SigilGuard.Backend.Elixir (SigilGuard v0.2.0)

Pure-Elixir backend using OTP :crypto.

This is the default backend requiring no external dependencies beyond OTP. It delegates to the existing SigilGuard modules:

• SigilGuard.Scanner — regex-based sensitivity scanning
• SigilGuard.Envelope — Ed25519 signing via :crypto
• SigilGuard.Policy — risk classification and trust gating
• SigilGuard.Audit — HMAC-SHA256 chain integrity

When to Use

Choose this backend when:

• You want zero external build dependencies (no Rust toolchain needed)
• Deployment simplicity is more important than raw throughput
• You are running in environments where NIF compilation is impractical (e.g., Nerves, restricted CI, Fly.io without multi-stage builds)

For higher throughput on scanning and cryptographic operations, consider the SigilGuard.Backend.NIF backend which wraps the Rust sigil-protocol reference implementation.

Configuration

config :sigil_guard,
  backend: :elixir  # default

Example

SigilGuard.Backend.Elixir.scan("API_KEY=sk_live_abc123", [])
#=> {:hit, [%{type: :api_key, match: "sk_live_abc123", ...}]}

SigilGuard.Backend.Elixir.classify_risk("read_file", [])
#=> :low