entities

package
v0.3.5-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package entities contains domain entities for the Reglet domain model. These are pure domain types with NO infrastructure dependencies.

Package entities contains domain entities for the Reglet domain model.

Package entities contains domain entities for the Reglet domain model. These are pure domain types with NO infrastructure dependencies.

Package entities contains domain entities for the Reglet domain model.

Package entities contains domain entities for the Reglet domain model.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrPluginNotFound is returned when a plugin cannot be found in any source.
	ErrPluginNotFound = errors.New("plugin not found")

	// ErrIntegrityCheckFailed is returned when digest verification fails.
	ErrIntegrityCheckFailed = errors.New("integrity check failed")
)

Sentinel errors for common error patterns. These allow both errors.Is() checks and errors.As() for detailed information.

Functions

This section is empty.

Types

type BackoffType 

type BackoffType string

BackoffType defines the strategy for retry delays. 

const (
	BackoffNone        BackoffType = "none"
	BackoffLinear      BackoffType = "linear"
	BackoffExponential BackoffType = "exponential"
)

type Control 

type Control struct {
	ID                     string
	Name                   string
	Description            string
	Severity               string
	Owner                  string
	RetryBackoff           BackoffType
	DependsOn              []string
	ObservationDefinitions []ObservationDefinition
	Tags                   []string
	Timeout                time.Duration
	Retries                int
	RetryDelay             time.Duration
	RetryMaxDelay          time.Duration
}

Control represents a specific compliance check or validation unit. It is uniquely identified by its ID.

func (*Control) ApplyDefaults 

func (c *Control) ApplyDefaults(defaults *ControlDefaults)

ApplyDefaults applies the given defaults to the control if values are missing.

func (*Control) GetEffectiveTimeout 

func (c *Control) GetEffectiveTimeout(defaultTimeout time.Duration) time.Duration

GetEffectiveTimeout returns the control's timeout with fallback to default.

func (*Control) HasAnyTag 

func (c *Control) HasAnyTag(tags []string) bool

HasAnyTag returns true if the control has any of the specified tags.

func (*Control) HasDependency 

func (c *Control) HasDependency(controlID string) bool

HasDependency returns true if the control depends on the specified control ID.

func (*Control) HasTag 

func (c *Control) HasTag(tag string) bool

HasTag returns true if the control has the specified tag.

func (*Control) IsEmpty 

func (c *Control) IsEmpty() bool

IsEmpty returns true if this is the zero value.

func (*Control) MatchesAnySeverity 

func (c *Control) MatchesAnySeverity(severities []string) bool

MatchesAnySeverity returns true if the control matches any of the severities.

func (*Control) MatchesSeverity 

func (c *Control) MatchesSeverity(severity string) bool

MatchesSeverity returns true if the control matches the specified severity.

func (*Control) ObservationCount 

func (c *Control) ObservationCount() int

ObservationCount returns the number of observations in this control.

func (*Control) Validate 

func (c *Control) Validate() error

Validate ensures the control is well-formed.

type ControlDefaults 

type ControlDefaults struct {
	Severity      string
	Owner         string
	RetryBackoff  BackoffType
	Tags          []string
	Timeout       time.Duration
	Retries       int
	RetryDelay    time.Duration
	RetryMaxDelay time.Duration
}

ControlDefaults specifies values inherited by controls when not explicitly set.

type ControlSet 

type ControlSet []Control

ControlSet represents a collection of controls with domain logic for filtering, validation, and graph analysis.

func (ControlSet) Add 

func (cs ControlSet) Add(ctrl Control) (ControlSet, error)

Add adds a control to the set. It ensures uniqueness and no cycles. It returns a new ControlSet with the added control. Note: This returns a NEW slice, it does not mutate the receiver if it was passed by value, but since it's a slice type, we should be careful. To match the existing immutable-ish pattern or safe add pattern, we will append and return.

func (ControlSet) ApplyDefaults 

func (cs ControlSet) ApplyDefaults(defaults *ControlDefaults)

ApplyDefaults yields a new ControlSet with defaults applied to all controls. Note: Since ControlSet is a slice of values, modifying elements in place works if we are iterating by index, but it mutates the underlying array. To be safe and clean, we often mutate in place for "Apply" methods on the object itself.

func (ControlSet) CheckForControlDependencyCycles 

func (cs ControlSet) CheckForControlDependencyCycles() error

CheckForControlDependencyCycles checks if the control dependency graph contains any cycles.

func (ControlSet) Count 

func (cs ControlSet) Count() int

Count returns the number of controls.

func (ControlSet) Get 

func (cs ControlSet) Get(id string) *Control

Get returns a pointer to the control with the given ID, or nil if not found.

func (ControlSet) Has 

func (cs ControlSet) Has(id string) bool

Has returns true if the control exists in the set.

func (ControlSet) Select 

func (cs ControlSet) Select(opts ...FilterOption) ControlSet

Select returns a subset of controls that match the filtering criteria. Filters are applied as an intersection (AND) of valid conditions. Within a condition (e.g., Tags), it's a union (OR). If "Include" filters are empty, they are ignored (match all).

func (ControlSet) Validate 

func (cs ControlSet) Validate() error

Validate checks the integrity of all controls in the set and ensures unique IDs.

type ControlsSection 

type ControlsSection struct {
	Defaults *ControlDefaults
	Items    ControlSet
}

ControlsSection groups validation controls and their default settings.

type FilterConfig 

type FilterConfig struct {
	IncludeTags       []string
	IncludeSeverities []string
	IncludeIDs        []string
	ExcludeTags       []string
	ExcludeIDs        []string
}

FilterConfig holds the configuration for filtering controls.

type FilterOption 

type FilterOption func(*FilterConfig)

FilterOption is a functional option for configuring the filter.

func ExcludeIDs 

func ExcludeIDs(ids ...string) FilterOption

ExcludeIDs filters controls to exclude those with the specified IDs.

func ExcludeTags 

func ExcludeTags(tags ...string) FilterOption

ExcludeTags filters controls to exclude those with any of the specified tags.

func WithIDs 

func WithIDs(ids ...string) FilterOption

WithIDs filters controls to include only those with the specified IDs.

func WithSeverities 

func WithSeverities(severities ...string) FilterOption

WithSeverities filters controls to include only those with any of the specified severities.

func WithTags 

func WithTags(tags ...string) FilterOption

WithTags filters controls to include only those with any of the specified tags.

type IntegrityError 

type IntegrityError struct {
	Expected values.Digest
	Actual   values.Digest
}

IntegrityError indicates digest mismatch. Provides detailed information about expected vs actual digest.

func (*IntegrityError) Error 

func (e *IntegrityError) Error() string

func (*IntegrityError) Is 

func (e *IntegrityError) Is(target error) bool

Is implements error matching for errors.Is() checks. This allows: errors.Is(err, entities.ErrIntegrityCheckFailed)

type Lockfile 

type Lockfile struct {
	Generated time.Time
	Plugins   map[string]PluginLock
	Version   int
}

Lockfile is an aggregate root for reproducible plugin resolution. It guarantees that plugin versions are pinned for consistent builds.

Invariants: - Version must be 1 (current format version) - Each plugin entry must have a digest - Generated timestamp must be set

func NewLockfile 

func NewLockfile() *Lockfile

NewLockfile creates a new lockfile with the current version.

func (*Lockfile) AddPlugin 

func (l *Lockfile) AddPlugin(name string, lock PluginLock) error

AddPlugin adds a plugin lock entry. Returns error if digest is empty (invariant enforcement).

func (*Lockfile) GetPlugin 

func (l *Lockfile) GetPlugin(name string) *PluginLock

GetPlugin retrieves a plugin lock entry by name. Returns nil if not found.

func (*Lockfile) PluginCount 

func (l *Lockfile) PluginCount() int

PluginCount returns the number of locked plugins.

func (*Lockfile) Validate 

func (l *Lockfile) Validate() error

Validate checks lockfile invariants.

type ObservationDefinition 

type ObservationDefinition struct {
	Plugin string
	Config map[string]interface{}
	Expect []string
}

ObservationDefinition configuration for a specific plugin execution. It is an immutable value object.

type Plugin 

type Plugin struct {
	// contains filtered or unexported fields
}

Plugin is the aggregate root for the Plugin Management bounded context. Represents a WASM plugin with verified integrity and metadata.

func NewPlugin 

func NewPlugin(
	ref values.PluginReference,
	digest values.Digest,
	metadata values.PluginMetadata,
) *Plugin

NewPlugin creates a new plugin entity.

func (*Plugin) Digest 

func (p *Plugin) Digest() values.Digest

Digest returns the plugin's content hash.

func (*Plugin) Metadata 

func (p *Plugin) Metadata() values.PluginMetadata

Metadata returns the plugin's descriptive information.

func (*Plugin) Reference 

func (p *Plugin) Reference() values.PluginReference

Reference returns the plugin's unique identifier.

func (*Plugin) VerifyIntegrity 

func (p *Plugin) VerifyIntegrity(expected values.Digest) error

VerifyIntegrity checks if the plugin's digest matches expected value.

type PluginLock 

type PluginLock struct {
	Fetched   time.Time
	Modified  time.Time
	Requested string
	Resolved  string
	Source    string
	Digest    string
}

PluginLock is a value object representing a pinned plugin version. Immutable after creation.

type PluginNotFoundError 

type PluginNotFoundError struct {
	Reference values.PluginReference
}

PluginNotFoundError indicates plugin doesn't exist in source. Provides detailed information about which plugin was not found.

func (*PluginNotFoundError) Error 

func (e *PluginNotFoundError) Error() string

func (*PluginNotFoundError) Is 

func (e *PluginNotFoundError) Is(target error) bool

Is implements error matching for errors.Is() checks. This allows: errors.Is(err, entities.ErrPluginNotFound)

type PluginRegistry 

type PluginRegistry struct {
	// contains filtered or unexported fields
}

PluginRegistry maps plugin aliases to their specifications. This allows observations to reference plugins by alias while the runtime resolves them to their actual sources.

func NewPluginRegistry 

func NewPluginRegistry() *PluginRegistry

NewPluginRegistry creates a new empty plugin registry.

func (*PluginRegistry) AllSpecs 

func (pr *PluginRegistry) AllSpecs() []*PluginSpec

AllSpecs returns all registered plugin specifications.

func (*PluginRegistry) HasPlugin 

func (pr *PluginRegistry) HasPlugin(name string) bool

HasPlugin reports whether a plugin with the given name is registered.

func (*PluginRegistry) Register 

func (pr *PluginRegistry) Register(spec *PluginSpec) error

Register adds a plugin specification to the registry.

func (*PluginRegistry) Resolve 

func (pr *PluginRegistry) Resolve(alias string) *PluginSpec

Resolve looks up a plugin by alias and returns its specification. If the alias is not registered, it returns a default spec where name=source.

type PluginSpec 

type PluginSpec struct {
	// Name is the alias used in observations (e.g., "file", "file-legacy")
	Name string

	// Source is the plugin source (e.g., "file", "ghcr.io/reglet-dev/reglet-plugins/file:1.0.0")
	Source string

	// Version is the explicit version constraint (e.g., "1.2.0")
	Version string

	// Digest is the optional content hash for pinning (e.g., "sha256:abc123...")
	Digest string

	// Verify indicates whether signature verification is required
	Verify bool
}

PluginSpec represents a plugin declaration with optional version and source.

func ParsePluginDeclaration 

func ParsePluginDeclaration(declaration string) (*PluginSpec, error)

ParsePluginDeclaration parses a single plugin declaration string. Supported formats:

  • "file" -> name=file, source=file
  • "file@1.2.0" -> name=file, source=file, version=1.2.0
  • "ghcr.io/.../file:1.2.0" -> name=file, source=full path
  • "ghcr.io/.../file@sha256:abc..." -> name=file, source=path, digest=sha256:abc...

func ParsePluginDeclarationWithAlias 

func ParsePluginDeclarationWithAlias(alias string, source interface{}) (*PluginSpec, error)

ParsePluginDeclarationWithAlias parses a plugin declaration with an explicit alias. Format: "alias: source" or expanded map format.

func (*PluginSpec) IsBuiltIn 

func (ps *PluginSpec) IsBuiltIn() bool

IsBuiltIn returns true if this plugin references a built-in plugin.

func (*PluginSpec) PluginName 

func (ps *PluginSpec) PluginName() string

PluginName returns the actual plugin name to load (without version suffix).

type Profile 

type Profile struct {
	Metadata ProfileMetadata
	Plugins  []string
	Vars     map[string]interface{}
	Controls ControlsSection

	// Extends specifies parent profiles to inherit from.
	// Multiple parents are merged left-to-right before applying current profile.
	// This field is NOT propagated after merge resolution.
	Extends []string
}

Profile represents the Reglet profile configuration. It serves as the aggregate root for the configuration context, defining the validation configuration and ruleset.

Invariants enforced: - Unique control IDs - All dependencies must exist - Name and version are mandatory - At least one observation per control

func (*Profile) AddControl 

func (p *Profile) AddControl(ctrl Control) error

AddControl safely adds a new control to the profile. It returns an error if the control is invalid or already exists.

func (*Profile) GetAllControls 

func (p *Profile) GetAllControls() []Control

GetAllControls returns all controls in the profile.

func (*Profile) GetControls 

func (p *Profile) GetControls() ControlSet

GetControls returns the set of controls in the profile.

func (*Profile) GetMetadata 

func (p *Profile) GetMetadata() ProfileMetadata

GetMetadata returns the profile metadata.

func (*Profile) GetPlugins 

func (p *Profile) GetPlugins() []string

GetPlugins returns the list of plugins required by this profile.

func (*Profile) GetVars 

func (p *Profile) GetVars() map[string]interface{}

GetVars returns the profile variables.

func (*Profile) Validate 

func (p *Profile) Validate() error

Validate checks the integrity of the profile configuration.

type ProfileMetadata 

type ProfileMetadata struct {
	Name        string
	Version     string
	Description string
}

ProfileMetadata contains descriptive information about the profile.

type ProfileReader 

type ProfileReader interface {
	// Metadata access
	GetMetadata() ProfileMetadata
	GetPlugins() []string
	GetVars() map[string]interface{}

	// Access to controls
	GetControls() ControlSet
}

ProfileReader provides read-only access to profile data. This interface enforces immutability and prevents accidental mutations.

Both raw Profile and ValidatedProfile implement this interface, allowing consumers to work with either type through the same contract.

type ValidatedProfile 

type ValidatedProfile struct {
	*Profile // Embedded raw profile (provides ProfileReader interface)

}

ValidatedProfile represents a fully compiled and validated profile. This is an immutable value object created by the ProfileCompiler.

It embeds the raw Profile and adds compiled/enriched state: - Defaults have been applied to all controls - All validations have passed - Dependency graph has been verified (no cycles)

func NewValidatedProfile 

func NewValidatedProfile(profile *Profile) *ValidatedProfile

NewValidatedProfile creates a new ValidatedProfile from a raw profile. This is an internal constructor - use ProfileCompiler.Compile() instead.

func (*ValidatedProfile) IsValidated 

func (v *ValidatedProfile) IsValidated() bool

IsValidated always returns true for ValidatedProfile. This is a marker method to distinguish from raw Profile at runtime if needed.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.