Skip to main content

ExtensionPolicy

pi::extensions

Struct ExtensionPolicy 

Source 
pub struct ExtensionPolicy {
    pub mode: ExtensionPolicyMode,
    pub max_memory_mb: u32,
    pub default_caps: Vec<String>,
    pub deny_caps: Vec<String>,
    pub per_extension: HashMap<String, ExtensionOverride>,
    pub exec_mediation: ExecMediationPolicy,
    pub secret_broker: SecretBrokerPolicy,
}

Fields§

§mode: ExtensionPolicyMode§max_memory_mb: u32§default_caps: Vec<String>§deny_caps: Vec<String>§per_extension: HashMap<String, ExtensionOverride>

Per-extension overrides keyed by extension ID.

§exec_mediation: ExecMediationPolicy

Exec mediation policy (SEC-4.3). Controls command-level allow/deny after capability-level exec is granted.

§secret_broker: SecretBrokerPolicy

Secret broker policy (SEC-4.3). Controls redaction of secret env vars and prevents raw disclosure when policy forbids it.

Implementations§

Source§

impl ExtensionPolicy

Source

pub fn evaluate(&self, capability: &str) -> PolicyCheck

Evaluate policy for a capability without extension context.

Equivalent to evaluate_for(capability, None).

Source

pub fn evaluate_for( &self, capability: &str, extension_id: Option<&str>, ) -> PolicyCheck

Evaluate policy for a capability with optional extension context.

Applies the full precedence chain documented above.

Source

pub fn has_override(&self, extension_id: &str) -> bool

Check whether a specific extension has any overrides configured.

Source

pub fn from_profile(profile: PolicyProfile) -> Self

Create a policy from a named profile.

Source

pub fn explain_effective_policy( &self, extension_id: Option<&str>, ) -> PolicyExplanation

Produce a structured explanation of the effective policy for all known capabilities. This is the runtime-callable counterpart to the CLI --explain-extension-policy flag — it can be invoked at any point during execution to inspect the live policy state.

Source

pub fn is_valid_downgrade(from: &Self, to: &Self) -> ProfileTransitionCheck

Verify that a profile transition from from to to produces a strictly tighter policy for dangerous capabilities. Returns true if the downgrade is valid (all dangerous caps that were denied in from are still denied in to, AND to denies at least as many).

Trait Implementations§

Source§

impl Clone for ExtensionPolicy

Source§

fn clone(&self) -> ExtensionPolicy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ExtensionPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for ExtensionPolicy

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for ExtensionPolicy
where ExtensionPolicy: Default,

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for ExtensionPolicy

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, _span: NoopSpan) -> Self

Instruments this future with a span (no-op when disabled).
Source§

fn in_current_span(self) -> Self

Instruments this future with the current span (no-op when disabled).
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> ModelDump for T
where T: Serialize,

Source§

fn model_dump(&self, options: DumpOptions) -> Result<Value, Error>

Serialize a model to a JSON value. Read more
Source§

fn model_dump_json(&self) -> Result<String, Error>

Serialize a model to a JSON string with default options.
Source§

fn model_dump_json_pretty(&self) -> Result<String, Error>

Serialize a model to a pretty-printed JSON string.
Source§

fn model_dump_json_with_options( &self, options: DumpOptions, ) -> Result<String, Error>

Serialize a model to a JSON string with full options support. Read more
Source§

impl<T> ModelValidate for T
where T: DeserializeOwned,

Source§

fn model_validate( input: impl Into<ValidateInput>, options: ValidateOptions, ) -> Result<T, ValidationError>

Create and validate a model from input. Read more
Source§

fn model_validate_json(json: &str) -> Result<Self, ValidationError>

Create and validate a model from JSON string with default options.
Source§

fn model_validate_dict( dict: HashMap<String, Value>, ) -> Result<Self, ValidationError>

Create and validate a model from a HashMap with default options.
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<R, P> ReadPrimitive<R> for P
where R: Read + ReadEndian<P>, P: Default,

Source§

fn read_from_little_endian(read: &mut R) -> Result<Self, Error>

Read this value from the supplied reader. Same as ReadEndian::read_from_little_endian().
Source§

fn read_from_big_endian(read: &mut R) -> Result<Self, Error>

Read this value from the supplied reader. Same as ReadEndian::read_from_big_endian().
Source§

fn read_from_native_endian(read: &mut R) -> Result<Self, Error>

Read this value from the supplied reader. Same as ReadEndian::read_from_native_endian().
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ParallelSend for T

Source§

impl<T> Send for T
where T: ?Sized,

Source§

impl<T> Sync for T
where T: ?Sized,