Crate aperion_shield 

Aperion Shield – library surface.

This crate exposes the rule engine and its adaptive layers so that:

• the aperion-shield binary in src/main.rs can wire them into an MCP stdio guardrail, and
• integration tests in tests/ can exercise the engine end-to-end without spawning a process, and
• embedders who want to drop Shield into a non-MCP context (custom proxies, lint tools, etc.) can do so without re-implementing the decision pipeline.

The public API is intentionally small. The main types you’ll touch:

• Engine – load a shieldset.yaml and evaluate calls.
• Adjustments – adaptive inputs (prod workspace, memory, burst).
• Evaluation – what fired, what scored, what tier we landed on.
• decide – turn an Evaluation into a concrete Decision.
• WorkspaceContext, DecisionMemory, BurstDetector – the three adaptive helpers, each independently constructable.

Re-exports

pub use burst::BurstDetector;

pub use context::WorkspaceContext;

pub use engine::decide;

pub use engine::fingerprint;

pub use engine::Adjustments;

pub use engine::Decision;

pub use engine::Engine;

pub use engine::Evaluation;

pub use engine::MatchInfo;

pub use engine::Policy;

pub use engine::Severity;

pub use identity::IdentityConfig;

pub use identity::IdentityGate;

pub use identity::IdentityProvider;

pub use identity::IdMeProvider;

pub use identity::MockProvider;

pub use identity::Proof;

pub use identity::ProviderConfig;

pub use identity::ProviderKind;

pub use identity::Requirement as IdentityRequirement;

pub use memory::DecisionMemory;

pub use memory::MemoryEntry;

pub use memory::MemoryVerdict;

pub use memory::Outcome;

pub use predicates::CommandPredicate;

pub use predicates::SensitivePath;

Modules

burst

In-process burst detector. Maintains a sliding window of the timestamps at which Shield observed a destructive (non-Allow) match. When the count within the window crosses the threshold, in_burst() returns true and the engine bumps every subsequent match by one tier until the burst window quiets.

context

Workspace context probe – runs once at startup and reports whether the current working directory looks like a production-managed repo. When it does, the engine bumps every matched rule’s severity by one tier. The signals are deliberately conservative: only files that strongly imply “this codebase manages production”.

diff

Pre-merge behavior-diff explainer for shieldset changes.

engine

Aperion Shield – self-contained rule engine for the standalone product.

explain

aperion-shield --explain – turn any tool-call descriptor into a readable walkthrough of what the engine would decide, and why.

hooks

Git-hook integration (v0.7+).

identity

Aperion Shield – identity-gated tool calls.

memory

Local decision memory – append-only JSONL of past approve/deny decisions per (rule_id, argv-fingerprint). All processing is purely local; nothing is ever sent off the box.

orgmode

Aperion Shield – org-mode client.

predicates

Structured predicates beyond regex.

sandbox

v1.0: upstream process confinement.

scan

v1.0: --scan – pre-install audit of an MCP server.

shims

aperion-shield --install-shims and friends: per-command shell wrappers that route invocations through Shield’s engine before they reach the real binary.

suggest

aperion-shield --suggest-rules (v0.7+).

supply

MCP supply-chain protection (v0.9).

transport

Transports (v0.9).