hushspec 0.1.1

Portable specification types for AI agent security rules
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

# hushspec

Portable specification types for AI agent security rules.

`hushspec` is the Rust reference implementation of the [HushSpec](https://github.com/backbay-labs/hush) open policy format. It provides parsing, validation, evaluation, resolution, detection, signing, and audit trail capabilities for HushSpec policy documents.

## Installation

```toml
[dependencies]
hushspec = "0.1"
```

Optional features:

```toml
# Ed25519 policy signing and verification
hushspec = { version = "0.1", features = ["signing"] }

# HTTPS-based extends resolution
hushspec = { version = "0.1", features = ["http"] }
```

## Quick Start

```rust
use hushspec::{HushSpec, validate, evaluate, EvaluationAction};

// Parse a policy
let yaml = r#"
hushspec: "0.1.0"
name: my-policy
rules:
  egress:
    allow: ["api.github.com"]
    block: []
    default: block
"#;
let spec = HushSpec::parse(yaml)?;

// Validate
let result = validate(&spec);
assert!(result.is_valid());

// Evaluate an action
let action = EvaluationAction {
    action_type: "egress".into(),
    target: Some("api.github.com".into()),
    ..Default::default()
};
let decision = evaluate(&spec, &action);
assert_eq!(decision.decision, hushspec::Decision::Allow);
```

## Core API

| Module | Purpose |
|--------|---------|
| `schema` | Parse and serialize HushSpec YAML/JSON documents |
| `validate` | Structural validation with typed errors and warnings |
| `evaluate` | Evaluate actions against policies (allow/warn/deny) |
| `resolve` | Resolve `extends` chains from filesystem, HTTP, or builtins |
| `merge` | Merge child policies into base policies |
| `conditions` | Conditional rule evaluation (time windows, runtime context) |
| `detection` | Prompt injection, jailbreak, and exfiltration detection |
| `receipt` | Structured audit trail with decision receipts |
| `sink` | Receipt sinks (file, stderr, callback, filtered, multi) |
| `panic` | Emergency deny-all kill switch |
| `signing` | Ed25519 policy signing and verification (feature-gated) |
| `governance` | Governance metadata validation |

## Fail-Closed Design

HushSpec follows a fail-closed philosophy:

- Unknown YAML/JSON fields are rejected at parse time (`deny_unknown_fields`)
- Invalid documents produce typed `ValidationError` values
- Ambiguous or unrecognized rules result in `Deny`
- All regex patterns are validated at parse time

## CLI

The `h2h` CLI tool is available as a separate crate:

```bash
cargo install hushspec-cli
```

See [`hushspec-cli`](https://crates.io/crates/hushspec-cli) for details.

## License

Apache-2.0