nexara_core/
policy.rs

1use serde::{Deserialize, Serialize};
2
3#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord)]
4#[serde(rename_all = "snake_case")]
5pub enum TrustTier {
6    Builtin,
7    RemoteMcp,
8    RemoteNexara,
9    LocalExternalProcess,
10    WasmComponent,
11    Custom,
12}
13
14#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord)]
15#[serde(rename_all = "snake_case")]
16pub enum ActionClass {
17    Read,
18    Write,
19    Execute,
20}
21
22#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
23#[serde(rename_all = "snake_case")]
24pub enum ConfirmationPolicy {
25    Never,
26    Always,
27    OnWrite,
28    OnFirstUse,
29}
30
31#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord)]
32#[serde(rename_all = "snake_case")]
33pub enum TrustProfile {
34    Observe,
35    Assist,
36    ActWithConfirmation,
37    FullOperator,
38}
39
40impl TrustProfile {
41    pub fn as_str(self) -> &'static str {
42        match self {
43            Self::Observe => "observe",
44            Self::Assist => "assist",
45            Self::ActWithConfirmation => "act_with_confirmation",
46            Self::FullOperator => "full_operator",
47        }
48    }
49}
50
51#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
52pub struct EffectiveTrustPolicy {
53    pub profile: TrustProfile,
54    pub allow_read: bool,
55    pub allow_write: bool,
56    pub allow_execute: bool,
57    pub require_confirmation_for_write: bool,
58    pub require_confirmation_for_execute: bool,
59}
60
61impl EffectiveTrustPolicy {
62    pub fn for_profile(profile: TrustProfile) -> Self {
63        match profile {
64            TrustProfile::Observe => Self {
65                profile,
66                allow_read: true,
67                allow_write: false,
68                allow_execute: false,
69                require_confirmation_for_write: true,
70                require_confirmation_for_execute: true,
71            },
72            TrustProfile::Assist => Self {
73                profile,
74                allow_read: true,
75                allow_write: false,
76                allow_execute: false,
77                require_confirmation_for_write: true,
78                require_confirmation_for_execute: true,
79            },
80            TrustProfile::ActWithConfirmation => Self {
81                profile,
82                allow_read: true,
83                allow_write: true,
84                allow_execute: true,
85                require_confirmation_for_write: true,
86                require_confirmation_for_execute: true,
87            },
88            TrustProfile::FullOperator => Self {
89                profile,
90                allow_read: true,
91                allow_write: true,
92                allow_execute: true,
93                require_confirmation_for_write: false,
94                require_confirmation_for_execute: false,
95            },
96        }
97    }
98}
nexara_core/policy.rs

nexara_core/
policy.rs
