Documentation
¶
Overview ¶
Package engine orchestrates a scan: it runs Collectors to populate the ResourceGraph, then drives the check Registry to produce Findings.
The engine is the only piece that knows about both collection and evaluation; every other package operates on one side at a time.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine runs a scan end-to-end. It is constructed via New and invoked once per scan via Run.
At v0.1 collection and evaluation are sequential. v0.6 will introduce bounded parallelism for both phases (max_parallel from config).
func New ¶
func New(collectors []compliancekit.Collector, registry *compliancekit.Registry) *Engine
New returns an Engine configured with the given collectors and check registry. Pass compliancekit.DefaultRegistry() for production scans; pass a fresh compliancekit.NewRegistry() for isolated tests.
func (*Engine) Run ¶
Run executes the scan.
Collection phase: each collector is invoked once; emitted Resources are added to a fresh graph. A collector error aborts the scan -- partial data would produce misleading findings.
Evaluation phase: every check registered in the registry is invoked against the populated graph. A check error is converted to a StatusError Finding so the operator sees what failed without losing findings from checks that succeeded.
All findings produced in one scan share a single Timestamp (engine end-of-scan time) for stable diff correlation across runs.
func (*Engine) WithProgress ¶ added in v1.6.0
WithProgress installs an observer the engine calls on every collector/check boundary. Pass nil (or never call WithProgress) to run silently — the CLI scan path does. Returns the receiver for chaining.
type Progress ¶ added in v1.6.0
type Progress interface {
OnCollectorStart(name string)
OnCollectorDone(name string, resources int, err error)
OnEvaluationStart(checkCount int)
OnCheckDone(id string, findings int, err error)
OnEvaluationDone(totalFindings int)
}
Progress is the optional observer the engine calls on every collector / check boundary. v1.6 phase 2 — the daemon's RealRunner implements this to fan-out scan.progress events to /api/v1/events subscribers; the CLI scan path passes nil + sees no behavior change. Callers must not block in callbacks; the engine fires them inline.
type Result ¶
type Result struct {
Findings []compliancekit.Finding
Graph *compliancekit.ResourceGraph
}
Result is the output of one scan.
Findings is the full list (any status). The scan command applies min_report filtering before handing the list to reporters; reporters themselves render whatever is passed in.
Graph is the populated resource graph used during evaluation. Reporters that need raw resource detail (the evidence pack reporter at v0.4) read from it.
Source Files