Documentation
¶
Index ¶
Constants ¶
View Source
const ( ModeAsk = "ask" // ask user before every action ModeAuto = "auto" // execute automatically (default) ModeDeny = "deny" // block execution )
Execution modes recognised by the engine.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AskFunc ¶
type AskFunc func( ctx context.Context, action string, args map[string]interface{}, p *Policy, ) bool
AskFunc is invoked when Mode==ask. Returning true approves the action, false rejects it. Implementations MAY mutate the policy (for example, switching to ModeAuto after the first approval).
type Config ¶
type Config struct {
Mode string `json:"mode,omitempty" yaml:"mode,omitempty"`
AllowList []string `json:"allow,omitempty" yaml:"allow,omitempty"`
BlockList []string `json:"block,omitempty" yaml:"block,omitempty"`
}
Config represents the declarative, serialisable part of a Policy.
type Policy ¶
type Policy struct {
Mode string // ask / auto / deny (default = auto)
AllowList []string // whitelist (empty => all)
BlockList []string // blacklist
Ask AskFunc // used only when Mode==ask
}
Policy represents the approval / debugging settings for the current workflow-run.
- Mode controls the high-level behaviour (ask / auto / deny).
- AllowList, BlockList allow coarse filtering regardless of Mode.
- Ask is only used when Mode==ask.
A nil *Policy means "execute everything automatically" and is therefore the zero-cost default.
func FromConfig ¶
FromConfig converts a stored Config back to a runtime Policy (without AskFunc).
func FromContext ¶
FromContext extracts (*Policy, ok).
Source Files
Click to show internal directories.
Click to hide internal directories.