Structs§
- Access
Policy - Access control toggles for guest operations.
- Authenticated
Frame - A versioned, signed vsock frame envelope.
- Blocklist
Entry - A single blocklist entry for command gating.
- Posture
Check - Result of a single posture check.
- Posture
Report - Overall posture report aggregating all checks.
- Rate
Limit Policy - Frame rate limiting configuration.
- Security
Policy - Per-VM security configuration, provisioned on the config drive.
- Session
Hello - Host → Guest: initiate authenticated session after CONNECT/OK.
- Session
Hello Ack - Guest → Host: acknowledge session and prove key possession.
- Session
Policy - Session lifecycle limits.
- Threat
Finding - A single threat finding produced by the classifier.
Enums§
- Approval
Verdict - Verdict from an approval authority (coordinator or dev-mode auto-approve).
- Blocklist
Action - Action to take when a blocklist entry matches.
- Blocklist
Severity - Severity level for blocklist entries.
- Gate
Decision - Decision from the command gate after evaluating a vsock command.
- Security
Layer - A security layer that can be evaluated for posture scoring.
- Severity
- Severity of a threat finding.
- Threat
Category - Threat categories for vsock message classification.
Constants§
- PROTOCOL_
VERSION_ AUTHENTICATED - Current authenticated protocol version.
- PROTOCOL_
VERSION_ LEGACY - Legacy unauthenticated protocol version.