This document captures the core design spirit and intent of dashlights.
- "Check engine light" for developers — Provide ambient, always-on visibility into security and hygiene issues in your development environment
- "What you can see, you can fix" — Surface hidden problems that are typically out-of-sight, out-of-mind
- "Clean as you go" — Encourage personal responsibility for reducing attack surface through continuous awareness
- Non-intrusive by default — Show a simple count (🚨 2) in your prompt; detailed diagnostics only on demand
- Speed is non-negotiable — Must execute in <10ms (16ms is human perceptibility threshold); actually runs in ~3ms
- Zero friction — Fast enough to embed directly in shell prompts without slowing workflows
- Concurrent by design — 30+ security checks run in parallel via goroutines
- Layered heuristics — Best effort to quickly catch 95% of misconfigurations in common setups (not exhaustive scanning)
- Not a malware detector — Does not scan for malicious software
- Not an EDR/protection tool — Does not block, quarantine, or actively defend
- Not a daemon/service — Stateless, ephemeral execution; runs only when invoked
- Zero network capabilities — No
net/httpor network client imports; verified by automated tests - Defense in depth for CI — Tests run in network-isolated Docker containers (
--network=none) - Trust boundary — Can read local files and environment; cannot write files or make network calls
- Transparency — Security capabilities are explicitly documented and tested