module

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: GPL-3.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EventCategorySystem      = "system"
	EventCategoryAsset       = "asset"
	EventCategoryScan        = "scan"
	EventCategoryFinding     = "finding"
	EventCategoryExposure    = "exposure"
	EventCategoryCredential  = "credential"
	EventCategoryPentest     = "pentest"
	EventCategoryRemediation = "remediation"
	EventCategoryComponent   = "component"
	EventCategoryThreatIntel = "threat_intel"
)

Known event type categories.

View Source 
const (
	ModuleCategoryCore       = "core"
	ModuleCategorySecurity   = "security"
	ModuleCategoryPlatform   = "platform"
	ModuleCategoryCompliance = "compliance"
	ModuleCategoryEnterprise = "enterprise"
)

ModuleCategory constants

View Source 
const (
	// Core
	ModuleDashboard = "dashboard"
	ModuleAssets    = "assets"
	ModuleFindings  = "findings"
	ModuleScans     = "scans"

	// Discovery
	ModuleCredentials     = "credentials"
	ModuleComponents      = "components"
	ModuleBranches        = "branches"
	ModuleVulnerabilities = "vulnerabilities"

	// Prioritization
	ModuleThreatIntel = "threat_intel"
	ModuleExposures   = "exposures"
	ModuleAITriage    = "ai_triage"
	ModuleSLA         = "sla"

	// Validation
	ModulePentest          = "pentest"
	ModuleAttackSimulation = "attack_simulation"
	ModuleControlTesting   = "control_testing"

	// Compliance
	// Seeded by migration 000105_compliance_module_seed.up.sql.
	// User-facing (toggleable from Settings → Modules) and gated by
	// the compliance:frameworks:read permission.
	ModuleCompliance = "compliance"

	// Mobilization
	ModuleRemediation  = "remediation"
	ModuleSuppressions = "suppressions"
	ModulePolicies     = "policies"

	// Insights
	ModuleReports = "reports"
	ModuleAudit   = "audit"

	// Settings
	ModuleIntegrations         = "integrations"
	ModuleAgents               = "agents"
	ModuleTeam                 = "team"
	ModuleGroups               = "groups"
	ModuleRoles                = "roles"
	ModuleSettings             = "settings"
	ModuleAPIKeys              = "api_keys"
	ModuleWebhooks             = "webhooks"
	ModuleNotificationSettings = "notification_settings"

	// Data
	ModuleSources = "sources"
	ModuleSecrets = "secrets"
	ModuleScope   = "scope"

	// Operations
	ModulePipelines    = "pipelines"
	ModuleTools        = "tools"
	ModuleCommands     = "commands"
	ModuleScanProfiles = "scan_profiles"
	ModuleIOCs         = "iocs"
)

Well-known module IDs (top-level modules)

View Source 
const (
	ModuleIntegrationsSCM           = "integrations.scm"
	ModuleIntegrationsNotifications = "integrations.notifications"
	ModuleIntegrationsWebhooks      = "integrations.webhooks"
	ModuleIntegrationsAPI           = "integrations.api"
	ModuleIntegrationsPipelines     = "integrations.pipelines"
	ModuleIntegrationsTicketing     = "integrations.ticketing"
	ModuleIntegrationsSIEM          = "integrations.siem"
)

Integration sub-module IDs (children of ModuleIntegrations)

View Source 
const (
	ModuleAITriageBulk          = "ai_triage.bulk"           // Bulk triage operations
	ModuleAITriageAuto          = "ai_triage.auto"           // Auto-triage on finding creation
	ModuleAITriageWorkflow      = "ai_triage.workflow"       // Workflow triggers and actions
	ModuleAITriageBYOK          = "ai_triage.byok"           // Bring Your Own Key mode
	ModuleAITriageAgent         = "ai_triage.agent"          // Self-hosted Agent mode
	ModuleAITriageCustomPrompts = "ai_triage.custom_prompts" // Custom prompt templates
)

AI Triage sub-module IDs (children of ModuleAITriage)

View Source 
const (
	AITriageLimitMonthlyTokens = "monthly_token_limit" // Monthly token limit (int64, -1 = unlimited)
)

AI Triage limit keys for PlanModule.Limits

View Source 
const SubModuleSeparator = "."

SubModuleSeparator is the separator used in sub-module IDs (e.g., "integrations.scm").

View Source 
const SubModuleSlugSeparator = "-"

SubModuleSlugSeparator is the separator used in sub-module slugs (e.g., "integrations-scm").

Variables

View Source 
var (
	ErrPlanNotFound               = fmt.Errorf("%w: plan not found", shared.ErrNotFound)
	ErrPlanSlugExists             = fmt.Errorf("%w: plan slug already exists", shared.ErrConflict)
	ErrModuleNotFound             = fmt.Errorf("%w: module not found", shared.ErrNotFound)
	ErrEventTypeNotFound          = fmt.Errorf("%w: event type not found", shared.ErrNotFound)
	ErrSubscriptionNotFound       = fmt.Errorf("%w: subscription not found", shared.ErrNotFound)
	ErrInvalidPlanID              = fmt.Errorf("%w: invalid plan ID format", shared.ErrValidation)
	ErrInvalidModuleID            = fmt.Errorf("%w: invalid module ID format", shared.ErrValidation)
	ErrInvalidSubModuleID         = fmt.Errorf("%w: invalid sub-module ID format", shared.ErrValidation)
	ErrCoreModuleCannotBeDisabled = fmt.Errorf("%w: core module cannot be disabled", shared.ErrValidation)
	ErrModuleNotAvailable         = fmt.Errorf("%w: module is not available", shared.ErrValidation)
)

Domain errors.

View Source 
var CategoryDisplayNames = map[string]string{
	EventCategorySystem:      "System",
	EventCategoryAsset:       "Assets",
	EventCategoryScan:        "Scans",
	EventCategoryFinding:     "Findings",
	EventCategoryExposure:    "Exposures",
	EventCategoryCredential:  "Credentials",
	EventCategoryPentest:     "Penetration Testing",
	EventCategoryRemediation: "Remediation",
	EventCategoryComponent:   "Components",
	EventCategoryThreatIntel: "Threat Intelligence",
}

CategoryDisplayNames maps category IDs to display names.

View Source 
var CoreModuleIDs = map[string]bool{
	ModuleDashboard: true,
	ModuleAssets:    true,
	ModuleFindings:  true,
	ModuleScans:     true,
	ModuleTeam:      true,
	ModuleRoles:     true,
	ModuleAudit:     true,
	ModuleSettings:  true,
}

CoreModuleIDs defines modules that are essential for platform operation and cannot be disabled by tenant admins.

View Source 
var ModulePermissionMapping = map[string]string{

	ModuleDashboard: "dashboard:read",
	ModuleAssets:    "assets:read",
	ModuleFindings:  "findings:read",
	ModuleScans:     "scans:read",

	ModuleCredentials:     "findings:credentials:read",
	ModuleComponents:      "assets:components:read",
	ModuleBranches:        "assets:read",
	ModuleVulnerabilities: "findings:vulnerabilities:read",

	ModuleThreatIntel: "threat_intel:read",
	ModuleExposures:   "findings:exposures:read",
	ModuleAITriage:    "ai_triage:read",
	ModuleSLA:         "settings:sla:read",

	ModulePentest: "pentest:campaigns:read",

	ModuleCompliance: "compliance:frameworks:read",

	ModuleRemediation:  "findings:remediation:read",
	ModuleSuppressions: "findings:suppressions:read",
	ModulePolicies:     "findings:policies:read",

	ModuleReports: "reports:read",
	ModuleAudit:   "audit:read",

	ModuleIntegrations:         "integrations:read",
	ModuleAgents:               "agents:read",
	ModuleTeam:                 "team:read",
	ModuleGroups:               "team:groups:read",
	ModuleRoles:                "team:roles:read",
	ModuleSettings:             "settings:read",
	ModuleAPIKeys:              "integrations:api_keys:read",
	ModuleWebhooks:             "integrations:webhooks:read",
	ModuleNotificationSettings: "integrations:notifications:read",

	ModuleSources: "scans:sources:read",
	ModuleSecrets: "scans:secret_store:read",
	ModuleScope:   "attack_surface:scope:read",

	ModulePipelines:    "integrations:pipelines:read",
	ModuleTools:        "scans:tools:read",
	ModuleScanProfiles: "scans:profiles:read",
}

ModulePermissionMapping maps module IDs to their required read permissions. This is used to filter modules based on user's RBAC permissions. A user must have at least the read permission to see the module in sidebar. These permissions MUST match the permission IDs seeded in 000005_permissions.up.sql

View Source 
var UserFacingModuleIDs = map[string]bool{

	ModuleDashboard: true,
	ModuleAssets:    true,
	ModuleFindings:  true,
	ModuleScans:     true,
	ModuleTeam:      true,
	ModuleRoles:     true,
	ModuleAudit:     true,
	ModuleSettings:  true,

	ModuleCredentials:      true,
	ModuleComponents:       true,
	ModuleExposures:        true,
	ModuleThreatIntel:      true,
	ModulePentest:          true,
	ModuleAttackSimulation: true,
	ModuleControlTesting:   true,
	ModuleCompliance:       true,
	ModuleRemediation:      true,
	ModuleReports:          true,
	ModuleIntegrations:     true,
}

UserFacingModuleIDs defines modules shown on the Module Management page. Only modules that directly map to sidebar navigation sections are included. Modules like agents, tools, pipelines are bundled under "scans" in sidebar, so toggling them individually has no sidebar effect — they are excluded.

Functions

func BuildSubModuleID 

func BuildSubModuleID(parentModuleID, subModuleName string) string

BuildSubModuleID constructs a sub-module ID from parent and child. Example: BuildSubModuleID("integrations", "scm") returns "integrations.scm"

func BuildSubModuleSlug 

func BuildSubModuleSlug(parentModuleID, subModuleName string) string

BuildSubModuleSlug constructs a sub-module slug from parent and child. Example: BuildSubModuleSlug("integrations", "scm") returns "integrations-scm"

func FilterModuleIDsByPermissions 

func FilterModuleIDsByPermissions(moduleIDs []string, userPermissions []string, isAdmin bool) []string

FilterModuleIDsByPermissions filters module IDs based on user's permissions.

func GetCategoryDisplayName 

func GetCategoryDisplayName(category string) string

GetCategoryDisplayName returns the display name for a category.

func GetDefaultEventTypeIDs 

func GetDefaultEventTypeIDs(eventTypes []*EventType) []string

GetDefaultEventTypeIDs returns the IDs of event types that are default enabled.

func GetRequiredPermission 

func GetRequiredPermission(moduleID string) string

GetRequiredPermission returns the required permission for a module. Returns empty string if the module has no permission requirement.

func IsCoreModule added in v0.1.2 

func IsCoreModule(moduleID string) bool

IsCoreModule returns true if the module is essential for platform operation.

func IsUserFacing added in v0.1.2 

func IsUserFacing(moduleID string) bool

IsUserFacing returns true if the module should be shown in the admin Module Management page. Internal modules are hidden.

func ValidateSubModuleID 

func ValidateSubModuleID(fullSubModuleID string) error

ValidateSubModuleID validates that a sub-module ID follows the correct format. Returns error if the ID is malformed (e.g., double separator, empty parts).

Types

type EventType 

type EventType struct {
	// contains filtered or unexported fields
}

EventType represents a notification event type stored in the database. This is the single source of truth for all event types in the system.

func ReconstructEventType 

func ReconstructEventType(
	id, slug, name, description, category, icon, color string,
	severityApplicable, isDefault, isActive bool,
	displayOrder int,
) *EventType

ReconstructEventType creates an EventType from stored data.

func (*EventType) Category 

func (e *EventType) Category() string

func (*EventType) Color 

func (e *EventType) Color() string

func (*EventType) Description 

func (e *EventType) Description() string

func (*EventType) DisplayOrder 

func (e *EventType) DisplayOrder() int

func (*EventType) ID 

func (e *EventType) ID() string

func (*EventType) Icon 

func (e *EventType) Icon() string

func (*EventType) IsActive 

func (e *EventType) IsActive() bool

func (*EventType) IsDefault 

func (e *EventType) IsDefault() bool

func (*EventType) Name 

func (e *EventType) Name() string

func (*EventType) SeverityApplicable 

func (e *EventType) SeverityApplicable() bool

func (*EventType) Slug 

func (e *EventType) Slug() string

type EventTypeCategory 

type EventTypeCategory struct {
	ID         string       `json:"id"`
	Name       string       `json:"name"`
	EventTypes []*EventType `json:"event_types"`
}

EventTypeCategory represents a category of event types for UI grouping.

func GroupEventTypesByCategory 

func GroupEventTypesByCategory(eventTypes []*EventType) []EventTypeCategory

GroupEventTypesByCategory groups event types by their category.

type EventTypeWithModule 

type EventTypeWithModule struct {
	*EventType
	ModuleID string
}

EventTypeWithModule represents an event type with its associated module ID.

type Module 

type Module struct {
	// contains filtered or unexported fields
}

Module represents a feature module in the system.

func FilterModulesByPermissions 

func FilterModulesByPermissions(modules []*Module, userPermissions []string, isAdmin bool) []*Module

FilterModulesByPermissions filters modules based on user's permissions. Returns only modules that the user has at least read permission for. Admin/Owner users should pass isAdmin=true to bypass permission checks.

func ReconstructModule 

func ReconstructModule(
	id, slug, name, description, icon, category string,
	displayOrder int,
	isActive bool,
	isCore bool,
	releaseStatus string,
	parentModuleID *string,
	eventTypes []string,
) *Module

ReconstructModule creates a Module from stored data.

func (*Module) Category 

func (m *Module) Category() string

func (*Module) Description 

func (m *Module) Description() string

func (*Module) DisplayOrder 

func (m *Module) DisplayOrder() int

func (*Module) EventTypes 

func (m *Module) EventTypes() []string

func (*Module) HasParent 

func (m *Module) HasParent(parentID string) bool

HasParent returns true if this module's parent is the given ID.

func (*Module) ID 

func (m *Module) ID() string

func (*Module) Icon 

func (m *Module) Icon() string

func (*Module) IsActive 

func (m *Module) IsActive() bool

func (*Module) IsBeta 

func (m *Module) IsBeta() bool

IsBeta returns true if the module is in beta testing.

func (*Module) IsComingSoon 

func (m *Module) IsComingSoon() bool

IsComingSoon returns true if the module is not released yet.

func (*Module) IsCore added in v0.1.2 

func (m *Module) IsCore() bool

func (*Module) IsDeprecated 

func (m *Module) IsDeprecated() bool

IsDeprecated returns true if the module is being phased out.

func (*Module) IsReleased 

func (m *Module) IsReleased() bool

IsReleased returns true if the module is generally available.

func (*Module) IsSubModule 

func (m *Module) IsSubModule() bool

IsSubModule returns true if this module has a parent module.

func (*Module) Name 

func (m *Module) Name() string

func (*Module) ParentModuleID 

func (m *Module) ParentModuleID() *string

func (*Module) ReleaseStatus 

func (m *Module) ReleaseStatus() ReleaseStatus

func (*Module) Slug 

func (m *Module) Slug() string

type ModuleRepository 

type ModuleRepository interface {
	// GetByID retrieves a module by its ID.
	GetByID(ctx context.Context, id string) (*Module, error)

	// GetBySlug retrieves a module by its slug.
	GetBySlug(ctx context.Context, slug string) (*Module, error)

	// ListAll returns all modules.
	ListAll(ctx context.Context) ([]*Module, error)

	// ListActive returns all active modules.
	ListActive(ctx context.Context) ([]*Module, error)

	// ListByCategory returns modules filtered by category.
	ListByCategory(ctx context.Context, category string) ([]*Module, error)
}

ModuleRepository defines the interface for module persistence operations.

type ReleaseStatus 

type ReleaseStatus string

ReleaseStatus represents the product lifecycle status of a module. 

const (
	// ReleaseStatusReleased means the module is generally available.
	ReleaseStatusReleased ReleaseStatus = "released"
	// ReleaseStatusComingSoon means the module is not released yet, shown as preview.
	ReleaseStatusComingSoon ReleaseStatus = "coming_soon"
	// ReleaseStatusBeta means the module is in beta testing.
	ReleaseStatusBeta ReleaseStatus = "beta"
	// ReleaseStatusDeprecated means the module is being phased out.
	ReleaseStatusDeprecated ReleaseStatus = "deprecated"
)

type TenantModuleOverride added in v0.1.2 

type TenantModuleOverride struct {
	TenantID   shared.ID
	ModuleID   string
	IsEnabled  bool
	EnabledAt  *time.Time
	DisabledAt *time.Time
	UpdatedBy  *shared.ID
	UpdatedAt  time.Time
}

TenantModuleOverride represents a tenant's override for a module's enabled state.

type TenantModuleRepository added in v0.1.2 

type TenantModuleRepository interface {
	// ListByTenant returns all module overrides for a tenant.
	ListByTenant(ctx context.Context, tenantID shared.ID) ([]*TenantModuleOverride, error)

	// UpsertBatch creates or updates multiple module overrides for a tenant.
	UpsertBatch(ctx context.Context, tenantID shared.ID, updates []TenantModuleUpdate, updatedBy *shared.ID) error

	// DeleteByTenant removes all module overrides for a tenant (reset to defaults).
	DeleteByTenant(ctx context.Context, tenantID shared.ID) error
}

TenantModuleRepository defines the interface for per-tenant module configuration.

type TenantModuleUpdate added in v0.1.2 

type TenantModuleUpdate struct {
	ModuleID  string
	IsEnabled bool
}

TenantModuleUpdate represents a single module toggle request.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.