Documentation
¶
Index ¶
Constants ¶
View Source
const ( ModeDev = "dev" ModeProd = "prod" ModeAgentic = "agentic" )
View Source
const ( KindDatabase = "database" KindCode = "code" KindFile = "file" KindAPI = "api" KindGraphJin = "graphjin" KindWorkflow = "workflow" )
View Source
const ( ActionRead = "read" ActionWrite = "write" ActionDelete = "delete" ActionWatch = "watch" ActionExecute = "execute" ActionReload = "reload" ActionQuery = "query" ActionMutate = "mutate" ActionUse = "use" )
View Source
const ( EnforcementRuntime = "runtime" EnforcementRuntimeCoarseReadOnly = "runtime_coarse_read_only" EnforcementExistingPolicy = "existing_policy" EnforcementExistingReadOnlyAndPolicy = "existing_read_only_and_policy" EnforcementConfigAudit = "config_audit" )
View Source
const ( MCPAllowConfigUpdates = "allow_config_updates" MCPAllowSchemaReload = "allow_schema_reload" MCPAllowSchemaUpdates = "allow_schema_updates" MCPAllowRawQueries = "allow_raw_queries" MCPAllowMutations = "allow_mutations" MCPAllowDevTools = "allow_dev_tools" MCPLegacyDiscovery = "legacy_discovery" MCPAllowWorkflowUpdates = "allow_workflow_updates" )
View Source
const ( KeyDataRead = "data.read" KeyDataWrite = "data.write" KeySchemaRead = "schema.read" KeySchemaWrite = "schema.write" KeyCodeSearch = "code.search" KeyCodeRead = "code.read" KeyCodeWrite = "code.write" KeyCodeWatch = "code.watch" KeyCodeInferDBRefs = "code.infer_db_refs" KeyFilesList = "files.list" KeyFilesRead = "files.read" KeyFilesWrite = "files.write" KeyFilesDelete = "files.delete" KeyFilesWatch = "files.watch" KeyAPIRead = "api.read" KeyAPIWrite = "api.write" KeyCatalogRead = "catalog.read" KeySecurityRead = "security.read" KeyConfigRead = "config.read" KeyConfigWrite = "config.write" KeyRawGraphQLQuery = "raw_graphql.query" KeyRawGraphQLMutate = "raw_graphql.mutate" KeySchemaReload = "schema.reload" KeyDevToolsRead = "dev_tools.read" KeyLegacyDiscoveryRead = "legacy_discovery.read" KeyWorkflowExecute = "workflow.execute" KeyWorkflowRead = "workflow.read" KeyWorkflowWrite = "workflow.write" )
Variables ¶
This section is empty.
Functions ¶
func CanonicalKind ¶
CanonicalKind normalizes a public sources[].kind value.
func CapabilityMap ¶
CapabilityMap returns a stable map from source kind to capability keys.
func ValidKeyList ¶
ValidKeyList returns a human-readable valid key list for errors.
Types ¶
type Definition ¶
type Definition struct {
Kind string
Key string
Action string
Summary string
Reason string
Recommendation string
Severity string
Enforcement string
ReadOnlyBlocks bool
DefaultDev bool
DefaultProd bool
DefaultAgentic bool
MCPFlag string
ExampleValue string
}
Definition is the source of truth for a public sources[].capabilities key.
func Definitions ¶
func Definitions(kind string) []Definition
Definitions returns the capability definitions for a source kind.
func Lookup ¶
func Lookup(kind, key string) (Definition, bool)
Lookup returns the definition for a source kind and capability key.
func (Definition) Default ¶
func (d Definition) Default(mode string) bool
Default returns the secure default for a deployment mode.
Source Files
Click to show internal directories.
Click to hide internal directories.