Versions in this module Expand all Collapse all v0 v0.1.0 Feb 24, 2026 Changes in this version + const EntropyThreshold + var HighRiskTools = map[string]bool + func ContainsSuspiciousContent(content string) (suspicious bool, reasons []string) + func HasEncodedContent(content string) bool + func HasSensitiveKeywords(content string) bool + func HasSuspiciousPatterns(content string) bool + func IsHighEntropy(data []byte) bool + func RegisterCustomKeywords(keywords []string) + func RegisterCustomPatterns(patterns []string) error + func SegmentEntropy(content string, minSegmentLen int) (highestSegment string, highestEntropy float64) + func ShannonEntropy(data []byte) float64 + func VerifyRecord(record *SecurityRecord, publicKeyBase64 string) (bool, error) + type AuditTrail struct + func NewAuditTrail(sessionID string) (*AuditTrail, error) + func (a *AuditTrail) Destroy() + func (a *AuditTrail) ExportLog(securityMode string) *SessionLog + func (a *AuditTrail) PublicKey() string + func (a *AuditTrail) RecordDecision(block *Block, tier1, tier2, tier3 string) *SecurityRecord + func (a *AuditTrail) Records() []*SecurityRecord + func (a *AuditTrail) SessionID() string + type Block struct + AgentContext string + Content string + ContentHash string + CreatedAtSeq uint64 + DedupeHit bool + ID string + Mutable bool + Source string + TaintedBy []string + Trust TrustLevel + Type BlockType + func NewBlock(id string, trust TrustLevel, typ BlockType, mutable bool, ...) *Block + func (b *Block) CanOverride(other *Block) bool + func (b *Block) IsData() bool + func (b *Block) IsImmutable() bool + func (b *Block) IsInstruction() bool + type BlockType string + const TypeData + const TypeInstruction + type Config struct + Logger *logging.Logger + Mode Mode + ResearchScope string + SupervisorProvider llm.Provider + TriageProvider llm.Provider + UserTrust TrustLevel + type EncodingDetection struct + Detected bool + Entropy float64 + Segment string + Type EncodingType + func DetectEncoding(content string) EncodingDetection + type EncodingType string + const EncodingBase64 + const EncodingBase64URL + const EncodingHex + const EncodingNone + const EncodingURL + type KeywordMatch struct + Keyword string + func DetectSensitiveKeywords(content string) []KeywordMatch + type Mode string + const ModeDefault + const ModeParanoid + const ModeResearch + type PatternMatch struct + Match string + Name string + Pattern string + func DetectSuspiciousPatterns(content string) []PatternMatch + type SecurityRecord struct + BlockID string + ContentHash string + SessionID string + Signature string + Tier1Result string + Tier2Result string + Tier3Result string + Timestamp time.Time + Trust string + Type string + type SecuritySupervisor struct + func NewSecuritySupervisor(provider llm.Provider, mode Mode, researchScope string) *SecuritySupervisor + func (s *SecuritySupervisor) Evaluate(ctx context.Context, req SupervisionRequest) (*SupervisionResult, error) + type SessionLog struct + PublicKey string + SecurityMode string + SecurityRecords []*SecurityRecord + SessionID string + StartedAt time.Time + type SupervisionRequest struct + OriginalGoal string + Tier1Flags []string + Tier2Reason string + ToolArgs map[string]interface{} + ToolName string + UntrustedBlocks []*Block + type SupervisionResult struct + Correction string + InputTokens int + LatencyMs int64 + OutputTokens int + Reason string + Verdict Verdict + type SuspiciousPattern struct + Name string + Pattern *regexp.Regexp + type TaintLineageNode struct + BlockID string + Depth int + EventSeq uint64 + Source string + TaintedBy []*TaintLineageNode + Trust TrustLevel + type Tier1Result struct + Block *Block + Pass bool + Reasons []string + RelatedBlocks []*Block + SkipReason string + type Triage struct + func NewTriage(provider llm.Provider) *Triage + func (t *Triage) Evaluate(ctx context.Context, req TriageRequest) (*TriageResult, error) + func (t *Triage) SetResearchScope(scope string) + type TriageRequest struct + ToolArgs map[string]interface{} + ToolName string + UntrustedBlock *Block + type TriageResult struct + InputTokens int + LatencyMs int64 + OutputTokens int + Reason string + Suspicious bool + type TrustLevel string + const TrustTrusted + const TrustUntrusted + const TrustVetted + func PropagatedTrust(a, b TrustLevel) TrustLevel + type Verdict string + const VerdictAllow + const VerdictDeny + const VerdictModify + type VerificationResult struct + Allowed bool + DenyReason string + Modification string + TaintLineage []*TaintLineageNode + Tier1 *Tier1Result + Tier2 *TriageResult + Tier3 *SupervisionResult + ToolName string + type Verifier struct + func NewVerifier(cfg Config, sessionID string) (*Verifier, error) + func (v *Verifier) AddBlock(trust TrustLevel, typ BlockType, mutable bool, content, source string) *Block + func (v *Verifier) AddBlockWithContext(trust TrustLevel, typ BlockType, mutable bool, ...) *Block + func (v *Verifier) AddBlockWithTaint(trust TrustLevel, typ BlockType, mutable bool, ...) *Block + func (v *Verifier) AuditTrail() *AuditTrail + func (v *Verifier) ClearContext() + func (v *Verifier) Destroy() + func (v *Verifier) GetBlock(id string) *Block + func (v *Verifier) GetCurrentUntrustedBlockIDs() []string + func (v *Verifier) GetTaintLineage(blockID string) *TaintLineageNode + func (v *Verifier) GetTaintLineageForBlocks(blocks []*Block) []*TaintLineageNode + func (v *Verifier) VerifyToolCall(ctx context.Context, toolName string, args map[string]interface{}, ...) (*VerificationResult, error)
Go to main page