Skip to main content

chio_data_guards/
lib.rs

1//! Data layer guards for the Chio runtime kernel.
2//!
3//! This crate houses guards that inspect the *semantics* of data-store
4//! accesses rather than merely the presence of a tool.  Phase 7.1 of the
5//! Chio roadmap ships the first such guard, [`SqlQueryGuard`], which parses
6//! SQL queries submitted to database tools and enforces allowlists on
7//! operations, tables, columns, and predicates.
8//!
9//! Future phases (7.2, 7.3, 7.4) will add `VectorDbGuard`,
10//! `WarehouseCostGuard`, and the post-invocation `QueryResultGuard` in
11//! this same crate.  The module layout is designed to absorb those
12//! additions without breaking the public surface.
13//!
14//! # Relationship to `chio-guards`
15//!
16//! `chio-data-guards` is a *sibling* of `chio-guards`.  It reuses the
17//! [`chio_kernel::Guard`] trait and the [`chio_guards::extract_action`]
18//! dispatcher; it does not redefine either.  Pipelines compose the two
19//! crates transparently:
20//!
21//! ```ignore
22//! use chio_guards::GuardPipeline;
23//! use chio_data_guards::{SqlGuardConfig, SqlQueryGuard};
24//!
25//! let mut pipeline = GuardPipeline::default_pipeline();
26//! pipeline.add(Box::new(SqlQueryGuard::new(SqlGuardConfig::default())));
27//! ```
28//!
29//! # Fail-closed
30//!
31//! Every guard in this crate is fail-closed.  Parse errors deny, empty
32//! configurations deny, and invalid user-supplied regex configuration
33//! rejects policy loading or constructs a deny-all guard.
34
35#![cfg_attr(test, allow(clippy::expect_used, clippy::unwrap_used))]
36
37pub mod config;
38pub mod error;
39pub mod result_guard;
40pub mod sql_guard;
41pub mod sql_parser;
42pub mod vector_guard;
43pub mod warehouse_cost_guard;
44
45pub use config::{SqlDialect, SqlGuardConfig, SqlOperation};
46pub use error::SqlGuardDenyReason;
47pub use result_guard::{
48    QueryResultGuard, QueryResultGuardConfig, QueryResultHook, DEFAULT_REDACTION_MARKER,
49};
50pub use sql_guard::SqlQueryGuard;
51pub use sql_parser::SqlAnalysis;
52pub use vector_guard::{
53    VectorCall, VectorDbGuard, VectorFieldPaths, VectorGuardConfig, VectorGuardDenyReason,
54};
55pub use warehouse_cost_guard::{
56    DryRunEstimate, WarehouseCostDenyReason, WarehouseCostFieldPaths, WarehouseCostGuard,
57    WarehouseCostGuardConfig,
58};