Skip to main content

PolicySet

aios_protocol::policy

Struct PolicySet

pub struct PolicySet {
    pub allow_capabilities: Vec<Capability>,
    pub gate_capabilities: Vec<Capability>,
    pub max_tool_runtime_secs: u64,
    pub max_events_per_turn: u64,
}

Expand description

A set of policy rules governing agent capabilities.

Fields§

§allow_capabilities: Vec<Capability>§gate_capabilities: Vec<Capability>§max_tool_runtime_secs: u64§max_events_per_turn: u64

Implementations§

impl PolicySet

pub fn anonymous() -> Self

Heavily restricted — anonymous public users. No side-effecting capabilities.

Shell execution (exec:cmd:*) is NOT gated (approval queue) — it is absent from both allow_capabilities and gate_capabilities, so the policy engine immediately denies any bash/shell tool call without creating an approval ticket. BRO-216.

5 events/turn, 30s tool runtime.

pub fn free() -> Self

Read + network + limited shell — authenticated free tier users.

Shell execution is restricted to a safe read-only whitelist; unlisted commands are denied immediately (not gated). BRO-216.

15 events/turn, 30s tool runtime.

pub fn pro() -> Self

Full access — authenticated Pro subscribers. 50 events/turn, 60s tool runtime.

pub fn enterprise() -> Self

Fully permissive — Enterprise tenants (custom overrides applied separately). 200 events/turn, 120s tool runtime.

Trait Implementations§

impl Clone for PolicySet

fn clone(&self) -> PolicySet

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for PolicySet

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for PolicySet

fn default() -> Self

Returns the “default value” for a type. Read more

impl<'de> Deserialize<'de> for PolicySet

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

impl Serialize for PolicySet

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

impl Freeze for PolicySet

impl RefUnwindSafe for PolicySet

impl Send for PolicySet

impl Sync for PolicySet

impl Unpin for PolicySet

impl UnsafeUnpin for PolicySet

impl UnwindSafe for PolicySet

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,