Warden

Go Packages

Reference for all Warden Go packages.

Package Index

PackageImport PathDescription
wardengithub.com/xraph/wardenCore types, engine, evaluator, graph walker
idgithub.com/xraph/warden/idTypeID definitions for all entities
rolegithub.com/xraph/warden/roleRole entity and store interface
permissiongithub.com/xraph/warden/permissionPermission entity and store interface
assignmentgithub.com/xraph/warden/assignmentAssignment entity and store interface
relationgithub.com/xraph/warden/relationRelation tuple entity and store interface
policygithub.com/xraph/warden/policyPolicy entity, conditions, and store interface
resourcetypegithub.com/xraph/warden/resourcetypeResource type definitions and store interface
checkloggithub.com/xraph/warden/checklogCheck audit log entity and store interface
storegithub.com/xraph/warden/storeComposite store interface
store/memorygithub.com/xraph/warden/store/memoryIn-memory store implementation
store/postgresgithub.com/xraph/warden/store/postgresPostgreSQL store implementation
store/sqlitegithub.com/xraph/warden/store/sqliteSQLite store implementation
plugingithub.com/xraph/warden/pluginPlugin interfaces and registry
cachegithub.com/xraph/warden/cacheLRU cache with TTL
apigithub.com/xraph/warden/apiREST API handlers
extensiongithub.com/xraph/warden/extensionForge extension entry point
middlewaregithub.com/xraph/warden/middlewareAuthorization middleware
audit_hookgithub.com/xraph/warden/audit_hookChronicle audit plugin
observabilitygithub.com/xraph/warden/observabilityPrometheus metrics plugin

Core Types

warden.CheckRequest

type CheckRequest struct {
    Subject      Subject        // Who is requesting
    Action       string         // What action
    ResourceType string         // What resource type
    ResourceID   string         // Which specific resource
    Context      map[string]any // Attributes for ABAC
}

warden.CheckResult

type CheckResult struct {
    Allowed  bool
    Decision Decision  // Allow, Deny, NoOpinion
    Reason   string
    Sources  []string  // ["rbac", "abac", "rebac"]
    Duration time.Duration
}

warden.Subject

type Subject struct {
    Kind string // "user", "api_key", "service", "anonymous"
    ID   string
}

warden.Config

type Config struct {
    EnableRBAC    bool          // default: true
    EnableABAC    bool          // default: true
    EnableReBAC   bool          // default: true
    MaxGraphDepth int           // default: 10
    CacheTTL      time.Duration // default: 0 (disabled)
}

Engine Methods

func NewEngine(opts ...Option) (*Engine, error)
func (e *Engine) Check(ctx context.Context, req *CheckRequest) (*CheckResult, error)
func (e *Engine) Enforce(ctx context.Context, req *CheckRequest) error
func (e *Engine) CanI(ctx context.Context, req *CheckRequest) bool
func (e *Engine) Store() store.Store
func (e *Engine) Plugins() *plugin.Registry
func (e *Engine) Start(ctx context.Context) error
func (e *Engine) Stop(ctx context.Context) error

Option Functions

func WithStore(s store.Store) Option
func WithConfig(c Config) Option
func WithEvaluator(e Evaluator) Option
func WithGraphWalker(gw GraphWalker) Option
func WithCache(c Cache) Option
func WithPlugin(p plugin.Plugin) Option
func WithLogger(l *slog.Logger) Option

REST API

Complete reference for Warden's REST API endpoints.

On this page

Package IndexCore Typeswarden.CheckRequestwarden.CheckResultwarden.Subjectwarden.ConfigEngine MethodsOption Functions