Skip to main content

agent_guard/
receipt.rs

1//! Security receipt types.
2use chrono::{DateTime, Utc};
3use serde::{Deserialize, Serialize};
4
5/// Represents a security decision made by the control plane.
6#[derive(Debug, Clone, Serialize, Deserialize)]
7pub struct SecurityDecision {
8    /// Unique identifier for this decision.
9    pub decision_id: String,
10    /// The agent or process this decision applies to.
11    pub subject: Subject,
12    /// Action being attempted.
13    pub action: Action,
14    /// Whether the action was allowed or denied.
15    pub allowed: bool,
16    /// Reason for the decision.
17    pub reason: String,
18    /// Timestamp of the decision.
19    pub timestamp: DateTime<Utc>,
20    /// Applied security mechanisms.
21    pub mechanisms: Vec<SecurityMechanism>,
22}
23
24/// The entity a security decision applies to.
25#[derive(Debug, Clone, Serialize, Deserialize)]
26pub struct Subject {
27    /// PID of the subject (if process).
28    pub pid: Option<u32>,
29    /// Name of the subject.
30    pub name: String,
31    /// Optional cgroup path.
32    pub cgroup_path: Option<String>,
33}
34
35/// An action being attempted.
36#[derive(Debug, Clone, Serialize, Deserialize)]
37pub struct Action {
38    /// Type of action.
39    pub action_type: ActionType,
40    /// Resource being accessed.
41    pub resource: String,
42    /// Additional metadata.
43    pub metadata: Option<serde_json::Value>,
44}
45
46/// Types of actions that can be secured.
47#[derive(Debug, Clone, Serialize, Deserialize)]
48pub enum ActionType {
49    FileRead,
50    FileWrite,
51    FileExecute,
52    NetworkConnect,
53    NetworkBind,
54    ProcessSpawn,
55    SystemCall,
56    CgroupModify,
57}
58
59/// A security mechanism that was applied.
60#[derive(Debug, Clone, Serialize, Deserialize)]
61pub enum SecurityMechanism {
62    /// BPF LSM hook.
63    BpfLsm { program: String },
64    /// cgroup v2 restriction.
65    CgroupV2 { path: String },
66    /// Landlock rule.
67    Landlock { ruleset_id: u64 },
68    /// seccomp filter.
69    Seccomp { filter_id: u32 },
70    /// eBPF program.
71    Ebpf { program: String },
72}