airgap 0.1.2

Security for the modern age of AI: defend against bad AI agents and malicious npm packages
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

//! The AI-agent profile: trusted agents that run with redaction only and
//! unrestricted directory access (no prompts). Also used as the default for
//! `--allow-unknown-program`.

use std::ffi::OsStr;

use super::{program_basename, DirectoryAccess, Profile};

/// AI agents, matched by executable basename.
pub const AI_AGENTS: &[&str] = &["opencode", "claude"];

/// Whether `program` is a trusted AI agent.
pub fn is_ai_agent(program: &OsStr) -> bool {
    AI_AGENTS
        .iter()
        .any(|name| program_basename(program) == OsStr::new(name))
}

/// Redaction only, directories unrestricted.
pub struct AiAgent;

impl Profile for AiAgent {
    fn redaction(&self) -> bool {
        true
    }

    fn directory_access(&self) -> DirectoryAccess {
        DirectoryAccess::AllowAny
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn matches_agents_by_basename() {
        assert!(is_ai_agent(OsStr::new("claude")));
        assert!(is_ai_agent(OsStr::new("/usr/local/bin/opencode")));
        assert!(!is_ai_agent(OsStr::new("npm")));
        assert!(!is_ai_agent(OsStr::new("claude-helper")));
    }
}