Modules
RADIUS enforces security through an ordered module pipeline. Every event passes through the same deterministic path. No module asks an LLM to decide whether an action is safe.
Pipeline order (recommended)
kill_switchskill_scannertool_policyfs_guardcommand_guardexec_sandboxegress_guardoutput_dlprate_budgetapproval_gateaudit
If multiple modules could block the same action, the first deny in pipeline order wins.
Module matrix
| Module | Primary purpose | Typical decision | Deep dive |
|---|---|---|---|
kill_switch | Emergency hard stop | deny | Open |
skill_scanner | Detect malicious skill payloads | challenge / deny | Open |
tool_policy | Allow/deny by tool identity | allow / deny | Open |
fs_guard | Restrict filesystem topology | deny | Open |
command_guard | Block dangerous shell patterns | deny | Open |
exec_sandbox | Isolate command execution | modify / deny | Open |
egress_guard | Control outbound network | deny | Open |
output_dlp | Stop secret leakage in output | redact / deny | Open |
rate_budget | Cap tool-call velocity | deny | Open |
approval_gate | Human-in-the-loop approval | challenge | Open |
audit | Append-only event trail | alert (log only) | Open |
Deep-dive pages
- kill_switch
- skill_scanner
- tool_policy
- fs_guard
- command_guard
- exec_sandbox
- egress_guard
- output_dlp
- rate_budget
- approval_gate
- audit
Recommended defaults by posture
| Posture | Goal | Notes |
|---|---|---|
local | Maximum containment | exec_sandbox required, strict deny |
standard | Daily development safety | Balanced deny + redact + challenge |
unbounded | Research/observation mode | Mostly allow, keep audit on |
Start with standard, move to local before production access to sensitive systems.