adk_auth/lib.rs
1//! # adk-auth
2//!
3//! Access control and authentication for ADK-Rust.
4//!
5//! ## Overview
6//!
7//! This crate provides enterprise-grade access control:
8//!
9//! - [`Permission`] - Tool and agent permissions
10//! - [`Role`] - Role with allow/deny rules
11//! - [`AccessControl`] - Permission checking
12//! - [`AuditSink`] - Audit logging trait
13//!
14//! ## Features
15//!
16//! - `sso` - Enable SSO/OAuth/OIDC support
17//!
18//! ## Quick Start
19//!
20//! ```rust,ignore
21//! use adk_auth::{Permission, Role, AccessControl};
22//!
23//! let admin = Role::new("admin")
24//! .allow(Permission::AllTools)
25//! .allow(Permission::AllAgents);
26//!
27//! let user = Role::new("user")
28//! .allow(Permission::Tool("search".into()))
29//! .deny(Permission::Tool("code_exec".into()));
30//!
31//! let ac = AccessControl::builder()
32//! .role(admin)
33//! .role(user)
34//! .assign("alice@example.com", "admin")
35//! .build()?;
36//!
37//! ac.check("alice@example.com", &Permission::AllTools)?;
38//! ```
39
40mod access_control;
41mod audit;
42mod error;
43mod middleware;
44mod permission;
45mod role;
46
47// SSO module (feature-gated)
48#[cfg(feature = "sso")]
49pub mod sso;
50
51pub use access_control::{AccessControl, AccessControlBuilder};
52pub use audit::{AuditEvent, AuditEventType, AuditOutcome, AuditSink, FileAuditSink};
53pub use error::{AccessDenied, AuthError};
54pub use middleware::{AuthMiddleware, ProtectedTool, ProtectedToolDyn, ToolExt};
55pub use permission::Permission;
56pub use role::Role;