Documentation
¶
Overview ¶
Package dcg provides integration with the Destructive Command Guard (DCG) tool, including audit logging for blocked commands.
Index ¶
- Constants
- func GenerateHookJSON(opts DCGHookOptions) (string, error)
- func HookEnvVars(opts DCGHookOptions) (map[string]string, error)
- func InvalidateDCGCache()
- func ShouldConfigureHooks(dcgEnabled bool, binaryPath string) bool
- func WriteHookConfigFile(opts DCGHookOptions, configPath string) error
- type AuditEntry
- type AuditLogger
- type AuditLoggerConfig
- type ClaudeHookConfig
- type DCGAvailability
- type DCGHookOptions
- type HookEntry
- type HooksSection
Constants ¶
const DefaultMaxBytes = 10 * 1024 * 1024
DefaultMaxBytes is the default maximum log file size before rotation (10MB)
Variables ¶
This section is empty.
Functions ¶
func GenerateHookJSON ¶
func GenerateHookJSON(opts DCGHookOptions) (string, error)
GenerateHookJSON creates the JSON string for Claude Code hook configuration.
func HookEnvVars ¶
func HookEnvVars(opts DCGHookOptions) (map[string]string, error)
HookEnvVars returns environment variables that can be set to configure Claude Code hooks for DCG. These can be passed to the agent process.
func InvalidateDCGCache ¶
func InvalidateDCGCache()
InvalidateDCGCache clears the DCG availability cache.
func ShouldConfigureHooks ¶
ShouldConfigureHooks determines if DCG hooks should be configured for an agent spawn based on DCG availability and configuration.
func WriteHookConfigFile ¶
func WriteHookConfigFile(opts DCGHookOptions, configPath string) error
WriteHookConfigFile writes the DCG hook configuration to a file. This can be used to persist the hook configuration for Claude Code.
Types ¶
type AuditEntry ¶
type AuditEntry struct {
Timestamp string `json:"timestamp"`
Event string `json:"event"`
Command string `json:"command"`
Pane string `json:"pane"`
Session string `json:"session"`
Rule string `json:"rule"`
DCGOutput string `json:"dcg_output"`
}
AuditEntry represents a single DCG audit log entry
type AuditLogger ¶
type AuditLogger struct {
// contains filtered or unexported fields
}
AuditLogger provides logging for DCG blocked commands with automatic rotation
func NewAuditLogger ¶
func NewAuditLogger(config *AuditLoggerConfig) (*AuditLogger, error)
NewAuditLogger creates a new DCG audit logger
func (*AuditLogger) Close ¶
func (l *AuditLogger) Close() error
Close flushes and closes the audit logger
func (*AuditLogger) Flush ¶
func (l *AuditLogger) Flush() error
Flush flushes any buffered data to disk
func (*AuditLogger) LogBlocked ¶
func (l *AuditLogger) LogBlocked(command, pane, session, rule, dcgOutput string) error
LogBlocked logs a blocked command event
func (*AuditLogger) Path ¶
func (l *AuditLogger) Path() string
Path returns the path to the audit log file
type AuditLoggerConfig ¶
AuditLoggerConfig holds configuration for the DCG audit logger
func DefaultAuditLoggerConfig ¶
func DefaultAuditLoggerConfig() *AuditLoggerConfig
DefaultAuditLoggerConfig returns sensible defaults for the audit logger
type ClaudeHookConfig ¶
type ClaudeHookConfig struct {
Hooks HooksSection `json:"hooks"`
}
ClaudeHookConfig represents the Claude Code hooks configuration format. See: https://docs.anthropic.com/en/docs/claude-code/hooks
func GenerateHookConfig ¶
func GenerateHookConfig(opts DCGHookOptions) (*ClaudeHookConfig, error)
GenerateHookConfig creates a Claude Code hook configuration for DCG. The generated hook intercepts Bash tool calls and validates them against DCG.
type DCGAvailability ¶
type DCGAvailability struct {
Available bool
BinaryPath string
Version string
LastChecked time.Time
Error string
}
DCGAvailability tracks whether DCG is available and can be used for hooks.
func CheckDCGAvailable ¶
func CheckDCGAvailable(binaryPath string) DCGAvailability
CheckDCGAvailable checks if dcg is installed and available.
type DCGHookOptions ¶
type DCGHookOptions struct {
// BinaryPath is the path to the dcg binary. If empty, "dcg" is used (PATH lookup).
BinaryPath string
// AuditLog is an optional path to write audit logs.
AuditLog string
// Timeout is the hook timeout in milliseconds. Default is 5000ms.
Timeout int
// CustomBlocklist adds additional patterns to block.
CustomBlocklist []string
// CustomWhitelist adds patterns to always allow.
CustomWhitelist []string
}
DCGHookOptions configures how DCG hooks are generated.
func DefaultDCGHookOptions ¶
func DefaultDCGHookOptions() DCGHookOptions
DefaultDCGHookOptions returns sensible defaults for DCG hook configuration.
type HookEntry ¶
type HookEntry struct {
Matcher string `json:"matcher"` // Tool name to match (e.g., "Bash")
Command string `json:"command"` // Command to run
Timeout int `json:"timeout,omitempty"` // Optional timeout in ms
}
HookEntry represents a single hook configuration.
type HooksSection ¶
type HooksSection struct {
PreToolUse []HookEntry `json:"PreToolUse,omitempty"`
}
HooksSection contains the different hook types.
Source Files