policy

package

v1.7.2 Latest Latest Go to latest Published: Apr 10, 2026 License: AGPL-3.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/TeoSlayer/pilotprotocol

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func Validate(doc *PolicyDocument) error
type Action
type ActionType
type CompiledPolicy
- func Compile(doc *PolicyDocument) (*CompiledPolicy, error)
type Directive
type DirectiveType
type EventType
- func (e EventType) IsGateEvent() bool
type PolicyDocument
- func Parse(data []byte) (*PolicyDocument, error)
type Rule

Constants ¶

View Source

const Version = 1

Version is the current policy document schema version.

Variables ¶

This section is empty.

Functions ¶

func Validate ¶

func Validate(doc *PolicyDocument) error

Validate checks structural validity of a policy document. It does NOT compile expressions — use Compile for full validation.

Types ¶

type ActionType ¶

type ActionType string

ActionType identifies what a rule does when it matches.

const (
	ActionAllow      ActionType = "allow"
	ActionDeny       ActionType = "deny"
	ActionScore      ActionType = "score"
	ActionTag        ActionType = "tag"
	ActionEvict      ActionType = "evict"
	ActionEvictWhere ActionType = "evict_where"
	ActionPrune      ActionType = "prune"
	ActionFill       ActionType = "fill"
	ActionWebhook    ActionType = "webhook"
	ActionLog        ActionType = "log"
)

type CompiledPolicy ¶

type CompiledPolicy struct {
	Doc PolicyDocument
	// contains filtered or unexported fields
}

CompiledPolicy holds a fully compiled and validated policy ready for evaluation.

func Compile ¶

func Compile(doc *PolicyDocument) (*CompiledPolicy, error)

Compile validates and compiles all expressions in a policy document. Returns an error if any expression fails type-checking or compilation.

func (*CompiledPolicy) CycleDuration ¶

func (cp *CompiledPolicy) CycleDuration() (dur, grace string)

CycleDuration returns the configured cycle interval from config, or zero if not set.

func (*CompiledPolicy) Evaluate ¶

func (cp *CompiledPolicy) Evaluate(eventType EventType, ctx map[string]interface{}) ([]Directive, error)

Evaluate runs all rules for the given event type against the provided context. For gate events (connect, dial, datagram), evaluation stops at the first verdict. For action events (cycle, join, leave), all matching rules fire.

The context map must contain the variables declared for the event type (see env.go). Returns a list of directives the caller should execute.

func (*CompiledPolicy) EvaluatePeerExpr ¶

func (cp *CompiledPolicy) EvaluatePeerExpr(ruleName string, actionIdx int, peerCtx map[string]interface{}) (bool, error)

EvaluatePeerExpr evaluates a pre-compiled peer sub-expression (e.g. evict_where) against per-peer variables. Returns true if the peer matches.

func (*CompiledPolicy) HasRulesFor ¶

func (cp *CompiledPolicy) HasRulesFor(eventType EventType) bool

HasRulesFor returns true if the policy has any rules for the given event type.

func (*CompiledPolicy) MaxPeers ¶

func (cp *CompiledPolicy) MaxPeers() int

MaxPeers returns the configured max_peers from config, or 0 if not set.

type Directive ¶

type Directive struct {
	Type   DirectiveType
	Rule   string                 // source rule name
	Params map[string]interface{} // action parameters
}

Directive is an instruction produced by evaluating a rule.

type DirectiveType ¶

type DirectiveType int

DirectiveType identifies the kind of directive returned by evaluation.

const (
	DirectiveAllow DirectiveType = iota
	DirectiveDeny
	DirectiveScore
	DirectiveTag
	DirectiveEvict
	DirectiveEvictWhere
	DirectivePrune
	DirectiveFill
	DirectiveWebhook
	DirectiveLog
)

type EventType ¶

type EventType string

EventType identifies the protocol event a rule matches against.

const (
	EventConnect  EventType = "connect"  // inbound SYN
	EventDial     EventType = "dial"     // outbound SYN
	EventDatagram EventType = "datagram" // inbound/outbound datagram
	EventCycle    EventType = "cycle"    // periodic timer tick
	EventJoin     EventType = "join"     // peer joins network
	EventLeave    EventType = "leave"    // peer leaves network
)

func (EventType) IsGateEvent ¶

func (e EventType) IsGateEvent() bool

IsGateEvent returns true if the event type produces allow/deny verdicts.

type PolicyDocument ¶

type PolicyDocument struct {
	Version int                    `json:"version"`
	Config  map[string]interface{} `json:"config,omitempty"`
	Rules   []Rule                 `json:"rules"`
}

PolicyDocument is the top-level policy structure stored as JSON.

func Parse ¶

func Parse(data []byte) (*PolicyDocument, error)

Parse unmarshals and validates a policy document from JSON.

type Rule ¶

type Rule struct {
	Name    string    `json:"name"`
	On      EventType `json:"on"`
	Match   string    `json:"match"`
	Actions []Action  `json:"actions"`
}

Rule is a single policy rule: when event matches, execute actions.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL