Interface: InputFirewallConfig
Defined in: packages/core/src/core/middleware/InputFirewall.ts:42
Configuration for the InputFirewall middleware.
Properties
adapter?
readonly optional adapter: SemanticProbeAdapter;Defined in: packages/core/src/core/middleware/InputFirewall.ts:47
Single LLM adapter for evaluation. Mutually exclusive with chain. If both provided, chain wins.
chain?
readonly optional chain: JudgeChain;Defined in: packages/core/src/core/middleware/InputFirewall.ts:52
Pre-built JudgeChain for multi-adapter evaluation.
errorCode?
readonly optional errorCode: string;Defined in: packages/core/src/core/middleware/InputFirewall.ts:77
Custom error code for rejected requests.
Default
'INPUT_REJECTED'failOpen?
readonly optional failOpen: boolean;Defined in: packages/core/src/core/middleware/InputFirewall.ts:70
Behavior when ALL judges fail.
false(default) — Fail-closed: request is BLOCKED.true— Fail-open: request PASSES.
Default
falsetelemetry?
readonly optional telemetry: TelemetrySink;Defined in: packages/core/src/core/middleware/InputFirewall.ts:89
Optional telemetry sink for security.firewall events. When provided, every evaluation emits an event with pass/fail status.
timeoutMs?
readonly optional timeoutMs: number;Defined in: packages/core/src/core/middleware/InputFirewall.ts:60
Timeout per adapter in milliseconds. Only used when adapter is set.
Default
5000toolName?
readonly optional toolName: string;Defined in: packages/core/src/core/middleware/InputFirewall.ts:83
Tool name to include in telemetry events. Should match the tool's registered name (e.g., 'billing').