risk

package
v0.0.0-...-ff01624 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2026 License: AGPL-3.0 Imports: 40 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Attach 

func Attach(mux goahttp.Muxer, service *Service)

func NewObserver 

func NewObserver(
	logger *slog.Logger,
	tracerProvider trace.TracerProvider,
	db *pgxpool.Pool,
	signaler RiskAnalysisSignaler,
	auditLogger *audit.Logger,
) chat.MessageObserver

NewObserver creates a lightweight chat.MessageObserver that signals the risk drain workflow when new messages are stored. Use this in contexts (e.g. the worker process) where the full risk Service is not needed.

Types

type RiskAnalysisSignaler 

type RiskAnalysisSignaler interface {
	SignalNewMessages(ctx context.Context, params background.DrainRiskAnalysisParams) error
}

RiskAnalysisSignaler starts or signals the drain workflow for a risk policy.

type RiskScanner 

type RiskScanner interface {
	// ScanForEnforcement scans text against all enabled blocking policies
	// for the given project. Returns nil if no blocking policy matches.
	ScanForEnforcement(ctx context.Context, projectID uuid.UUID, text string) (*ScanResult, error)
	// LookupShadowMCPBlockingPolicy returns the first enabled shadow-MCP
	// policy for the project whose action is "block". Returns nil when no
	// such policy exists. Used by hooks to gate the realtime deny path.
	LookupShadowMCPBlockingPolicy(ctx context.Context, projectID uuid.UUID) (*ShadowMCPPolicy, error)
	// HasEnabledShadowMCPPolicy reports whether the project has at least one
	// enabled shadow-MCP policy (any action). Used by the MCP server to
	// decide whether to inject the x-gram-toolset-id constant into tool
	// schemas.
	HasEnabledShadowMCPPolicy(ctx context.Context, projectID uuid.UUID) (bool, error)
}

RiskScanner checks text against blocking risk policies.

type ScanResult 

type ScanResult struct {
	Action      string // "block"
	PolicyID    string
	PolicyName  string
	Source      string // "gitleaks" or "presidio"
	RuleID      string
	Description string
	UserMessage *string // optional override for the rendered block message
}

ScanResult describes a match from a blocking risk policy.

We deliberately do not include the raw matched substring (the secret/PII itself) so that ScanResult is safe to log, store, or serialize. Block messages render PolicyName + Description, never the matched value.

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner implements RiskScanner using gitleaks and optionally Presidio. It pre-creates a gitleaks detector at construction time to avoid the per-scan mutex+init overhead on the hot path.

func NewScanner 

func NewScanner(logger *slog.Logger, db *pgxpool.Pool, piiScanner ra.PIIScanner, piScanner *ra.PromptInjectionScanner, meterProvider metric.MeterProvider) (*Scanner, error)

NewScanner creates a RiskScanner. piiScanner may be nil if Presidio is not available in the server process. piScanner must be non-nil; pass a scanner wrapping ra.StubClassifier{} when --pi-classifier-url is empty. Pre-creates a gitleaks detector to avoid per-scan rule compilation on the real-time hook path; returns an error if the detector cannot be built (init relies on viper global state and should never realistically fail, but propagating the error keeps startup honest).

func (*Scanner) HasEnabledShadowMCPPolicy 

func (s *Scanner) HasEnabledShadowMCPPolicy(ctx context.Context, projectID uuid.UUID) (bool, error)

HasEnabledShadowMCPPolicy reports whether the project has at least one enabled shadow-MCP policy (flag or block). The MCP server uses this to decide whether to inject the x-gram-toolset-id constant into tool schemas.

func (*Scanner) LookupShadowMCPBlockingPolicy 

func (s *Scanner) LookupShadowMCPBlockingPolicy(ctx context.Context, projectID uuid.UUID) (*ShadowMCPPolicy, error)

LookupShadowMCPBlockingPolicy returns the first enabled shadow-MCP policy for the project whose action is "block". Flag-action policies surface as findings via the batch scanner instead of denying at the hook layer.

func (*Scanner) ScanForEnforcement 

func (s *Scanner) ScanForEnforcement(ctx context.Context, projectID uuid.UUID, text string) (*ScanResult, error)

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func NewService 

func NewService(
	logger *slog.Logger,
	tracerProvider trace.TracerProvider,
	db *pgxpool.Pool,
	sessions *sessions.Manager,
	authzEngine *authz.Engine,
	signaler RiskAnalysisSignaler,
	completionClient openrouter.CompletionClient,
	shadowMCPClient *shadowmcp.Client,
	auditLogger *audit.Logger,
	piClassifier bool,
) *Service

func (*Service) APIKeyAuth 

func (s *Service) APIKeyAuth(ctx context.Context, key string, schema *security.APIKeyScheme) (context.Context, error)

func (*Service) CreateRiskPolicy 

func (s *Service) CreateRiskPolicy(ctx context.Context, payload *gen.CreateRiskPolicyPayload) (*types.RiskPolicy, error)

func (*Service) DeleteRiskPolicy 

func (s *Service) DeleteRiskPolicy(ctx context.Context, payload *gen.DeleteRiskPolicyPayload) error

func (*Service) GetRiskCapabilities 

func (s *Service) GetRiskCapabilities(ctx context.Context, payload *gen.GetRiskCapabilitiesPayload) (*gen.RiskCapabilitiesResult, error)

func (*Service) GetRiskPolicy 

func (s *Service) GetRiskPolicy(ctx context.Context, payload *gen.GetRiskPolicyPayload) (*types.RiskPolicy, error)

func (*Service) GetRiskPolicyStatus 

func (s *Service) GetRiskPolicyStatus(ctx context.Context, payload *gen.GetRiskPolicyStatusPayload) (*types.RiskPolicyStatus, error)

func (*Service) ListRiskPolicies 

func (s *Service) ListRiskPolicies(ctx context.Context, payload *gen.ListRiskPoliciesPayload) (*gen.ListRiskPoliciesResult, error)

func (*Service) ListRiskResults 

func (s *Service) ListRiskResults(ctx context.Context, payload *gen.ListRiskResultsPayload) (*gen.ListRiskResultsResult, error)

func (*Service) ListRiskResultsByChat 

func (s *Service) ListRiskResultsByChat(ctx context.Context, payload *gen.ListRiskResultsByChatPayload) (*gen.ListRiskResultsByChatResult, error)

func (*Service) OnMessagesStored 

func (s *Service) OnMessagesStored(ctx context.Context, projectID uuid.UUID)

OnMessagesStored implements chat.MessageObserver. The caller (notifyObservers) already dispatches this in a goroutine with a detached context, so this method can safely perform I/O.

func (*Service) TriggerRiskAnalysis 

func (s *Service) TriggerRiskAnalysis(ctx context.Context, payload *gen.TriggerRiskAnalysisPayload) error

func (*Service) UpdateRiskPolicy 

func (s *Service) UpdateRiskPolicy(ctx context.Context, payload *gen.UpdateRiskPolicyPayload) (*types.RiskPolicy, error)

type ShadowMCPPolicy 

type ShadowMCPPolicy struct {
	ID          string
	Name        string
	UserMessage *string // nil/empty means "render the default message"
}

ShadowMCPPolicy is the minimal policy view the hooks layer needs to render a deny message that follows the same `matched policy %q (...)` format as gitleaks/presidio enforcement.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.