hanzo_guard/
config.rs

1//! Configuration for Hanzo Guard
2
3use serde::{Deserialize, Serialize};
4
5/// Main configuration for Guard
6#[derive(Debug, Clone, Serialize, Deserialize)]
7pub struct GuardConfig {
8    /// PII detection configuration
9    pub pii: PiiConfig,
10    /// Injection detection configuration
11    pub injection: InjectionConfig,
12    /// Content filter configuration
13    pub content_filter: ContentFilterConfig,
14    /// Rate limiting configuration
15    pub rate_limit: RateLimitConfig,
16    /// Audit configuration
17    pub audit: AuditConfig,
18}
19
20impl Default for GuardConfig {
21    fn default() -> Self {
22        Self {
23            pii: PiiConfig::default(),
24            injection: InjectionConfig::default(),
25            content_filter: ContentFilterConfig::default(),
26            rate_limit: RateLimitConfig::default(),
27            audit: AuditConfig::default(),
28        }
29    }
30}
31
32impl GuardConfig {
33    /// Create a new config with all features enabled
34    pub fn full() -> Self {
35        Self {
36            pii: PiiConfig {
37                enabled: true,
38                ..Default::default()
39            },
40            injection: InjectionConfig {
41                enabled: true,
42                ..Default::default()
43            },
44            content_filter: ContentFilterConfig {
45                enabled: true,
46                ..Default::default()
47            },
48            rate_limit: RateLimitConfig {
49                enabled: true,
50                ..Default::default()
51            },
52            audit: AuditConfig {
53                enabled: true,
54                ..Default::default()
55            },
56        }
57    }
58
59    /// Create a minimal config (PII only)
60    pub fn minimal() -> Self {
61        Self {
62            pii: PiiConfig {
63                enabled: true,
64                ..Default::default()
65            },
66            injection: InjectionConfig {
67                enabled: false,
68                ..Default::default()
69            },
70            content_filter: ContentFilterConfig {
71                enabled: false,
72                ..Default::default()
73            },
74            rate_limit: RateLimitConfig {
75                enabled: false,
76                ..Default::default()
77            },
78            audit: AuditConfig {
79                enabled: false,
80                ..Default::default()
81            },
82        }
83    }
84}
85
86/// PII detection configuration
87#[derive(Debug, Clone, Serialize, Deserialize)]
88pub struct PiiConfig {
89    /// Enable PII detection
90    pub enabled: bool,
91    /// Detect SSNs
92    pub detect_ssn: bool,
93    /// Detect credit cards
94    pub detect_credit_card: bool,
95    /// Detect emails
96    pub detect_email: bool,
97    /// Detect phone numbers
98    pub detect_phone: bool,
99    /// Detect IP addresses
100    pub detect_ip: bool,
101    /// Detect API keys/secrets
102    pub detect_api_keys: bool,
103    /// Redaction placeholder format (use {TYPE} for type name)
104    pub redaction_format: String,
105}
106
107impl Default for PiiConfig {
108    fn default() -> Self {
109        Self {
110            enabled: true,
111            detect_ssn: true,
112            detect_credit_card: true,
113            detect_email: true,
114            detect_phone: true,
115            detect_ip: true,
116            detect_api_keys: true,
117            redaction_format: "[REDACTED:{TYPE}]".to_string(),
118        }
119    }
120}
121
122/// Injection detection configuration
123#[derive(Debug, Clone, Serialize, Deserialize)]
124pub struct InjectionConfig {
125    /// Enable injection detection
126    pub enabled: bool,
127    /// Block on detection (vs. just warn)
128    pub block_on_detection: bool,
129    /// Sensitivity level (0.0-1.0)
130    pub sensitivity: f32,
131    /// Custom patterns to detect
132    pub custom_patterns: Vec<String>,
133}
134
135impl Default for InjectionConfig {
136    fn default() -> Self {
137        Self {
138            enabled: true,
139            block_on_detection: true,
140            sensitivity: 0.7,
141            custom_patterns: vec![],
142        }
143    }
144}
145
146/// Content filter configuration
147#[derive(Debug, Clone, Serialize, Deserialize)]
148pub struct ContentFilterConfig {
149    /// Enable content filtering
150    pub enabled: bool,
151    /// Zen Guard API endpoint
152    pub api_endpoint: String,
153    /// API key for Zen Guard
154    pub api_key: Option<String>,
155    /// Block controversial content (not just unsafe)
156    pub block_controversial: bool,
157    /// Categories to block
158    pub blocked_categories: Vec<String>,
159    /// Timeout in milliseconds
160    pub timeout_ms: u64,
161}
162
163impl Default for ContentFilterConfig {
164    fn default() -> Self {
165        Self {
166            enabled: false, // Disabled by default as it requires API
167            api_endpoint: "https://api.zenlm.ai/v1/guard".to_string(),
168            api_key: None,
169            block_controversial: false,
170            blocked_categories: vec![
171                "Violent".to_string(),
172                "IllegalActs".to_string(),
173                "SexualContent".to_string(),
174                "SelfHarm".to_string(),
175                "Jailbreak".to_string(),
176            ],
177            timeout_ms: 5000,
178        }
179    }
180}
181
182/// Rate limiting configuration
183#[derive(Debug, Clone, Serialize, Deserialize)]
184pub struct RateLimitConfig {
185    /// Enable rate limiting
186    pub enabled: bool,
187    /// Requests per minute per user
188    pub requests_per_minute: u32,
189    /// Tokens per minute per user
190    pub tokens_per_minute: u32,
191    /// Burst allowance
192    pub burst_size: u32,
193}
194
195impl Default for RateLimitConfig {
196    fn default() -> Self {
197        Self {
198            enabled: true,
199            requests_per_minute: 60,
200            tokens_per_minute: 100_000,
201            burst_size: 10,
202        }
203    }
204}
205
206/// Audit logging configuration
207#[derive(Debug, Clone, Serialize, Deserialize)]
208pub struct AuditConfig {
209    /// Enable audit logging
210    pub enabled: bool,
211    /// Log full content (vs. just hashes)
212    pub log_content: bool,
213    /// Log to stdout
214    pub log_stdout: bool,
215    /// Log file path
216    pub log_file: Option<String>,
217}
218
219impl Default for AuditConfig {
220    fn default() -> Self {
221        Self {
222            enabled: true,
223            log_content: false, // Privacy by default
224            log_stdout: false,
225            log_file: None,
226        }
227    }
228}
hanzo_guard/config.rs

hanzo_guard/
config.rs
