Skip to main content

aperion_shield/
lib.rs

1//! Aperion Shield -- library surface.
2//!
3//! This crate exposes the rule engine and its adaptive layers so that:
4//!
5//!   * the `aperion-shield` binary in `src/main.rs` can wire them into
6//!     an MCP stdio guardrail, and
7//!   * integration tests in `tests/` can exercise the engine end-to-end
8//!     without spawning a process, and
9//!   * embedders who want to drop Shield into a non-MCP context (custom
10//!     proxies, lint tools, etc.) can do so without re-implementing the
11//!     decision pipeline.
12//!
13//! The public API is intentionally small. The main types you'll touch:
14//!
15//!   * [`Engine`] -- load a `shieldset.yaml` and evaluate calls.
16//!   * [`Adjustments`] -- adaptive inputs (prod workspace, memory, burst).
17//!   * [`Evaluation`] -- what fired, what scored, what tier we landed on.
18//!   * [`decide`] -- turn an [`Evaluation`] into a concrete [`Decision`].
19//!   * [`WorkspaceContext`], [`DecisionMemory`], [`BurstDetector`] --
20//!     the three adaptive helpers, each independently constructable.
21
22pub mod burst;
23pub mod context;
24pub mod diff;
25pub mod engine;
26pub mod explain;
27pub mod hooks;
28pub mod identity;
29pub mod memory;
30pub mod orgmode;
31pub mod predicates;
32pub mod sandbox;
33pub mod scan;
34pub mod shims;
35pub mod suggest;
36pub mod supply;
37pub mod transport;
38
39pub use burst::BurstDetector;
40pub use context::WorkspaceContext;
41pub use engine::{
42    decide, fingerprint, Adjustments, Decision, Engine, Evaluation, MatchInfo, Policy, Severity,
43};
44pub use identity::{
45    IdentityConfig, IdentityGate, IdentityProvider, IdMeProvider, MockProvider, Proof,
46    ProviderConfig, ProviderKind, Requirement as IdentityRequirement,
47};
48pub use memory::{DecisionMemory, MemoryEntry, MemoryVerdict, Outcome};
49pub use predicates::{CommandPredicate, SensitivePath};