clawft-types 0.6.4

Core types for the clawft AI assistant framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

//! Security policy configuration types.
//!
//! Defines [`CommandPolicyConfig`] (command execution allowlist/denylist)
//! and [`UrlPolicyConfig`] (SSRF protection for URL fetching).

use serde::{Deserialize, Serialize};

/// Command execution security policy configuration.
///
/// Controls which commands the shell and spawn tools are allowed to execute.
/// In allowlist mode (default), only explicitly permitted commands can run.
/// In denylist mode, any command not matching a blocked pattern is allowed.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CommandPolicyConfig {
    /// Policy mode: "allowlist" (default, recommended) or "denylist".
    #[serde(default = "default_policy_mode")]
    pub mode: String,

    /// Permitted command basenames when in allowlist mode.
    /// Overrides defaults when non-empty.
    #[serde(default)]
    pub allowlist: Vec<String>,

    /// Blocked command patterns when in denylist mode.
    /// Overrides defaults when non-empty.
    #[serde(default)]
    pub denylist: Vec<String>,
}

fn default_policy_mode() -> String {
    "allowlist".to_string()
}

impl Default for CommandPolicyConfig {
    fn default() -> Self {
        Self {
            mode: default_policy_mode(),
            allowlist: Vec::new(),
            denylist: Vec::new(),
        }
    }
}

/// URL safety policy configuration for SSRF protection.
///
/// Controls which URLs the web fetch tool is allowed to access.
/// When enabled (default), requests to private networks, loopback
/// addresses, and cloud metadata endpoints are blocked.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UrlPolicyConfig {
    /// Whether URL safety validation is enabled.
    #[serde(default = "default_url_policy_enabled")]
    pub enabled: bool,

    /// Allow requests to private/internal IP ranges.
    #[serde(default, alias = "allowPrivate")]
    pub allow_private: bool,

    /// Domains that bypass all safety checks.
    #[serde(default, alias = "allowedDomains")]
    pub allowed_domains: Vec<String>,

    /// Domains that are always blocked.
    #[serde(default, alias = "blockedDomains")]
    pub blocked_domains: Vec<String>,
}

fn default_url_policy_enabled() -> bool {
    true
}

impl Default for UrlPolicyConfig {
    fn default() -> Self {
        Self {
            enabled: default_url_policy_enabled(),
            allow_private: false,
            allowed_domains: Vec::new(),
            blocked_domains: Vec::new(),
        }
    }
}