-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdoc.go
More file actions
62 lines (62 loc) · 2.27 KB
/
doc.go
File metadata and controls
62 lines (62 loc) · 2.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
// Package goexec provides a secure, hardened command execution library.
//
// GoExec is a production-grade Go library that centralizes all process invocation
// behind a minimal API, banning direct os/exec usage elsewhere. It enforces strict
// security controls including binary allowlisting, argument validation, path sanitization,
// and sandbox integration.
//
// # Key Features
//
// - Single execution abstraction with mandatory timeouts and cancellation
// - Policy-as-code configuration via YAML for auditable security rules
// - Linux-native sandboxing (seccomp, AppArmor, cgroups)
// - Bounded worker pool with backpressure for scalability
// - OpenTelemetry integration for metrics and tracing
// - Rate limiting and circuit breaker for resilience
//
// # Basic Usage
//
// exec, err := goexec.New()
// if err != nil {
// log.Fatal(err)
// }
// defer exec.Shutdown(context.Background())
//
// cmd, _ := goexec.Cmd("/usr/bin/git", "status").Build()
// result, err := exec.Execute(ctx, cmd)
//
// # With Security Policy
//
// loader, _ := goexec.LoadPolicy("/etc/goexec", "policy.yaml")
// policy, _ := loader.Load(ctx)
//
// exec, _ := goexec.NewBuilder().
// WithPolicy(policy).
// WithDefaultTimeout(30 * time.Second).
// Build()
//
// # Security Model
//
// All binaries and arguments must be explicitly allowlisted in the policy
// configuration. Commands are validated against the policy before execution,
// and optionally run in a sandboxed environment with resource limits.
//
// # File I/O
//
// All file operations use github.com/victoralfred/gowritter/safepath
// for secure path handling. Direct use of standard library file I/O
// functions from the os and ioutil packages is prohibited.
//
// # Package Structure
//
// - goexec: Main entry point and convenience functions
// - executor: Core Executor interface and implementation
// - policy: YAML policy loading and validation
// - validation: Input sanitization and validation
// - sandbox: Linux sandboxing (seccomp, AppArmor, cgroups)
// - pool: Bounded worker pool with backpressure
// - resilience: Rate limiting and circuit breaker
// - observability: OpenTelemetry metrics and audit logging
// - hooks: Extension points for custom behavior
// - config: Configuration management
package goexec