Skip to main content

CommandPolicy

clawft_types::security

Struct CommandPolicy

pub struct CommandPolicy {
    pub mode: PolicyMode,
    pub allowlist: HashSet<String>,
    pub denylist: Vec<String>,
    pub dangerous_patterns: Vec<String>,
}

Expand description

Configurable command execution policy (runtime representation).

Validates commands against an allowlist or denylist, and always checks a set of dangerous patterns regardless of mode (defense-in-depth).

Constructed from super::config::CommandPolicyConfig at startup.

Fields§

§mode: PolicyMode

Operating mode for the policy.

§allowlist: HashSet<String>

Set of permitted executable basenames (used in Allowlist mode).

§denylist: Vec<String>

Patterns to block (substring match, case-insensitive; used in Denylist mode).

§dangerous_patterns: Vec<String>

Patterns that are always checked regardless of mode (defense-in-depth).

Implementations§

impl CommandPolicy

pub fn safe_defaults() -> Self

Create a policy with safe defaults.

Mode: Allowlist
Allowlist: common read-only / informational commands
Dangerous patterns: the standard set from DEFAULT_DANGEROUS_PATTERNS
Denylist: same patterns (used when mode is switched to Denylist)

pub fn new( mode: PolicyMode, allowlist: HashSet<String>, denylist: Vec<String>, ) -> Self

Create a new policy with explicit configuration.

pub fn validate(&self, command: &str) -> Result<(), CommandPolicyError>

Validate a command string against this policy.

Always checks dangerous patterns first (defense-in-depth).
In Allowlist mode, splits on shell compound operators (&&, ||, ;, |) and validates every sub-command’s basename.
In Denylist mode, checks all denylist patterns (case-insensitive substring match).

Trait Implementations§

impl Clone for CommandPolicy

fn clone(&self) -> CommandPolicy

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for CommandPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for CommandPolicy

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

impl Freeze for CommandPolicy

impl RefUnwindSafe for CommandPolicy

impl Send for CommandPolicy

impl Sync for CommandPolicy

impl Unpin for CommandPolicy

impl UnsafeUnpin for CommandPolicy

impl UnwindSafe for CommandPolicy

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.