Documentation
¶
Index ¶
- Constants
- type ApprovalQueue
- func (q *ApprovalQueue) Add(req policy.ActionRequest, result policy.CheckResult) *PendingAction
- func (q *ApprovalQueue) Broadcast(event AuditEvent)
- func (q *ApprovalQueue) List() []*PendingAction
- func (q *ApprovalQueue) Resolve(id string, decision policy.Decision) error
- func (q *ApprovalQueue) Subscribe() chan AuditEvent
- func (q *ApprovalQueue) Unsubscribe(ch chan AuditEvent)
- type AuditEvent
- type Config
- type PendingAction
- type Server
Constants ¶
View Source
const ( // DefaultAuditQueryLimit is the max entries returned by the audit query endpoint. DefaultAuditQueryLimit = 100 // SSEChannelBufferSize is the buffer size for Server-Sent Events channels. SSEChannelBufferSize = 64 // ApprovalIDPrefix is the prefix for generated approval IDs. ApprovalIDPrefix = "ap_" // ShutdownTimeout is the graceful shutdown deadline. ShutdownTimeout = 10 * time.Second // MaxRequestBodySize is the maximum allowed size of incoming request bodies (1 MB). MaxRequestBodySize = 1 << 20 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ApprovalQueue ¶
type ApprovalQueue struct {
// contains filtered or unexported fields
}
ApprovalQueue manages pending approval requests.
func (*ApprovalQueue) Add ¶
func (q *ApprovalQueue) Add(req policy.ActionRequest, result policy.CheckResult) *PendingAction
func (*ApprovalQueue) Broadcast ¶
func (q *ApprovalQueue) Broadcast(event AuditEvent)
Broadcast sends an event to all SSE subscribers (public, acquires lock).
func (*ApprovalQueue) List ¶
func (q *ApprovalQueue) List() []*PendingAction
func (*ApprovalQueue) Resolve ¶
func (q *ApprovalQueue) Resolve(id string, decision policy.Decision) error
func (*ApprovalQueue) Subscribe ¶
func (q *ApprovalQueue) Subscribe() chan AuditEvent
func (*ApprovalQueue) Unsubscribe ¶
func (q *ApprovalQueue) Unsubscribe(ch chan AuditEvent)
type AuditEvent ¶
type AuditEvent struct {
Type string `json:"type"` // "check", "approval", "resolved"
Timestamp time.Time `json:"timestamp"`
Request policy.ActionRequest `json:"request"`
Result policy.CheckResult `json:"result"`
}
AuditEvent is sent over SSE to dashboard clients for any check result.
type Config ¶
type Config struct {
Port int
Engine *policy.Engine
Logger audit.Logger
DashboardEnabled bool
Notifier *notify.Dispatcher
// APIKey protects the approve/deny endpoints. If empty, a warning is
// logged and the endpoints are open (suitable for localhost-only deployments).
APIKey string
// AllowedOrigin is returned in Access-Control-Allow-Origin. Defaults to
// localhost only. Set to a specific origin or leave empty for localhost.
AllowedOrigin string
// BaseURL is the externally-reachable URL of this server, used to
// construct approval URLs. Defaults to http://localhost:<Port>.
BaseURL string
// Version is the application version string shown in /health.
Version string
}
Config holds the server configuration.
type PendingAction ¶
type PendingAction struct {
ID string `json:"id"`
Request policy.ActionRequest `json:"request"`
Result policy.CheckResult `json:"result"`
CreatedAt time.Time `json:"created_at"`
Resolved bool `json:"resolved"`
Decision string `json:"decision,omitempty"`
}
PendingAction is an action waiting for human approval.
Source Files
Click to show internal directories.
Click to hide internal directories.