scan

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Overview

Package scan provides deterministic Memory v2 pre-write content checks.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action 

type Action string

Action is the strongest deterministic outcome produced by the scanner. 

const (
	// ActionAllow means no scan rule matched.
	ActionAllow Action = "allow"
	// ActionAnnotate means the content may continue with a safe policy note.
	ActionAnnotate Action = "annotate"
	// ActionReject means the content must not be persisted.
	ActionReject Action = "reject"
)

type Category 

type Category string

Category groups scan matches by policy family. 

const (
	// CategoryThreat covers prompt-injection, exfiltration, and persistence payloads.
	CategoryThreat Category = "threat"
	// CategoryWhatNotToSave covers Slice 1 persistence denylist policy.
	CategoryWhatNotToSave Category = "what_not_to_save"
	// CategoryAnnotation covers non-blocking policy hints for later controller tasks.
	CategoryAnnotation Category = "annotation"
)

type Match 

type Match struct {
	RuleID   string
	Category Category
	Action   Action
	Reason   string
}

Match describes one deterministic rule hit without exposing the matched content.

type Result 

type Result struct {
	Action  Action
	Matches []Match
}

Result is the redaction-safe outcome of scanning candidate memory content.

func Candidate 

func Candidate(candidate memcontract.Candidate) Result

Candidate scans the candidate content before persistence.

func Content 

func Content(content string) Result

Content scans memory content with deterministic lexical policy rules.

func (Result) Allowed 

func (r Result) Allowed() bool

Allowed reports whether the scan result may continue to later write decisions.

func (Result) Reason 

func (r Result) Reason() string

Reason returns a redaction-safe explanation that never includes scanned content.

func (Result) Rejected 

func (r Result) Rejected() bool

Rejected reports whether the scan result must block persistence.

func (Result) RuleHits 

func (r Result) RuleHits() []memcontract.RuleHit

RuleHits converts scan matches to controller rule-trace entries.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.