Guard Templates¶

The SDK provides five ready-to-use guard templates. Each implements the Guard trait and can be used directly or as a starting point for custom guards.

RegexGuard¶

Matches content against regular expression patterns.

let guard = RegexGuard::new("pii_detector", GuardAction::Alert)
    .add_pattern(r"[\w.+-]+@[\w-]+\.[\w.]+")  // emails
    .unwrap()
    .add_pattern(r"\b\d{3}-\d{2}-\d{4}\b")    // SSNs
    .unwrap()
    .with_severity(Severity::High);

Method	Description
`new(name, action)`	Create with name and default action
`add_pattern(regex)`	Add a regex pattern (returns `Result`)
`add_patterns(&[regex])`	Add multiple patterns
`with_severity(severity)`	Set match severity level

KeywordGuard¶

Detects keywords with confidence scoring.

let guard = KeywordGuard::new(
    "injection_filter",
    vec!["ignore previous".into(), "system prompt".into()],
    0.5,             // threshold: need 50%+ keywords to match
    GuardAction::Block,
    Severity::Critical,
    true,            // case insensitive
);

Parameter	Description
`name`	Guard name
`keywords`	Keywords to detect
`threshold`	Minimum keyword density (0.0-1.0) to trigger
`action`	Action on match
`severity`	Match severity
`case_insensitive`	Whether matching ignores case

CustomMLGuard¶

Integrates custom ML models via a prediction function.

let guard = CustomMLGuard::new("my_model", |content: &str| {
    let score = my_model.predict(content);
    Prediction { score, label: Some("injection".to_string()) }
})
.with_threshold(0.5)
.with_action(GuardAction::Block)
.with_model_path("/models/classifier.onnx");

Method	Description
`new(name, predict_fn)`	Create with name and prediction function
`with_threshold(f32)`	Score threshold to trigger (default: 0.5)
`with_action(action)`	Action on detection
`with_model_path(path)`	Set model file path for reference

ApiGuard¶

Delegates analysis to an external HTTP API. Requires the api feature.

oxide-guard-sdk = { version = "0.1.6", features = ["api"] }

let guard = ApiGuard::new("external_check", "https://api.example.com/analyze")
    .with_api_key("your-api-key")
    .with_timeout(Duration::from_secs(5))
    .with_action(GuardAction::Block);

Expected API contract: - Request: POST with JSON body { "content": "...", "guard_name": "..." } - Response: JSON { "safe": bool, "score": float?, "reason": string? }

CompositeGuard¶

Combines multiple guards with configurable aggregation.

let composite = CompositeGuard::new("defense_in_depth")
    .add_guard(Box::new(keyword_guard))
    .add_guard(Box::new(regex_guard))
    .add_guard(Box::new(ml_guard))
    .with_strategy(CompositeStrategy::FailAny)
    .with_action(GuardAction::Block);

Strategy	Description
`FailAny`	Fail if any child guard fails (default)
`FailAll`	Fail only if all child guards fail

For advanced voting strategies (majority, weighted), see OxideShield Pro's EnsembleGuard.