approval

package
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 25, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package approval provides intelligent command approval system inspired by Cortex Agent's Smart Approvals

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ApprovalCallback 

type ApprovalCallback interface {
	OnApproval(result *ApprovalResult, req *ApprovalRequest)
	OnApprovalTimeout(req *ApprovalRequest)
}

ApprovalCallback is called on approval decisions

type ApprovalConfig 

type ApprovalConfig struct {
	Strategy          Strategy `mapstructure:"strategy"`
	TrustThreshold    int      `mapstructure:"trust_threshold"`      // Approvals before auto-trust
	DenylistThreshold int      `mapstructure:"denylist_threshold"`   // Denials before auto-deny
	EnableLearning    bool     `mapstructure:"enable_learning"`      // Learn from decisions
	EnableWhitelist   bool     `mapstructure:"enable_whitelist"`     // Use whitelist
	EnableCLIConfirm  bool     `mapstructure:"enable_cli_confirm"`   // CLI confirmation
	GatewayEnabled    bool     `mapstructure:"gateway_enabled"`      // Send to messaging platform
	GatewayURL        string   `mapstructure:"gateway_url"`          // Gateway endpoint
	DangerousPatterns []string `mapstructure:"dangerous_patterns"`   // Always deny patterns
	AllowedPatterns   []string `mapstructure:"allowed_patterns"`     // Always allow patterns
	ApprovalTimeout   int      `mapstructure:"approval_timeout"`     // Seconds to wait for approval
	LearnFromSameUser bool     `mapstructure:"learn_from_same_user"` // Learn per user
}

ApprovalConfig holds approval system configuration

func DefaultConfig 

func DefaultConfig() *ApprovalConfig

DefaultConfig returns the default approval configuration

type ApprovalDecision 

type ApprovalDecision struct {
	Approved    bool
	Reason      string
	ExpiresAt   *time.Time
	Trusted     bool
	LearnedFrom string // How this was learned
}

ApprovalDecision represents an approval decision

type ApprovalRequest 

type ApprovalRequest struct {
	Command    string
	Args       []string
	WorkingDir string
	Env        map[string]string
	SessionID  string
	UserID     string
	RiskLevel  RiskLevel
	Reason     string
	Timestamp  time.Time
}

ApprovalRequest represents a command approval request

type ApprovalResult 

type ApprovalResult struct {
	Approved  bool
	Strategy  Strategy
	Reason    string
	Trusted   bool
	AskUser   bool
	RiskLevel RiskLevel
	Pattern   *CommandPattern
}

ApprovalResult is the result of an approval decision

type CommandPattern 

type CommandPattern struct {
	Pattern     string    `json:"pattern"`
	PatternHash string    `json:"pattern_hash"`
	Action      string    `json:"action"` // approved, denied
	Count       int       `json:"count"`
	RiskLevel   RiskLevel `json:"risk_level"`
	LastSeen    time.Time `json:"last_seen"`
	SessionIDs  []string  `json:"session_ids"`
	Trusted     bool      `json:"trusted"` // Auto-approved if count exceeds threshold
}

CommandPattern represents a learned command pattern

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles command approvals

func NewManager 

func NewManager(config *ApprovalConfig) (*Manager, error)

NewManager creates a new approval manager

func (*Manager) AddToWhitelist 

func (m *Manager) AddToWhitelist(pattern string) error

AddToWhitelist adds a command pattern to whitelist

func (*Manager) Approve 

func (m *Manager) Approve(req *ApprovalRequest) error

Approve records a user approval decision

func (*Manager) CLIConfirm 

func (m *Manager) CLIConfirm(req *ApprovalRequest) (bool, error)

CLIConfirm prompts user for confirmation in terminal

func (*Manager) ConfigCommand 

func (m *Manager) ConfigCommand() *cobra.Command

ConfigCommand returns CLI commands for approval management

func (*Manager) Deny 

func (m *Manager) Deny(req *ApprovalRequest) error

Deny records a user denial decision

func (*Manager) GetDeniedCommands 

func (m *Manager) GetDeniedCommands() []*CommandPattern

GetDeniedCommands returns denied command patterns

func (*Manager) GetTrustedCommands 

func (m *Manager) GetTrustedCommands() []*CommandPattern

GetTrustedCommands returns all trusted command patterns

func (*Manager) NotifyApproval 

func (m *Manager) NotifyApproval(result *ApprovalResult, req *ApprovalRequest)

NotifyApproval notifies all callbacks of an approval result

func (*Manager) RegisterCallback 

func (m *Manager) RegisterCallback(cb ApprovalCallback)

RegisterCallback registers an approval callback

func (*Manager) RemoveFromWhitelist 

func (m *Manager) RemoveFromWhitelist(pattern string) error

RemoveFromWhitelist removes a pattern from whitelist

func (*Manager) RequestApproval 

func (m *Manager) RequestApproval(req *ApprovalRequest) (*ApprovalResult, error)

RequestApproval asks for approval of a command

func (*Manager) SyncWithMemory 

func (m *Manager) SyncWithMemory() error

SyncWithMemory syncs patterns with memory store

type PatternMatchResult 

type PatternMatchResult struct {
	Matched   bool
	Pattern   string
	Variables map[string]string // Extracted variables from wildcard matches
}

PatternMatchResult contains the result of a pattern match

type RiskLevel 

type RiskLevel int

RiskLevel represents the danger level of a command 

const (
	RiskLow      RiskLevel = 1 // Safe commands like ls, pwd
	RiskMedium   RiskLevel = 2 // Commands that modify files
	RiskHigh     RiskLevel = 3 // Destructive commands like rm -rf
	RiskCritical RiskLevel = 4 // System-level changes
)

type SmartApproval 

type SmartApproval struct {
	// contains filtered or unexported fields
}

SmartApproval learns from user decisions and auto-approves safe commands

func NewSmartApproval 

func NewSmartApproval(config *SmartApprovalConfig) (*SmartApproval, error)

NewSmartApproval creates a new smart approval system

func (*SmartApproval) EvaluateCommand 

func (sa *SmartApproval) EvaluateCommand(command string, riskLevel RiskLevel) *ApprovalDecision

EvaluateCommand evaluates if a command should be approved

func (*SmartApproval) GetStats 

func (sa *SmartApproval) GetStats() map[string]interface{}

GetStats returns approval statistics

func (*SmartApproval) RecordDecision 

func (sa *SmartApproval) RecordDecision(command, action string) error

RecordDecision records a user's approval decision

func (*SmartApproval) Reset 

func (sa *SmartApproval) Reset() error

Reset resets learned patterns

func (*SmartApproval) ShouldAutoApprove 

func (sa *SmartApproval) ShouldAutoApprove(command string) (bool, string)

ShouldAutoApprove checks if a command should be auto-approved

type SmartApprovalConfig 

type SmartApprovalConfig struct {
	// Enable learning from user decisions
	LearnFromDecisions bool
	// Database path for storing approval history
	DBPath string
	// Minimum occurrences to auto-approve
	AutoApproveThreshold int
	// Auto-approve safe commands
	AutoApproveSafe bool
}

SmartApprovalConfig holds configuration for smart approval

func DefaultSmartApprovalConfig 

func DefaultSmartApprovalConfig() *SmartApprovalConfig

DefaultSmartApprovalConfig returns default configuration

type Strategy 

type Strategy string

Strategy defines how commands are approved 

const (
	// StrategyManual requires user confirmation for all commands
	StrategyManual Strategy = "manual"
	// StrategyAutoApprove automatically approves trusted commands
	StrategyAutoApprove Strategy = "auto"
	// StrategySmart learns from user decisions
	StrategySmart Strategy = "smart"
	// StrategyWhitelist only allows whitelisted commands
	StrategyWhitelist Strategy = "whitelist"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.