Skip to main content

Crate assay_engine

Crate assay_engine 

Source
Expand description

assay-engine — one static binary that replaces a Temporal + Kratos + Hydra + Keto stack.

v0.2.0 is the umbrella release that turns the engine into a full IdP + workflow runtime: the previously-empty auth feature now pulls assay_auth in, mounting OIDC client + provider, passkey, Argon2 password, JWT + JWKS rotation, biscuit capability tokens, Zanzibar ReBAC, session + admin endpoints under /auth. The dashboard panes that consume those routes (Users, Sessions, OIDC clients, Upstream providers, Zanzibar, JWKS, Biscuit, Audit) light up when the auth module is enabled in engine.modules.

Composition is via axum::extract::FromRef over EngineState<S> — workflow / auth / dashboard each contribute their own Ctx and the parent state derives every sub-state extractor automatically. A no-auth build (--no-default-features --features "backend-postgres,backend-sqlite") compiles identically to the pre-v0.2.0 engine; an auth build composes the auth ctx if and only if engine.modules shows auth enabled at boot.

§Module enablement model

Three layers compose:

  1. Compile features (Cargo) — decide whether the module’s code is linked into the binary. assay-engine’s default compiles workflow + dashboard; opt into auth for the IdP.
  2. engine.modules row (DB) — decides whether the module is active at runtime. name, enabled, version, config. The boot path runs the module’s migrations + mounts its routes + lets the dashboard render its panes only when enabled = TRUE.
  3. engine.toml config — decides how the active module is configured (issuer URL, session TTL, OIDC provider toggle, admin api-keys, …).

See plan 12 § Architecture principle 1 (composition) and § principle 8 (runtime/engine split). Migration notes for v0.1.x → v0.2.0 live in docs/migration-to-0.2.0.md.

Re-exports§

pub use config::AuthConfig;
pub use config::AuthOidcProviderConfig;
pub use config::AuthPasskeyConfig;
pub use config::AuthSessionConfig;
pub use config::BackendConfig;
pub use config::DashboardConfig;
pub use config::EngineConfig;
pub use config::ServerConfig;
pub use state::EngineState;
pub use assay_auth as auth;
pub use assay_domain as core;
pub use assay_dashboard as dashboard;
pub use assay_workflow as workflow;

Modules§

config
Engine configuration loaded from TOML.
embedded
Embedded-mode entrypoints for assay-engine.
engine_api
Engine-core HTTP admin API.
init
Engine boot sequence (v0.1.2 — schema/ATTACH layout).
server
HTTP server wiring — composes the workflow API + dashboard + auth routers into one axum Router. URL surface:
state
Composed engine state.

Structs§

AdminApiKeys
Bearer token guard for /admin/* routes. Compared in constant time against the configured admin keys list. Operators rotate keys via the engine config (auth.admin_api_keys).

Functions§

run
Top-level entrypoint for the standalone assay-engine binary. Picks the backend from config, composes engine via embedded::build, and serves forever on cfg.server.bind_addr.