harn-stdlib 0.8.67

Embedded Harn standard library source catalog
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

// std/security — prompt-injection defense configuration (Burin Layers 0/1).
//
// Scope: configure the runtime's spotlighting + lethal-trifecta gate. The
// substrate lives in the VM (`crate::security`): untrusted external tool/MCP
// output is framed as data, and exfiltration-capable tools are gated once
// untrusted content has entered context. This module is the thin Harn surface
// a host (Burin) calls from its resolved `[security]` config / feature flag;
// pipelines rarely need it.
//
// Import with:
//   import { configure, spotlight, strict, off } from "std/security"
/**
 * Push a security policy derived from `config` onto the runtime stack and
 * return the resolved summary. Recognised keys (all optional; safe defaults
 * are applied for any omitted):
 *
 *   - mode: "off" | "spotlight" | "strict" | "local-ml"
 *   - spotlight_external: bool   — frame untrusted output as data
 *   - trifecta_gate: bool        — gate exfil tools while tainted
 *   - pin_mcp_schemas: bool      — re-approve on tool-description change
 *   - gate_secret_reads: bool    — gate secret-file reads while tainted
 *   - trusted_mcp_servers: [str] — servers exempt from taint + pinning
 *
 * @effects: [state]
 * @allocation: heap
 * @errors: []
 * @api_stability: stable
 * @example: configure({ mode: "spotlight", trusted_mcp_servers: ["internal-docs"] })
 */
pub fn configure(config: dict = {}) -> dict {
  return security_policy(config)
}

/**
 * Enable the default posture: spotlight untrusted content + trifecta gate.
 *
 * @effects: [state]
 * @allocation: heap
 * @errors: []
 * @api_stability: stable
 * @example: spotlight()
 */
pub fn spotlight() -> dict {
  return security_policy({mode: "spotlight"})
}

/**
 * Enable strict mode: spotlight + per-line datamarking of untrusted content.
 *
 * @effects: [state]
 * @allocation: heap
 * @errors: []
 * @api_stability: stable
 * @example: strict()
 */
pub fn strict() -> dict {
  return security_policy({mode: "strict"})
}

/**
 * Disable every prompt-injection defense layer for this run.
 *
 * @effects: [state]
 * @allocation: heap
 * @errors: []
 * @api_stability: stable
 * @example: off()
 */
pub fn off() -> dict {
  return security_policy({mode: "off"})
}