Guarded Service Locator for Go. Access Control at Every Lookup.

Type-safe service retrieval with composable guard functions that validate request context before granting access. Not a DI container — a controlled discovery mechanism where every lookup is explicitly authorized.

Get Started

import "github.com/zoobz-io/slush"

// Initialize and register services
k := slush.Start()
handle := slush.Register[UserService](k, &userServiceImpl{})

// Chain guards — each validates context before access
handle.Guard(func(ctx context.Context) error {
    caller := sctx.FromContext(ctx)
    if !caller.HasScope("users:read") {
        return errors.New("insufficient permissions")
    }
    return nil
})

// Lock registry — no more registration allowed
slush.Freeze(k)

// Retrieve with guard validation
svc, err := slush.Use[UserService](ctx)
if err != nil {
    // Guard denied access — not "service not found"
    log.Fatal(err)
}

// Introspect registered services
for _, info := range slush.Services(k) {
    fmt.Println(info.Name, info.Version)
}

97%Test Coverage

A+Go Report

Why Slush?

Service discovery where access control is the design, not an afterthought.

Guards as First-Class Citizens

Simple functions that decide access: return nil to allow, error to deny. Chain, compose, and test independently.

Full Generic Type Safety

Freeze-Based Lifecycle

Start() returns a key for registration. Freeze() invalidates it permanently — no late binding, no accidental overwrites.

Zero Reflection in Hot Path

FQDNs pre-computed at registration. Use() is an O(1) map lookup plus guard chain — no reflection overhead per call.

Lifecycle Events

Capitan signals for registered, accessed, denied, and not-found. Observability without instrumenting guard logic.

Service Introspection

Sentinel metadata for all registered services. Generate documentation endpoints, dependency graphs, and ER diagrams.

Capabilities

Type-safe service registration with composable access control, lifecycle events, and introspection.

Feature	Description	Link
Guard Patterns	Basic, parameterized, composed (AND/OR/NOT), stateful (rate limiting, circuit breakers), and async-safe guards.	Guards
Sentinel Integration	Automatic struct metadata extraction for registered implementations. Service introspection and discovery tracking.	Sentinel
Capitan Events	Lifecycle signals for registration, access, denial, and missing services. Hook into existing observability.	Capitan
Cryptographic Guards	Bridge to sctx for guards that verify token signatures, expiry, replay protection, and permissions.	Sctx
Testing Support	Reset() and Unregister[T]() for test isolation. Guard testing patterns without the full registry.	Testing
Troubleshooting	Debug service resolution with lifecycle events. Common patterns for guard composition errors.	Troubleshooting

Articles

Browse the full slush documentation.

Learn

OverviewA type-safe service locator with guarded access control

QuickstartGet started with slush in five minutes

ConceptsMental models for services, guards, and handles

ArchitectureHow slush implements type-safe guarded service lookup

Guides

TestingHow to test code that uses slush

TroubleshootingDebug common slush issues

GuardsWriting and composing access control guards

Integrations

sentinel IntegrationService metadata extraction with sentinel

capitan IntegrationService lifecycle events with capitan

sctx IntegrationCryptographic access control with sctx

Reference

API ReferenceComplete function documentation for slush

Types ReferenceComplete type documentation for slush