hushspec 0.1.1

Portable specification types for AI agent security rules
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

// Code generated by scripts/generate_sdk_contracts.py. DO NOT EDIT.
#![allow(dead_code)]

pub const TOP_LEVEL_KEYS: &[&str] = &[
    "hushspec",
    "name",
    "description",
    "extends",
    "merge_strategy",
    "rules",
    "extensions",
    "metadata",
];
pub const RULE_KEYS: &[&str] = &[
    "forbidden_paths",
    "path_allowlist",
    "egress",
    "secret_patterns",
    "patch_integrity",
    "shell_commands",
    "tool_access",
    "computer_use",
    "remote_desktop_channels",
    "input_injection",
];
pub const EXTENSION_KEYS: &[&str] = &["posture", "origins", "detection"];
pub const GOVERNANCE_METADATA_KEYS: &[&str] = &[
    "author",
    "approved_by",
    "approval_date",
    "classification",
    "change_ticket",
    "lifecycle_state",
    "policy_version",
    "effective_date",
    "expiry_date",
];
pub const FORBIDDEN_PATH_KEYS: &[&str] = &["enabled", "patterns", "exceptions"];
pub const PATH_ALLOWLIST_KEYS: &[&str] = &["enabled", "read", "write", "patch"];
pub const EGRESS_KEYS: &[&str] = &["enabled", "allow", "block", "default"];
pub const SECRET_PATTERNS_KEYS: &[&str] = &["enabled", "patterns", "skip_paths"];
pub const SECRET_PATTERN_KEYS: &[&str] = &["name", "pattern", "severity", "description"];
pub const PATCH_INTEGRITY_KEYS: &[&str] = &[
    "enabled",
    "max_additions",
    "max_deletions",
    "forbidden_patterns",
    "require_balance",
    "max_imbalance_ratio",
];
pub const SHELL_COMMAND_KEYS: &[&str] = &["enabled", "forbidden_patterns"];
pub const TOOL_ACCESS_KEYS: &[&str] = &[
    "enabled",
    "allow",
    "block",
    "require_confirmation",
    "default",
    "max_args_size",
];
pub const COMPUTER_USE_KEYS: &[&str] = &["enabled", "mode", "allowed_actions"];
pub const REMOTE_DESKTOP_KEYS: &[&str] = &[
    "enabled",
    "clipboard",
    "file_transfer",
    "audio",
    "drive_mapping",
];
pub const INPUT_INJECTION_KEYS: &[&str] =
    &["enabled", "allowed_types", "require_postcondition_probe"];
pub const POSTURE_KEYS: &[&str] = &["initial", "states", "transitions"];
pub const POSTURE_STATE_KEYS: &[&str] = &["description", "capabilities", "budgets"];
pub const POSTURE_TRANSITION_KEYS: &[&str] = &["from", "to", "on", "after"];
pub const ORIGINS_KEYS: &[&str] = &["default_behavior", "profiles"];
pub const ORIGIN_PROFILE_KEYS: &[&str] = &[
    "id",
    "match",
    "posture",
    "tool_access",
    "egress",
    "data",
    "budgets",
    "bridge",
    "explanation",
];
pub const ORIGIN_MATCH_KEYS: &[&str] = &[
    "provider",
    "tenant_id",
    "space_id",
    "space_type",
    "visibility",
    "external_participants",
    "tags",
    "sensitivity",
    "actor_role",
];
pub const ORIGIN_DATA_KEYS: &[&str] = &[
    "allow_external_sharing",
    "redact_before_send",
    "block_sensitive_outputs",
];
pub const ORIGIN_BUDGET_KEYS: &[&str] = &["tool_calls", "egress_calls", "shell_commands"];
pub const BRIDGE_POLICY_KEYS: &[&str] =
    &["allow_cross_origin", "allowed_targets", "require_approval"];
pub const BRIDGE_TARGET_KEYS: &[&str] = &["provider", "space_type", "tags", "visibility"];
pub const DETECTION_KEYS: &[&str] = &["prompt_injection", "jailbreak", "threat_intel"];
pub const PROMPT_INJECTION_KEYS: &[&str] = &[
    "enabled",
    "warn_at_or_above",
    "block_at_or_above",
    "max_scan_bytes",
];
pub const JAILBREAK_KEYS: &[&str] = &[
    "enabled",
    "block_threshold",
    "warn_threshold",
    "max_input_bytes",
];
pub const THREAT_INTEL_KEYS: &[&str] = &["enabled", "pattern_db", "similarity_threshold", "top_k"];

pub const MERGE_STRATEGIES: &[&str] = &["replace", "merge", "deep_merge"];
pub const DEFAULT_ACTIONS: &[&str] = &["allow", "block"];
pub const SEVERITIES: &[&str] = &["critical", "error", "warn"];
pub const COMPUTER_USE_MODES: &[&str] = &["observe", "guardrail", "fail_closed"];
pub const TRANSITION_TRIGGERS: &[&str] = &[
    "user_approval",
    "user_denial",
    "critical_violation",
    "any_violation",
    "timeout",
    "budget_exhausted",
    "pattern_match",
];
pub const ORIGIN_DEFAULT_BEHAVIORS: &[&str] = &["deny", "minimal_profile"];
pub const ORIGIN_SPACE_TYPES: &[&str] = &[
    "channel",
    "group",
    "dm",
    "thread",
    "issue",
    "ticket",
    "pull_request",
    "email_thread",
];
pub const ORIGIN_VISIBILITIES: &[&str] = &["private", "internal", "public", "external_shared"];
pub const DETECTION_LEVELS: &[&str] = &["safe", "suspicious", "high", "critical"];
pub const CLASSIFICATIONS: &[&str] = &["public", "internal", "confidential", "restricted"];
pub const LIFECYCLE_STATES: &[&str] = &[
    "draft",
    "review",
    "approved",
    "deployed",
    "deprecated",
    "archived",
];