Documentation
¶
Overview ¶
Package policy implements directory scope and file pattern enforcement for intercepted requests.
Index ¶
- type ContentKeywordResult
- type ContentPrompt
- type ContentPromptResponse
- type Decision
- type Engine
- func (e *Engine) AddDenyContentKeyword(keyword string)
- func (e *Engine) AddDenyContentTag(tag string)
- func (e *Engine) AddDenyPattern(pattern string)
- func (e *Engine) AddToContentBlacklist(path string)
- func (e *Engine) AddToContentWhitelist(path string)
- func (e *Engine) EvaluateContentKeywords(body string, filePaths []string) ContentKeywordResult
- func (e *Engine) EvaluateContentTags(body string) Decision
- func (e *Engine) EvaluateFiles(paths []string) Decision
- func (e *Engine) EvaluateScope(paths []string) Decision
- func (e *Engine) GetAllowedDirectories() []string
- func (e *Engine) GetContentBlacklist() []string
- func (e *Engine) GetContentWhitelist() []string
- func (e *Engine) GetDenyContentKeywords() []string
- func (e *Engine) GetDenyContentTags() []string
- func (e *Engine) GetDenyPatterns() []string
- func (e *Engine) IsBypassed() bool
- func (e *Engine) RemoveDenyContentKeyword(keyword string)
- func (e *Engine) RemoveDenyContentTag(tag string)
- func (e *Engine) RemoveDenyPattern(pattern string)
- func (e *Engine) RemoveFromContentBlacklist(path string)
- func (e *Engine) RemoveFromContentWhitelist(path string)
- func (e *Engine) SetAllowedDirectories(dirs []string)
- func (e *Engine) SetBypassed(b bool)
- func (e *Engine) SetDenyContentKeywords(keywords []string)
- func (e *Engine) SetDenyContentTags(tags []string)
- func (e *Engine) SetDenyPatterns(patterns []string)
- type HeadlessResolver
- type PromptAction
- type PromptResolver
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ContentKeywordResult ¶ added in v0.1.0
type ContentKeywordResult struct {
HasMatch bool
MatchedKeyword string
AutoAllowed []string // file paths resolved by whitelist
AutoBlocked []string // file paths resolved by blacklist
NeedPrompt []string // file paths needing user decision
}
ContentKeywordResult holds the outcome of a content keyword evaluation.
type ContentPrompt ¶ added in v0.1.0
type ContentPrompt struct {
ID string `json:"id"`
SessionID string `json:"session_id"`
URL string `json:"url"`
MatchedKeyword string `json:"matched_keyword"`
FilePaths []string `json:"file_paths"`
}
ContentPrompt is sent to the UI when a content keyword match requires user input.
type ContentPromptResponse ¶ added in v0.1.0
type ContentPromptResponse struct {
Action PromptAction `json:"action"`
}
ContentPromptResponse is the user's decision from the UI.
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
func NewEngine ¶
func NewEngine(cfg config.PolicyConfig) *Engine
func (*Engine) AddDenyContentKeyword ¶ added in v0.1.0
AddDenyContentKeyword appends a single deny content keyword.
func (*Engine) AddDenyContentTag ¶ added in v0.2.0
AddDenyContentTag appends a single deny content tag.
func (*Engine) AddDenyPattern ¶
AddDenyPattern appends a single deny pattern.
func (*Engine) AddToContentBlacklist ¶ added in v0.2.0
AddToContentBlacklist adds a file path to the content keyword blacklist.
func (*Engine) AddToContentWhitelist ¶ added in v0.2.0
AddToContentWhitelist adds a file path to the content keyword whitelist.
func (*Engine) EvaluateContentKeywords ¶ added in v0.1.0
func (e *Engine) EvaluateContentKeywords(body string, filePaths []string) ContentKeywordResult
EvaluateContentKeywords scans the body for deny_content_keywords and partitions detected file paths into whitelist-allowed, blacklist-blocked, and needs-prompt.
func (*Engine) EvaluateContentTags ¶ added in v0.2.0
EvaluateContentTags scans the body for deny_content_tags. This is a hard block — no user prompt, no whitelist/blacklist.
func (*Engine) EvaluateFiles ¶
EvaluateFiles checks if any detected file paths match deny_file_patterns.
func (*Engine) EvaluateScope ¶ added in v0.0.7
EvaluateScope checks if any detected file paths fall outside the allowed directories. If no allowed directories are configured, all paths are allowed.
func (*Engine) GetAllowedDirectories ¶ added in v0.0.7
GetAllowedDirectories returns the current allowed directories.
func (*Engine) GetContentBlacklist ¶ added in v0.2.0
GetContentBlacklist returns file paths that are always blocked by content keyword checks.
func (*Engine) GetContentWhitelist ¶ added in v0.2.0
GetContentWhitelist returns file paths that bypass content keyword checks.
func (*Engine) GetDenyContentKeywords ¶ added in v0.1.0
GetDenyContentKeywords returns the current deny content keywords.
func (*Engine) GetDenyContentTags ¶ added in v0.2.0
GetDenyContentTags returns the current deny content tags.
func (*Engine) GetDenyPatterns ¶
GetDenyPatterns returns the current deny file patterns.
func (*Engine) IsBypassed ¶
func (*Engine) RemoveDenyContentKeyword ¶ added in v0.1.0
RemoveDenyContentKeyword removes a single deny content keyword.
func (*Engine) RemoveDenyContentTag ¶ added in v0.2.0
RemoveDenyContentTag removes a single deny content tag.
func (*Engine) RemoveDenyPattern ¶
RemoveDenyPattern removes a single deny pattern.
func (*Engine) RemoveFromContentBlacklist ¶ added in v0.2.0
RemoveFromContentBlacklist removes a file path from the blacklist.
func (*Engine) RemoveFromContentWhitelist ¶ added in v0.2.0
RemoveFromContentWhitelist removes a file path from the whitelist.
func (*Engine) SetAllowedDirectories ¶ added in v0.0.7
SetAllowedDirectories replaces the allowed directories list.
func (*Engine) SetBypassed ¶
func (*Engine) SetDenyContentKeywords ¶ added in v0.1.0
SetDenyContentKeywords replaces all deny content keywords.
func (*Engine) SetDenyContentTags ¶ added in v0.2.0
SetDenyContentTags replaces all deny content tags.
func (*Engine) SetDenyPatterns ¶
SetDenyPatterns replaces all deny file patterns.
type HeadlessResolver ¶ added in v0.1.0
type HeadlessResolver struct{}
HeadlessResolver blocks all content keyword matches without prompting.
func (HeadlessResolver) PromptUser ¶ added in v0.1.0
func (h HeadlessResolver) PromptUser(prompt ContentPrompt) ContentPromptResponse
type PromptAction ¶ added in v0.1.0
type PromptAction string
PromptAction represents the user's decision on a content keyword prompt.
const ( PromptAllowOnce PromptAction = "allow_once" PromptAllowAlways PromptAction = "allow_always" PromptBlockOnce PromptAction = "block_once" PromptBlockAlways PromptAction = "block_always" )
type PromptResolver ¶ added in v0.1.0
type PromptResolver interface {
PromptUser(prompt ContentPrompt) ContentPromptResponse
}
PromptResolver pauses a request and waits for user input.