Documentation
¶
Overview ¶
Package securitymanifest projects the stable compiler IR into a declarative, machine-readable security posture (gowdk-security.json). It records what the generated app actually exposes — every route, backend endpoint, and contract with its guards, CSRF state, body limit, and source location, plus the frontend surface (raw-HTML sinks, secret scan, header configuration, and client route-guard coverage).
The manifest is "what is": it never decides whether the posture is acceptable. Policy evaluation and findings live in internal/auditspec, which consumes this manifest. Keeping the projection free of policy keeps gowdk-security.json stable and equally auditable by a human or an LLM regardless of which policies are declared.
Index ¶
Constants ¶
const PublicGuardID = "public"
PublicGuardID is the guard ID that marks an intentionally public target.
const SchemaVersion = 1
SchemaVersion is the gowdk-security.json schema version.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BundleLeak ¶
BundleLeak records a secret-shaped value found in embedded output or build-time data.
type ConfiguredHeader ¶
type ConfiguredHeader struct {
Name string `json:"name"`
}
ConfiguredHeader records one header configured for generated runtime output.
type ContractEntry ¶
type ContractEntry struct {
Name string `json:"name"`
Kind string `json:"kind"`
Roles []string `json:"roles,omitempty"`
Status string `json:"status,omitempty"`
}
ContractEntry is the posture of one command/query contract reference.
type EndpointEntry ¶
type EndpointEntry struct {
ID string `json:"id"`
Kind string `json:"kind"`
Method string `json:"method,omitempty"`
Path string `json:"path,omitempty"`
Guards []string `json:"guards,omitempty"`
CSRF bool `json:"csrf"`
BodyLimitBytes int64 `json:"bodyLimitBytes,omitempty"`
Public bool `json:"public"`
DefaultDeny bool `json:"defaultDeny"`
PageID string `json:"pageId,omitempty"`
Source string `json:"source,omitempty"`
}
EndpointEntry is the posture of one backend action/api/fragment/contract endpoint.
type FrontendSurface ¶
type FrontendSurface struct {
UnguardedRoutes []UnguardedRoute `json:"unguardedRoutes"`
BundleSecrets []BundleLeak `json:"bundleSecrets"`
RawHTMLSinks []RawHTMLSink `json:"rawHtmlSinks"`
ConfiguredHeaders []ConfiguredHeader `json:"configuredHeaders"`
}
FrontendSurface describes the build-time / client-facing security surface. Policy evaluation consumes these posture facts without deciding whether they are acceptable here.
type RawHTMLSink ¶
type RawHTMLSink struct {
OwnerKind string `json:"ownerKind"`
OwnerID string `json:"ownerId"`
Field string `json:"field"`
Source string `json:"source"`
}
RawHTMLSink records one raw-HTML (g:html) render site.
type RouteEntry ¶
type RouteEntry struct {
PageID string `json:"pageId"`
Route string `json:"route"`
Kind string `json:"kind"`
Method string `json:"method,omitempty"`
Render string `json:"render,omitempty"`
Guards []string `json:"guards,omitempty"`
Public bool `json:"public"`
DefaultDeny bool `json:"defaultDeny"`
Source string `json:"source,omitempty"`
}
RouteEntry is the posture of one page/file route.
type SecurityManifest ¶
type SecurityManifest struct {
Version int `json:"version"`
GeneratedFrom string `json:"generatedFrom"`
Routes []RouteEntry `json:"routes,omitempty"`
Endpoints []EndpointEntry `json:"endpoints,omitempty"`
Contracts []ContractEntry `json:"contracts,omitempty"`
Frontend FrontendSurface `json:"frontend"`
}
SecurityManifest is the declarative posture of one built module.
type UnguardedRoute ¶
UnguardedRoute records one client-visible route that relies on generated default-deny handling because the source declared no guard.