profile

package

v0.1.0 Latest Latest Go to latest Published: May 28, 2026 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/coilysiren/cli-guard

Links

Open Source Insights

Documentation ¶

Overview ¶

Package profile declares the categorical operating-model axes that cli-guard exposes for consumers (today: coily) to build per-session

Index ¶

func IsStricter(ax Axis, a, b Tier) (bool, error)
type Axis
- func AllAxes() []Axis
type Coordinate
- func Strictest() Coordinate
- func (c Coordinate) Get(a Axis) Tier
type Tier
- func StrictestTier(a Axis) Tier
- func TiersFor(a Axis) []Tier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsStricter ¶

func IsStricter(ax Axis, a, b Tier) (bool, error)

IsStricter reports whether tier a is strictly stricter than tier b on axis ax. Returns an error if either tier is not defined on ax

Types ¶

type Axis ¶

type Axis string

Axis names a categorical dimension cli-guard exposes for profile declarations. Stable string values so consumers can persist them

const (
	// AxisDataSecurity governs secret access (direct vs proxy-only vs
	// full), identifier surfacing, vault visibility, and leak-check
	AxisDataSecurity Axis = "data_security"

	// AxisBlastRadius governs which destructive verbs are gated:
	// cluster mutations, force-pushes, mass-deletes, etc.
	AxisBlastRadius Axis = "blast_radius"

	// AxisNetworkEgress governs outbound network reach. air-gapped
	// and loopback-only are stubbed in the initial implementation
	AxisNetworkEgress Axis = "network_egress"

	// AxisFilesystemReach governs which paths a session can read and
	// write outside the current repo.
	AxisFilesystemReach Axis = "filesystem_reach"
)

func AllAxes ¶

func AllAxes() []Axis

AllAxes returns the four axes in the canonical declaration order. Useful for iteration in config validators and digest renderers.

type Coordinate ¶

type Coordinate struct {
	DataSecurity    Tier
	BlastRadius     Tier
	NetworkEgress   Tier
	FilesystemReach Tier
}

Coordinate is a tier-per-axis assignment. Profiles declared by consumers (coily's "mobile", "mac-tower", ...) resolve to a

func Strictest ¶

func Strictest() Coordinate

Strictest returns the coordinate where every axis is at its strictest tier. Per coily#150, this is the headless-default and

func (Coordinate) Get ¶

func (c Coordinate) Get(a Axis) Tier

Get returns the tier on the named axis. Returns the empty string if the axis name does not match a known field; callers can treat

type Tier ¶

type Tier string

Tier is a string label naming a strictness level on a given axis. Stable values so consumer config files and audit rows do not

const (
	DataSecurityLow    Tier = "low"
	DataSecurityMedium Tier = "medium"
	DataSecurityHigh   Tier = "high"
	DataSecurityMax    Tier = "max"
)

DataSecurity tiers, strictest last.

const (
	BlastRadiusHigh   Tier = "high"
	BlastRadiusMedium Tier = "medium"
	BlastRadiusLow    Tier = "low"
)

BlastRadius tiers, strictest last.

const (
	NetworkEgressOpen         Tier = "open"
	NetworkEgressAllowlisted  Tier = "allowlisted"
	NetworkEgressLoopbackOnly Tier = "loopback-only"
	NetworkEgressAirGapped    Tier = "air-gapped"
)

NetworkEgress tiers, strictest last.

const (
	FilesystemReachUnrestricted Tier = "unrestricted"
	FilesystemReachRepoPlusHome Tier = "repo-plus-home"
	FilesystemReachRepoOnly     Tier = "repo-only"
)

FilesystemReach tiers, strictest last.

func StrictestTier ¶

func StrictestTier(a Axis) Tier

StrictestTier returns the tier at the strict end of axis a's ordering. Used by Strictest() to build the max-paranoia coordinate

func TiersFor ¶

func TiersFor(a Axis) []Tier

TiersFor returns the tiers defined on axis a, ordered most permissive to strictest. Returns nil for an unknown axis so

Source Files ¶

View all Source files

axes.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL