Skip to main content

ActionPolicy

llmtrace_security::action_policy

Struct ActionPolicy 

Source 
pub struct ActionPolicy {
    pub id: String,
    pub name: String,
    pub mode: EnforcementMode,
    pub allowed_tools: Option<HashSet<String>>,
    pub blocked_tools: HashSet<String>,
    pub max_risk_score: f64,
    pub allowed_action_types: Option<HashSet<AgentActionType>>,
    pub max_actions_per_session: Option<u32>,
    pub allow_unregistered: bool,
}
Expand description

Policy for controlling which actions an agent can take.

Combines allowlist/blocklist enforcement, risk score thresholds, action type filtering, and session-level rate limiting into a single evaluable policy.

Use the builder methods to configure, or the convenience constructors ActionPolicy::permissive and ActionPolicy::restrictive.

Fields§

§id: String

Policy identifier.

§name: String

Human-readable name.

§mode: EnforcementMode

Enforcement mode.

§allowed_tools: Option<HashSet<String>>

Allowed tool IDs (if set, only these tools are permitted).

§blocked_tools: HashSet<String>

Blocked tool IDs (these tools are always denied).

§max_risk_score: f64

Maximum risk score allowed (tools with higher risk are blocked).

§allowed_action_types: Option<HashSet<AgentActionType>>

Allowed action types (if set, only these types are permitted).

§max_actions_per_session: Option<u32>

Maximum total actions per session.

§allow_unregistered: bool

Whether to allow actions on unregistered tools.

Implementations§

Source§

impl ActionPolicy

Source

pub fn new(id: &str, name: &str) -> Self

Create a new action policy with sensible defaults.

Defaults: enforce mode, no allowlist, no blocklist, max risk 1.0, all action types allowed, no session limit, unregistered tools allowed.

Source

pub fn permissive(id: &str, name: &str) -> Self

Create a permissive policy that allows everything in audit mode.

All actions are allowed; violations are only logged as findings.

Source

pub fn restrictive(id: &str, name: &str) -> Self

Create a restrictive policy that denies by default.

Requires explicit allowlist, blocks unregistered tools, and enforces a conservative risk threshold of 0.7.

Source

pub fn with_mode(self, mode: EnforcementMode) -> Self

Set the enforcement mode.

Source

pub fn with_allowed_tools(self, tools: HashSet<String>) -> Self

Set the allowed tool IDs. Only these tools will be permitted.

Source

pub fn with_blocked_tools(self, tools: HashSet<String>) -> Self

Set the blocked tool IDs. These tools are always denied.

Source

pub fn with_max_risk_score(self, score: f64) -> Self

Set the maximum risk score allowed.

Source

pub fn with_allowed_action_types(self, types: HashSet<AgentActionType>) -> Self

Set the allowed action types.

Source

pub fn with_max_actions_per_session(self, max: u32) -> Self

Set the maximum actions per session.

Source

pub fn with_allow_unregistered(self, allow: bool) -> Self

Set whether unregistered tools are allowed.

Source

pub fn evaluate( &self, action: &AgentAction, tool_def: Option<&ToolDefinition>, ) -> PolicyDecision

Evaluate an action against this policy.

Returns a PolicyDecision indicating whether the action is allowed, denied, or warned, along with any SecurityFindings.

Trait Implementations§

Source§

impl Clone for ActionPolicy

Source§

fn clone(&self) -> ActionPolicy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ActionPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V