add_rule() appends one validated rule to an existing policy. The function
returns the modified policy invisibly so it can be used in assignment or
pipes.
Usage
add_rule(
policy,
id,
pattern = NULL,
fn = NULL,
owasp = NULL,
severity = "medium",
action = "redact",
description = ""
)Arguments
- policy
A
shieldr_policyor built-in policy name such as"comprehensive".- id
Rule identifier.
- pattern
Regular expression pattern, or
NULL.- fn
Predicate function, or
NULL.- owasp
Optional OWASP category.
- severity
One of
"low","medium","high", or"critical".- action
One of
"allow","redact", or"block".- description
Rule description.
Details
A rule can be regex-based or function-based, but not both. Regex rules are best when you need span-level redaction. Function rules are useful when the condition is easier to express in R, such as "this text contains both a student reference and a home-address phrase".
Severity determines the numeric contribution to the report score:
low:0.1medium:0.3high:0.6critical:1.0
The rule action is the rule author's preferred outcome when the rule
fires. The final report action also considers total score and policy
thresholds.
Examples
policy <- build_policy()
policy <- add_rule(policy, "demo.secret", pattern = "SECRET", owasp = "llm02")
#> Warning: Rule id "demo.secret" does not follow the `llmXX.` naming convention.
#> ℹ `risk_summary()` groups findings by OWASP prefix; non-conforming ids will
#> appear under an "NA" category.