confirm

package
v1.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrDestructionCanceled = errors.New("destruction canceled by user")

ErrDestructionCanceled is returned when the user does not confirm destruction.

View Source 
var ErrForceLocalRequired = errors.New("force_local guard: command targets non-local environment")

ErrForceLocalRequired is returned by RequireLocal when a command is executing against a non-local target without an explicit local opt-in (--local flag or NSELF_LOCAL=true env var).

Functions

func ConfirmDestruction 

func ConfirmDestruction(projectName string, r io.Reader, w io.Writer) error

ConfirmDestruction prompts the user to type projectName to confirm. It writes the prompt to w and reads a response line from r. Returns nil if the typed string matches projectName exactly. Returns ErrDestructionCanceled if the input does not match or if r is exhausted (EOF).

func RequireLocal added in v1.0.16 

func RequireLocal(intent LocalIntent) error

RequireLocal enforces that destructive or production-affecting commands only run against a non-local target when the caller has explicitly opted in (via --local flag OR NSELF_LOCAL=true env var) AND the target itself is genuinely local.

The guard fires (returns ErrForceLocalRequired) when:

  • intent.Target resolves to a non-local label, AND
  • intent.LocalFlag is false, AND
  • NSELF_LOCAL is not truthy in the environment.

Callers that legitimately operate on staging or prod must NOT route through this guard — it exists specifically to catch accidental cloud actions when the operator's intent was local. Production deploy paths use their own --force / --confirm gates higher up the call stack.

Types

type LocalIntent added in v1.0.16 

type LocalIntent struct {
	// LocalFlag is true when the caller passed --local (or equivalent).
	LocalFlag bool

	// Target is the resolved deploy target string ("local", "staging",
	// "prod", "production", or any non-local label). Empty means caller
	// could not determine the target — treated as non-local for safety.
	Target string

	// CommandName is the user-facing command label (e.g. "deploy",
	// "db migrate", "stack restart") used in error messages.
	CommandName string
}

LocalIntent encodes how a caller declared its intent for a destructive command. Exactly one of WantLocal / WantRemote should be set.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.