Documentation
¶
Overview ¶
Package engine coordinates profile execution and validation.
Package engine coordinates profile execution and validation.
Index ¶
- Constants
- func CalculateBackoff(strategy entities.BackoffType, attempt int, initialDelay time.Duration, ...) time.Duration
- type CapabilityCollector
- type CapabilityGranter
- type CapabilityManager
- type Engine
- type ExecutionConfig
- type ObservationExecutable
- type ObservationExecutor
- func NewExecutor(runtime *wasm.Runtime, pluginDir string, redactor *sensitivedata.Redactor) *ObservationExecutor
- func NewExecutorWithRegistry(runtime *wasm.Runtime, pluginDir string, redactor *sensitivedata.Redactor, ...) *ObservationExecutor
- func NewObservationExecutor(runtime *wasm.Runtime, redactor *sensitivedata.Redactor) *ObservationExecutor
- func (e *ObservationExecutor) Execute(ctx context.Context, obs entities.ObservationDefinition) execution.ObservationResult
- func (e *ObservationExecutor) LoadPlugin(ctx context.Context, pluginName string) (*wasm.Plugin, error)
- func (e *ObservationExecutor) SetPluginRegistry(registry *entities.PluginRegistry)
Constants ¶
const ( // MinConcurrentControls is the minimum number of concurrent control executions, // ensuring reasonable parallelism even on single-core systems. MinConcurrentControls = 4 // MaxConcurrentObservations caps the per-control observation parallelism // to avoid excessive goroutine nesting. MaxConcurrentObservations = 10 // MinConcurrentObservations ensures reasonable parallelism for observations. MinConcurrentObservations = 2 )
Concurrency constants for parallel execution.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CapabilityCollector ¶
type CapabilityCollector interface {
CollectRequiredCapabilities(ctx context.Context, profile entities.ProfileReader, runtime *wasm.Runtime, pluginDir string) (map[string][]capabilities.Capability, error)
}
CapabilityCollector collects required capabilities from plugins.
type CapabilityGranter ¶
type CapabilityGranter interface {
GrantCapabilities(required map[string][]capabilities.Capability) (map[string][]capabilities.Capability, error)
}
CapabilityGranter grants capabilities (interactively or automatically).
type CapabilityManager ¶
type CapabilityManager interface {
CapabilityCollector
CapabilityGranter
}
CapabilityManager combines collection and granting for convenience.
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine coordinates profile execution.
func NewEngineWithCapabilities ¶
func NewEngineWithCapabilities( ctx context.Context, version build.Info, capMgr CapabilityManager, pluginDir string, profile entities.ProfileReader, cfg ExecutionConfig, redactor *sensitivedata.Redactor, repo repositories.ExecutionResultRepository, memoryLimitMB int, truncator execution.TruncationStrategy, ) (*Engine, error)
NewEngineWithCapabilities creates an engine with interactive capability prompts and optional repository support.
func NewEngineWithConfig ¶
func NewEngineWithConfig(ctx context.Context, version build.Info, cfg ExecutionConfig) (*Engine, error)
NewEngineWithConfig creates a new execution engine with custom configuration.
func (*Engine) Execute ¶
func (e *Engine) Execute(ctx context.Context, profile entities.ProfileReader) (*execution.ExecutionResult, error)
Execute runs a complete profile and returns the result.
type ExecutionConfig ¶
type ExecutionConfig struct {
FilterProgram *vm.Program
IncludeTags []string
IncludeSeverities []string
IncludeControlIDs []string
ExcludeTags []string
ExcludeControlIDs []string
MaxConcurrentControls int
MaxConcurrentObservations int
MaxEvidenceSizeBytes int
Parallel bool
IncludeDependencies bool
}
ExecutionConfig controls execution behavior.
func DefaultExecutionConfig ¶
func DefaultExecutionConfig() ExecutionConfig
DefaultExecutionConfig returns sensible defaults for parallel execution.
type ObservationExecutable ¶
type ObservationExecutable interface {
Execute(ctx context.Context, obs entities.ObservationDefinition) execution.ObservationResult
}
ObservationExecutable defines the interface for executing observations.
type ObservationExecutor ¶
type ObservationExecutor struct {
// contains filtered or unexported fields
}
ObservationExecutor executes observations using WASM plugins.
func NewExecutor ¶
func NewExecutor(runtime *wasm.Runtime, pluginDir string, redactor *sensitivedata.Redactor) *ObservationExecutor
NewExecutor creates a new observation executor with explicit plugin directory.
func NewExecutorWithRegistry ¶
func NewExecutorWithRegistry(runtime *wasm.Runtime, pluginDir string, redactor *sensitivedata.Redactor, registry *entities.PluginRegistry) *ObservationExecutor
NewExecutorWithRegistry creates an executor with plugin alias resolution support.
func NewObservationExecutor ¶
func NewObservationExecutor(runtime *wasm.Runtime, redactor *sensitivedata.Redactor) *ObservationExecutor
NewObservationExecutor creates a new observation executor with auto-detected plugin directory.
func (*ObservationExecutor) Execute ¶
func (e *ObservationExecutor) Execute(ctx context.Context, obs entities.ObservationDefinition) execution.ObservationResult
Execute runs a single observation and returns the result.
func (*ObservationExecutor) LoadPlugin ¶
func (e *ObservationExecutor) LoadPlugin(ctx context.Context, pluginName string) (*wasm.Plugin, error)
LoadPlugin loads a plugin by name or alias. If a plugin registry is set, aliases are resolved to their actual plugin names. Phase 1b loads from file system. Phase 2 will use embedded plugins.
func (*ObservationExecutor) SetPluginRegistry ¶
func (e *ObservationExecutor) SetPluginRegistry(registry *entities.PluginRegistry)
SetPluginRegistry sets the plugin registry for alias resolution.
Source Files