Expand description
Tier-1 deterministic rule engine.
Classifies a ProposedCommand into Class::Safe, Class::Catastrophic,
or Class::Ambiguous using only fixed rules — never a model. This is the
security spine: the block decision for catastrophic commands lives here and
cannot be argued past.
Design bias: catastrophic checks run first and broadly (a false “this is
dangerous” is recoverable; a missed catastrophe is not — see the zero-
tolerance rule in CLAUDE.md). Only confidently read-only/build/test commands
are marked Safe. Everything else is Ambiguous, to be held or scored.
This module performs no I/O: it reasons purely about the command text, so it is deterministic and trivially testable.
Structs§
- Rule
Match - The result of classifying a command: its class and the rule that decided it.
Functions§
- classify
- Classify a proposed command. Always returns; never panics.
- classify_
and_ decide - Classify a command and produce a full Tier-1 verdict for the given mode.
- classify_
line - Classify a raw command line (the entry point used by tests too).
- decide
- Map a class to a decision for the given mode (Tier-1, rules-only).