Internal

internal/core/harden

Package harden models provider-backed pre-approval hardening.

import "github.com/nilstate/scafld/v2/internal/core/harden"

Package harden models provider-backed pre-approval hardening.

Constants

Source: internal/core/harden/model.go:17

const (
	// VerdictPass means the draft contract is ready for approval.
	VerdictPass = "pass"
	// VerdictNeedsRevision means the draft needs contract edits before approval.
	VerdictNeedsRevision = "needs_revision"
)

Variables

ErrInvalidDossier wraps malformed or semantically invalid harden output.

Source: internal/core/harden/model.go:23

var ErrInvalidDossier = errors.New("invalid harden dossier")

RequiredCheckNames are the evidence-backed hardening checks every round must record.

Source: internal/core/harden/model.go:26

var RequiredCheckNames = []string{
	"path audit",
	"command audit",
	"scope/migration audit",
	"acceptance timing audit",
	"rollback/repair audit",
	"design challenge",
}

Functions

func DossierSchemaJSON() string

Source: internal/core/harden/schema.go:11

DossierSchemaJSON returns the semantic HardenDossier JSON Schema.

func EncodeDossier(dossier Dossier) string

Source: internal/core/harden/model.go:91

EncodeDossier serializes a dossier for transport and storage.

func NormalizeDossier(dossier Dossier) Dossier

Source: internal/core/harden/model.go:137

NormalizeDossier fills derived defaults without hiding invalid provider shape.

func ParseText(text string) (Dossier, error)

Source: internal/core/harden/model.go:103

ParseText parses one strict JSON HardenDossier.

func StrictDossierSchemaJSON() string

Source: internal/core/harden/schema.go:20

StrictDossierSchemaJSON returns the Codex/OpenAI structured-output variant.

func ValidVerdict(verdict string) bool

Source: internal/core/harden/model.go:238

ValidVerdict reports whether the harden verdict is supported.

func ValidateDossier(dossier Dossier) error

Source: internal/core/harden/model.go:153

ValidateDossier verifies provider output shape and the harden gate contract.

func VerdictFromDossier(dossier Dossier) string

Source: internal/core/harden/model.go:223

VerdictFromDossier derives harden verdict from checks that did not pass and open approval-blocking issues. Non-blocking advisories never force another round.

Types

type AttackLogEntry

Source: internal/core/harden/model.go:61

AttackLogEntry records one bounded attack angle used during hardening.

type AttackLogEntry struct {
	Target string `json:"target"`
	Attack string `json:"attack"`
	Result string `json:"result"`
	Notes  string `json:"notes,omitempty"`
}
Fields
  • Target string `json:"target"`
  • Attack string `json:"attack"`
  • Result string `json:"result"`
  • Notes string `json:"notes,omitempty"`

type Check

Source: internal/core/harden/model.go:36

Check records one required hardening check.

type Check struct {
	Name       string `json:"name"`
	GroundedIn string `json:"grounded_in"`
	Result     string `json:"result"`
	Evidence   string `json:"evidence"`
}
Fields
  • Name string `json:"name"`
  • GroundedIn string `json:"grounded_in"`
  • Result string `json:"result"`
  • Evidence string `json:"evidence"`

type Dossier

Source: internal/core/harden/model.go:69

Dossier is the normalized harden-provider payload consumed by scafld.

type Dossier struct {
	Verdict      string           `json:"verdict"`
	Summary      string           `json:"summary"`
	Checks       []Check          `json:"checks"`
	Issues       []Issue          `json:"issues"`
	AttackLog    []AttackLogEntry `json:"attack_log"`
	Provider     string           `json:"provider,omitempty"`
	Model        string           `json:"model,omitempty"`
	SessionID    string           `json:"session_id,omitempty"`
	OutputFormat string           `json:"output_format,omitempty"`
	EventSummary map[string]int   `json:"event_summary,omitempty"`
	Raw          string           `json:"-"`
}
Fields
  • Verdict string `json:"verdict"`
  • Summary string `json:"summary"`
  • Checks []Check `json:"checks"`
  • Issues []Issue `json:"issues"`
  • AttackLog []AttackLogEntry `json:"attack_log"`
  • Provider string `json:"provider,omitempty"`
  • Model string `json:"model,omitempty"`
  • SessionID string `json:"session_id,omitempty"`
  • OutputFormat string `json:"output_format,omitempty"`
  • EventSummary map[string]int `json:"event_summary,omitempty"`
  • Raw string `json:"-"`

type Issue

Source: internal/core/harden/model.go:45

Issue records one harden finding. Only open issues with BlocksApproval block approval; advisory issues stay recorded without forcing another harden loop.

type Issue struct {
	ID                string `json:"id"`
	Kind              string `json:"kind"`
	Severity          string `json:"severity"`
	BlocksApproval    bool   `json:"blocks_approval"`
	Status            string `json:"status"`
	GroundedIn        string `json:"grounded_in"`
	Summary           string `json:"summary"`
	Evidence          string `json:"evidence"`
	Recommendation    string `json:"recommendation"`
	Question          string `json:"question,omitempty"`
	RecommendedAnswer string `json:"recommended_answer,omitempty"`
	IfUnanswered      string `json:"if_unanswered,omitempty"`
}
Fields
  • ID string `json:"id"`
  • Kind string `json:"kind"`
  • Severity string `json:"severity"`
  • BlocksApproval bool `json:"blocks_approval"`
  • Status string `json:"status"`
  • GroundedIn string `json:"grounded_in"`
  • Summary string `json:"summary"`
  • Evidence string `json:"evidence"`
  • Recommendation string `json:"recommendation"`
  • Question string `json:"question,omitempty"`
  • RecommendedAnswer string `json:"recommended_answer,omitempty"`
  • IfUnanswered string `json:"if_unanswered,omitempty"`

type Request

Source: internal/core/harden/model.go:84

Request is the provider-facing hardening prompt request.

type Request struct {
	TaskID  string
	Prompt  string
	Context reviewcontext.Packet
}
Fields
  • TaskID string
  • Prompt string
  • Context reviewcontext.Packet
Built withSourcey
Edit this page