audit

package

v0.3.0 Latest Latest Go to latest Published: Mar 30, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Caua-ferraz/AgentGuard

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Entry
type FileLogger
- func NewFileLogger(path string) (*FileLogger, error)
type Logger
type QueryFilter
type SQLiteLogger
- func NewSQLiteLogger(dbPath string) (*SQLiteLogger, error)

Constants ¶

View Source

const DefaultFilePermissions = 0600

DefaultFilePermissions is the Unix file mode for newly created audit log files. Restricted to owner-only since audit logs may contain sensitive operational data.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Entry ¶

type Entry struct {
	Timestamp  time.Time            `json:"timestamp"`
	SessionID  string               `json:"session_id"`
	AgentID    string               `json:"agent_id"`
	Request    policy.ActionRequest `json:"request"`
	Result     policy.CheckResult   `json:"result"`
	DurationMs int64                `json:"duration_ms"`
}

Entry represents a single audit log record.

type FileLogger ¶

type FileLogger struct {
	// contains filtered or unexported fields
}

FileLogger writes audit entries as JSON lines to a file.

func NewFileLogger ¶

func NewFileLogger(path string) (*FileLogger, error)

NewFileLogger creates a new file-based audit logger.

func (*FileLogger) Close ¶

func (l *FileLogger) Close() error

Close flushes and closes the log file.

func (*FileLogger) Log ¶

func (l *FileLogger) Log(entry Entry) error

Log writes an audit entry to the log file.

func (*FileLogger) Query ¶

func (l *FileLogger) Query(filter QueryFilter) ([]Entry, error)

Query reads the log file and filters entries. TODO(perf): Query scans the full file linearly. For production workloads with large audit logs, replace with a database-backed implementation (SQLite or PostgreSQL).

type Logger ¶

type Logger interface {
	Log(entry Entry) error
	Query(filter QueryFilter) ([]Entry, error)
	Close() error
}

Logger is the interface for audit logging.

type QueryFilter ¶

type QueryFilter struct {
	AgentID   string     `json:"agent_id,omitempty"`
	SessionID string     `json:"session_id,omitempty"`
	Decision  string     `json:"decision,omitempty"`
	Scope     string     `json:"scope,omitempty"`
	Since     *time.Time `json:"since,omitempty"`
	Limit     int        `json:"limit,omitempty"`
}

QueryFilter specifies criteria for querying audit logs.

type SQLiteLogger ¶

type SQLiteLogger struct {
	// contains filtered or unexported fields
}

SQLiteLogger stores audit entries in a SQLite database for efficient querying. Requires a "database/sql" driver for SQLite to be registered (e.g., modernc.org/sqlite).

func NewSQLiteLogger ¶

func NewSQLiteLogger(dbPath string) (*SQLiteLogger, error)

NewSQLiteLogger opens (or creates) a SQLite database at the given path and initializes the audit_entries table and indexes.

Before calling this, register a SQLite driver. For example:

import _ "modernc.org/sqlite"

Then call:

logger, err := audit.NewSQLiteLogger("audit.db")

func (*SQLiteLogger) Close ¶

func (l *SQLiteLogger) Close() error

Close closes the underlying database connection.

func (*SQLiteLogger) Log ¶

func (l *SQLiteLogger) Log(entry Entry) error

Log writes an audit entry to the database.

func (*SQLiteLogger) Query ¶

func (l *SQLiteLogger) Query(filter QueryFilter) ([]Entry, error)

Query returns audit entries matching the given filter. Unlike FileLogger.Query, this uses indexed SQL queries instead of a full file scan — O(log n) per query.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL