clawdie/zot
1
0
Fork 0
mirror of https://github.com/patriceckhart/zot.git synced 2026-06-27 22:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
zot/examples/extensions/guard
History
Exact
patriceckhart fa7d8d8be5 refactor: split source into packages/{provider,core,tui,agent} 
Single Go module, four top-level packages under packages/. Import
paths become github.com/patriceckhart/zot/packages/<name>; downstream
consumers can depend on individual packages without pulling the rest.

Layout:
  packages/provider/     LLM clients + catalog
  packages/provider/auth/ credential store + OAuth + login server
  packages/core/         agent loop, sessions, cost
  packages/tui/          terminal toolkit + chat view
  packages/agent/        CLI wiring, system prompt
    extensions/ extproto/ modes/ tools/ skills/ swarm/
    sdk/  (was pkg/zotcore, package renamed zotcore -> sdk)
    ext/  (was pkg/zotext, package renamed zotext -> ext)

internal/ and pkg/ removed. The internal/assets logo moved into
packages/provider/auth/assets.

Public Go SDK identifiers renamed:
  pkg/zotcore (package zotcore) -> packages/agent/sdk (package sdk)
  pkg/zotext  (package zotext)  -> packages/agent/ext (package ext)

This breaks Go-based extensions and embedders; the JSON wire protocol
for extensions and RPC is unchanged, so non-Go extensions, already-
built extension binaries, and zot rpc consumers are unaffected.

Docs, examples, and the built-in write-zot-extension skill updated
for the new paths and identifiers. Shadow-bug fixes in code samples
(ext := ext.New -> e := ext.New).
2026-05-27 09:07:15 +02:00
..
extension.json feat(extensions): phase 3 — event subscriptions + tool-call interception 2026-04-19 14:57:03 +02:00
main.go refactor: split source into packages/{provider,core,tui,agent} 2026-05-27 09:07:15 +02:00
README.md feat(extensions): phase 3 — event subscriptions + tool-call interception 2026-04-19 14:57:03 +02:00

README.md

guard — example zot extension (Go, phase 3)

Demonstrates the event subscription and tool-call interception half of the extension protocol (phase 3).

What it does:

  • Subscribes to session_start, turn_start, tool_call, turn_end and appends a line to /tmp/zot-guard-audit.log for each.
  • Intercepts every bash tool call. If the command matches a danger regex (rm -rf, sudo, dd of=/, mkfs, the fork bomb, chmod -R 777), the call is refused. The model sees the refusal as the tool error and (typically) proposes something safer or asks for confirmation.

Build

cd examples/extensions/guard
go build -o guard .

Install

zot ext install .

Try it

In zot, ask:

Run rm -rf /tmp/foo

The model's bash call is intercepted and refused; the model explains the refusal in its reply. No file is touched.

Run ls /tmp

Allowed; the audit log records the call.

Tail the audit log:

tail -f /tmp/zot-guard-audit.log

Extending the danger list

Edit dangerPatterns in main.go. Each entry is a Go regexp; the match is case-insensitive. Rebuild and reinstall.

See also

  • examples/extensions/hello — slash command (phase 1)
  • examples/extensions/clock — slash command in plain Node (phase 1)
  • examples/extensions/weather — LLM-callable tool (phase 2)
  • docs/extensions.md — full protocol reference