system

package
v0.2.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 9, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package system provides infrastructure for system-level configuration. This includes loading system config files (~/.reglet/config.yaml) and capability grants.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// User-defined capabilities
	Capabilities []struct {
		Kind    string `yaml:"kind"`
		Pattern string `yaml:"pattern"`
	} `yaml:"capabilities"`

	// WasmMemoryLimitMB limits WASM memory per plugin in Megabytes (MB).
	// 0 = default (256MB), -1 = unlimited, >0 = explicit limit in MB.
	WasmMemoryLimitMB int `yaml:"wasm_memory_limit_mb"`

	// Redaction configuration for secrets
	Redaction RedactionConfig `yaml:"redaction"`

	// Security configuration for capability prompting
	Security SecurityConfig `yaml:"security"`
}

Config represents the global configuration file (~/.reglet/config.yaml). This is infrastructure-level configuration separate from profile configuration.

func (*Config) ToHostFuncsCapabilities 

func (c *Config) ToHostFuncsCapabilities() []capabilities.Capability

ToHostFuncsCapabilities converts the config capability format to the internal hostfuncs format.

type ConfigLoader 

type ConfigLoader struct{}

ConfigLoader loads system configuration from disk.

func NewConfigLoader 

func NewConfigLoader() *ConfigLoader

NewConfigLoader creates a new system config loader.

func (*ConfigLoader) Load 

func (l *ConfigLoader) Load(path string) (*Config, error)

Load loads the system configuration from the specified path. If the file does not exist, it returns an empty config without error.

type HashModeConfig 

type HashModeConfig struct {
	Enabled bool   `yaml:"enabled"`
	Salt    string `yaml:"salt"` // Optional salt for stable hashing
}

HashModeConfig controls hash-based redaction.

type RedactionConfig 

type RedactionConfig struct {
	// Custom patterns to redact (regex strings)
	Patterns []string `yaml:"patterns"`
	// JSON paths to always redact (e.g. "config.password")
	Paths []string `yaml:"paths"`
	// If true, replace with hash instead of [REDACTED]
	HashMode HashModeConfig `yaml:"hash_mode"`
}

RedactionConfig configures how sensitive data is sanitized.

type SecurityConfig 

type SecurityConfig struct {
	// Level defines the security policy: "strict", "standard", or "permissive"
	// - strict: Deny all broad capabilities
	// - standard: Warn about broad capabilities (default)
	// - permissive: Allow all capabilities without warnings
	Level string `yaml:"level"`

	// CustomBroadPatterns allows users to define additional patterns considered "broad"
	// Format: "kind:pattern" (e.g., "fs:write:/tmp/**")
	CustomBroadPatterns []string `yaml:"custom_broad_patterns"`
}

SecurityConfig configures capability security policies.

func (*SecurityConfig) GetSecurityLevel 

func (c *SecurityConfig) GetSecurityLevel() SecurityLevel

GetSecurityLevel returns the configured security level, defaulting to Standard.

type SecurityLevel 

type SecurityLevel string

SecurityLevel represents the security enforcement level. 

const (
	// SecurityLevelStrict denies broad capabilities
	SecurityLevelStrict SecurityLevel = "strict"

	// SecurityLevelStandard warns about broad capabilities (default)
	SecurityLevelStandard SecurityLevel = "standard"

	// SecurityLevelPermissive allows all capabilities without warnings
	SecurityLevelPermissive SecurityLevel = "permissive"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.