Go SDK

The official Go module for OpenLeash. Minimal dependencies, high performance, designed for Go agents and microservices. Single dependency: go-paseto.

Installation

Terminal
$ go get github.com/openleash/openleash/packages/sdk-go

Quick Example

Request authorization before performing a risky action. The SDK signs the request with your agent's Ed25519 private key and returns a decision with an optional proof token.

main.go
package main
import (
"fmt"
"log"
openleash "github.com/openleash/openleash/packages/sdk-go"
)
func main() {
// Generate a keypair (do this once, store the keys)
pub, priv, err := openleash.GenerateEd25519Keypair()
if err != nil {
log.Fatal(err)
}
// Request authorization for an action
result, err := openleash.Authorize(openleash.AuthorizeInput{
BaseURL: "http://localhost:8787",
AgentID: "agent-uuid",
PrivateKey: priv,
Request: openleash.AuthorizeRequest{
Action: "purchase",
Resource: "office-supplies",
Context: map[string]any{"amount": 42.00},
},
})
if err != nil {
log.Fatal(err)
}
// result.Decision: "ALLOW" | "DENY" | "REQUIRE_APPROVAL" | ...
// result.ProofToken: signed PASETO v4.public token (if allowed)
fmt.Println("Decision:", result.Decision)
_ = pub
}

Available Functions

The Go SDK provides 13 functions covering the full agent authorization lifecycle. All functions use PascalCase per Go convention:

  • Authorize — request an authorization decision for an action
  • SignRequest — sign an HTTP request body with Ed25519
  • RegisterAgent — register an agent with the OpenLeash server
  • VerifyProofOffline — verify a proof token locally using the public key
  • VerifyProofOnline — verify a proof token via the server API
  • GenerateEd25519Keypair — generate a new Ed25519 signing keypair
  • CreateApprovalRequest — create a pending approval request
  • GetApprovalRequest — fetch the status of an approval request
  • PollApprovalRequest — poll until an approval request is resolved
  • GetAgent — retrieve agent details from the server
  • ListPolicies — list all policies visible to the agent
  • ListApprovalRequests — list all approval requests for the agent
  • ProposePolicy — propose a new policy for owner review

Proof Verification

Counterparties can verify proof tokens offline without contacting the OpenLeash server. The token is a PASETO v4.public token signed with Ed25519.

verify.go
import openleash "github.com/openleash/openleash/packages/sdk-go"
claims, err := openleash.VerifyProofOffline(openleash.VerifyProofOfflineInput{
ProofToken: proofToken,
PublicKey: ownerPublicKey,
})
if err != nil {
log.Fatal(err)
}
// claims.Action, claims.Resource, claims.Decision, claims.Exp

Links