securitymanifest

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 17, 2026 License: MPL-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package securitymanifest projects the stable compiler IR into a declarative, machine-readable security posture (gowdk-security.json). It records what the generated app actually exposes — every route, backend endpoint, and contract with its guards, CSRF state, body limit, and source location, plus the frontend surface (raw-HTML sinks, secret scan, header configuration, and client route-guard coverage).

The manifest is "what is": it never decides whether the posture is acceptable. Policy evaluation and findings live in internal/auditspec, which consumes this manifest. Keeping the projection free of policy keeps gowdk-security.json stable and equally auditable by a human or an LLM regardless of which policies are declared.

Index

Constants

View Source
const PublicGuardID = "public"

PublicGuardID is the guard ID that marks an intentionally public target.

View Source
const SchemaVersion = 1

SchemaVersion is the gowdk-security.json schema version.

Variables

This section is empty.

Functions

This section is empty.

Types

type BundleLeak

type BundleLeak struct {
	Source string `json:"source"`
	Kind   string `json:"kind"`
}

BundleLeak records a secret-shaped value found in embedded output or build-time data.

type ConfiguredHeader

type ConfiguredHeader struct {
	Name string `json:"name"`
}

ConfiguredHeader records one header configured for generated runtime output.

type ContractEntry

type ContractEntry struct {
	Name   string   `json:"name"`
	Kind   string   `json:"kind"`
	Roles  []string `json:"roles,omitempty"`
	Status string   `json:"status,omitempty"`
}

ContractEntry is the posture of one command/query contract reference.

type EndpointEntry

type EndpointEntry struct {
	ID             string   `json:"id"`
	Kind           string   `json:"kind"`
	Method         string   `json:"method,omitempty"`
	Path           string   `json:"path,omitempty"`
	Guards         []string `json:"guards,omitempty"`
	CSRF           bool     `json:"csrf"`
	BodyLimitBytes int64    `json:"bodyLimitBytes,omitempty"`
	Public         bool     `json:"public"`
	DefaultDeny    bool     `json:"defaultDeny"`
	PageID         string   `json:"pageId,omitempty"`
	Source         string   `json:"source,omitempty"`
}

EndpointEntry is the posture of one backend action/api/fragment/contract endpoint.

type FrontendSurface

type FrontendSurface struct {
	UnguardedRoutes   []UnguardedRoute   `json:"unguardedRoutes"`
	BundleSecrets     []BundleLeak       `json:"bundleSecrets"`
	RawHTMLSinks      []RawHTMLSink      `json:"rawHtmlSinks"`
	ConfiguredHeaders []ConfiguredHeader `json:"configuredHeaders"`
}

FrontendSurface describes the build-time / client-facing security surface. Policy evaluation consumes these posture facts without deciding whether they are acceptable here.

type RawHTMLSink

type RawHTMLSink struct {
	OwnerKind string `json:"ownerKind"`
	OwnerID   string `json:"ownerId"`
	Field     string `json:"field"`
	Source    string `json:"source"`
}

RawHTMLSink records one raw-HTML (g:unsafe-html) render site.

type RouteEntry

type RouteEntry struct {
	PageID      string   `json:"pageId"`
	Route       string   `json:"route"`
	Kind        string   `json:"kind"`
	Method      string   `json:"method,omitempty"`
	Render      string   `json:"render,omitempty"`
	Guards      []string `json:"guards,omitempty"`
	Public      bool     `json:"public"`
	DefaultDeny bool     `json:"defaultDeny"`
	Source      string   `json:"source,omitempty"`
}

RouteEntry is the posture of one page/file route.

type SecurityManifest

type SecurityManifest struct {
	Version       int             `json:"version"`
	GeneratedFrom string          `json:"generatedFrom"`
	Routes        []RouteEntry    `json:"routes,omitempty"`
	Endpoints     []EndpointEntry `json:"endpoints,omitempty"`
	Contracts     []ContractEntry `json:"contracts,omitempty"`
	Frontend      FrontendSurface `json:"frontend"`
}

SecurityManifest is the declarative posture of one built module.

func Build

func Build(config gowdk.Config, ir gwdkir.Program) SecurityManifest

Build projects validated IR into a SecurityManifest. It reuses compiler.BuildRouteMetadataFromIR so the posture matches the CLI routes and endpoints reports exactly.

type UnguardedRoute

type UnguardedRoute struct {
	Route  string `json:"route"`
	Source string `json:"source,omitempty"`
}

UnguardedRoute records one client-visible route that relies on generated default-deny handling because the source declared no guard.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL