SigilGuard.
View Source
Behaviour for SigilGuard processing backends.
All backends must implement this behaviour to be used interchangeably by the SigilGuard API. This enables swapping between different processing strategies:
:elixir- Pure Elixir using OTP:crypto(default, safe):nif- Rust NIF reimplementing SIGIL protocol operations (fastest)
Configuration
config :sigil_guard,
backend: :elixir # :elixir | :nifExample
# Get the configured backend module
backend = SigilGuard.Backend.impl()
# Scan text
{:ok, "safe"} = backend.scan("safe", [])Summary
Callbacks
Sign an audit event, linking it to the previous event in the chain.
Verify the integrity of an audit event chain.
Produce canonical byte representation for signing.
Classify the risk level of an action.
Sign an envelope.
Verify an envelope's signature.
Evaluate an action against a trust level.
Replace matched regions with replacement hints.
Scan text for sensitive content.
Scan and redact in a single pass.
Functions
Checks if a backend is available on this system.
Returns a list of all available backends on this system.
Returns the backend implementation module based on configuration.
Types
Callbacks
@callback audit_sign_event( event :: SigilGuard.Audit.t(), key :: binary(), prev_hmac :: String.t() | nil ) :: SigilGuard.Audit.t()
Sign an audit event, linking it to the previous event in the chain.
@callback audit_verify_chain(events :: [SigilGuard.Audit.t()], key :: binary()) :: :ok | {:broken, non_neg_integer()}
Verify the integrity of an audit event chain.
@callback canonical_bytes( identity :: String.t(), verdict :: SigilGuard.Envelope.verdict(), timestamp :: String.t(), nonce_hex :: String.t() ) :: binary()
Produce canonical byte representation for signing.
@callback classify_risk(action :: String.t(), opts :: keyword()) :: SigilGuard.Policy.risk_level()
Classify the risk level of an action.
@callback envelope_sign( identity :: String.t(), verdict :: SigilGuard.Envelope.verdict(), opts :: keyword() ) :: SigilGuard.Envelope.t()
Sign an envelope.
@callback envelope_verify( envelope :: SigilGuard.Envelope.t(), public_key_b64u :: String.t() ) :: :ok | {:error, term()}
Verify an envelope's signature.
@callback evaluate_policy( action :: String.t(), trust_level :: SigilGuard.Identity.trust_level(), opts :: keyword() ) :: SigilGuard.Policy.verdict()
Evaluate an action against a trust level.
@callback redact( text :: String.t(), hits :: [SigilGuard.Patterns.scan_hit()], opts :: keyword() ) :: String.t()
Replace matched regions with replacement hints.
@callback scan(text :: String.t(), opts :: keyword()) :: {:ok, String.t()} | {:hit, [SigilGuard.Patterns.scan_hit()]}
Scan text for sensitive content.
Scan and redact in a single pass.
Functions
@spec available?(backend_type()) :: boolean()
Checks if a backend is available on this system.
Examples
iex> SigilGuard.Backend.available?(:elixir)
true@spec available_backends() :: [backend_type()]
Returns a list of all available backends on this system.
@spec impl() :: backend_module()
Returns the backend implementation module based on configuration.
Accepts :elixir, :nif, or a custom module implementing this
behaviour. Any other value raises ArgumentError immediately, rather
than failing later with UndefinedFunctionError mid-operation.
Examples
iex> SigilGuard.Backend.impl()
SigilGuard.Backend.Elixir