hardbound 0.0.1

Hardbound — public trait surface for the enterprise hardware-bound trust tier of Web4. Implementations of these traits anchor identity, vault, witness chain, and policy in TPM 2.0 / YubiKey / Secure Enclave hardware. The reference closed-source implementation is at metalinxx.io; this crate is the contract any compatible implementation must satisfy.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

//! Oversight policy — the deny/allow/warn gate that replaces consumer
//! Hestia's default-allow stub.

/// A pending action to be evaluated against policy.
///
/// Mirrors the shape of a Hestia R6 action begin record, but
/// intentionally generic so non-Hestia consumers can use the same
/// trait surface.
#[derive(Debug, Clone)]
pub struct PolicyAction {
    /// Tool the agent intends to invoke (e.g. `"Bash"`, `"WebFetch"`).
    pub tool_name: String,

    /// Optional target the tool will act on (file path, URL, etc.).
    pub target: Option<String>,

    /// Plugin requesting the action.
    pub plugin_id: String,

    /// Action magnitude in `[0..1]` — how consequential is this call?
    pub magnitude: f64,
}

/// Policy verdict for a [`PolicyAction`].
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum PolicyDecision {
    /// Caller should proceed.
    Allow,

    /// Caller should NOT proceed. `reason` is shown to the user /
    /// agent for context.
    Deny {
        /// Human-readable explanation.
        reason: String,
        /// Stable identifier for the rule that fired, useful for
        /// log/audit correlation.
        policy_id: Option<String>,
    },

    /// Caller may proceed but the user should see a warning first.
    /// In CRISIS mode this can be promoted to a hard deny.
    Warn {
        /// Human-readable explanation.
        reason: String,
        /// Stable identifier for the rule that fired.
        policy_id: Option<String>,
    },
}

/// A policy engine. Implementations may be:
///
/// - Rule-based (YAML/Rego rules over the action shape)
/// - Model-based (a local LLM evaluating against a written policy)
/// - Hybrid (rules first, model for ambiguous cases)
///
/// The OSS Hestia default returns [`PolicyDecision::Allow`] for every
/// action. Hardbound replaces it with a real engine.
pub trait OversightPolicy: Send + Sync {
    /// Evaluate `action` and return a verdict.
    fn evaluate(&self, action: &PolicyAction) -> PolicyDecision;
}