Documentation
¶
Overview ¶
Package services contains application use cases.
Package services contains application use cases.
Index ¶
- type CapabilityGatekeeper
- type CapabilityOrchestrator
- func NewCapabilityOrchestrator(configPath string, trustAll bool, registry *capabilities.Registry, ...) *CapabilityOrchestrator
- func NewCapabilityOrchestratorWithDeps(analyzer ports.CapabilityAnalyzer, gatekeeper ports.CapabilityGatekeeperPort, ...) *CapabilityOrchestrator
- func NewCapabilityOrchestratorWithSecurity(configPath string, trustAll bool, securityLevel string, ...) *CapabilityOrchestrator
- func (o *CapabilityOrchestrator) CollectCapabilities(ctx context.Context, profile entities.ProfileReader, pluginDir string) (map[string][]capabilities.Capability, ports.PluginRuntime, error)
- func (o *CapabilityOrchestrator) CollectRequiredCapabilities(ctx context.Context, profile entities.ProfileReader, ...) (map[string][]capabilities.Capability, error)
- func (o *CapabilityOrchestrator) GrantCapabilities(required map[string][]capabilities.Capability, trustAll bool) (map[string][]capabilities.Capability, error)
- type CheckProfileUseCase
- type LockfileService
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CapabilityGatekeeper ¶
type CapabilityGatekeeper struct {
// contains filtered or unexported fields
}
CapabilityGatekeeper handles capability granting decisions, user interaction, and persistence. This is an application service responsible for the security boundary between required and granted capabilities.
func NewCapabilityGatekeeper ¶
func NewCapabilityGatekeeper(configPath string, securityLevel string) *CapabilityGatekeeper
NewCapabilityGatekeeper creates a new capability gatekeeper.
func (*CapabilityGatekeeper) GrantCapabilities ¶
func (g *CapabilityGatekeeper) GrantCapabilities( required capabilities.Grant, capabilityInfo map[string]ports.CapabilityInfo, trustAll bool, ) (capabilities.Grant, error)
GrantCapabilities determines which capabilities to grant based on security policy, user input, and saved grants. It handles the complete granting workflow: check saved grants, apply security policy, prompt if needed, persist decisions.
Parameters:
- required: capabilities requested by plugins
- capabilityInfo: metadata about each capability (is it broad, profile-specific alternative, etc.)
- trustAll: if true, auto-grant all capabilities without prompting
Returns:
- granted capabilities
- error if user denies or security policy blocks
type CapabilityOrchestrator ¶
type CapabilityOrchestrator struct {
// contains filtered or unexported fields
}
CapabilityOrchestrator coordinates capability collection and granting. It delegates to specialized services: - CapabilityAnalyzer for extraction (domain logic) - CapabilityGatekeeper for granting (security boundary)
func NewCapabilityOrchestrator ¶
func NewCapabilityOrchestrator(configPath string, trustAll bool, registry *capabilities.Registry, runtimeFactory ports.PluginRuntimeFactory) *CapabilityOrchestrator
NewCapabilityOrchestrator creates a capability orchestrator with default security level (standard). configPath specifies the path to the system config file (e.g., ~/.reglet/config.yaml).
func NewCapabilityOrchestratorWithDeps ¶
func NewCapabilityOrchestratorWithDeps( analyzer ports.CapabilityAnalyzer, gatekeeper ports.CapabilityGatekeeperPort, runtimeFactory ports.PluginRuntimeFactory, trustAll bool, ) *CapabilityOrchestrator
NewCapabilityOrchestratorWithDeps creates an orchestrator with injected dependencies. This constructor is primarily for testing, allowing mock implementations.
func NewCapabilityOrchestratorWithSecurity ¶
func NewCapabilityOrchestratorWithSecurity(configPath string, trustAll bool, securityLevel string, registry *capabilities.Registry, runtimeFactory ports.PluginRuntimeFactory) *CapabilityOrchestrator
NewCapabilityOrchestratorWithSecurity creates a capability orchestrator with specified security level. configPath specifies the path to the system config file (e.g., ~/.reglet/config.yaml). securityLevel can be: "strict", "standard", or "permissive"
func (*CapabilityOrchestrator) CollectCapabilities ¶
func (o *CapabilityOrchestrator) CollectCapabilities(ctx context.Context, profile entities.ProfileReader, pluginDir string) (map[string][]capabilities.Capability, ports.PluginRuntime, error)
CollectCapabilities creates a temporary runtime and collects required capabilities. Returns the required capabilities and the temporary runtime (caller must close it).
func (*CapabilityOrchestrator) CollectRequiredCapabilities ¶
func (o *CapabilityOrchestrator) CollectRequiredCapabilities(ctx context.Context, profile entities.ProfileReader, runtime ports.PluginRuntime, pluginDir string) (map[string][]capabilities.Capability, error)
CollectRequiredCapabilities loads plugins and identifies requirements. It prioritizes specific capabilities extracted from profile configs over plugin metadata.
func (*CapabilityOrchestrator) GrantCapabilities ¶
func (o *CapabilityOrchestrator) GrantCapabilities(required map[string][]capabilities.Capability, trustAll bool) (map[string][]capabilities.Capability, error)
GrantCapabilities resolves permissions via the gatekeeper. Delegates the complete granting workflow to CapabilityGatekeeper.
type CheckProfileUseCase ¶
type CheckProfileUseCase struct {
// contains filtered or unexported fields
}
CheckProfileUseCase orchestrates the complete profile check workflow. This is a pure application layer component that depends only on ports.
func NewCheckProfileUseCase ¶
func NewCheckProfileUseCase( profileLoader ports.ProfileLoader, profileCompiler *services.ProfileCompiler, profileValidator ports.ProfileValidator, systemConfig ports.SystemConfigProvider, pluginResolver ports.PluginDirectoryResolver, capOrchestrator *CapabilityOrchestrator, lockfileService *LockfileService, engineFactory ports.EngineFactory, logger *slog.Logger, ) *CheckProfileUseCase
NewCheckProfileUseCase creates a new check profile use case.
func (*CheckProfileUseCase) CheckFailed ¶
func (uc *CheckProfileUseCase) CheckFailed(result *execution.ExecutionResult) bool
CheckFailed returns true if the execution result indicates failures.
func (*CheckProfileUseCase) Execute ¶
func (uc *CheckProfileUseCase) Execute(ctx context.Context, req dto.CheckProfileRequest) (*dto.CheckProfileResponse, error)
Execute runs the complete check profile workflow.
type LockfileService ¶
type LockfileService struct {
// contains filtered or unexported fields
}
LockfileService orchestrates plugin version resolution and locking.
func NewLockfileService ¶
func NewLockfileService( repo ports.LockfileRepository, resolver ports.VersionResolver, digester ports.PluginDigester, ) *LockfileService
NewLockfileService creates a new LockfileService.
func (*LockfileService) ResolvePlugins ¶
func (s *LockfileService) ResolvePlugins( ctx context.Context, profile *entities.Profile, lockfilePath string, ) (*entities.Lockfile, error)
ResolvePlugins resolves plugin versions using the lockfile if available, or falls back to resolving constraints and updating the lockfile.