agent - v1.0.0

services/guardrails/guardrails

Types

ApprovalCache

</>

In-memory approval cache. Upgraded to ETS in Phase 8. Each entry is a (session_id, command) pair.

pub type ApprovalCache =
  List(#(String, String))

GuardrailResult

</> 
pub type GuardrailResult {
  Allowed
  Blocked(reason: String)
  NeedsApproval(reason: String, command: String)
}

Constructors 

  • Allowed
  • Blocked(reason: String)
  • NeedsApproval(reason: String, command: String)

Values

cache_approval

</> 
pub fn cache_approval(
  cache: List(#(String, String)),
  session_id: String,
  command: String,
) -> List(#(String, String))

Cache an approval for a (session_id, command) pair.

check

</> 
pub fn check(cmd: String) -> GuardrailResult

Check a command through the full guardrail pipeline: normalize → blocked check → approval check → allowed.

clear_session

</> 
pub fn clear_session(
  cache: List(#(String, String)),
  session_id: String,
) -> List(#(String, String))

Remove all entries for a session (on session reset).

is_approved

</> 
pub fn is_approved(
  cache: List(#(String, String)),
  session_id: String,
  command: String,
) -> Bool

Check if a command has been approved for this session.

service

</> 
pub fn service() -> shapes.Service

Service shape — stateless, supervised: False.

strip_ansi

</> 
pub fn strip_ansi(cmd: String) -> String

Strip ANSI escape sequences including color codes like ESC[31m or ESC[0m. Attackers can hide commands inside color codes to bypass guardrails.

Search Document