Skip to main content

auths_core/policy/
mod.rs

1//! Policy engine for authorization decisions.
2//!
3//! This module provides the policy evaluation layer that determines whether
4//! a device or identity is authorized to perform specific actions.
5//!
6//! # Architecture
7//!
8//! The policy engine sits between storage (which provides data) and
9//! application code (which needs authorization decisions):
10//!
11//! ```text
12//! ┌─────────────────┐     ┌──────────────┐     ┌─────────────────┐
13//! │ Storage/Registry │ ──► │ Policy Engine │ ──► │ Decision (Y/N/?) │
14//! └─────────────────┘     └──────────────┘     └─────────────────┘
15//!        (data)              (evaluation)           (result)
16//! ```
17//!
18//! # Relationship to Trust Module
19//!
20//! This module handles **authorization** (can X do Y?), while the
21//! [`crate::trust`] module handles **identity verification** (is X who they
22//! claim?). Both are needed for secure operation:
23//!
24//! 1. First, verify identity using [`crate::trust::check_trust`]
25//! 2. Then, check authorization using this policy module
26//!
27//! # Sans-IO Design (INVARIANT)
28//!
29//! **This module MUST remain pure/sans-IO.** All policy functions take their
30//! inputs explicitly and never access storage or system resources directly.
31//!
32//! ## Prohibited in Production Code
33//!
34//! - `RegistryBackend` or any storage trait
35//! - `git2` or filesystem access
36//! - `Utc::now()` or other system clock access
37//! - Network I/O
38//!
39//! ## Required Pattern
40//!
41//! All external data must be passed as parameters:
42//!
43//! ```rust,ignore
44//! fn evaluate(
45//!     attestation: &Attestation,  // Data from storage (caller fetches)
46//!     action: &Action,            // What to authorize
47//!     now: DateTime<Utc>,         // Time (caller provides)
48//! ) -> Decision
49//! ```
50//!
51//! ## Benefits
52//!
53//! - **Testable**: No mocks needed, just pass test data
54//! - **Deterministic**: Same inputs always produce same outputs
55//! - **Portable**: Works in WASM, embedded, anywhere
56//! - **Auditable**: All decision factors are explicit
57//!
58//! ## CI Verification
59//!
60//! Run to verify invariant is maintained:
61//! ```bash
62//! grep -rn "RegistryBackend\|git2\|std::fs" crates/auths-core/src/policy/
63//! # Production code should return nothing (tests/docs excluded)
64//! ```
65
66mod decision;
67pub mod device;
68pub mod org;
69
70pub use decision::Decision;