Trait Guard 

pub trait Guard: Send + Sync {
    // Required methods
    fn name(&self) -> &str;
    fn evaluate(
        &self,
        ctx: &GuardContext<'_>,
    ) -> Result<Verdict, KernelCoreError>;
}

Sync guard trait. Preserved signature-for-signature from legacy chio_kernel::Guard.

Required Methods

fn name(&self) -> &str

Human-readable guard name (e.g. forbidden-path).

fn evaluate(&self, ctx: &GuardContext<'_>) -> Result<Verdict, KernelCoreError>

Evaluate this guard against a tool-call context.

Returns Ok(Verdict::Allow) to pass, Ok(Verdict::Deny) to block, or Err(KernelCoreError) to signal an internal guard failure (which the kernel core treats as a fail-closed deny).

Implementors