Struct CapabilityToken 

pub struct CapabilityToken {
    pub id: TokenId,
    pub resource: ResourcePattern,
    pub permissions: Vec<Permission>,
    pub issued_at: Timestamp,
    pub expires_at: Option<Timestamp>,
    pub scope: TokenScope,
    pub issuer: PublicKey,
    pub user_id: [u8; 8],
    pub approval_audit_id: AuditEntryId,
    pub single_use: bool,
    pub signature: Signature,
}

A capability token granting permissions for a resource.

Fields

id: TokenId

Unique token identifier.

resource: ResourcePattern

Resource pattern this token applies to.

permissions: Vec<Permission>

Permissions granted.

issued_at: Timestamp

When the token was issued.

expires_at: Option<Timestamp>

When the token expires (None = no expiration within scope).

scope: TokenScope

Token scope (session or persistent).

issuer: PublicKey

Public key of the issuer (runtime).

user_id: [u8; 8]

User who approved this token (key ID, first 8 bytes).

approval_audit_id: AuditEntryId

Audit entry ID linking to the approval event.

single_use: bool

Whether this token can only be used once (replay protection).

signature: Signature

Cryptographic signature of the token.

Implementations

impl CapabilityToken

pub fn create( resource: ResourcePattern, permissions: Vec<Permission>, scope: TokenScope, user_id: [u8; 8], approval_audit_id: AuditEntryId, runtime_key: &KeyPair, ttl: Option<Duration>, ) -> Self

Create a new capability token.

This is typically called by the runtime after user approval.

pub fn create_with_options( resource: ResourcePattern, permissions: Vec<Permission>, scope: TokenScope, user_id: [u8; 8], approval_audit_id: AuditEntryId, runtime_key: &KeyPair, ttl: Option<Duration>, single_use: bool, ) -> Self

Create a new capability token with additional options.

This is typically called by the runtime after user approval.

pub fn signing_data(&self) -> Vec<u8>

Get the data used for signing (excludes the signature itself).

Format (v1):

• 1 byte: version (0x01)
• Length-prefixed token ID (UUID bytes)
• Length-prefixed resource pattern string
• 4 bytes: number of permissions
• For each permission: length-prefixed string
• 8 bytes: issued_at timestamp (i64 LE)
• 1 byte: has_expiration flag
• If has_expiration: 8 bytes expiration timestamp (i64 LE)
• Length-prefixed scope string
• 32 bytes: issuer public key
• 8 bytes: user_id
• Length-prefixed audit entry ID (UUID bytes)
• 1 byte: single_use flag

pub fn verify_signature(&self) -> CapabilityResult<()>

Verify the token’s signature.

Errors

Returns CapabilityError::InvalidSignature if the signature is invalid.

pub fn is_expired(&self) -> bool

Check if the token has expired.

pub fn is_expired_with_skew(&self, skew_secs: i64) -> bool

Check if the token has expired, with clock skew tolerance.

A positive skew_secs value allows tokens that expired up to that many seconds ago to still be considered valid.

pub fn validate(&self) -> CapabilityResult<()>

Check if the token is valid (not expired, signature OK).

Uses the default clock skew tolerance (30 seconds).

Errors

Returns CapabilityError::TokenExpired if expired, or CapabilityError::InvalidSignature if the signature is invalid.

pub fn validate_with_skew(&self, skew_secs: i64) -> CapabilityResult<()>

Check if the token is valid with custom clock skew tolerance.

Errors

Returns CapabilityError::TokenExpired if expired, or CapabilityError::InvalidSignature if the signature is invalid.

pub fn is_single_use(&self) -> bool

Check if this is a single-use token.

pub fn grants(&self, resource: &str, permission: Permission) -> bool

Check if this token grants a permission for a resource.

pub fn content_hash(&self) -> ContentHash

Hash the token for audit purposes.

Trait Implementations

impl Clone for CapabilityToken

fn clone(&self) -> CapabilityToken

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CapabilityToken

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for CapabilityToken

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Hash for CapabilityToken

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for CapabilityToken

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for CapabilityToken

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for CapabilityToken