Crate palisade_config 

Palisade Config

Security-hardened configuration management for honeypot and deception infrastructure.

Public Interface

The operational public surface is centered on two types:

• ConfigApi for configuration loading, validation, runtime conversion, diffing, and optional action logging
• PolicyApi for policy loading, validation, runtime conversion, runtime checks, diffing, and optional action logging

The underlying typed models remain public for direct data access and serialization, but the API types are the preferred entry points for normal operational use.

Core Security Properties

• Memory Protection: All sensitive data automatically zeroized on drop
• Cryptographic Isolation: Tag derivation prevents artifact correlation
• Validation Defense-in-Depth: Multiple validation layers
• Error Obfuscation: Dual-layer error handling

Structs

AgentConfig

Agent identity and runtime configuration.

AgentError

The single error type for all palisade subsystems.

Config

Master configuration - the MECHANICS of your deception operation.

ConfigApi

Operational API for configuration workflows.

DeceptionConfig

Deception artifact configuration.

DeceptionPolicy

Deception detection policy.

HardenedConfig

Fixed-capacity admitted configuration for hardened runtime loading.

HardenedPolicy

Fixed-capacity admitted policy for hardened runtime loading.

LoggingConfig

Logging configuration.

PolicyApi

Operational API for policy workflows.

PolicyConfig

Policy configuration - the DECISION PLANE of your security operation.

ProtectedPath

Protected path with automatic zeroization.

ProtectedString

Protected string with automatic zeroization.

ResponsePolicy

Response policy for incident handling.

ResponseRule

Response rule with conditional execution.

RootTag

Root cryptographic tag with hierarchical derivation capability.

RuntimeConfig

Stack-only runtime configuration for no-allocation operation.

RuntimePolicy

Stack-only runtime policy for no-allocation operation.

ScoringPolicy

Scoring policy for threat assessment.

ScoringWeights

Scoring weights for threat signals.

TelemetryConfig

Telemetry collection configuration.

Enums

ActionType

Action type for incident response.

ConfigChange

Configuration change detected during diff.

LogFormat

Log output format.

LogLevel

Log severity level.

PolicyChange

Policy change detected during diff.

ResponseCondition

Response execution conditions.

Severity

Incident severity level.

ValidationMode

Validation strictness level.

Constants

CONFIG_VERSION

Configuration schema version.

DEFAULT_TIMING_FLOOR

Default minimum duration applied to public operations.

POLICY_VERSION

Policy schema version (separate from config).

Functions

get_timing_floor

Get the current global minimum duration for public operations.

set_timing_floor

Set the global minimum duration for public operations in this crate.

Type Aliases

ConfigDiff

Fixed-capacity configuration diff report.

PolicyDiff

Fixed-capacity policy diff report.

Result

Standard result type used throughout this crate.