Skip to content

[Phase 0.3.2] Create operator_use/guardrails/ module#40

Open
richard-devbot wants to merge 3 commits intoCursorTouch:mainfrom
richard-devbot:richardson/phase0-guardrails-module
Open

[Phase 0.3.2] Create operator_use/guardrails/ module#40
richard-devbot wants to merge 3 commits intoCursorTouch:mainfrom
richard-devbot:richardson/phase0-guardrails-module

Conversation

@richard-devbot
Copy link
Copy Markdown

@richard-devbot richard-devbot commented Apr 13, 2026

Closes #12

What was implemented

Created the full operator_use/guardrails/ package from scratch:

operator_use/guardrails/
├── __init__.py          # Public API exports (16 symbols)
├── base.py              # Abstract base classes + value types
├── action_validator.py  # Pre-execution tool-call validation
├── content_filter.py    # Post-execution output filtering
├── policy_engine.py     # Risk classification and policy decisions
└── registry.py          # Guardrail registration and lookup

Base classes (base.py)

  • GuardrailResult — result object with action (allow/block/confirm), reason, severity, metadata, and convenience factories .allow() / .block() / .confirm()
  • RiskLevelsafe | review | dangerous
  • GuardrailActionallow | block | confirm
  • Guardrail — abstract base with check(context) -> GuardrailResult
  • ActionValidator — abstract, requires validate(tool_name, args, context) — pre-execution hook
  • ContentFilter — abstract, requires filter(content, context) — post-execution hook
  • PolicyEngine — abstract, requires classify_risk(action) returning RiskLevel

Concrete helpers

  • AllowAllValidator — passthrough (no-op default)
  • BlockListValidator — deny-list of tool names
  • CompositeActionValidator — chains validators; BLOCK short-circuits, CONFIRM accumulates
  • PassthroughFilter — no-op content filter
  • KeywordBlockFilter — case-insensitive phrase deny-list
  • RegexFilter — compiled regex patterns
  • CompositeContentFilter — chains filters with same BLOCK > CONFIRM > ALLOW precedence
  • RuleBasedPolicyEngine — dangerous/review tool-name lists
  • CompositePolicyEngine — aggregates engines; DANGEROUS wins

Registry (registry.py)

  • GuardrailRegistry — register/unregister by name, get_all(type), get_enabled(type), run_all(type, context), clear()

Tests

57 unit tests in tests/security/test_guardrails_base.pyall passing.

Coverage includes: factory methods, abstract enforcement, allow/block/confirm precedence in composite classes, disabled-guardrail skip, registry CRUD, type-filtered lookup, and run_all dispatch.

Ruff

ruff check — no issues. ruff format — 1 file auto-formatted.

feat: create operator_use/guardrails/ module [closes CursorTouch#12]
2f0e06b 
Adds the guardrails package with abstract base classes (Guardrail,
ActionValidator, ContentFilter, PolicyEngine), concrete helpers
(BlockListValidator, KeywordBlockFilter, RegexFilter, Composite*,
RuleBasedPolicyEngine), GuardrailResult/RiskLevel value types, and a
GuardrailRegistry for plugin-style registration and lookup.

57 unit tests in tests/security/test_guardrails_base.py — all passing.
@richard-devbot richard-devbot force-pushed the richardson/phase0-guardrails-module branch from b09ff65 to 2f0e06b Compare April 19, 2026 16:14
@richard-devbot richard-devbot mentioned this pull request Apr 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Phase 0.3.2] Create operator_use/guardrails/ module

1 participant

@richard-devbot