integrity

package
v0.0.1-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 28, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package integrity provides canonical content hashing, fail-closed verification, and drift classification for installed skills.

Index

Constants

View Source
const SkillFileName = "SKILL.md"

SkillFileName is the canonical skill manifest filename.

Variables

This section is empty.

Functions

func HashContent

func HashContent(data []byte) string

HashContent returns the canonical hash of a single file's content, applying LF normalization to text. The result is prefixed with "sha256:".

func VerifyDir

func VerifyDir(dir, expected string) (ok bool, actual string, err error)

VerifyDir resolves any symlink at dir and recomputes the canonical content hash of the installed skill, reporting whether it matches expected. It fails closed: any error (including a missing target) is returned to the caller rather than treated as a pass (FR-015).

Types

type DriftStatus

type DriftStatus string

DriftStatus classifies the state of an installed skill relative to the manifest, lockfile, and on-disk content, as surfaced by check and verify (FR-016).

const (
	DriftInstalled            DriftStatus = "installed"
	DriftMissing              DriftStatus = "missing"
	DriftModified             DriftStatus = "modified"
	DriftOutdated             DriftStatus = "outdated"
	DriftOrphaned             DriftStatus = "orphaned"
	DriftPartiallyInstalled   DriftStatus = "partially-installed"
	DriftSourceUnavailable    DriftStatus = "source-unavailable"
	DriftChecksumMismatch     DriftStatus = "checksum-mismatch"
	DriftManifestLockMismatch DriftStatus = "manifest-lock-mismatch"
)

Drift statuses (FR-016).

func Classify

func Classify(s SkillState) DriftStatus

Classify maps a SkillState to a DriftStatus (FR-016, FR-017). The checks are ordered from most to least severe so the first matching condition wins.

func (DriftStatus) Clean

func (s DriftStatus) Clean() bool

Clean reports whether s represents an in-sync installation needing no action.

func (DriftStatus) Valid

func (s DriftStatus) Valid() bool

Valid reports whether s is a recognized drift status.

type Hashes

type Hashes struct {
	// ContentHash is the canonical recursive hash of the skill directory.
	ContentHash string
	// SkillFileHash is the hash of SKILL.md alone.
	SkillFileHash string
}

Hashes holds the canonical content identity of an installed skill (FR-014).

func HashDir

func HashDir(dir string) (Hashes, error)

HashDir computes the canonical content hash of the skill directory and the separate SKILL.md hash. Paths are sorted, file modes are normalized to the executable bit, text is LF-normalized, binaries are hashed verbatim, and content symlinks are never followed (FR-014, FR-042, D6).

type SkillState

type SkillState struct {
	InManifest      bool
	InLock          bool
	SourceChanged   bool // normalized source/owner/repo differs between manifest and lock (FR-044)
	SourceAvailable bool
	ContentMismatch bool // installed content hash != locked hash (set only by content checks)
	TargetsTotal    int
	TargetsPresent  int
}

SkillState is the observed manifest, lockfile, and filesystem state of one skill, used to classify its drift without coupling this package to the manifest/lockfile types.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL