grant

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package grant implements the time-boxed "destructive actions" window that unlocks Destructive tools for non-interactive callers (the MCP server, a future in-app assistant). Interactive UI calls don't need it — they're already human-gated — but an agent can only remove/prune inside a window the user opened on purpose, and the window auto-relocks when it lapses.

State is a single JSON file shared by every Oriel process (server, `oriel mcp`, the CLI), so opening a window from one is seen by all. Active/Status read the file fresh; they're only hit on destructive calls, so the cost is irrelevant.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Store

type Store struct {
	// contains filtered or unexported fields
}

Store is the on-disk grant window. The zero value is unusable; call New.

func New

func New() *Store

New returns the default store backed by <userdata>/grant.json.

func NewAt

func NewAt(path string) *Store

NewAt returns a store backed by an explicit file. Used by tests and any caller that needs to target a non-default location.

func (*Store) Active

func (s *Store) Active() bool

Active reports whether a destructive window is currently open.

func (*Store) Lock

func (s *Store) Lock() error

Lock closes the window immediately.

func (*Store) Open

func (s *Store) Open(d time.Duration) (time.Time, error)

Open starts (or extends) the window to now+d and returns the new expiry.

func (*Store) Status

func (s *Store) Status() (bool, time.Time)

Status returns whether a window is open and, if so, when it expires.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL