README
¶
zin-adk (Go)
ZAK (Zeron Agentic Kit) — Go SDK for building autonomous cybersecurity agents.
Define security agents declaratively with YAML, enforce policy guardrails at runtime, and connect to LLM providers for autonomous reasoning.
Install
go get github.com/securezeron/zeron-agent-development-kit/adk/go@latest
CLI only:
go install github.com/securezeron/zeron-agent-development-kit/adk/go/cmd/zak@latest
Quick Start
1. Create an Agent Definition
zak init --domain appsec --name my-scanner
2. Validate
zak validate my-scanner.agent.yaml
3. Use in Code
package main
import (
"fmt"
"log"
"github.com/securezeron/zeron-agent-development-kit/adk/go/pkg/dsl"
"github.com/securezeron/zeron-agent-development-kit/adk/go/pkg/policy"
)
func main() {
// Parse and validate an agent definition
result := dsl.LoadAgentYaml("my-scanner.agent.yaml")
if !result.Valid {
log.Fatalf("Validation errors: %v", result.Errors)
}
// Policy engine enforces guardrails at runtime
engine := policy.NewEngine()
decision := engine.Evaluate(result.Agent, "scan_code", "production", nil)
if decision.Allowed {
fmt.Println("Action allowed — executing scan")
} else {
fmt.Printf("Action denied: %s\n", decision.Reason)
}
}
Packages
| Package | Description |
|---|---|
pkg/dsl |
US-ADSL schema, parser, and validation (Zod-equivalent struct validation) |
pkg/policy |
Policy engine — 6-rule evaluation chain |
pkg/audit |
Structured audit event logging via zerolog |
pkg/edition |
Edition detection (open-source vs enterprise) |
pkg/runtime |
BaseAgent, AgentRegistry, AgentExecutor, LLMAgent |
pkg/tools |
Tool substrate — NewZakTool() with policy + audit integration |
pkg/llm |
LLM client interface, provider registry, MockLLMClient |
pkg/sif/schema |
Security Intelligence Fabric — 7 node types, 7 edge types |
pkg/sif/risk |
Risk propagation engine with quantitative scoring |
pkg/tenants |
Multi-tenant context and namespace isolation |
CLI
zak init --domain <domain> --name <name> # Scaffold agent YAML
zak validate <file.yaml> # Validate agent definition
zak run <file.yaml> # Execute agent
zak agents # List registered agents
zak info # Platform information
Available domains: generic, risk_quant, vuln_triage, appsec, compliance
Building
make build # Build binary to ./bin/zak
make test # Run all tests with race detection
make test-coverage # Generate HTML coverage report
make lint # Run go vet
make check # Lint + test
make install # go install to $GOPATH/bin
Requirements
- Go >= 1.22
Publishing
Go modules are published via git tags. Since this module lives in the adk/go/ subdirectory of the monorepo, tags use a path prefix:
# Tag a release
git tag -a adk/go/v0.1.4 -m "Release Go ADK v0.1.4"
git push origin adk/go/v0.1.4
# Request indexing on pkg.go.dev
GOPROXY=proxy.golang.org go list -m github.com/securezeron/zeron-agent-development-kit/adk/go@v0.1.4
Or use the Makefile:
make release # Uses VERSION from Makefile
make release VERSION=0.2.0 # Override version
Links
License
Apache-2.0 — see LICENSE
Documentation
¶
Overview ¶
Package zak provides the Go SDK for the Zeron Agentic Kit (ZAK), an open-source Agent Development Kit for building autonomous cybersecurity agents.
ZAK enables declarative agent definitions using the Universal Security Agent DSL (US-ADSL), runtime policy enforcement, structured audit logging, and LLM-powered autonomous reasoning via the ReAct pattern.
Installation ¶
go get github.com/securezeron/zeron-agent-development-kit/adk/go@latest
Quick Start ¶
Parse and validate an agent definition:
import "github.com/securezeron/zeron-agent-development-kit/adk/go/pkg/dsl"
result := dsl.LoadAgentYaml("my-agent.agent.yaml")
if !result.Valid {
log.Fatal(result.Errors)
}
agent := result.Agent
Evaluate policy at runtime:
import "github.com/securezeron/zeron-agent-development-kit/adk/go/pkg/policy"
engine := policy.NewEngine()
decision := engine.Evaluate(agent, "scan_code", "production", nil)
if decision.Allowed {
// proceed
}
Register a tool with automatic policy + audit integration:
import "github.com/securezeron/zeron-agent-development-kit/adk/go/pkg/tools"
scanTool := tools.NewZakTool(tools.ZakToolConfig{
Name: "scan_code",
Description: "Scan source code for vulnerabilities",
Execute: func(ctx context.Context, params map[string]any) (any, error) {
return map[string]any{"vulnerabilities": []any{}}, nil
},
})
Packages ¶
The SDK is organized into the following packages:
- pkg/dsl — US-ADSL schema, parser, and validation
- pkg/policy — Policy engine with 6-rule evaluation chain
- pkg/audit — Structured audit event logging (zerolog)
- pkg/edition — Edition detection (open-source vs enterprise)
- pkg/runtime — BaseAgent, AgentRegistry, AgentExecutor, LLMAgent
- pkg/tools — Tool substrate, built-in tools, orchestration
- pkg/llm — LLM client interface and provider registry
- pkg/sif/schema — Security Intelligence Fabric node and edge types
- pkg/sif/risk — Risk propagation engine
- pkg/tenants — Multi-tenant context and namespace isolation
CLI ¶
Install the CLI:
go install github.com/securezeron/zeron-agent-development-kit/adk/go/cmd/zak@latest
Available commands:
zak init --domain appsec --name my-agent # Scaffold agent YAML zak validate my-agent.agent.yaml # Validate agent definition zak run my-agent.agent.yaml # Execute agent zak agents # List registered agents zak info # Platform information
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
zak
command
Package main is the entry point for the ZAK CLI binary.
|
Package main is the entry point for the ZAK CLI binary. |
|
internal
|
|
|
cli
Package cli provides the ZAK CLI commands and domain templates for agent scaffolding.
|
Package cli provides the ZAK CLI commands and domain templates for agent scaffolding. |
|
pkg
|
|
|
audit
Package audit provides structured audit event logging for the ZAK Agent Development Kit.
|
Package audit provides structured audit event logging for the ZAK Agent Development Kit. |
|
dsl
Package dsl provides the Universal Security Agent DSL (US-ADSL) schema, parser, and validation for the ZAK Agent Development Kit.
|
Package dsl provides the Universal Security Agent DSL (US-ADSL) schema, parser, and validation for the ZAK Agent Development Kit. |
|
edition
Package edition provides edition detection for the ZAK Agent Development Kit.
|
Package edition provides edition detection for the ZAK Agent Development Kit. |
|
llm
Package llm provides the abstract LLMClient interface and shared response types.
|
Package llm provides the abstract LLMClient interface and shared response types. |
|
policy
Package policy provides the runtime policy engine for the ZAK Agent Development Kit.
|
Package policy provides the runtime policy engine for the ZAK Agent Development Kit. |
|
runtime
Package runtime provides the core agent lifecycle types: BaseAgent, AgentContext, and AgentResult.
|
Package runtime provides the core agent lifecycle types: BaseAgent, AgentContext, and AgentResult. |
|
sif
Package sif provides the Security Intelligence Fabric (SIF) for the ZAK Agent Development Kit.
|
Package sif provides the Security Intelligence Fabric (SIF) for the ZAK Agent Development Kit. |
|
sif/risk
Package risk implements the ZAK canonical risk propagation formula.
|
Package risk implements the ZAK canonical risk propagation formula. |
|
sif/schema
Package schema provides the canonical SIF (Security Intelligence Fabric) node and edge type definitions.
|
Package schema provides the canonical SIF (Security Intelligence Fabric) node and edge type definitions. |
|
tenants
Package tenants provides multi-tenancy support: TenantRegistry, TenantContext, and isolation utilities.
|
Package tenants provides multi-tenancy support: TenantRegistry, TenantContext, and isolation utilities. |
|
tools
Package tools provides the tool substrate for the ZAK Agent Development Kit.
|
Package tools provides the tool substrate for the ZAK Agent Development Kit. |
Click to show internal directories.
Click to hide internal directories.