Skip to main content

EscalationViolation

zeroclaw_config::policy

Enum EscalationViolation 

Source 
pub enum EscalationViolation {

Show 13 variants    AutonomyAboveParent {
        child: AutonomyLevel,
        parent: AutonomyLevel,
    },
    ReadWriteRootNotInParent {
        path: PathBuf,
    },
    ReadOnlyRootNotInParent {
        path: PathBuf,
    },
    WriteOnlyRootNotInParent {
        path: PathBuf,
    },
    CommandNotInParent {
        command: String,
    },
    WorkspaceOnlyDisabledByChild,
    ForbiddenPathDroppedByChild {
        path: String,
    },
    ShellEnvPassthroughExpanded {
        variable: String,
    },
    MaxActionsExceeded {
        child: u32,
        parent: u32,
    },
    MaxCostExceeded {
        child: u32,
        parent: u32,
    },
    ShellTimeoutExceeded {
        child: u64,
        parent: u64,
    },
    BlockHighRiskCommandsDisabledByChild,
    RequireApprovalDisabledByChild,

}
Expand description

Specific kind of escalation violation returned by SecurityPolicy::ensure_no_escalation_beyond. Each variant names the field that violated subset semantics so the SubAgent spawn path can produce a precise error to the caller.

Variants§

§

AutonomyAboveParent

Child raises autonomy above the parent (e.g. parent Supervised, child Full). The autonomy level gates the entire can_act and approval flow, so silent escalation here would bypass every other guard.

Fields

§child: AutonomyLevel
§parent: AutonomyLevel
§

ReadWriteRootNotInParent

child.allowed_roots contains a path the parent cannot rw.

Fields

§path: PathBuf
§

ReadOnlyRootNotInParent

child.allowed_roots_read_only contains a path the parent cannot read at all (not in parent rw or read-only lists).

Fields

§path: PathBuf
§

WriteOnlyRootNotInParent

child.allowed_roots_write_only contains a path the parent cannot write at all (not in parent rw or write-only lists).

Fields

§path: PathBuf
§

CommandNotInParent

child.allowed_commands contains a shell command the parent has no allowance for.

Fields

§command: String
§

WorkspaceOnlyDisabledByChild

Parent enforces workspace_only but the child override tries to turn it off.

§

ForbiddenPathDroppedByChild

Child drops a forbidden_paths entry the parent enforces. Subset semantics on forbidden lists run the opposite direction from allowlists: parent ⊆ child, so the child can ADD entries but never DROP them.

Fields

§path: String
§

ShellEnvPassthroughExpanded

Child raises shell_env_passthrough to leak env vars the parent declined to forward.

Fields

§variable: String
§

MaxActionsExceeded

Child override raises max_actions_per_hour above the parent’s ceiling.

Fields

§child: u32
§parent: u32
§

MaxCostExceeded

Child override raises max_cost_per_day_cents above the parent’s ceiling.

Fields

§child: u32
§parent: u32
§

ShellTimeoutExceeded

Child override raises shell_timeout_secs above the parent’s ceiling. The shell budget is a runaway-process guard; raising it on the child side defeats the parent’s intent.

Fields

§child: u64
§parent: u64
§

BlockHighRiskCommandsDisabledByChild

Child flips block_high_risk_commands from true (parent) to false, opening the high-risk command surface the parent closed.

§

RequireApprovalDisabledByChild

Child flips require_approval_for_medium_risk from true (parent) to false, bypassing the human-in-the-loop step the parent required.

Trait Implementations§

Source§

impl Clone for EscalationViolation

Source§

fn clone(&self) -> EscalationViolation

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for EscalationViolation

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for EscalationViolation

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Error for EscalationViolation

1.30.0 · Source§

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any. Read more
1.0.0 · Source§

fn description(&self) -> &str

👎Deprecated since 1.42.0:

use the Display impl or to_string()

Read more
1.0.0 · Source§

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0:

replaced by Error::source, which can support downcasting

Source§

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)
Provides type-based access to context intended for error reports. Read more
Source§

impl PartialEq for EscalationViolation

Source§

fn eq(&self, other: &EscalationViolation) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for EscalationViolation

Source§

impl StructuralPartialEq for EscalationViolation

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
§

impl<T> ToStringFallible for T
where T: Display,

§

fn try_to_string(&self) -> Result<String, TryReserveError>

ToString::to_string, but without panic on OOM.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more