Expand description
§Clawdstrike - Security Guards and Policy Engine
This crate provides security guards for AI agent execution:
ForbiddenPathGuard: Blocks access to sensitive pathsEgressAllowlistGuard: Controls network egressSecretLeakGuard: Detects potential secret exposurePatchIntegrityGuard: Validates patch safetyMcpToolGuard: Restricts MCP tool invocationsPromptInjectionGuard: Detects prompt-injection in untrusted textJailbreakGuard: Detects jailbreak attempts in user input
§Quick Start
use clawdstrike::{ForbiddenPathGuard, SecretLeakGuard};
// Check if a path is forbidden
let guard = ForbiddenPathGuard::new();
assert!(guard.is_forbidden("/home/user/.ssh/id_rsa"));
assert!(!guard.is_forbidden("/app/src/main.rs"));
// Scan content for secrets
let secret_guard = SecretLeakGuard::new();
let matches = secret_guard.scan(b"api_key = sk-1234567890abcdef");
// Would detect potential API key§Policy Configuration
use clawdstrike::Policy;
let yaml = r#"
version: "1.1.0"
name: "example"
settings:
fail_fast: true
"#;
let policy = Policy::from_yaml(yaml).unwrap();
assert_eq!(policy.version, "1.1.0");Re-exports§
pub use curator_config::default_config_path;pub use curator_config::CuratorConfig;pub use curator_config::CuratorConfigFile;pub use curator_config::CuratorEntry;pub use curator_config::CuratorTrustSet;pub use curator_config::RichCuratorConfigFile;pub use curator_config::TrustLevel;pub use curator_config::ValidatedCurator;pub use engine::GuardReport;pub use engine::HushEngine;pub use engine::PostureAwareReport;pub use error::Error;pub use error::Result;pub use guards::CustomGuardFactory;pub use guards::CustomGuardRegistry;pub use guards::EgressAllowlistGuard;pub use guards::ForbiddenPathGuard;pub use guards::Guard;pub use guards::GuardContext;pub use guards::GuardResult;pub use guards::JailbreakConfig;pub use guards::JailbreakGuard;pub use guards::McpToolGuard;pub use guards::PatchIntegrityGuard;pub use guards::PathAllowlistGuard;pub use guards::PromptInjectionGuard;pub use guards::SecretLeakGuard;pub use guards::Severity;pub use hygiene::detect_prompt_injection;pub use hygiene::detect_prompt_injection_with_limit;pub use hygiene::wrap_user_content;pub use hygiene::DedupeStatus;pub use hygiene::FingerprintDeduper;pub use hygiene::PromptInjectionLevel;pub use hygiene::PromptInjectionReport;pub use hygiene::USER_CONTENT_END;pub use hygiene::USER_CONTENT_START;pub use identity::AuthMethod;pub use identity::GeoLocation;pub use identity::IdentityPrincipal;pub use identity::IdentityProvider;pub use identity::OrganizationContext;pub use identity::OrganizationTier;pub use identity::RequestContext;pub use identity::SessionContext;pub use identity::SessionMetadata;pub use instruction_hierarchy::ConflictAction;pub use instruction_hierarchy::ConflictSeverity;pub use instruction_hierarchy::ContentModification;pub use instruction_hierarchy::CustomMarkers;pub use instruction_hierarchy::EnforcementAction;pub use instruction_hierarchy::EnforcementActionType;pub use instruction_hierarchy::HierarchyConflict;pub use instruction_hierarchy::HierarchyEnforcementResult;pub use instruction_hierarchy::HierarchyEnforcerConfig;pub use instruction_hierarchy::HierarchyError;pub use instruction_hierarchy::HierarchyMessage;pub use instruction_hierarchy::HierarchyState;pub use instruction_hierarchy::HierarchyStats;pub use instruction_hierarchy::InstructionHierarchyEnforcer;pub use instruction_hierarchy::InstructionLevel;pub use instruction_hierarchy::MarkerFormat;pub use instruction_hierarchy::MessageMetadata;pub use instruction_hierarchy::MessageRole;pub use instruction_hierarchy::MessageSource;pub use instruction_hierarchy::ProcessingStats as HierarchyProcessingStats;pub use instruction_hierarchy::RulesConfig;pub use instruction_hierarchy::SourceType;pub use jailbreak::JailbreakCanonicalizationStats;pub use jailbreak::JailbreakCategory;pub use jailbreak::JailbreakDetectionResult;pub use jailbreak::JailbreakDetector;pub use jailbreak::JailbreakGuardConfig;pub use jailbreak::JailbreakSeverity;pub use jailbreak::JailbreakSignal;pub use jailbreak::LayerResult;pub use jailbreak::LayerResults;pub use jailbreak::LinearModelConfig;pub use jailbreak::LlmJudge;pub use jailbreak::SessionAggPersisted;pub use jailbreak::SessionRiskSnapshot;pub use jailbreak::SessionStore;pub use marketplace_feed::ContentIds;pub use marketplace_feed::InclusionProofBundle;pub use marketplace_feed::MarketplaceEntry;pub use marketplace_feed::MarketplaceFeed;pub use marketplace_feed::MarketplaceProvenance;pub use marketplace_feed::SignedMarketplaceFeed;pub use marketplace_feed::WitnessSignatureRef;pub use marketplace_feed::MARKETPLACE_FEED_SCHEMA_VERSION;pub use output_sanitizer::AllowlistConfig;pub use output_sanitizer::DenylistConfig;pub use output_sanitizer::DetectorType;pub use output_sanitizer::EntityFinding;pub use output_sanitizer::EntityRecognizer;pub use output_sanitizer::OutputSanitizer;pub use output_sanitizer::OutputSanitizerConfig;pub use output_sanitizer::ProcessingStats;pub use output_sanitizer::Redaction;pub use output_sanitizer::RedactionStrategy;pub use output_sanitizer::SanitizationResult;pub use output_sanitizer::SanitizationStream;pub use output_sanitizer::SensitiveCategory;pub use output_sanitizer::SensitiveDataFinding;pub use output_sanitizer::Span;pub use output_sanitizer::StreamingConfig;pub use pipeline::EvaluationPath;pub use pipeline::EvaluationStage;pub use plugins::parse_plugin_manifest_toml;pub use plugins::resolve_plugin_root;pub use plugins::PluginExecutionMode;pub use plugins::PluginInspectResult;pub use plugins::PluginLoadPlan;pub use plugins::PluginLoader;pub use plugins::PluginLoaderOptions;pub use plugins::PluginManifest;pub use policy::Policy;pub use policy::RuleSet;pub use policy_bundle::PolicyBundle;pub use policy_bundle::SignedPolicyBundle;pub use policy_bundle::POLICY_BUNDLE_SCHEMA_VERSION;pub use posture::PostureBudgetCounter;pub use posture::PostureConfig;pub use posture::PostureProgram;pub use posture::PostureRuntimeState;pub use posture::PostureState;pub use posture::PostureTransition;pub use posture::PostureTransitionRecord;pub use posture::RuntimeTransitionTrigger;pub use posture::TransitionRequirement;pub use posture::TransitionTrigger;pub use spine_bridge::extract_spine_envelope_hash;pub use spine_bridge::policy_bundle_to_spine_envelope;pub use spine_bridge::POLICY_BUNDLE_FACT_TYPE;pub use watermarking::EncodedWatermark;pub use watermarking::PromptWatermarker;pub use watermarking::WatermarkConfig;pub use watermarking::WatermarkEncoding;pub use watermarking::WatermarkError;pub use watermarking::WatermarkExtractionResult;pub use watermarking::WatermarkExtractor;pub use watermarking::WatermarkPayload;pub use watermarking::WatermarkVerifierConfig;pub use watermarking::WatermarkedPrompt;pub use irm::Decision;pub use irm::EventType;pub use irm::ExecOperation;pub use irm::ExecutionIrm;pub use irm::FilesystemIrm;pub use irm::FsOperation;pub use irm::HostCall;pub use irm::HostCallMetadata;pub use irm::IrmEvent;pub use irm::IrmRouter;pub use irm::Monitor;pub use irm::NetOperation;pub use irm::NetworkIrm;pub use irm::Sandbox;pub use irm::SandboxConfig;pub use irm::SandboxStats;
Modules§
- async_
guards - core
- Re-export core types
- curator_
config - Multi-curator trust configuration.
- engine
- HushEngine - Main entry point for security enforcement
- error
- Error types for clawdstrike
- guards
- Security guards for AI agent execution.
- hygiene
- Prompt-injection hygiene utilities.
- identity
- instruction_
hierarchy - Instruction hierarchy enforcement utilities.
- irm
- Inline Reference Monitors (IRM)
- jailbreak
- Jailbreak detection (prompt-security).
- marketplace_
feed - Signed marketplace feed for distributing policy bundles.
- output_
sanitizer - Output sanitization and redaction utilities.
- pipeline
- Internal guard evaluation pipeline helpers.
- plugins
- Custom guard plugin scaffolding.
- policy
- Policy configuration and rulesets
- policy_
bundle - Signed policy bundles for distribution
- posture
- Posture schema and runtime types (policy v1.2.0+).
- spine_
bridge - Bridge between ClawdStrike policy bundles and Spine envelopes.
- watermarking
- Prompt watermarking utilities.