Crate dabin 

dabin (binary da) — classify a bash command as approve/defer/deny under an explicitly-named set of policies.

The library is the engine; the binary is a thin CLI wrapper. Embedders who want to compose their own classification pipeline depend on this crate directly and use classify with whichever Policy values they like (built-ins from policies or their own).

Re-exports

pub use shparse::parse;

pub use shparse::Bail;

pub use shparse::RedirOp;

pub use shparse::Redirect;

pub use shparse::Segment;

pub use shparse::Separator;

Modules

policies

Built-in policies. Each capability is one Policy value with one verify fn. Atomic: nothing subsumes anything else; users compose by listing the capabilities they want.

shparse

Minimal bash parser for dabin’s classification needs. See model::Bail for the constructs that intentionally short-circuit.

Structs

Policy

A single policy. Atomic: each value covers exactly one capability. Adding a new capability is one new value with its own verify fn — no central registry to update.

Enums

Decision

The engine’s final answer for a whole command.

Verdict

What a single Policy says about a single segment.

Functions

classify

Parse cmd, then for each segment ask the policy stack — first matching policy wins. The whole command approves only if every segment approves; any Deny denies the whole command; anything unmatched defers.