agent

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var BuiltinPatterns = []PIIPatternDef{

	{
		Name:           "email",
		Label:          "Email Address",
		Category:       PIICategoryContact,
		Pattern:        `\b[A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "us_phone",
		Label:          "US Phone Number",
		Category:       PIICategoryContact,
		Pattern:        `\b\d{3}-\d{3}-\d{4}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "kr_mobile",
		Label:          "Korean Mobile Number",
		Category:       PIICategoryContact,
		Pattern:        `\b01[016789]-?\d{3,4}-?\d{4}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "kr_landline",
		Label:          "Korean Landline Number",
		Category:       PIICategoryContact,
		Pattern:        `\b0[2-6][1-5]?-?\d{3,4}-?\d{4}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "intl_phone",
		Label:          "International Phone Number",
		Category:       PIICategoryContact,
		Pattern:        `\+\d{1,3}[-.\s]?\d{1,4}[-.\s]?\d{3,4}[-.\s]?\d{3,4}\b`,
		EnabledDefault: false,
	},

	{
		Name:           "kr_rrn",
		Label:          "Korean Resident Registration Number",
		Category:       PIICategoryIdentity,
		Pattern:        `\b\d{6}-?[1-4]\d{6}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "us_ssn",
		Label:          "US Social Security Number",
		Category:       PIICategoryIdentity,
		Pattern:        `\b\d{3}-\d{2}-\d{4}\b`,
		EnabledDefault: true,
	},
	{
		Name:           "kr_driver",
		Label:          "Korean Driver License Number",
		Category:       PIICategoryIdentity,
		Pattern:        `\b\d{2}-\d{2}-\d{6}-\d{2}\b`,
		EnabledDefault: false,
	},
	{
		Name:           "passport",
		Label:          "Passport Number",
		Category:       PIICategoryIdentity,
		Pattern:        `\b[A-Z]{1,2}\d{7,8}\b`,
		EnabledDefault: false,
	},

	{
		Name:           "credit_card",
		Label:          "Credit Card Number",
		Category:       PIICategoryFinancial,
		Pattern:        `\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6(?:011|5\d{2}))[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{3,4}\b`,
		EnabledDefault: true,
		Validate:       validateLuhn,
	},
	{
		Name:           "kr_bank_account",
		Label:          "Korean Bank Account Number",
		Category:       PIICategoryFinancial,
		Pattern:        `\b\d{3,4}-\d{2,6}-\d{2,6}\b`,
		EnabledDefault: false,
	},
	{
		Name:           "iban",
		Label:          "IBAN",
		Category:       PIICategoryFinancial,
		Pattern:        `\b[A-Z]{2}\d{2}[A-Z0-9]{4}\d{7}([A-Z0-9]?){0,16}\b`,
		EnabledDefault: false,
	},

	{
		Name:           "ipv4",
		Label:          "IPv4 Address",
		Category:       PIICategoryNetwork,
		Pattern:        `\b(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\b`,
		EnabledDefault: false,
	},
}

BuiltinPatterns defines the default PII detection patterns.

Functions

This section is empty.

Types

type CompositeDetector 

type CompositeDetector struct {
	// contains filtered or unexported fields
}

CompositeDetector chains multiple PIIDetectors and deduplicates overlapping matches.

func NewCompositeDetector 

func NewCompositeDetector(detectors ...PIIDetector) *CompositeDetector

NewCompositeDetector creates a CompositeDetector from multiple detectors.

func (*CompositeDetector) Detect 

func (c *CompositeDetector) Detect(text string) []PIIMatch

Detect runs all child detectors and merges results, preferring higher-score matches when ranges overlap.

type PIICategory 

type PIICategory string

PIICategory classifies the type of personal information. 

const (
	PIICategoryContact   PIICategory = "contact"
	PIICategoryIdentity  PIICategory = "identity"
	PIICategoryFinancial PIICategory = "financial"
	PIICategoryNetwork   PIICategory = "network"
)

func (PIICategory) Valid 

func (c PIICategory) Valid() bool

Valid reports whether c is a known PII category.

func (PIICategory) Values 

func (c PIICategory) Values() []PIICategory

Values returns all known PII categories.

type PIIConfig 

type PIIConfig struct {
	// Legacy fields (backward compatibility).
	RedactEmail bool
	RedactPhone bool
	CustomRegex []string

	// New pattern management.
	DisabledBuiltins []string
	CustomPatterns   map[string]string // name -> regex

	// Presidio integration.
	PresidioEnabled   bool
	PresidioURL       string
	PresidioThreshold float64
	PresidioLanguage  string
}

PIIConfig defines configuration for PII redaction.

type PIIDetector 

type PIIDetector interface {
	Detect(text string) []PIIMatch
}

PIIDetector detects PII occurrences in text.

type PIIMatch 

type PIIMatch struct {
	PatternName string
	Category    PIICategory
	Start       int
	End         int
	Score       float64 // 1.0 for regex, variable for Presidio
}

PIIMatch represents a single PII detection result.

type PIIPatternDef 

type PIIPatternDef struct {
	Name           string
	Label          string
	Category       PIICategory
	Pattern        string
	EnabledDefault bool
	Validate       func(match string) bool // optional post-match validation
}

PIIPatternDef defines a single PII detection pattern.

func LookupBuiltinPattern 

func LookupBuiltinPattern(name string) (PIIPatternDef, bool)

LookupBuiltinPattern returns a builtin pattern by name and whether it exists.

type PIIRedactor 

type PIIRedactor struct {
	// contains filtered or unexported fields
}

PIIRedactor redacts PII from input strings using a PIIDetector.

func NewPIIRedactor 

func NewPIIRedactor(cfg PIIConfig) *PIIRedactor

NewPIIRedactor creates a new PIIRedactor from the given configuration.

func (*PIIRedactor) RedactInput 

func (r *PIIRedactor) RedactInput(input string) string

RedactInput applies PII redaction patterns to an input string. Detected PII is replaced with [REDACTED].

type ParameterDef 

type ParameterDef struct {
	Type        string
	Description string
	Required    bool
	Enum        []string
}

ParameterDef defines a tool parameter

type PresidioDetector 

type PresidioDetector struct {
	// contains filtered or unexported fields
}

PresidioDetector detects PII by calling a Microsoft Presidio analyzer endpoint.

func NewPresidioDetector 

func NewPresidioDetector(baseURL string, opts ...PresidioOption) *PresidioDetector

NewPresidioDetector creates a new Presidio-based PII detector.

func (*PresidioDetector) Detect 

func (d *PresidioDetector) Detect(text string) []PIIMatch

Detect calls the Presidio /analyze endpoint and returns matches. On error, it returns nil (graceful degradation).

func (*PresidioDetector) HealthCheck 

func (d *PresidioDetector) HealthCheck(ctx context.Context) error

HealthCheck verifies that the Presidio analyzer service is reachable.

type PresidioOption 

type PresidioOption func(*PresidioDetector)

PresidioOption configures a PresidioDetector.

func WithPresidioLanguage 

func WithPresidioLanguage(lang string) PresidioOption

WithPresidioLanguage sets the language hint for Presidio analysis.

func WithPresidioThreshold 

func WithPresidioThreshold(t float64) PresidioOption

WithPresidioThreshold sets the minimum confidence score for Presidio results.

func WithPresidioTimeout 

func WithPresidioTimeout(t time.Duration) PresidioOption

WithPresidioTimeout sets the HTTP client timeout for Presidio requests.

type RegexDetector 

type RegexDetector struct {
	// contains filtered or unexported fields
}

RegexDetector detects PII using compiled regex patterns.

func NewRegexDetector 

func NewRegexDetector(cfg RegexDetectorConfig) *RegexDetector

NewRegexDetector creates a RegexDetector with the configured patterns.

func (*RegexDetector) Detect 

func (d *RegexDetector) Detect(text string) []PIIMatch

Detect finds all PII matches in the given text.

type RegexDetectorConfig 

type RegexDetectorConfig struct {
	DisabledBuiltins []string
	CustomPatterns   map[string]string // name -> regex
	CustomRegex      []string          // legacy unnamed custom patterns

	// Legacy toggles for backward compatibility.
	RedactEmail bool
	RedactPhone bool
}

RegexDetectorConfig configures which patterns the RegexDetector uses.

type SafetyLevel 

type SafetyLevel int

SafetyLevel classifies the risk level of a tool. Zero value is treated as Dangerous (fail-safe). 

const (
	// SafetyLevelSafe indicates a read-only or non-destructive tool.
	SafetyLevelSafe SafetyLevel = iota + 1
	// SafetyLevelModerate indicates a tool that creates or modifies non-critical resources.
	SafetyLevelModerate
	// SafetyLevelDangerous indicates a tool that can execute arbitrary code, delete data, or modify secrets.
	SafetyLevelDangerous
)

func (SafetyLevel) IsDangerous 

func (s SafetyLevel) IsDangerous() bool

IsDangerous returns true if the tool should be treated as dangerous. Zero value (unset) is also treated as dangerous.

func (SafetyLevel) String 

func (s SafetyLevel) String() string

String returns the human-readable name of the safety level.

func (SafetyLevel) Valid 

func (s SafetyLevel) Valid() bool

Valid reports whether s is a known safety level.

func (SafetyLevel) Values 

func (s SafetyLevel) Values() []SafetyLevel

Values returns all known safety levels.

type SecretScanner 

type SecretScanner struct {
	// contains filtered or unexported fields
}

SecretScanner scans text output for known secret values and replaces them with masked placeholders. This prevents AI agents from leaking secret values in their responses.

func NewSecretScanner 

func NewSecretScanner() *SecretScanner

NewSecretScanner creates a new SecretScanner with an empty secret registry.

func (*SecretScanner) Clear 

func (s *SecretScanner) Clear()

Clear removes all registered secrets.

func (*SecretScanner) HasSecrets 

func (s *SecretScanner) HasSecrets() bool

HasSecrets returns true if any secrets are registered.

func (*SecretScanner) Register 

func (s *SecretScanner) Register(name string, value []byte)

Register adds a known secret value with its name. Values shorter than 4 characters are ignored to avoid false positives during scanning.

func (*SecretScanner) Scan 

func (s *SecretScanner) Scan(text string) string

Scan replaces any known secret values found in text with [SECRET:name] placeholders.

type Tool 

type Tool struct {
	Name        string
	Description string
	Parameters  map[string]interface{}
	Handler     ToolHandler
	SafetyLevel SafetyLevel
}

Tool represents a tool that can be invoked by the LLM

type ToolHandler 

type ToolHandler func(ctx context.Context, params map[string]interface{}) (interface{}, error)

ToolHandler is the function signature for tool implementations

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.