pub trait SecurityPolicy: Send + Sync {
// Required methods
fn is_action_allowed(&self, action: &str) -> bool;
fn risk_level(&self, action: &str) -> RiskLevel;
fn requires_confirmation(&self, action: &str) -> bool;
fn record_action(&self) -> bool;
fn is_rate_limited(&self) -> bool;
}Expand description
Trait for security policy enforcement.
Implementations define their own rules for what actions are allowed, what requires confirmation, and how rate limiting works.
§Protocol Requirements
A conforming implementation MUST:
- Classify all actions by
RiskLevel - Enforce rate limiting via
record_action() - Gate high-risk actions through
requires_confirmation()
§Example
use sigil_protocol::{SecurityPolicy, RiskLevel};
struct StrictPolicy;
impl SecurityPolicy for StrictPolicy {
fn is_action_allowed(&self, action: &str) -> bool { false }
fn risk_level(&self, action: &str) -> RiskLevel { RiskLevel::High }
fn requires_confirmation(&self, action: &str) -> bool { true }
fn record_action(&self) -> bool { true }
fn is_rate_limited(&self) -> bool { false }
}Required Methods§
Sourcefn is_action_allowed(&self, action: &str) -> bool
fn is_action_allowed(&self, action: &str) -> bool
Check if an action (tool/command name) is allowed to execute.
Sourcefn risk_level(&self, action: &str) -> RiskLevel
fn risk_level(&self, action: &str) -> RiskLevel
Classify the risk level of an action.
Sourcefn requires_confirmation(&self, action: &str) -> bool
fn requires_confirmation(&self, action: &str) -> bool
Check if an action requires explicit user confirmation.
Sourcefn record_action(&self) -> bool
fn record_action(&self) -> bool
Record an action execution for rate limiting.
Returns true if the action is within rate limits, false if exceeded.
Sourcefn is_rate_limited(&self) -> bool
fn is_rate_limited(&self) -> bool
Check if the rate limit would be exceeded (without recording).