policy

package

v0.2.2 Latest Latest Go to latest Published: Jan 27, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Details

This section is empty.

This section is empty.

func NewPolicy(opts ...PolicyOption) ports.Policy

NewPolicy creates a new Policy.

type NopDenialHandler struct{}

NopDenialHandler does nothing.

func (h *NopDenialHandler) OnDenial(kind string, request interface{}, reason string)

type Policy struct {
	// contains filtered or unexported fields
}

Policy implements the Policy interface with stateless enforcement.

func (p *Policy) CheckEnvironment(req entities.EnvironmentRequest, grants *entities.GrantSet) bool

func (p *Policy) CheckExec(req entities.ExecCapabilityRequest, grants *entities.GrantSet) bool

func (p *Policy) CheckFileSystem(req entities.FileSystemRequest, grants *entities.GrantSet) bool

func (p *Policy) CheckKeyValue(req entities.KeyValueRequest, grants *entities.GrantSet) bool

func (p *Policy) CheckNetwork(req entities.NetworkRequest, grants *entities.GrantSet) bool

type PolicyOption func(*policyConfig)

PolicyOption configures the Policy.

func WithDenialHandler(h ports.DenialHandler) PolicyOption

WithDenialHandler sets the denial handler.

func WithSymlinkResolution(enabled bool) PolicyOption

WithSymlinkResolution enables/disables symlink resolution. Default is true (secure). Disable only for testing.

func WithWorkingDirectory(cwd string) PolicyOption

WithWorkingDirectory sets the working directory for relative path resolution.

type StderrDenialHandler struct{}

StderrDenialHandler logs denials to stderr.

func (h *StderrDenialHandler) OnDenial(kind string, request interface{}, reason string)