bf9395e022
CI / license-header (push) Has been skipped
CI / e2e-dry-run (push) Has been skipped
CI / fast-gate (push) Failing after 0s
Test PR Label Logic / test-pr-labels (push) Failing after 1s
Skill Format Check / check-format (push) Failing after 2s
CI / security (push) Failing after 5s
CI / unit-test (push) Has been skipped
CI / lint (push) Has been skipped
CI / script-test (push) Has been skipped
CI / deterministic-gate (push) Has been skipped
CI / coverage (push) Has been skipped
CI / results (push) Has been cancelled
CI / deadcode (push) Has been cancelled
CI / e2e-live (push) Has been cancelled
41 lines
1.3 KiB
Go
41 lines
1.3 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package platform
|
|
|
|
import "fmt"
|
|
|
|
// CommandDeniedError is the structured error returned by a denyStub. Every
|
|
// pruned-command execution path -- direct invocation, alias expansion,
|
|
// internal call -- returns this exact type. The dispatcher converts it to a
|
|
// typed errs.* error; the Layer field carries the denial layer for the
|
|
// envelope.
|
|
//
|
|
// Layer values:
|
|
//
|
|
// - "strict_mode" -- credential strict-mode rejected the command
|
|
// - "policy" -- user-layer Rule rejected the command
|
|
//
|
|
// PolicySource is a free-form identifier such as "plugin:secaudit",
|
|
// "yaml:mywork", or "strict-mode". Reason fields:
|
|
//
|
|
// - ReasonCode -- closed enum, see tech-doc 5.3 (e.g. write_not_allowed,
|
|
// all_children_denied, identity_not_supported)
|
|
// - Reason -- human-readable text
|
|
type CommandDeniedError struct {
|
|
Path string
|
|
Layer string
|
|
PolicySource string
|
|
RuleName string
|
|
ReasonCode string
|
|
Reason string
|
|
}
|
|
|
|
// Error implements the standard error interface.
|
|
func (e *CommandDeniedError) Error() string {
|
|
if e.Reason != "" {
|
|
return fmt.Sprintf("command %q denied: %s", e.Path, e.Reason)
|
|
}
|
|
return fmt.Sprintf("command %q denied (%s/%s)", e.Path, e.Layer, e.ReasonCode)
|
|
}
|