Railguard

This page documents all public types exported by Railguard's crates.

Configuration Types

`Config`

Root configuration structure, parsed from railguard.toml.

#[derive(Debug, Deserialize, Clone)]
pub struct Config {
    pub server: ServerConfig,
    pub upstream: UpstreamConfig,
    pub firewall: FirewallConfig,
}

`ServerConfig`

HTTP server configuration.

#[derive(Debug, Deserialize, Clone)]
pub struct ServerConfig {
    pub port: u16,              // Default: 8545
    pub max_request_size: usize, // Default: 1MB
    pub request_timeout_ms: u64, // Default: 30000
}

`UpstreamConfig`

Upstream RPC provider configuration.

#[derive(Debug, Deserialize, Clone)]
pub struct UpstreamConfig {
    pub url: String,
    pub chain_id: Option<u64>,
}

`FirewallConfig`

Policy enforcement configuration.

#[derive(Debug, Deserialize, Clone)]
pub struct FirewallConfig {
    pub mode: FirewallMode,
    pub fail_on_decode_error: bool,
    pub global_limits: Option<GlobalLimits>,
    pub rules: Vec<ContractRule>,
}

`FirewallMode`

Enforcement mode.

#[derive(Debug, Deserialize, Clone, Default)]
#[serde(rename_all = "snake_case")]
pub enum FirewallMode {
    #[default]
    Strict,   // Block violations
    Monitor,  // Log only
}

`GlobalLimits`

Transaction-level limits.

#[derive(Debug, Deserialize, Clone, Default)]
pub struct GlobalLimits {
    pub max_value: Option<U256>,
    pub max_gas_price: Option<U256>,
    pub max_fee_per_gas: Option<U256>,
    pub max_priority_fee_per_gas: Option<U256>,
}

`ContractRule`

Per-contract policy rule.

#[derive(Debug, Deserialize, Clone)]
pub struct ContractRule {
    pub name: String,
    pub contract: Address,
    pub allow_methods: Vec<String>,
    pub arg_constraints: Vec<ArgConstraint>,
}

`ArgConstraint`

Argument value constraint.

#[derive(Debug, Deserialize, Clone)]
pub struct ArgConstraint {
    pub index: usize,
    pub max: U256,
}

Verdict Types

`Verdict`

Result of policy inspection.

#[derive(Debug, Serialize, Clone, PartialEq)]
pub enum Verdict {
    Allowed,
    Blocked { reason: String },
}
 
impl Verdict {
    pub fn blocked(reason: impl Into<String>) -> Self;
    pub fn is_blocked(&self) -> bool;
}

Example:

let verdict = Verdict::blocked("Contract not in allowlist");
assert!(verdict.is_blocked());
 
if let Verdict::Blocked { reason } = verdict {
    println!("Blocked: {}", reason);
}

Receipt Types

`Receipt`

Structured audit log for a transaction attempt.

#[derive(Debug, Serialize, Clone)]
pub struct Receipt {
    pub id: Uuid,
    pub timestamp: DateTime<Utc>,
    pub method: String,
    pub from: Option<Address>,
    pub to: Option<Address>,
    pub value: Option<U256>,
    pub selector: Option<[u8; 4]>,
    pub verdict: Verdict,
    pub tx_hash: Option<B256>,
    pub latency_us: u64,
}
 
impl Receipt {
    pub fn new(method: &str) -> Self;
}

Fields:

Field	Type	Description
`id`	`Uuid`	Unique receipt identifier
`timestamp`	`DateTime<Utc>`	When the attempt occurred
`method`	`String`	`eth_sendTransaction` or `eth_sendRawTransaction`
`from`	`Option<Address>`	Sender address (if available)
`to`	`Option<Address>`	Destination address
`value`	`Option<U256>`	ETH value in wei
`selector`	`Option<[u8; 4]>`	Function selector from calldata
`verdict`	`Verdict`	Policy decision
`tx_hash`	`Option<B256>`	Transaction hash if forwarded
`latency_us`	`u64`	Inspection time in microseconds

JSON-RPC Types

`RpcInput`

Supports both single and batch requests.

#[derive(Debug, Deserialize)]
#[serde(untagged)]
pub enum RpcInput {
    Single(RpcRequest),
    Batch(Vec<RpcRequest>),
}

`RpcRequest`

Single JSON-RPC 2.0 request.

#[derive(Debug, Deserialize, Clone)]
pub struct RpcRequest {
    pub jsonrpc: String,
    pub method: String,
    pub params: Option<RpcParams>,
    pub id: Option<Value>,  // None = notification
}

`RpcParams`

Request parameters (array or object).

#[derive(Debug, Deserialize, Clone)]
#[serde(untagged)]
pub enum RpcParams {
    Array(Vec<Value>),
    Object(serde_json::Map<String, Value>),
}

`RpcResponse`

JSON-RPC 2.0 response.

#[derive(Debug, Serialize)]
pub struct RpcResponse {
    pub jsonrpc: String,
    pub id: Value,
    pub result: Option<Value>,
    pub error: Option<RpcError>,
}
 
impl RpcResponse {
    pub fn success(id: Value, result: Value) -> Self;
    pub fn error(id: Value, code: i32, message: impl Into<String>) -> Self;
    pub fn policy_violation(id: Value, reason: &str) -> Self;
}

`RpcError`

JSON-RPC error object.

#[derive(Debug, Serialize)]
pub struct RpcError {
    pub code: i32,
    pub message: String,
}

Standard error codes:

Code	Meaning
-32000	Railguard policy violation
-32600	Invalid request
-32601	Method not found
-32602	Invalid params
-32603	Internal error

Policy Engine Types

`RuntimePolicy`

Compiled policy optimized for fast lookups.

pub struct RuntimePolicy {
    pub global_limits: GlobalLimits,
    pub fail_on_decode_error: bool,
    pub mode: FirewallMode,
    // Internal: routes map
}
 
impl RuntimePolicy {
    pub fn from_config(config: &FirewallConfig) -> Result<Self, PolicyError>;
}

`CompiledRule`

Pre-compiled rule with parsed selector and types.

pub struct CompiledRule {
    pub name: String,
    pub arg_constraints: Vec<ArgConstraint>,
    pub inputs: Vec<DynSolType>,
}

Event Types

`ProxyEvent`

Event sent from proxy to TUI.

#[derive(Debug, Clone)]
pub struct ProxyEvent {
    pub receipt: Receipt,
}
 
pub type EventSender = mpsc::Sender<ProxyEvent>;
pub type EventReceiver = mpsc::Receiver<ProxyEvent>;

Error Types

`PolicyError`

Policy configuration or parsing error.

#[derive(Debug, Error)]
pub enum PolicyError {
    #[error("Invalid signature '{signature}': {reason}")]
    InvalidSignature { signature: String, reason: String },
 
    #[error("Invalid address: {address}")]
    InvalidAddress { address: String },
 
    #[error("Config parsing error: {0}")]
    ConfigParsing(#[from] toml::de::Error),
}

`DecodeError`

Transaction decoding error.

#[derive(Debug, Error)]
pub enum DecodeError {
    #[error("Invalid hex encoding")]
    InvalidHex,
 
    #[error("RLP decoding error: {0}")]
    RlpError(String),
 
    #[error("Unsupported transaction type")]
    UnsupportedTxType,
}

`ProxyError`

Server or network error.

#[derive(Debug, Error)]
pub enum ProxyError {
    #[error("Failed to parse upstream URL: {0}")]
    InvalidUpstreamUrl(#[from] url::ParseError),
 
    #[error("HTTP client error: {0}")]
    HttpClient(#[from] reqwest::Error),
 
    #[error("Failed to bind server: {0}")]
    ServerBind(#[from] std::io::Error),
 
    #[error("Configuration error: {0}")]
    Config(String),
}

Re-exported Types

Railguard re-exports commonly used types from its dependencies:

// From alloy-primitives
pub use alloy_primitives::{Address, B256, U256, Bytes};
 
// From chrono
pub use chrono::{DateTime, Utc};
 
// From uuid
pub use uuid::Uuid;

Next Steps

API Overview — Crate overview and usage
Configuration — Config file format
Policy Engine — Inspection logic

Types Reference