestForImplementedRequirement(
	sspID uuid.UUID,
	implReqID uuid.UUID,
) ([]SystemComponentSuggestion, error)

SuggestForImplementedRequirement finds DefinedComponents that are relevant to the control of the given ImplementedRequirement by tracing the path: Control → Filter → Evidence → ComponentDefinitionLabels. Components already linked to this ImplementedRequirement via a ByComponent entry are excluded; components merely present elsewhere in the SSP's SystemImplementation are still suggested.

func (*SystemComponentSuggestionService) SuggestForStatement added in v0.13.0 

func (s *SystemComponentSuggestionService) SuggestForStatement(
	sspID uuid.UUID,
	implReqID uuid.UUID,
	stmtID uuid.UUID,
) ([]SystemComponentSuggestion, error)

SuggestForStatement returns the same candidate components as the parent ImplementedRequirement, after validating that the statement belongs to the given requirement and SSP. Exclusion is evaluated against the statement's own ByComponent links, not the requirement's.

type SystemId 

type SystemId oscalTypes_1_1_3.SystemId

func (*SystemId) MarshalOscal 

func (si *SystemId) MarshalOscal() *oscalTypes_1_1_3.SystemId

func (*SystemId) UnmarshalOscal 

func (si *SystemId) UnmarshalOscal(osi oscalTypes_1_1_3.SystemId) *SystemId

type SystemImplementation 

type SystemImplementation struct {
	UUIDModel
	Props                   datatypes.JSONSlice[Prop] `json:"props,omitempty"`
	Links                   datatypes.JSONSlice[Link] `json:"links,omitempty"`
	Remarks                 string                    `json:"remarks"`
	Users                   []SystemUser              `json:"users"`
	LeveragedAuthorizations []LeveragedAuthorization  `json:"leveraged-authorizations"`
	Components              []SystemComponent         `json:"components"`
	InventoryItems          []InventoryItem           `json:"inventory-items"`

	SystemSecurityPlanId uuid.UUID
}

func (*SystemImplementation) MarshalOscal 

func (si *SystemImplementation) MarshalOscal() *oscalTypes_1_1_3.SystemImplementation

func (*SystemImplementation) UnmarshalOscal 

func (si *SystemImplementation) UnmarshalOscal(osi oscalTypes_1_1_3.SystemImplementation) *SystemImplementation

type SystemInformation 

type SystemInformation struct {
	UUIDModel
	Props datatypes.JSONSlice[Prop] `json:"props"`
	Links datatypes.JSONSlice[Link] `json:"links"`

	InformationTypes []InformationType `json:"information-types"`

	SystemCharacteristicsId uuid.UUID
}

func (*SystemInformation) MarshalOscal 

func (si *SystemInformation) MarshalOscal() *oscalTypes_1_1_3.SystemInformation

func (*SystemInformation) UnmarshalOscal 

func (si *SystemInformation) UnmarshalOscal(osi oscalTypes_1_1_3.SystemInformation) *SystemInformation

type SystemNotificationDestination added in v0.16.0 

type SystemNotificationDestination struct {
	UUIDModel

	CreatedAt time.Time      `json:"createdAt"`
	UpdatedAt time.Time      `json:"updatedAt"`
	DeletedAt gorm.DeletedAt `json:"deletedAt" gorm:"index"`

	NotificationType string `` /* 226-byte string literal not displayed */
	Provider         string `` /* 128-byte string literal not displayed */

	Target datatypes.JSONType[SystemNotificationTarget] `json:"target"`
}

SystemNotificationDestination stores system-wide notification delivery targets for a notification type and provider combination.

func (SystemNotificationDestination) TableName added in v0.16.0 

func (SystemNotificationDestination) TableName() string

type SystemNotificationTarget added in v0.16.0 

type SystemNotificationTarget struct {
	Address map[string]string `json:"address"`
}

SystemNotificationTarget stores the provider-specific address attributes for a system-wide notification destination target.

type SystemSecurityPlan 

type SystemSecurityPlan struct {
	UUIDModel
	Metadata   Metadata    `json:"metadata" gorm:"polymorphic:Parent;"`
	BackMatter *BackMatter `json:"back-matter" gorm:"polymorphic:Parent;"`

	ImportProfile         datatypes.JSONType[ImportProfile] `json:"import-profile"`
	SystemCharacteristics SystemCharacteristics             `json:"system-characteristics"`
	SystemImplementation  SystemImplementation              `json:"system-implementation"`
	ControlImplementation ControlImplementation             `json:"control-implementation"`

	// Deprecated: Use Profiles (M:M via ssp_profiles) instead.
	// Kept for backward-compatible migration; will be dropped in a future release.
	ProfileID *uuid.UUID
	Profile   *Profile

	// Profiles holds the many-to-many relationship via the ssp_profiles join table.
	Profiles []Profile `json:"profiles" gorm:"many2many:ssp_profiles;"`
}

func (*SystemSecurityPlan) MarshalOscal 

func (s *SystemSecurityPlan) MarshalOscal() *oscalTypes_1_1_3.SystemSecurityPlan

func (*SystemSecurityPlan) UnmarshalOscal 

func (s *SystemSecurityPlan) UnmarshalOscal(os oscalTypes_1_1_3.SystemSecurityPlan) *SystemSecurityPlan

type SystemUser 

type SystemUser struct {
	UUIDModel
	Title                string                      `json:"title"`
	ShortName            string                      `json:"short-name"`
	Description          string                      `json:"description"`
	Remarks              string                      `json:"remarks"`
	Props                datatypes.JSONSlice[Prop]   `json:"props"`
	Links                datatypes.JSONSlice[Link]   `json:"links"`
	RoleIDs              datatypes.JSONSlice[string] `json:"role-ids"`
	AuthorizedPrivileges []AuthorizedPrivilege       `json:"authorized-privileges"`

	SystemImplementationId uuid.UUID
}

func (*SystemUser) MarshalOscal 

func (u *SystemUser) MarshalOscal() *oscalTypes_1_1_3.SystemUser

func (*SystemUser) UnmarshalOscal 

func (u *SystemUser) UnmarshalOscal(ou oscalTypes_1_1_3.SystemUser) *SystemUser

type Task 

type Task struct {
	UUIDModel

	Type        string // required: [ milestone | action ]
	Title       string // required
	Description *string
	Remarks     *string
	Props       datatypes.JSONSlice[Prop] `json:"props"`
	Links       datatypes.JSONSlice[Link] `json:"links"`

	Dependencies         []TaskDependency // Different struct, as each dependency can have additional remarks
	Tasks                []Task           `gorm:"many2many:task_tasks;joinForeignKey:ParentTaskID;joinReferences:ChildTaskID"` // Sub tasks
	AssociatedActivities []AssociatedActivity
	Subjects             []AssessmentSubject `gorm:"many2many:task_subjects"`
	ResponsibleRole      []ResponsibleRole   `gorm:"polymorphic:Parent;"`
	Timing               *datatypes.JSONType[oscalTypes_1_1_3.EventTiming]

	ParentID   *uuid.UUID
	ParentType string
}

Task can fall under an AssessmentPlan, AssessmentResult, or Response

func (*Task) MarshalOscal 

func (i *Task) MarshalOscal() *oscalTypes_1_1_3.Task

func (*Task) UnmarshalOscal 

func (i *Task) UnmarshalOscal(op oscalTypes_1_1_3.Task) *Task

type TaskDependency 

type TaskDependency struct {
	UUIDModel
	TaskID  uuid.UUID
	Task    Task
	Remarks *string
}

func (*TaskDependency) MarshalOscal 

func (i *TaskDependency) MarshalOscal() *oscalTypes_1_1_3.TaskDependency

func (*TaskDependency) UnmarshalOscal 

func (i *TaskDependency) UnmarshalOscal(op oscalTypes_1_1_3.TaskDependency) *TaskDependency

type TelephoneNumber 

type TelephoneNumber struct {
	Type   *TelephoneNumberType `json:"type"`
	Number string               `json:"number"`
}

func (*TelephoneNumber) MarshalOscal 

func (t *TelephoneNumber) MarshalOscal() *oscaltypes113.TelephoneNumber

MarshalOscal converts the TelephoneNumber back to an OSCAL TelephoneNumber

func (*TelephoneNumber) UnmarshalOscal 

func (t *TelephoneNumber) UnmarshalOscal(number oscaltypes113.TelephoneNumber) *TelephoneNumber

type TelephoneNumberType 

type TelephoneNumberType string
const (
	TelephoneNumberTypeHome   TelephoneNumberType = "home"
	TelephoneNumberTypeOffice TelephoneNumberType = "office"
	TelephoneNumberTypeMobile TelephoneNumberType = "mobile"
)

type TermsAndConditions 

type TermsAndConditions struct {
	UUIDModel
	AssessmentPlanID uuid.UUID
	Parts            []AssessmentPart `gorm:"many2many:terms_and_conditions_parts"`
}

func (*TermsAndConditions) MarshalOscal 

func (i *TermsAndConditions) MarshalOscal() *oscalTypes_1_1_3.AssessmentPlanTermsAndConditions

func (*TermsAndConditions) UnmarshalOscal 

func (i *TermsAndConditions) UnmarshalOscal(op oscalTypes_1_1_3.AssessmentPlanTermsAndConditions) *TermsAndConditions

type ThreatId 

type ThreatId oscalTypes_1_1_3.ThreatId

ThreatId represents a threat ID in OSCAL.

func (*ThreatId) MarshalOscal 

func (t *ThreatId) MarshalOscal() *oscalTypes_1_1_3.ThreatId

func (*ThreatId) UnmarshalOscal 

func (t *ThreatId) UnmarshalOscal(ot oscalTypes_1_1_3.ThreatId) *ThreatId

type UUIDModel 

type UUIDModel struct {
	ID *uuid.UUID `json:"id" gorm:"type:uuid;primary_key;"`
}

func (*UUIDModel) BeforeCreate 

func (u *UUIDModel) BeforeCreate(tx *gorm.DB) (err error)

type User 

type User struct {
	UUIDModel

	CreatedAt time.Time      `json:"createdAt"`
	UpdatedAt time.Time      `json:"updatedAt"`
	DeletedAt gorm.DeletedAt `json:"deletedAt" gorm:"index"` // Soft delete

	Email        string `json:"email" gorm:"uniqueIndex:idx_ccf_users_email,WHERE:deleted_at IS NULL;not null"`
	PasswordHash string `gorm:"" json:"-"`

	FirstName string `json:"firstName"`
	LastName  string `json:"lastName"`

	LastLogin    *time.Time `json:"lastLogin,omitempty"`
	IsActive     bool       `json:"isActive" gorm:"default:true"`
	IsLocked     bool       `json:"isLocked" gorm:"default:false"`
	FailedLogins int        `json:"failedLogins" gorm:"default:0"`

	AuthMethod     string `json:"authMethod"`
	UserAttributes string `json:"userAttributes"`
}

func (*User) CheckPassword 

func (u *User) CheckPassword(password string) bool

func (*User) SetPassword 

func (u *User) SetPassword(password string) error

func (User) TableName 

func (User) TableName() string

type UserGroup added in v0.17.0 

type UserGroup struct {
	UUIDModel

	CreatedAt time.Time      `json:"createdAt"`
	UpdatedAt time.Time      `json:"updatedAt"`
	DeletedAt gorm.DeletedAt `json:"deletedAt" gorm:"index"`

	// Name is the group's policy-facing identifier — the token that appears in
	// subject.groups and that role-assignment config matches on. Unique among live groups.
	Name        string `json:"name" gorm:"uniqueIndex:idx_ccf_groups_name,WHERE:deleted_at IS NULL;not null"`
	Description string `json:"description"`

	// Source records how the group came to exist: GroupSourceManual (an admin created it via the API)
	// or GroupSourceSSO (SSO provisioning materialized it from a group_mapping value). It defaults to
	// manual so admin-created and pre-attribution groups are never auto-removed. Only sso groups that
	// have become fully unreferenced are cleaned up at boot (CleanupOrphanedSSOGroups); the source is
	// set only when the group is first created, so an admin group that later appears in SSO config
	// stays manual.
	Source string `json:"source" gorm:"not null;default:manual"`
}

UserGroup is a native, CCF-managed group of users. It exists so group-based authorization works for every user regardless of auth method: a native group's membership is unioned with the IdP groups synced via SSOUserLink to form the source-agnostic subject.groups attribute (BCH-1328, BCH-1319 §7). The table is named ccf_groups; the "User" prefix on the Go type avoids colliding with the OSCAL catalog Group (relational.Group).

func (UserGroup) TableName added in v0.17.0 

func (UserGroup) TableName() string

type UserGroupMembership added in v0.17.0 

type UserGroupMembership struct {
	UUIDModel

	CreatedAt time.Time `json:"createdAt"`

	UserID  string `json:"userId" gorm:"not null;uniqueIndex:idx_ccf_user_groups_user_group,priority:1"`
	GroupID string `json:"groupId" gorm:"not null;uniqueIndex:idx_ccf_user_groups_user_group,priority:2;index"`

	// Source records who owns this membership: MembershipSourceManual (an admin added it) or
	// MembershipSourceSSO (the login sync materialized it from an IdP group). It defaults to
	// manual so pre-BCH-1331 rows are treated as admin-managed. The SSO sync only ever touches
	// sso rows; the admin remove-member API refuses to delete sso rows (BCH-1331).
	Source string `json:"source" gorm:"not null;default:manual"`

	// Provider attributes an sso membership to the SSO provider whose mapping materialized it
	// (matching SSOUserLink.Provider / the login callback's provider name); empty for manual rows and
	// for sso rows created before attribution existed. Reconcile uses it to de-provision exactly the
	// rows the logging-in provider granted, so a group_mapping change is treated like the IdP
	// changing the user's groups, and two providers that map the SAME native group do not pin each
	// other's memberships — the previous group-scoped reconcile could not tell whose membership a
	// shared group was, leaving a renamed mapping's old membership stranded as an un-removable sso row.
	Provider string `json:"provider,omitempty" gorm:"default:''"`

	Group UserGroup `json:"group,omitempty" gorm:"foreignKey:GroupID;references:ID"`
}

UserGroupMembership joins a CCF user to a native UserGroup. The (UserID, GroupID) pair is unique so a user appears in a group at most once. It is a hard-delete join table (removing a member deletes the row); the group and the user themselves are soft-deletable.

func (UserGroupMembership) TableName added in v0.17.0 

func (UserGroupMembership) TableName() string

type UserNotificationSubscription added in v0.15.0 

type UserNotificationSubscription struct {
	UUIDModel

	CreatedAt time.Time      `json:"createdAt"`
	UpdatedAt time.Time      `json:"updatedAt"`
	DeletedAt gorm.DeletedAt `json:"deletedAt" gorm:"index"`

	UserID string `json:"userId" gorm:"not null;uniqueIndex:idx_ccf_user_notification_subscriptions_unique,WHERE:deleted_at IS NULL"`

	NotificationType string                      `` /* 212-byte string literal not displayed */
	Channels         datatypes.JSONSlice[string] `json:"channels"`
}

UserNotificationSubscription stores selected delivery channels for a user notification type.

func (UserNotificationSubscription) TableName added in v0.15.0 

func (UserNotificationSubscription) TableName() string

type UsesComponent 

type UsesComponent struct {
	UUIDModel
	AssessmentPlatformID uuid.UUID
	AssessmentPlatform   *AssessmentPlatform // parent
	Remarks              *string
	Props                datatypes.JSONSlice[Prop]
	Links                datatypes.JSONSlice[Link]
	ComponentID          uuid.UUID
	Component            DefinedComponent   // child
	ResponsibleParties   []ResponsibleParty `gorm:"many2many:uses_component_responsible_parties"`
}

func (*UsesComponent) MarshalOscal 

func (i *UsesComponent) MarshalOscal() *oscalTypes_1_1_3.UsesComponent

func (*UsesComponent) UnmarshalOscal 

func (i *UsesComponent) UnmarshalOscal(op oscalTypes_1_1_3.UsesComponent) *UsesComponent

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.