agent

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var BuiltinPatterns = []PIIPatternDef{

	{
		Name:           "email",
		Label:          "Email Address",
		Category:       PIICategoryContact,
		Pattern:        `\b[A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "us_phone",
		Label:          "US Phone Number",
		Category:       PIICategoryContact,
		Pattern:        `\b\d{3}-\d{3}-\d{4}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "kr_mobile",
		Label:          "Korean Mobile Number",
		Category:       PIICategoryContact,
		Pattern:        `\b01[016789]-?\d{3,4}-?\d{4}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "kr_landline",
		Label:          "Korean Landline Number",
		Category:       PIICategoryContact,
		Pattern:        `\b0[2-6][1-5]?-?\d{3,4}-?\d{4}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "intl_phone",
		Label:          "International Phone Number",
		Category:       PIICategoryContact,
		Pattern:        `\+\d{1,3}[-.\s]?\d{1,4}[-.\s]?\d{3,4}[-.\s]?\d{3,4}\b`,
		EnabledDefault: false,
	},

	{
		Name:           "kr_rrn",
		Label:          "Korean Resident Registration Number",
		Category:       PIICategoryIdentity,
		Pattern:        `\b\d{6}-?[1-4]\d{6}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "us_ssn",
		Label:          "US Social Security Number",
		Category:       PIICategoryIdentity,
		Pattern:        `\b\d{3}-\d{2}-\d{4}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "kr_driver",
		Label:          "Korean Driver License Number",
		Category:       PIICategoryIdentity,
		Pattern:        `\b\d{2}-\d{2}-\d{6}-\d{2}\b`,
		EnabledDefault: false,
	},
	{
		Name:           "passport",
		Label:          "Passport Number",
		Category:       PIICategoryIdentity,
		Pattern:        `\b[A-Z]{1,2}\d{7,8}\b`,
		EnabledDefault: false,
	},

	{
		Name:           "credit_card",
		Label:          "Credit Card Number",
		Category:       PIICategoryFinancial,
		Pattern:        `\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6(?:011|5\d{2}))[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{3,4}\b`,
		EnabledDefault: true,
		Validate:       validateLuhn,
	},
	{
		Name:           "kr_bank_account",
		Label:          "Korean Bank Account Number",
		Category:       PIICategoryFinancial,
		Pattern:        `\b\d{3,4}-\d{2,6}-\d{2,6}\b`,
		EnabledDefault: false,
	},
	{
		Name:           "iban",
		Label:          "IBAN",
		Category:       PIICategoryFinancial,
		Pattern:        `\b[A-Z]{2}\d{2}[A-Z0-9]{4}\d{7}([A-Z0-9]?){0,16}\b`,
		EnabledDefault: false,
	},

	{
		Name:           "ipv4",
		Label:          "IPv4 Address",
		Category:       PIICategoryNetwork,
		Pattern:        `\b(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\b`,
		EnabledDefault: false,
	},
}

BuiltinPatterns defines the default PII detection patterns.

Functions

This section is empty.

Types

type ActivityKind added in v0.7.0 

type ActivityKind string

ActivityKind classifies what a tool does at a high level. 

const (
	ActivityRead    ActivityKind = "read"
	ActivityWrite   ActivityKind = "write"
	ActivityExecute ActivityKind = "execute"
	ActivityQuery   ActivityKind = "query"
	ActivityManage  ActivityKind = "manage"
)

type CompositeDetector 

type CompositeDetector struct {
	// contains filtered or unexported fields
}

CompositeDetector chains multiple PIIDetectors and deduplicates overlapping matches.

func NewCompositeDetector 

func NewCompositeDetector(detectors ...PIIDetector) *CompositeDetector

NewCompositeDetector creates a CompositeDetector from multiple detectors.

func (*CompositeDetector) Detect 

func (c *CompositeDetector) Detect(text string) []PIIMatch

Detect runs all child detectors and merges results, preferring higher-score matches when ranges overlap.

type ExposurePolicy added in v0.7.0 

type ExposurePolicy int

ExposurePolicy controls how a tool appears in agent prompts. Zero value (ExposureDefault) means the tool is always visible (backward compatible). 

const (
	// ExposureDefault means the tool is always visible (backward compatible zero value).
	ExposureDefault ExposurePolicy = iota
	// ExposureAlwaysVisible forces the tool into the prompt.
	ExposureAlwaysVisible
	// ExposureDeferred means the tool is only discoverable via builtin_search.
	ExposureDeferred
	// ExposureHidden means the tool is never shown in prompts or search.
	ExposureHidden
)

func (ExposurePolicy) IsVisible added in v0.7.0 

func (e ExposurePolicy) IsVisible() bool

IsVisible reports whether the tool should appear in default prompt listings.

func (ExposurePolicy) String added in v0.7.0 

func (e ExposurePolicy) String() string

String returns the human-readable name of the exposure policy.

type PIICategory 

type PIICategory string

PIICategory classifies the type of personal information. 

const (
	PIICategoryContact   PIICategory = "contact"
	PIICategoryIdentity  PIICategory = "identity"
	PIICategoryFinancial PIICategory = "financial"
	PIICategoryNetwork   PIICategory = "network"
)

func (PIICategory) Valid 

func (c PIICategory) Valid() bool

Valid reports whether c is a known PII category.

func (PIICategory) Values 

func (c PIICategory) Values() []PIICategory

Values returns all known PII categories.

type PIIConfig 

type PIIConfig struct {
	// Legacy fields (backward compatibility).
	RedactEmail bool
	RedactPhone bool
	CustomRegex []string

	// New pattern management.
	DisabledBuiltins []string
	CustomPatterns   map[string]string // name -> regex

	// Presidio integration.
	PresidioEnabled   bool
	PresidioURL       string
	PresidioThreshold float64
	PresidioLanguage  string
}

PIIConfig defines configuration for PII redaction.

type PIIDetector 

type PIIDetector interface {
	Detect(text string) []PIIMatch
}

PIIDetector detects PII occurrences in text.

type PIIMatch 

type PIIMatch struct {
	PatternName string
	Category    PIICategory
	Start       int
	End         int
	Score       float64 // 1.0 for regex, variable for Presidio
}

PIIMatch represents a single PII detection result.

type PIIPatternDef 

type PIIPatternDef struct {
	Name           string
	Label          string
	Category       PIICategory
	Pattern        string
	EnabledDefault bool
	Validate       func(match string) bool // optional post-match validation
}

PIIPatternDef defines a single PII detection pattern.

func LookupBuiltinPattern 

func LookupBuiltinPattern(name string) (PIIPatternDef, bool)

LookupBuiltinPattern returns a builtin pattern by name and whether it exists.

type PIIRedactor 

type PIIRedactor struct {
	// contains filtered or unexported fields
}

PIIRedactor redacts PII from input strings using a PIIDetector.

func NewPIIRedactor 

func NewPIIRedactor(cfg PIIConfig) *PIIRedactor

NewPIIRedactor creates a new PIIRedactor from the given configuration.

func (*PIIRedactor) RedactInput 

func (r *PIIRedactor) RedactInput(input string) string

RedactInput applies PII redaction patterns to an input string. Detected PII is replaced with [REDACTED].

type ParameterDef 

type ParameterDef struct {
	Type        string
	Description string
	Required    bool
	Enum        []string
}

ParameterDef defines a tool parameter

type PresidioDetector 

type PresidioDetector struct {
	// contains filtered or unexported fields
}

PresidioDetector detects PII by calling a Microsoft Presidio analyzer endpoint.

func NewPresidioDetector 

func NewPresidioDetector(baseURL string, opts ...PresidioOption) *PresidioDetector

NewPresidioDetector creates a new Presidio-based PII detector.

func (*PresidioDetector) Detect 

func (d *PresidioDetector) Detect(text string) []PIIMatch

Detect calls the Presidio /analyze endpoint and returns matches. On error, it returns nil (graceful degradation).

func (*PresidioDetector) HealthCheck 

func (d *PresidioDetector) HealthCheck(ctx context.Context) error

HealthCheck verifies that the Presidio analyzer service is reachable.

type PresidioOption 

type PresidioOption func(*PresidioDetector)

PresidioOption configures a PresidioDetector.

func WithPresidioLanguage 

func WithPresidioLanguage(lang string) PresidioOption

WithPresidioLanguage sets the language hint for Presidio analysis.

func WithPresidioThreshold 

func WithPresidioThreshold(t float64) PresidioOption

WithPresidioThreshold sets the minimum confidence score for Presidio results.

func WithPresidioTimeout 

func WithPresidioTimeout(t time.Duration) PresidioOption

WithPresidioTimeout sets the HTTP client timeout for Presidio requests.

type RegexDetector 

type RegexDetector struct {
	// contains filtered or unexported fields
}

RegexDetector detects PII using compiled regex patterns.

func NewRegexDetector 

func NewRegexDetector(cfg RegexDetectorConfig) *RegexDetector

NewRegexDetector creates a RegexDetector with the configured patterns.

func (*RegexDetector) Detect 

func (d *RegexDetector) Detect(text string) []PIIMatch

Detect finds all PII matches in the given text.

type RegexDetectorConfig 

type RegexDetectorConfig struct {
	DisabledBuiltins []string
	CustomPatterns   map[string]string // name -> regex
	CustomRegex      []string          // legacy unnamed custom patterns

	// Legacy toggles for backward compatibility.
	RedactEmail bool
	RedactPhone bool
}

RegexDetectorConfig configures which patterns the RegexDetector uses.

type SafetyLevel 

type SafetyLevel int

SafetyLevel classifies the risk level of a tool. Zero value is treated as Dangerous (fail-safe). 

const (
	// SafetyLevelSafe indicates a read-only or non-destructive tool.
	SafetyLevelSafe SafetyLevel = iota + 1
	// SafetyLevelModerate indicates a tool that creates or modifies non-critical resources.
	SafetyLevelModerate
	// SafetyLevelDangerous indicates a tool that can execute arbitrary code, delete data, or modify secrets.
	SafetyLevelDangerous
)

func ParseSafetyLevel added in v0.7.0 

func ParseSafetyLevel(s string) (SafetyLevel, bool)

ParseSafetyLevel converts a string to a SafetyLevel. Returns SafetyLevelDangerous and false for unknown strings (fail-safe).

func (SafetyLevel) IsDangerous 

func (s SafetyLevel) IsDangerous() bool

IsDangerous returns true if the tool should be treated as dangerous. Zero value (unset) is also treated as dangerous.

func (SafetyLevel) String 

func (s SafetyLevel) String() string

String returns the human-readable name of the safety level.

func (SafetyLevel) Valid 

func (s SafetyLevel) Valid() bool

Valid reports whether s is a known safety level.

func (SafetyLevel) Values 

func (s SafetyLevel) Values() []SafetyLevel

Values returns all known safety levels.

type SchemaBuilder added in v0.6.0 

type SchemaBuilder struct {
	// contains filtered or unexported fields
}

SchemaBuilder provides type-safe construction of JSON Schema objects for agent tool parameters. The output is map[string]interface{} compatible with agent.Tool.Parameters.

func Schema added in v0.6.0 

func Schema() *SchemaBuilder

Schema creates a new schema builder for tool parameters.

func (*SchemaBuilder) Array added in v0.6.0 

func (b *SchemaBuilder) Array(name, itemType, desc string) *SchemaBuilder

Array adds an array property with items of the given type.

func (*SchemaBuilder) Bool added in v0.6.0 

func (b *SchemaBuilder) Bool(name, desc string) *SchemaBuilder

Bool adds a boolean property.

func (*SchemaBuilder) Build added in v0.6.0 

func (b *SchemaBuilder) Build() map[string]interface{}

Build returns the JSON Schema as map[string]interface{}.

func (*SchemaBuilder) Enum added in v0.6.0 

func (b *SchemaBuilder) Enum(name, desc string, values ...string) *SchemaBuilder

Enum adds a string property with enumerated values.

func (*SchemaBuilder) Int added in v0.6.0 

func (b *SchemaBuilder) Int(name, desc string) *SchemaBuilder

Int adds an integer property.

func (*SchemaBuilder) Required added in v0.6.0 

func (b *SchemaBuilder) Required(names ...string) *SchemaBuilder

Required marks the given field names as required.

func (*SchemaBuilder) Str added in v0.6.0 

func (b *SchemaBuilder) Str(name, desc string) *SchemaBuilder

Str adds a string property.

type SecretScanner 

type SecretScanner struct {
	// contains filtered or unexported fields
}

SecretScanner scans text output for known secret values and replaces them with masked placeholders. This prevents AI agents from leaking secret values in their responses.

func NewSecretScanner 

func NewSecretScanner() *SecretScanner

NewSecretScanner creates a new SecretScanner with an empty secret registry.

func (*SecretScanner) Clear 

func (s *SecretScanner) Clear()

Clear removes all registered secrets.

func (*SecretScanner) HasSecrets 

func (s *SecretScanner) HasSecrets() bool

HasSecrets returns true if any secrets are registered.

func (*SecretScanner) Register 

func (s *SecretScanner) Register(name string, value []byte)

Register adds a known secret value with its name. Values shorter than 4 characters are ignored to avoid false positives during scanning.

func (*SecretScanner) Scan 

func (s *SecretScanner) Scan(text string) string

Scan replaces any known secret values found in text with [SECRET:name] placeholders.

type Tool 

type Tool struct {
	Name        string
	Description string
	Parameters  map[string]interface{}
	Handler     ToolHandler
	SafetyLevel SafetyLevel
	Capability  ToolCapability // Zero value = backward compatible defaults
}

Tool represents a tool that can be invoked by the LLM

type ToolBuilder added in v0.7.0 

type ToolBuilder struct {
	// contains filtered or unexported fields
}

ToolBuilder provides a fluent API for constructing Tool instances.

func NewTool added in v0.7.0 

func NewTool(name, description string) *ToolBuilder

NewTool creates a ToolBuilder with the given name and description.

func (*ToolBuilder) Activity added in v0.7.0 

func (b *ToolBuilder) Activity(kind ActivityKind) *ToolBuilder

Activity sets the tool's primary activity classification.

func (*ToolBuilder) Aliases added in v0.7.0 

func (b *ToolBuilder) Aliases(aliases ...string) *ToolBuilder

Aliases sets alternate names for tool search.

func (*ToolBuilder) Build added in v0.7.0 

func (b *ToolBuilder) Build() *Tool

Build returns the constructed Tool as a pointer.

func (*ToolBuilder) Category added in v0.7.0 

func (b *ToolBuilder) Category(cat string) *ToolBuilder

Category sets the tool's semantic category.

func (*ToolBuilder) ConcurrencySafe added in v0.7.0 

func (b *ToolBuilder) ConcurrencySafe() *ToolBuilder

ConcurrencySafe marks the tool as safe for concurrent invocation.

func (*ToolBuilder) Deferred added in v0.7.0 

func (b *ToolBuilder) Deferred() *ToolBuilder

Deferred sets the tool's exposure policy to ExposureDeferred.

func (*ToolBuilder) Handler added in v0.7.0 

func (b *ToolBuilder) Handler(h ToolHandler) *ToolBuilder

Handler sets the tool's execution handler.

func (*ToolBuilder) Hidden added in v0.7.0 

func (b *ToolBuilder) Hidden() *ToolBuilder

Hidden sets the tool's exposure policy to ExposureHidden.

func (*ToolBuilder) Hints added in v0.7.0 

func (b *ToolBuilder) Hints(hints ...string) *ToolBuilder

Hints sets additional search keywords.

func (*ToolBuilder) Params added in v0.7.0 

func (b *ToolBuilder) Params(params map[string]interface{}) *ToolBuilder

Params sets the tool's parameter schema.

func (*ToolBuilder) ReadOnly added in v0.7.0 

func (b *ToolBuilder) ReadOnly() *ToolBuilder

ReadOnly marks the tool as performing no mutations.

func (*ToolBuilder) Requires added in v0.7.0 

func (b *ToolBuilder) Requires(caps ...string) *ToolBuilder

Requires sets the system capabilities needed by the tool.

func (*ToolBuilder) Safety added in v0.7.0 

func (b *ToolBuilder) Safety(level SafetyLevel) *ToolBuilder

Safety sets the tool's safety level.

type ToolCapability added in v0.7.0 

type ToolCapability struct {
	// Aliases are alternate names that match during tool search (e.g. "ls" for "fs_list").
	Aliases []string
	// Category is a semantic category hint (e.g. "filesystem", "crypto").
	// Distinct from the Catalog category — this is tool-level metadata.
	Category string
	// SearchHints are additional keywords for search ranking.
	SearchHints []string
	// Exposure controls prompt visibility policy.
	// Zero value (ExposureDefault) = always visible = backward compatible.
	Exposure ExposurePolicy
	// ReadOnly indicates the tool performs no mutations.
	// Zero value (false) = assume mutation possible = fail-safe.
	ReadOnly bool
	// ConcurrencySafe indicates the tool can be called concurrently.
	// Zero value (false) = assume not safe for concurrency = fail-safe.
	ConcurrencySafe bool
	// Activity classifies the tool's primary action.
	Activity ActivityKind
	// RequiredCapabilities lists system capabilities needed (e.g. "payment", "encryption").
	RequiredCapabilities []string
}

ToolCapability holds rich metadata for tool discovery and policy enforcement. All fields have zero-value defaults that preserve existing behavior.

type ToolHandler 

type ToolHandler func(ctx context.Context, params map[string]interface{}) (interface{}, error)

ToolHandler is the function signature for tool implementations

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.