entities

package
v0.3.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2026 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package entities contains domain entities for the Reglet domain model.

Package entities contains domain entities for the Reglet domain model. These are pure domain types with NO infrastructure dependencies.

Package entities contains domain entities for the Reglet domain model.

Package entities contains domain entities for the Reglet domain model.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BackoffType 

type BackoffType string

BackoffType defines the strategy for retry delays. 

const (
	BackoffNone        BackoffType = "none"
	BackoffLinear      BackoffType = "linear"
	BackoffExponential BackoffType = "exponential"
)

type Control 

type Control struct {
	ID                     string                  `yaml:"id"`
	Name                   string                  `yaml:"name"`
	Description            string                  `yaml:"description,omitempty"`
	Severity               string                  `yaml:"severity,omitempty"`
	Owner                  string                  `yaml:"owner,omitempty"`
	RetryBackoff           BackoffType             `yaml:"retry_backoff,omitempty"`
	DependsOn              []string                `yaml:"depends_on,omitempty"`
	ObservationDefinitions []ObservationDefinition `yaml:"observations"`
	Tags                   []string                `yaml:"tags,omitempty"`
	Timeout                time.Duration           `yaml:"timeout,omitempty"`
	Retries                int                     `yaml:"retries,omitempty"`
	RetryDelay             time.Duration           `yaml:"retry_delay,omitempty"`
	RetryMaxDelay          time.Duration           `yaml:"retry_max_delay,omitempty"`
}

Control represents a specific compliance check or validation unit. It is uniquely identified by its ID.

func (*Control) ApplyDefaults 

func (c *Control) ApplyDefaults(defaults *ControlDefaults)

ApplyDefaults applies the given defaults to the control if values are missing.

func (*Control) GetEffectiveTimeout 

func (c *Control) GetEffectiveTimeout(defaultTimeout time.Duration) time.Duration

GetEffectiveTimeout returns the control's timeout with fallback to default.

func (*Control) HasAnyTag 

func (c *Control) HasAnyTag(tags []string) bool

HasAnyTag returns true if the control has any of the specified tags.

func (*Control) HasDependency 

func (c *Control) HasDependency(controlID string) bool

HasDependency returns true if the control depends on the specified control ID.

func (*Control) HasTag 

func (c *Control) HasTag(tag string) bool

HasTag returns true if the control has the specified tag.

func (*Control) IsEmpty 

func (c *Control) IsEmpty() bool

IsEmpty returns true if this is the zero value.

func (*Control) MatchesAnySeverity 

func (c *Control) MatchesAnySeverity(severities []string) bool

MatchesAnySeverity returns true if the control matches any of the severities.

func (*Control) MatchesSeverity 

func (c *Control) MatchesSeverity(severity string) bool

MatchesSeverity returns true if the control matches the specified severity.

func (*Control) ObservationCount 

func (c *Control) ObservationCount() int

ObservationCount returns the number of observations in this control.

func (*Control) Validate 

func (c *Control) Validate() error

Validate ensures the control is well-formed.

type ControlDefaults 

type ControlDefaults struct {
	Severity      string        `yaml:"severity,omitempty"`
	Owner         string        `yaml:"owner,omitempty"`
	RetryBackoff  BackoffType   `yaml:"retry_backoff,omitempty"`
	Tags          []string      `yaml:"tags,omitempty"`
	Timeout       time.Duration `yaml:"timeout,omitempty"`
	Retries       int           `yaml:"retries,omitempty"`
	RetryDelay    time.Duration `yaml:"retry_delay,omitempty"`
	RetryMaxDelay time.Duration `yaml:"retry_max_delay,omitempty"`
}

ControlDefaults specifies values inherited by controls when not explicitly set.

type ControlsSection 

type ControlsSection struct {
	Defaults *ControlDefaults `yaml:"defaults,omitempty"`
	Items    []Control        `yaml:"items"`
}

ControlsSection groups validation controls and their default settings.

type Lockfile 

type Lockfile struct {
	Generated time.Time             `yaml:"generated"`
	Plugins   map[string]PluginLock `yaml:"plugins"`
	Version   int                   `yaml:"lockfile_version"`
}

Lockfile is an aggregate root for reproducible plugin resolution. It guarantees that plugin versions are pinned for consistent builds.

Invariants: - Version must be 1 (current format version) - Each plugin entry must have a digest - Generated timestamp must be set

func NewLockfile 

func NewLockfile() *Lockfile

NewLockfile creates a new lockfile with the current version.

func (*Lockfile) AddPlugin 

func (l *Lockfile) AddPlugin(name string, lock PluginLock) error

AddPlugin adds a plugin lock entry. Returns error if digest is empty (invariant enforcement).

func (*Lockfile) GetPlugin 

func (l *Lockfile) GetPlugin(name string) *PluginLock

GetPlugin retrieves a plugin lock entry by name. Returns nil if not found.

func (*Lockfile) PluginCount 

func (l *Lockfile) PluginCount() int

PluginCount returns the number of locked plugins.

func (*Lockfile) Validate 

func (l *Lockfile) Validate() error

Validate checks lockfile invariants.

type ObservationDefinition 

type ObservationDefinition struct {
	Plugin string                 `yaml:"plugin"`
	Config map[string]interface{} `yaml:"config,omitempty"`
	Expect []string               `yaml:"expect,omitempty"`
}

ObservationDefinition configuration for a specific plugin execution. It is an immutable value object.

type PluginLock 

type PluginLock struct {
	Fetched   time.Time `yaml:"fetched,omitempty"`
	Modified  time.Time `yaml:"modified,omitempty"`
	Requested string    `yaml:"requested"`
	Resolved  string    `yaml:"resolved"`
	Source    string    `yaml:"source"`
	Digest    string    `yaml:"sha256"`
}

PluginLock is a value object representing a pinned plugin version. Immutable after creation.

type PluginRegistry 

type PluginRegistry struct {
	// contains filtered or unexported fields
}

PluginRegistry maps plugin aliases to their specifications. This allows observations to reference plugins by alias while the runtime resolves them to their actual sources.

func NewPluginRegistry 

func NewPluginRegistry() *PluginRegistry

NewPluginRegistry creates a new empty plugin registry.

func (*PluginRegistry) AllSpecs 

func (pr *PluginRegistry) AllSpecs() []*PluginSpec

AllSpecs returns all registered plugin specifications.

func (*PluginRegistry) HasPlugin 

func (pr *PluginRegistry) HasPlugin(name string) bool

HasPlugin reports whether a plugin with the given name is registered.

func (*PluginRegistry) Register 

func (pr *PluginRegistry) Register(spec *PluginSpec) error

Register adds a plugin specification to the registry.

func (*PluginRegistry) Resolve 

func (pr *PluginRegistry) Resolve(alias string) *PluginSpec

Resolve looks up a plugin by alias and returns its specification. If the alias is not registered, it returns a default spec where name=source.

type PluginSpec 

type PluginSpec struct {
	// Name is the alias used in observations (e.g., "file", "file-legacy")
	Name string

	// Source is the plugin source (e.g., "file", "ghcr.io/reglet-dev/reglet-plugins/file:1.0.0")
	Source string

	// Version is the explicit version constraint (e.g., "1.2.0")
	Version string

	// Digest is the optional content hash for pinning (e.g., "sha256:abc123...")
	Digest string

	// Verify indicates whether signature verification is required
	Verify bool
}

PluginSpec represents a plugin declaration with optional version and source.

func ParsePluginDeclaration 

func ParsePluginDeclaration(declaration string) (*PluginSpec, error)

ParsePluginDeclaration parses a single plugin declaration string. Supported formats:

  • "file" -> name=file, source=file
  • "file@1.2.0" -> name=file, source=file, version=1.2.0
  • "ghcr.io/.../file:1.2.0" -> name=file, source=full path
  • "ghcr.io/.../file@sha256:abc..." -> name=file, source=path, digest=sha256:abc...

func ParsePluginDeclarationWithAlias 

func ParsePluginDeclarationWithAlias(alias string, source interface{}) (*PluginSpec, error)

ParsePluginDeclarationWithAlias parses a plugin declaration with an explicit alias. Format: "alias: source" or expanded map format.

func (*PluginSpec) IsBuiltIn 

func (ps *PluginSpec) IsBuiltIn() bool

IsBuiltIn returns true if this plugin references a built-in plugin.

func (*PluginSpec) PluginName 

func (ps *PluginSpec) PluginName() string

PluginName returns the actual plugin name to load (without version suffix).

type Profile 

type Profile struct {
	Metadata ProfileMetadata        `yaml:"profile"`
	Plugins  []string               `yaml:"plugins,omitempty"`
	Vars     map[string]interface{} `yaml:"vars,omitempty"`
	Controls ControlsSection        `yaml:"controls"`

	// Extends specifies parent profiles to inherit from.
	// Multiple parents are merged left-to-right before applying current profile.
	// This field is NOT propagated after merge resolution.
	Extends []string `yaml:"extends,omitempty"`
}

Profile represents the Reglet profile configuration. It serves as the aggregate root for the configuration context, defining the validation configuration and ruleset.

Invariants enforced: - Unique control IDs - All dependencies must exist - Name and version are mandatory - At least one observation per control

func (*Profile) AddControl 

func (p *Profile) AddControl(ctrl Control) error

AddControl safely adds a new control to the profile. It returns an error if the control is invalid or already exists.

func (*Profile) ApplyDefaults 

func (p *Profile) ApplyDefaults()

ApplyDefaults propagates default values to all controls in the profile.

func (*Profile) BuildPluginRegistry 

func (p *Profile) BuildPluginRegistry() (*PluginRegistry, error)

BuildPluginRegistry creates a PluginRegistry from the profile's plugin declarations. This supports the current simple list format for backwards compatibility. Future versions will support map format with aliases.

func (*Profile) CheckForControlDependencyCycles 

func (p *Profile) CheckForControlDependencyCycles() error

CheckForControlDependencyCycles checks if the control dependency graph contains any cycles. This validates the `depends_on` relationships between controls within a single profile.

This is DIFFERENT from profile inheritance cycle detection: - This method: Checks control A depends_on B depends_on A (within one profile) - ProfileLoader: Checks profile A extends B extends A (across files)

Algorithm: Standard DFS with recursion stack for cycle detection. Time complexity: O(V + E) where V = controls, E = dependencies.

func (*Profile) ControlCount 

func (p *Profile) ControlCount() int

ControlCount returns the total number of controls.

func (*Profile) ExcludeControlsByID 

func (p *Profile) ExcludeControlsByID(excludeIDs []string) []Control

ExcludeControlsByID returns a subset of controls excluding the specified IDs.

func (*Profile) GetAllControls 

func (p *Profile) GetAllControls() []Control

GetAllControls returns all controls in the profile.

func (*Profile) GetControl 

func (p *Profile) GetControl(id string) *Control

GetControl retrieves a control by its ID. It returns nil if the control is not found.

func (*Profile) GetMetadata 

func (p *Profile) GetMetadata() ProfileMetadata

GetMetadata returns the profile metadata.

func (*Profile) GetPlugins 

func (p *Profile) GetPlugins() []string

GetPlugins returns the list of plugins required by this profile.

func (*Profile) GetVars 

func (p *Profile) GetVars() map[string]interface{}

GetVars returns the profile variables.

func (*Profile) HasControl 

func (p *Profile) HasControl(id string) bool

HasControl reports whether a control with the given ID exists.

func (*Profile) SelectControlsBySeverity 

func (p *Profile) SelectControlsBySeverity(severities []string) []Control

SelectControlsBySeverity returns a subset of controls matching any of the specified severities. If severities is empty, all controls are returned.

func (*Profile) SelectControlsByTags 

func (p *Profile) SelectControlsByTags(tags []string) []Control

SelectControlsByTags returns a subset of controls matching any of the specified tags. If tags is empty, all controls are returned.

func (*Profile) Validate 

func (p *Profile) Validate() error

Validate checks the integrity of the profile configuration.

type ProfileMetadata 

type ProfileMetadata struct {
	Name        string `yaml:"name"`
	Version     string `yaml:"version"`
	Description string `yaml:"description,omitempty"`
}

ProfileMetadata contains descriptive information about the profile.

type ProfileReader 

type ProfileReader interface {
	// Metadata access
	GetMetadata() ProfileMetadata
	GetPlugins() []string
	BuildPluginRegistry() (*PluginRegistry, error)
	GetVars() map[string]interface{}

	// Control queries
	GetControl(id string) *Control
	HasControl(id string) bool
	ControlCount() int
	GetAllControls() []Control

	// Filtering
	SelectControlsByTags(tags []string) []Control
	SelectControlsBySeverity(severities []string) []Control
	ExcludeControlsByID(excludeIDs []string) []Control

	// Validation - control dependency cycle detection (NOT profile inheritance cycles)
	CheckForControlDependencyCycles() error
}

ProfileReader provides read-only access to profile data. This interface enforces immutability and prevents accidental mutations.

Both raw Profile and ValidatedProfile implement this interface, allowing consumers to work with either type through the same contract.

type ValidatedProfile 

type ValidatedProfile struct {
	*Profile // Embedded raw profile (provides ProfileReader interface)

}

ValidatedProfile represents a fully compiled and validated profile. This is an immutable value object created by the ProfileCompiler.

It embeds the raw Profile and adds compiled/enriched state: - Defaults have been applied to all controls - All validations have passed - Dependency graph has been verified (no cycles)

func NewValidatedProfile 

func NewValidatedProfile(profile *Profile) *ValidatedProfile

NewValidatedProfile creates a new ValidatedProfile from a raw profile. This is an internal constructor - use ProfileCompiler.Compile() instead.

func (*ValidatedProfile) IsValidated 

func (v *ValidatedProfile) IsValidated() bool

IsValidated always returns true for ValidatedProfile. This is a marker method to distinguish from raw Profile at runtime if needed.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.