permission

package

v0.35.2 Latest Latest Go to latest Published: Mar 23, 2026 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hrygo/hotplex

Links

Open Source Insights

Documentation ¶

Index ¶

type Decision
- func (d Decision) String() string
type FilePermissionStore
- func NewFilePermissionStore(baseDir string) *FilePermissionStore
type Pattern
- func (p Pattern) Match(tool, input string) bool
type PatternEntry
type PermissionMatcher
- func NewPermissionMatcher(baseDir string) *PermissionMatcher
type PermissionStore
type PermissionsFile

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Decision ¶

type Decision int

Decision represents the result of a permission check.

const (
	DecisionAllow Decision = iota
	DecisionDeny
	DecisionBlocked
	DecisionUnknown
)

func (Decision) String ¶

func (d Decision) String() string

type FilePermissionStore ¶

type FilePermissionStore struct {
	// contains filtered or unexported fields
}

FilePermissionStore implements PermissionStore with memory + JSON file.

func NewFilePermissionStore ¶

func NewFilePermissionStore(baseDir string) *FilePermissionStore

NewFilePermissionStore creates a store with the given base directory. Stores files at: {baseDir}/{botID}/permissions.json

func (*FilePermissionStore) AddBlacklist ¶

func (s *FilePermissionStore) AddBlacklist(botID, pattern, createdBy string) error

AddBlacklist adds a pattern to the blacklist.

func (*FilePermissionStore) AddWhitelist ¶

func (s *FilePermissionStore) AddWhitelist(botID, pattern, createdBy string) error

AddWhitelist adds a pattern to the whitelist.

func (*FilePermissionStore) GetBlacklist ¶

func (s *FilePermissionStore) GetBlacklist(botID string) []string

GetBlacklist returns all blacklist patterns for the bot.

func (*FilePermissionStore) GetWhitelist ¶

func (s *FilePermissionStore) GetWhitelist(botID string) []string

GetWhitelist returns all whitelist patterns for the bot.

func (*FilePermissionStore) IsAllowed ¶

func (s *FilePermissionStore) IsAllowed(botID, tool, input string) (bool, string)

IsAllowed checks whitelist first, then blacklist.

func (*FilePermissionStore) Load ¶

func (s *FilePermissionStore) Load(botID string) error

Load reads the permissions file for the given botID.

func (*FilePermissionStore) RemoveBlacklist ¶

func (s *FilePermissionStore) RemoveBlacklist(botID, pattern string) error

RemoveBlacklist removes a pattern from the blacklist.

func (*FilePermissionStore) RemoveWhitelist ¶

func (s *FilePermissionStore) RemoveWhitelist(botID, pattern string) error

RemoveWhitelist removes a pattern from the whitelist.

func (*FilePermissionStore) Save ¶

func (s *FilePermissionStore) Save(botID string) error

Save persists the permissions file for the given botID.

type Pattern ¶

type Pattern struct {
	Value string
}

Pattern parses and matches a permission pattern. Format: {ToolName}:{CommandRegex} If no ":" is present, matches any command for the tool.

func (Pattern) Match ¶

func (p Pattern) Match(tool, input string) bool

Match returns true if the pattern matches the given tool name and input.

type PatternEntry ¶

type PatternEntry struct {
	Pattern   string    `json:"pattern"`
	CreatedAt time.Time `json:"created_at"`
	CreatedBy string    `json:"created_by"`
}

PatternEntry represents a permission pattern with metadata.

type PermissionMatcher ¶

type PermissionMatcher struct {
	// contains filtered or unexported fields
}

PermissionMatcher coordinates WAF patterns and per-bot stores.

func NewPermissionMatcher ¶

func NewPermissionMatcher(baseDir string) *PermissionMatcher

NewPermissionMatcher creates a matcher with the given base directory.

func (*PermissionMatcher) AddBlacklist ¶

func (m *PermissionMatcher) AddBlacklist(botID, pattern, createdBy string) error

AddBlacklist delegates to the bot store.

func (*PermissionMatcher) AddWAFPatterns ¶

func (m *PermissionMatcher) AddWAFPatterns(patterns []string)

AddWAFPatterns adds WAF patterns that trigger DecisionBlocked. These patterns are global (not bot-specific).

func (*PermissionMatcher) AddWhitelist ¶

func (m *PermissionMatcher) AddWhitelist(botID, pattern, createdBy string) error

AddWhitelist delegates to the bot store.

func (*PermissionMatcher) Check ¶

func (m *PermissionMatcher) Check(botID, tool, input string) Decision

Check returns the permission decision for a tool+input. Order: WAF → whitelist → blacklist → unknown

func (*PermissionMatcher) GetBlacklist ¶

func (m *PermissionMatcher) GetBlacklist(botID string) []string

GetBlacklist delegates to the bot store.

func (*PermissionMatcher) GetWhitelist ¶

func (m *PermissionMatcher) GetWhitelist(botID string) []string

GetWhitelist delegates to the bot store.

func (*PermissionMatcher) IsAllowed ¶

func (m *PermissionMatcher) IsAllowed(botID, tool, input string) (bool, string)

IsAllowed implements PermissionStore.

func (*PermissionMatcher) Load ¶

func (m *PermissionMatcher) Load(botID string) error

Load loads the store for a bot.

func (*PermissionMatcher) RemoveBlacklist ¶

func (m *PermissionMatcher) RemoveBlacklist(botID, pattern string) error

RemoveBlacklist delegates to the bot store.

func (*PermissionMatcher) RemoveWhitelist ¶

func (m *PermissionMatcher) RemoveWhitelist(botID, pattern string) error

RemoveWhitelist delegates to the bot store.

func (*PermissionMatcher) Save ¶

func (m *PermissionMatcher) Save(botID string) error

Save saves the store for a bot.

type PermissionStore ¶

type PermissionStore interface {
	// Load reads persisted patterns from disk.
	Load(botID string) error
	// Save persists patterns to disk.
	Save(botID string) error

	// Pattern management
	AddWhitelist(botID, pattern, createdBy string) error
	RemoveWhitelist(botID, pattern string) error
	AddBlacklist(botID, pattern, createdBy string) error
	RemoveBlacklist(botID, pattern string) error

	// Queries
	GetWhitelist(botID string) []string
	GetBlacklist(botID string) []string
	// IsAllowed returns (allowed, reason).
	// reason is "whitelist", "blacklist", or "".
	IsAllowed(botID, tool, input string) (bool, string)
}

PermissionStore manages permission patterns for a bot.

type PermissionsFile ¶

type PermissionsFile struct {
	BotID     string         `json:"bot_id"`
	Whitelist []PatternEntry `json:"whitelist,omitempty"`
	Blacklist []PatternEntry `json:"blacklist,omitempty"`
}

PermissionsFile represents the on-disk JSON structure.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL