Types Reference

This page documents all public types exported by Railgun's crates.

Hook Input Types

`HookInput`

Input received from Claude Code via stdin.

#[derive(Debug, Deserialize)]
pub struct HookInput {
    pub tool_name: String,
    pub tool_input: serde_json::Value,
}

Example:

{
  "tool_name": "Bash",
  "tool_input": {
    "command": "ls -la"
  }
}

`ToolInput`

Parsed tool-specific input.

#[derive(Debug)]
pub enum ToolInput {
    Bash { command: String },
    Write { file_path: String, content: String },
    Edit { file_path: String, old_string: String, new_string: String },
    Read { file_path: String },
    WebFetch { url: String },
    Task { prompt: String },
    Other { name: String, input: serde_json::Value },
}

Configuration Types

`Config`

Root configuration structure, parsed from railgun.toml.

#[derive(Debug, Deserialize, Clone)]
pub struct Config {
    pub policy: PolicyConfig,
    pub tools: Option<ToolsConfig>,
}

`PolicyConfig`

Policy enforcement configuration.

#[derive(Debug, Deserialize, Clone)]
pub struct PolicyConfig {
    pub mode: PolicyMode,
    pub fail_closed: bool,
    pub secrets: Option<SecretsConfig>,
    pub commands: Option<CommandsConfig>,
    pub protected_paths: Option<PathsConfig>,
    pub network: Option<NetworkConfig>,
}

`PolicyMode`

Enforcement mode.

#[derive(Debug, Deserialize, Clone, Default)]
#[serde(rename_all = "snake_case")]
pub enum PolicyMode {
    #[default]
    Strict,   // Block violations
    Monitor,  // Log only
}

`SecretsConfig`

Secret detection configuration.

#[derive(Debug, Deserialize, Clone)]
pub struct SecretsConfig {
    pub enabled: bool,
    pub entropy_threshold: Option<f64>,
    pub detect_aws_keys: Option<bool>,
    pub detect_github_tokens: Option<bool>,
    pub detect_openai_keys: Option<bool>,
    pub detect_private_keys: Option<bool>,
    pub patterns: Option<Vec<CustomPattern>>,
}
 
#[derive(Debug, Deserialize, Clone)]
pub struct CustomPattern {
    pub name: String,
    pub pattern: String,  // Regex
}

`CommandsConfig`

Command pattern blocking configuration.

#[derive(Debug, Deserialize, Clone)]
pub struct CommandsConfig {
    pub enabled: bool,
    pub block_patterns: Option<Vec<String>>,  // Regex patterns
    pub allow_patterns: Option<Vec<String>>,  // Override patterns
}

`PathsConfig`

Protected paths configuration.

#[derive(Debug, Deserialize, Clone)]
pub struct PathsConfig {
    pub enabled: bool,
    pub blocked: Option<Vec<String>>,  // Glob patterns
}

`NetworkConfig`

Network domain blocking configuration.

#[derive(Debug, Deserialize, Clone)]
pub struct NetworkConfig {
    pub enabled: bool,
    pub block_domains: Option<Vec<String>>,
}

`ToolsConfig`

Tool-level permissions.

#[derive(Debug, Deserialize, Clone)]
pub struct ToolsConfig {
    pub allow: Option<Vec<String>>,  // Glob patterns
    pub deny: Option<Vec<String>>,
    pub ask: Option<Vec<String>>,
    pub mcp: Option<McpConfig>,
}
 
#[derive(Debug, Deserialize, Clone)]
pub struct McpConfig {
    pub allow_servers: Option<Vec<String>>,
    pub deny_servers: Option<Vec<String>>,
    pub ask_servers: Option<Vec<String>>,
}

Verdict Types

`Verdict`

Result of policy inspection.

#[derive(Debug, Serialize, Clone, PartialEq)]
pub enum Verdict {
    Allow,
    Deny { reason: String },
    Ask { message: String },
}
 
impl Verdict {
    pub fn deny(reason: impl Into<String>) -> Self;
    pub fn ask(message: impl Into<String>) -> Self;
    pub fn is_blocked(&self) -> bool;
}

Example:

let verdict = Verdict::deny("Secret detected: AWS access key");
assert!(verdict.is_blocked());
 
if let Verdict::Deny { reason } = verdict {
    println!("Blocked: {}", reason);
}

Block Reason Types

`BlockReason`

Structured reason for denial.

#[derive(Debug, Serialize, Clone)]
pub enum BlockReason {
    ToolDenied { tool: String },
    SecretDetected { secret_type: String },
    DangerousCommand { pattern: String },
    ProtectedPath { path: String, pattern: String },
    BlockedDomain { domain: String },
    InternalError { message: String },
}
 
impl BlockReason {
    pub fn to_message(&self) -> String;
}

Policy Engine Types

`RuntimePolicy`

Compiled policy optimized for fast inspection.

pub struct RuntimePolicy {
    pub mode: PolicyMode,
    pub fail_closed: bool,
    // Internal: compiled patterns, scanners
}
 
impl RuntimePolicy {
    pub fn from_config(config: &Config) -> Result<Self, PolicyError>;
}

Error Types

`PolicyError`

Policy configuration or compilation error.

#[derive(Debug, Error)]
pub enum PolicyError {
    #[error("Invalid regex pattern '{pattern}': {reason}")]
    InvalidPattern { pattern: String, reason: String },
 
    #[error("Invalid glob pattern '{pattern}': {reason}")]
    InvalidGlob { pattern: String, reason: String },
 
    #[error("Config parsing error: {0}")]
    ConfigParsing(#[from] toml::de::Error),
}

Hook Output Types

`HookOutput`

Output sent back to Claude Code (via hookSpecificOutput).

#[derive(Debug, Serialize)]
pub struct HookOutput {
    pub verdict: String,  // "allow", "deny", "ask"
    pub reason: Option<String>,
    pub message: Option<String>,
}

Next Steps

API Overview — Crate overview and usage
Configuration — Config file format
Policy Engine — Inspection logic

Types Reference

On this page