Skip to main content

oxideshield_guard/compliance/
mod.rs

1//! Compliance Framework Mappings
2//!
3//! Maps OxideShield security controls to regulatory compliance frameworks.
4//!
5//! # Supported Frameworks
6//!
7//! - **NIST AI RMF** - NIST AI Risk Management Framework
8//! - **EU AI Act** - European Union Artificial Intelligence Act
9//!
10//! # Usage
11//!
12//! ```rust,ignore
13//! use oxideshield_guard::compliance::{ComplianceReport, Framework};
14//!
15//! let report = ComplianceReport::new("My AI System")
16//!     .with_framework(Framework::NistAiRmf)
17//!     .with_framework(Framework::EuAiAct)
18//!     .with_guards(&["PatternGuard", "PIIGuard", "ToxicityGuard"])
19//!     .generate();
20//!
21//! println!("{}", report.to_markdown());
22//! ```
23
24pub mod eu_ai_act;
25pub mod nist_ai_rmf;
26pub mod report;
27
28pub use eu_ai_act::{EuAiActCategory, EuAiActMapping, EuAiActRequirement};
29pub use nist_ai_rmf::{NistAiRmfCategory, NistAiRmfMapping, NistAiRmfSubcategory};
30pub use report::{
31    ComplianceReport, ComplianceReportBuilder, ComplianceStatus, ControlMapping, Framework,
32};
33
34use serde::{Deserialize, Serialize};
35
36/// A security control provided by OxideShield.
37#[derive(Debug, Clone, Serialize, Deserialize)]
38pub struct SecurityControl {
39    /// Control identifier.
40    pub id: String,
41    /// Control name.
42    pub name: String,
43    /// Description of what the control does.
44    pub description: String,
45    /// OxideShield component providing this control.
46    pub component: String,
47    /// Whether this control is currently enabled.
48    pub enabled: bool,
49    /// Configuration details.
50    pub configuration: Option<String>,
51}
52
53impl SecurityControl {
54    /// Create a new security control.
55    pub fn new(
56        id: impl Into<String>,
57        name: impl Into<String>,
58        component: impl Into<String>,
59    ) -> Self {
60        Self {
61            id: id.into(),
62            name: name.into(),
63            description: String::new(),
64            component: component.into(),
65            enabled: true,
66            configuration: None,
67        }
68    }
69
70    /// Set the description.
71    pub fn with_description(mut self, desc: impl Into<String>) -> Self {
72        self.description = desc.into();
73        self
74    }
75
76    /// Set enabled status.
77    pub fn with_enabled(mut self, enabled: bool) -> Self {
78        self.enabled = enabled;
79        self
80    }
81
82    /// Set configuration details.
83    pub fn with_configuration(mut self, config: impl Into<String>) -> Self {
84        self.configuration = Some(config.into());
85        self
86    }
87}
88
89/// Get all available security controls.
90pub fn available_controls() -> Vec<SecurityControl> {
91    vec![
92        // Pattern-based detection
93        SecurityControl::new("CTRL-001", "Pattern Guard", "PatternGuard")
94            .with_description("Detects prompt injection and jailbreak attempts using pattern matching with Aho-Corasick algorithm"),
95
96        SecurityControl::new("CTRL-002", "Length Guard", "LengthGuard")
97            .with_description("Enforces input/output length limits to prevent resource exhaustion and injection attacks"),
98
99        SecurityControl::new("CTRL-003", "Encoding Guard", "EncodingGuard")
100            .with_description("Detects encoding-based attacks (Unicode, Base64, homoglyphs) used to bypass security filters"),
101
102        // ML-based detection
103        SecurityControl::new("CTRL-004", "Perplexity Guard", "PerplexityGuard")
104            .with_description("Detects adversarial suffixes and anomalous text using perplexity analysis"),
105
106        SecurityControl::new("CTRL-005", "Semantic Similarity Guard", "SemanticSimilarityGuard")
107            .with_description("Detects semantically similar attack patterns using embedding-based comparison"),
108
109        SecurityControl::new("CTRL-006", "ML Classifier Guard", "MLClassifierGuard")
110            .with_description("Classifies inputs using machine learning to detect injection, jailbreak, and leak attempts"),
111
112        // Data protection
113        SecurityControl::new("CTRL-007", "PII Guard", "PIIGuard")
114            .with_description("Detects and redacts personally identifiable information (email, phone, SSN, credit cards, etc.)"),
115
116        SecurityControl::new("CTRL-008", "Toxicity Guard", "ToxicityGuard")
117            .with_description("Detects harmful content including hate speech, violence, harassment, and illegal content"),
118
119        // Architecture
120        SecurityControl::new("CTRL-009", "Multi-Layer Defense", "MultiLayerDefense")
121            .with_description("Orchestrates multiple guards with configurable aggregation strategies (fail-fast, unanimous, majority)"),
122
123        SecurityControl::new("CTRL-010", "Proxy Gateway", "OxideProxy")
124            .with_description("HTTP proxy gateway for intercepting and filtering LLM API traffic"),
125
126        // Monitoring
127        SecurityControl::new("CTRL-011", "Telemetry & Metrics", "GuardMetricsCollector")
128            .with_description("Collects and exports security metrics via OpenTelemetry for monitoring and alerting"),
129
130        SecurityControl::new("CTRL-012", "Security Scanning", "Scanner")
131            .with_description("Red team scanner for probing LLM endpoints with known attack patterns (OWASP LLM Top 10)"),
132
133        // Threat intelligence
134        SecurityControl::new("CTRL-013", "Threat Intelligence", "ThreatCatalog")
135            .with_description("Aggregates threat data from JailbreakBench, HarmBench, and Garak for up-to-date detection"),
136    ]
137}
138
139/// Get controls by component name.
140pub fn controls_by_component(component: &str) -> Vec<SecurityControl> {
141    available_controls()
142        .into_iter()
143        .filter(|c| c.component.to_lowercase() == component.to_lowercase())
144        .collect()
145}
146
147#[cfg(test)]
148mod tests {
149    use super::*;
150
151    #[test]
152    fn test_security_control_creation() {
153        let control = SecurityControl::new("CTRL-001", "Test Guard", "TestComponent")
154            .with_description("A test control")
155            .with_enabled(true)
156            .with_configuration("threshold=0.85");
157
158        assert_eq!(control.id, "CTRL-001");
159        assert_eq!(control.name, "Test Guard");
160        assert_eq!(control.component, "TestComponent");
161        assert!(control.enabled);
162        assert_eq!(control.configuration, Some("threshold=0.85".to_string()));
163    }
164
165    #[test]
166    fn test_available_controls() {
167        let controls = available_controls();
168        assert!(controls.len() >= 10);
169
170        // Check some known controls exist
171        assert!(controls.iter().any(|c| c.component == "PatternGuard"));
172        assert!(controls.iter().any(|c| c.component == "PIIGuard"));
173        assert!(controls.iter().any(|c| c.component == "ToxicityGuard"));
174    }
175
176    #[test]
177    fn test_controls_by_component() {
178        let controls = controls_by_component("PatternGuard");
179        assert_eq!(controls.len(), 1);
180        assert_eq!(controls[0].name, "Pattern Guard");
181    }
182}