Documentation
    Preparing search index...

    Interface FirewallStateContainer

    Stateful firewall container — wraps @kehto/firewall's pure functions with persistence and a convenient imperative API.

    Mirrors AclStateContainer from acl-state.ts in structure and naming.

    const firewall = createFirewallState(persistence);
    firewall.load();
    const result = firewall.evaluate({ napplet: 'chat', opClass: 'relay:write', focused: true, now: Date.now() });
    interface FirewallStateContainer {
        addMatcher(matcher: ContentMatcher): void;
        clear(): void;
        evaluate(observation: Observation): EvaluateResult;
        getConfig(): FirewallConfig;
        load(): void;
        persist(): void;
        setGlobalRate(napplet: string, limit: RateLimit): void;
        setPolicy(napplet: string, policy: NappletPolicy): void;
        setRateLimit(napplet: string, opClass: string, limit: RateLimit): void;
    }
    Index

    Methods

    addMatcher clear evaluate getConfig load persist setGlobalRate setPolicy setRateLimit

    Methods

    • Add a content matcher to the firewall config.

      Parameters

      • matcher: ContentMatcher

        The content matcher to append.

      Returns void

    • Evaluate an observation against the current firewall config and counters. CRITICAL: advances the in-memory counter state on each call.

      Parameters

      • observation: Observation

        Normalized observation extracted from the napplet message envelope.

      Returns EvaluateResult

      The full EvaluateResult (decision, action, ruleId, reason, newState).

    • Set a global rate limit applied to all op-classes that have no specific entry.

      Parameters

      • napplet: string

        The napplet dTag.

      • limit: RateLimit

        The global fallback rate limit.

      Returns void

    • Set a per-napplet policy override (allow / deny / ask).

      Parameters

      • napplet: string

        The napplet dTag (version-agnostic identity key).

      • policy: NappletPolicy

        Hard policy override for this napplet.

      Returns void

    • Set a per-(napplet, opClass) token-bucket rate limit.

      Parameters

      • napplet: string

        The napplet dTag.

      • opClass: string

        The operation class string.

      • limit: RateLimit

        The rate limit to apply.

      Returns void

    Settings

    Member Visibility

    On This Page

    Methods