Skip to main content

agent_guard/
control_plane.rs

1//! Control plane trait for agent-guard.
2//!
3//! This trait defines the interface for security control planes on Linux.
4
5use crate::error::Result;
6use crate::receipt::{Action, SecurityDecision, Subject};
7
8/// Control plane for enforcing security policies on agents.
9///
10/// Implementations provide Linux-native security mechanisms such as:
11/// - BPF LSM hooks
12/// - cgroup v2 restrictions
13/// - Landlock sandboxing
14/// - seccomp filters
15/// - eBPF programs
16pub trait ControlPlane {
17    /// Initialize the control plane.
18    fn initialize(&mut self) -> Result<()>;
19
20    /// Check if the control plane is initialized and ready.
21    fn is_initialized(&self) -> bool;
22
23    /// Evaluate an action and return a security decision.
24    fn evaluate(&mut self, subject: &Subject, action: &Action) -> Result<SecurityDecision>;
25
26    /// Enforce a security decision.
27    fn enforce(&mut self, decision: &SecurityDecision) -> Result<()>;
28
29    /// Release resources held by this control plane.
30    fn shutdown(&mut self) -> Result<()>;
31}