Documentation
¶
Index ¶
- func ExtractAssessmentConfigs(policyID string, graph *DependencyGraph) []plugin.AssessmentConfiguration
- func GroupByEvaluator(configs []plugin.AssessmentConfiguration, graph *DependencyGraph) map[string]EvaluatorGroup
- func SaveGenerationState(baseDir, policyID string, state *GenerationState) error
- type Assessment
- type Control
- type DependencyGraph
- type EvaluatorGroup
- type GenerationState
- type Guideline
- type Loader
- func (l *Loader) GetCachedVersions(policyID string) ([]string, error)
- func (l *Loader) ListCachedPolicies() (map[string][]string, error)
- func (l *Loader) LoadLayerByMediaType(policyID, version, mediaType string) ([]byte, error)
- func (l *Loader) PolicyExists(policyID, version string) bool
- func (l *Loader) ResolveVersion(policyID, configVersion string) (string, error)
- type PolicyLoader
- type PolicyTimeline
- type Resolver
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractAssessmentConfigs ¶
func ExtractAssessmentConfigs(policyID string, graph *DependencyGraph) []plugin.AssessmentConfiguration
ExtractAssessmentConfigs converts a DependencyGraph into plugin-ready AssessmentConfiguration entries. EvaluatorID is set as a routing field on the struct — it is not injected into Parameters. Parameters should only carry per-requirement variable overrides for the plugin.
func GroupByEvaluator ¶
func GroupByEvaluator(configs []plugin.AssessmentConfiguration, graph *DependencyGraph) map[string]EvaluatorGroup
GroupByEvaluator groups assessment configs by EvaluatorID. See R32: specs/001-gemara-native-workflow/research.md
func SaveGenerationState ¶
func SaveGenerationState(baseDir, policyID string, state *GenerationState) error
SaveGenerationState persists a GenerationState to the generation directory. Creates the full directory path, including any subdirectories from nested policy IDs (e.g. "policies/cis-fedora-l1-workstation").
Types ¶
type Assessment ¶
Assessment holds a single assessment entry with its optional evaluator binding.
type Control ¶
type Control struct {
ID string
Content []byte
Parsed *gemara.ControlCatalog
}
Control pairs raw OCI layer content with a parsed Gemara ControlCatalog.
type DependencyGraph ¶
type DependencyGraph struct {
PolicyID string
Controls []Control
Guidelines []Guideline
Assessments []Assessment
EvaluatorID string
Timeline *PolicyTimeline
}
DependencyGraph represents a resolved set of Controls, Guidelines, and Assessments
type EvaluatorGroup ¶
type EvaluatorGroup struct {
EvaluatorID string
Configs []plugin.AssessmentConfiguration
}
EvaluatorGroup bundles per-requirement configs for a single evaluator.
type GenerationState ¶
type GenerationState struct {
PolicyID string `json:"policy_id"`
PolicyDigest string `json:"policy_digest"`
GeneratedAt string `json:"generated_at"`
EvaluatorIDs []string `json:"evaluator_ids"`
}
GenerationState tracks the policy cache digest at generation time for freshness detection. Persisted per policy at {workspace}/{WorkspaceDir}/generation/{policy-id}.json See R37: specs/001-gemara-native-workflow/research.md
func LoadGenerationState ¶
func LoadGenerationState(baseDir, policyID string) (*GenerationState, error)
LoadGenerationState reads a persisted GenerationState for the given policy. Returns nil (no error) when no state file exists.
func NewGenerationState ¶
func NewGenerationState(policyID, digest string, evaluatorIDs []string) *GenerationState
NewGenerationState creates a GenerationState with the current timestamp.
func (*GenerationState) IsFresh ¶
func (s *GenerationState) IsFresh(currentDigest string) bool
IsFresh returns true when the persisted digest matches the current cache digest.
type Guideline ¶
type Guideline struct {
ID string
Content []byte
Parsed *gemara.GuidanceCatalog
}
Guideline pairs raw OCI layer content with a parsed Gemara GuidanceCatalog.
type Loader ¶
type Loader struct {
// contains filtered or unexported fields
}
Loader reads policy artifacts from OCI Layout cache stores.
func (*Loader) GetCachedVersions ¶
func (*Loader) ListCachedPolicies ¶
func (*Loader) LoadLayerByMediaType ¶
LoadLayerByMediaType loads a specific Gemara layer from the policy's OCI manifest by matching the layer descriptor's media type.
func (*Loader) PolicyExists ¶
func (*Loader) ResolveVersion ¶
ResolveVersion resolves a policy version against the cache. If the requested version is empty or "latest", it returns the last cached tag. If the exact version exists in cache, it is returned as-is.
type PolicyLoader ¶
type PolicyLoader interface {
LoadLayerByMediaType(policyID, version, mediaType string) ([]byte, error)
PolicyExists(policyID, version string) bool
ResolveVersion(policyID, configVersion string) (string, error)
}
PolicyLoader abstracts the Loader methods used by Resolver, enabling mock injection for unit tests without coupling to OCI store internals.
type PolicyTimeline ¶
type PolicyTimeline struct {
EvaluationStart string
EvaluationEnd string
EvaluationNotes string
EnforcementStart string
EnforcementEnd string
EnforcementNotes string
}
PolicyTimeline captures the evaluation and enforcement periods from a Gemara Policy's implementation-plan. Nil when the policy defines no implementation-plan. Datetime strings follow ISO 8601.
type Resolver ¶
type Resolver struct {
// contains filtered or unexported fields
}
Resolver builds a DependencyGraph from cached OCI layers for a given policy.
func NewResolver ¶
func NewResolver(loader PolicyLoader) *Resolver
func (*Resolver) ResolvePolicyGraph ¶
func (r *Resolver) ResolvePolicyGraph(policyID, version string) (*DependencyGraph, error)
ResolvePolicyGraph builds a DependencyGraph from cached OCI layers.
Source Files