traitclaw-core 1.0.0

Core traits, types, and runtime for the TraitClaw AI Agent Framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

//! Guard trait for hard boundary enforcement.
//!
//! Guards check actions **before** they execute and can block dangerous behavior.
//! Guard checks must be fast (microseconds) — they run on every action.

use crate::types::action::Action;

/// Result of a guard check.
#[derive(Debug, Clone)]
pub enum GuardResult {
    /// Action is allowed to proceed.
    Allow,
    /// Action is blocked. The agent will receive the reason as feedback.
    Deny {
        /// Why this action was blocked.
        reason: String,
        /// How severe this violation is.
        severity: GuardSeverity,
    },
    /// Action is modified (sanitized) before proceeding.
    Sanitize {
        /// The sanitized action to use instead.
        modified_action: Action,
        /// Warning message about the sanitization.
        warning: String,
    },
}

/// Severity level of a guard violation.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum GuardSeverity {
    /// Critical — log and block immediately.
    Critical,
    /// High — block and alert developer.
    High,
    /// Medium — block and suggest alternative.
    Medium,
}

/// Hard boundary check for agent actions.
///
/// Guards run **before** every action (tool call, shell command, file write, etc.)
/// and can block or sanitize dangerous behavior. They are the first layer of defense
/// in the Guard-Hint-Track steering system.
///
/// Guard checks must NOT be async — they must complete in microseconds.
pub trait Guard: Send + Sync + 'static {
    /// The name of this guard (for logging and tracing).
    fn name(&self) -> &'static str;

    /// Check whether an action should be allowed.
    ///
    /// This method is called before every agent action. Return [`GuardResult::Allow`]
    /// to let the action proceed, or [`GuardResult::Deny`] to block it.
    fn check(&self, action: &Action) -> GuardResult;
}

/// No-op guard that allows everything. Used when no guards are configured.
pub struct NoopGuard;

impl Guard for NoopGuard {
    fn name(&self) -> &'static str {
        "noop"
    }

    fn check(&self, _action: &Action) -> GuardResult {
        GuardResult::Allow
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_noop_guard_allows_everything() {
        let guard = NoopGuard;
        let action = Action::RawOutput {
            content: "test".into(),
        };
        assert!(matches!(guard.check(&action), GuardResult::Allow));
    }
}