Module packs 

Pack system for modular command blocking.

This module provides the infrastructure for organizing patterns into “packs” that can be enabled or disabled based on user configuration.

Pack Hierarchy

Packs are organized in a two-level hierarchy:

• Category (e.g., “database”, “kubernetes”)
• Sub-pack (e.g., “database.postgresql”, “kubernetes.kubectl”)

Enabling a category enables all its sub-packs. Sub-packs can be individually disabled even if their parent category is enabled.

Re-exports

pub use crate::normalize::normalize_command;

Modules

apigateway

API Gateway packs - protections for API gateway management platforms.

backup

Backup packs - protections for backup and restore tooling.

cdn

CDN and edge compute pack category.

cicd

CI/CD packs - protections for common CI/CD tooling.

cloud

Cloud pack - protections for cloud provider CLI commands.

containers

Container pack - protections for container management commands.

core

Core pack - fundamental git and filesystem protections.

database

Database pack - protections for database management commands.

dns

DNS packs - protections for DNS management tooling.

email

Email service packs - protections for email provider operations.

external

External pack loading from YAML files.

featureflags

Feature flag service packs - protections for feature flag management platforms.

infrastructure

Infrastructure pack - protections for IaC tool commands.

kubernetes

Kubernetes pack - protections for Kubernetes management commands.

loadbalancer

Load balancer packs - protections for load balancer tooling.

messaging

Messaging packs - protections for message queue tooling.

monitoring

Monitoring packs.

package_managers

Package Managers pack - protections for package manager commands.

payment

Payment processing packs.

platform

regex_engine

Dual regex engine abstraction for safe and fast pattern matching.

remote

Remote access packs - protections for remote sync and access tooling.

safe

Safe packs - patterns that allow commonly-blocked operations in safe contexts.

search

Search engine packs - protections for search platform operations.

secrets

Secret management packs - protections for secrets tooling.

storage

Storage packs - protections for object storage tooling.

strict_git

Strict Git pack - additional git protections beyond the core pack.

system

System pack - protections for system administration commands.

test_helpers

Test helper utilities for pack unit testing.

Structs

CheckResult

Result of checking a command against all packs.

DestructiveMatch

Information about a matched destructive pattern.

DestructivePattern

A destructive pattern that, when matched, blocks the command.

EnabledKeywordIndex

Precomputed keyword index for a specific enabled pack set.

ExternalCheckResult

Extended result from external pack checking (includes explanation).

ExternalPackStore

Runtime storage for external packs loaded from YAML files.

Pack

A pack of patterns for a specific category of commands.

PackEntry

Static pack metadata for lazy initialization.

PackInfo

Information about a pack for display.

PackRegistry

Registry of all available packs.

PatternSuggestion

A safer command alternative for a destructive pattern.

SafePattern

A safe pattern that, when matched, allows the command immediately.

Enums

DecisionMode

Decision mode for how to handle a matched pattern.

Platform

Platform specifier for platform-specific suggestions.

Severity

Severity level for destructive patterns.

Statics

REGISTRY

Global pack registry (lazily initialized).

Functions

get_external_packs

Get the external pack store (returns None if not yet initialized).

load_external_packs

Load external packs from the given file paths.

pack_aware_quick_reject

Pack-aware quick-reject filter.

pack_aware_quick_reject_with_normalized

Result of quick-reject check with the normalized command for reuse.

Type Aliases

PackId

Unique identifier for a pack (e.g., “core”, “database.postgresql”).