Crate auths_policy 

Policy Expression Engine for Auths.

This crate provides a composable policy expression language for authorization logic. Policies are defined as expressions that can be serialized to JSON/TOML, compiled into an efficient evaluation target, and evaluated against a context.

Architecture

   JSON/TOML file          Rust types (validated)
   ┌──────────┐   parse    ┌──────────────┐   compile   ┌────────────────┐
   │  Expr    │──────────▶│  Expr (AST)  │────────────▶│ CompiledPolicy │
   │  (serde) │           │  (strings)   │             │ (typed/canon)  │
   └──────────┘           └──────────────┘             └────────────────┘
                                                             │
                                                    evaluate │
                                                             ▼
                                                      ┌──────────┐
                                                      │ Decision │
                                                      └──────────┘

Modules

• types: Canonical types for DIDs, capabilities, and glob patterns
• decision: Authorization decision types with structured reason codes
• expr: Serializable policy expression AST
• compiled: Compiled policy expressions ready for evaluation
• [compile]: Compile Expr to CompiledPolicy
• eval: Policy evaluation functions
• glob: Hardened glob matcher for path/ref matching
• context: Typed evaluation context
• [enforce]: Production enforcement with optional shadow evaluation

Re-exports

pub use approval::ApprovalAttestation;

pub use approval::compute_request_hash;

pub use builder::PolicyBuilder;

pub use compile::CompileError;

pub use compile::PolicyLimits;

pub use compile::compile;

pub use compile::compile_from_json;

pub use compile::compile_from_json_with_limits;

pub use compile::compile_with_limits;

pub use compiled::ApprovalScope;

pub use compiled::CompiledExpr;

pub use compiled::CompiledPolicy;

pub use context::EvalContext;

pub use decision::Decision;

pub use decision::Outcome;

pub use decision::ReasonCode;

pub use enforce::Divergence;

pub use enforce::enforce;

pub use enforce::enforce_simple;

pub use eval::evaluate_batch;

pub use eval::evaluate_strict;

pub use eval::evaluate3;

pub use expr::Expr;

pub use glob::glob_match;

pub use trust::TrustRegistry;

pub use trust::TrustRegistryEntry;

pub use trust::ValidatedIssuerUrl;

pub use types::CanonicalCapability;

pub use types::CapabilityParseError;

pub use types::DidParseError;

pub use types::GlobParseError;

pub use types::QuorumPolicy;

pub use types::SignerType;

pub use types::ValidatedGlob;

Modules

approval

Approval attestation types and request hash computation.

builder

Fluent builder for constructing compiled policies.

compile

Compile Expr to CompiledPolicy.

compiled

Compiled policy expression — validated, canonical, ready to evaluate.

context

Typed evaluation context.

decision

Authorization decision types.

enforce

Enforcement wrapper with optional shadow evaluation.

eval

Policy evaluation functions.

expr

Serializable policy expression AST.

glob

Hardened glob matcher for path/ref matching.

trust

Trust registry types and matching logic for OIDC provider boundaries.

types

Canonical types for policy expressions.

Structs

AssuranceLevelParseError

Error returned when parsing an AssuranceLevel from a string fails.

CanonicalDid

A validated, canonical DID that accepts any method (did:keri:, did:key:, etc.).

Enums

AssuranceLevel

Cryptographic assurance level of a platform identity claim.