Skip to main content

FirewallVerifier

zeph_tools::verifier

Struct FirewallVerifier 

Source 
pub struct FirewallVerifier { /* private fields */ }
Expand description

Policy-enforcement verifier that inspects tool arguments for path traversal, environment-variable exfiltration, sensitive file access, and command chaining.

§Scope delineation with InjectionPatternVerifier

FirewallVerifier enforces configurable policy (blocked paths, env vars, sensitive file patterns). InjectionPatternVerifier performs regex-based injection pattern detection (prompt injection, SSRF, etc.). They are complementary — belt-and-suspenders, the same intentional overlap documented at the top of this module.

Both verifiers may produce Block for the same call (e.g. command chaining detected by both). The pipeline stops at the first Block result.

Implementations§

Source§

impl FirewallVerifier

Source

pub fn new(config: &FirewallVerifierConfig) -> Self

Build a FirewallVerifier from config.

Invalid glob patterns in blocked_paths are logged at WARN level and skipped.

Trait Implementations§

Source§

impl Debug for FirewallVerifier

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl PreExecutionVerifier for FirewallVerifier

Source§

fn name(&self) -> &'static str

Human-readable name for logging and TUI display.
Source§

fn verify(&self, tool_name: &str, args: &Value) -> VerificationResult

Verify whether a tool call should proceed.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more