apunkt/gomcp
1
0
Fork 0
mirror of https://github.com/syntrex-lab/gomcp.git synced 2026-05-10 03:52:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: SOC ghost sinkhole, rate limiter, RBAC, demo seed

Browse source
This commit is contained in:
DmitrL-dev 2026-03-27 12:45:11 +10:00
parent cc7956d835
commit b8097d3f1b
19 changed files with 1169 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

15
internal/infrastructure/audit/decisions.go
View file

@ -69,12 +69,23 @@ type DecisionLogger struct {
// NewDecisionLogger creates a tamper-evident decision logger.
func NewDecisionLogger(rlmDir string) (*DecisionLogger, error) {
if err := os.MkdirAll(rlmDir, 0o755); err != nil {
return nil, fmt.Errorf("decisions: mkdir %s: %w", rlmDir, err)
// FALLBACK: Use temp directory if permission denied (e.g. /var/log/sentinel)
rlmDir = filepath.Join(os.TempDir(), "sentinel-audit")
if fallbackErr := os.MkdirAll(rlmDir, 0o755); fallbackErr != nil {
return nil, fmt.Errorf("decisions: mkdir %s: %v (fallback failed: %v)", rlmDir, err, fallbackErr)
}
}
path := filepath.Join(rlmDir, decisionsFileName)
f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o644)
if err != nil {
return nil, fmt.Errorf("decisions: open %s: %w", path, err)
// Try one more fallback if OpenFile fails but MkdirAll passed earlier.
rlmDir = filepath.Join(os.TempDir(), "sentinel-audit")
_ = os.MkdirAll(rlmDir, 0o755)
path = filepath.Join(rlmDir, decisionsFileName)
f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o644)
if err != nil {
return nil, fmt.Errorf("decisions: open %s: %w", path, err)
}
}
return &DecisionLogger{
file: f,