Skip to main content

ShadowSentinel

zeph_core::agent::shadow_sentinel

Struct ShadowSentinel 

Source 
pub struct ShadowSentinel { /* private fields */ }
Expand description

Orchestrates the persistent safety stream and LLM pre-execution probe.

ShadowSentinel is wrapped in Arc and shared between ShadowProbeExecutor instances when tools run in parallel. All mutable state uses AtomicU32 to allow &self access from concurrent tool dispatch without a Mutex.

§Turn lifecycle

  • advance_turn() — call once per turn before tool execution; resets the per-turn probe counter.
  • check_tool_call() — call before each tool execution to probe high-risk calls.
  • record_tool_event() — call after tool execution to persist the event.

§NEVER

Never expose the ShadowSentinel state or probe verdicts to LLM-visible context.

Implementations§

Source§

impl ShadowSentinel

Source

pub fn new( store: ShadowEventStore, probe: Box<dyn SafetyProbe>, config: ShadowSentinelConfig, session_id: impl Into<String>, ) -> Self

Create a new ShadowSentinel.

§Arguments
  • store — persistent shadow event store.
  • probe — safety probe implementation.
  • config — subsystem configuration.
  • session_id — current agent session identifier.
Source

pub fn classify_tool(&self, qualified_tool_id: &str) -> ToolRiskCategory

Classify a fully-qualified tool id into a risk tier.

Pattern matching is prefix/glob-based against the configured probe_patterns. For efficiency, we check common built-in names first before falling back to glob matching against the configured patterns.

Source

pub async fn check_tool_call( &self, qualified_tool_id: &str, tool_args: &JsonValue, turn_number: u64, current_risk_level: &str, ) -> ProbeVerdict

Evaluate a proposed tool call and return a probe verdict.

Returns ProbeVerdict::Skip when:

  • The tool is not in a high-risk category.
  • The feature is disabled.
  • The per-turn probe budget (max_probes_per_turn) is exhausted.

This method takes &self so it can be called from parallel tool dispatch.

§Errors

Does not return errors; probe failures are handled internally (fail-open or fail-closed depending on deny_on_timeout).

Source

pub fn record_tool_event( &self, qualified_tool_id: &str, turn_number: u64, risk_level: &str, context_summary: &str, )

Persist a tool execution event in the shadow stream (fire-and-forget).

Called after a tool finishes execution to maintain the trajectory for future probes.

Source

pub fn advance_turn(&self)

Reset the per-turn probe counter.

Must be called once per turn BEFORE any tool calls, alongside TrajectorySentinel::advance_turn().

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more