agent-shield 0.8.0

Security scanner for AI agent extensions — offline-first, multi-framework, SARIF output
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

use serde::{Deserialize, Serialize};

use super::SourceLocation;

/// A declared tool/function exposed by the extension.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ToolSurface {
    pub name: String,
    pub description: Option<String>,
    /// JSON Schema of the tool's input parameters.
    pub input_schema: Option<serde_json::Value>,
    /// JSON Schema of the tool's output.
    pub output_schema: Option<serde_json::Value>,
    /// Permissions declared by the tool (if any).
    pub declared_permissions: Vec<DeclaredPermission>,
    /// Source location where the tool is defined.
    pub defined_at: Option<SourceLocation>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DeclaredPermission {
    pub permission_type: PermissionType,
    /// e.g., "filesystem:/tmp/*"
    pub target: Option<String>,
    pub description: Option<String>,
}

#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum PermissionType {
    FileRead,
    FileWrite,
    NetworkAccess,
    ProcessExec,
    EnvAccess,
    DatabaseAccess,
    Unknown,
}