Skip to main content

auths_policy/
lib.rs

1//! Policy Expression Engine for Auths.
2//!
3//! This crate provides a composable policy expression language for authorization
4//! logic. Policies are defined as expressions that can be serialized to JSON/TOML,
5//! compiled into an efficient evaluation target, and evaluated against a context.
6//!
7//! # Architecture
8//!
9//! ```text
10//!    JSON/TOML file          Rust types (validated)
11//!    ┌──────────┐   parse    ┌──────────────┐   compile   ┌────────────────┐
12//!    │  Expr    │──────────▶│  Expr (AST)  │────────────▶│ CompiledPolicy │
13//!    │  (serde) │           │  (strings)   │             │ (typed/canon)  │
14//!    └──────────┘           └──────────────┘             └────────────────┘
15//!                                                              │
16//!                                                     evaluate │
17//!                                                              ▼
18//!                                                       ┌──────────┐
19//!                                                       │ Decision │
20//!                                                       └──────────┘
21//! ```
22//!
23//! # Modules
24//!
25//! - [`types`]: Canonical types for DIDs, capabilities, and glob patterns
26//! - [`decision`]: Authorization decision types with structured reason codes
27//! - [`expr`]: Serializable policy expression AST
28//! - [`compiled`]: Compiled policy expressions ready for evaluation
29//! - [`compile`]: Compile `Expr` to `CompiledPolicy`
30//! - [`eval`]: Policy evaluation functions
31//! - [`glob`]: Hardened glob matcher for path/ref matching
32//! - [`context`]: Typed evaluation context
33//! - [`enforce`]: Production enforcement with optional shadow evaluation
34
35pub mod approval;
36pub mod builder;
37pub mod compile;
38pub mod compiled;
39pub mod context;
40pub mod decision;
41pub mod enforce;
42pub mod eval;
43pub mod expr;
44pub mod glob;
45pub mod trust;
46pub mod types;
47
48pub use approval::{ApprovalAttestation, compute_request_hash};
49pub use builder::PolicyBuilder;
50pub use compile::{
51    CompileError, PolicyLimits, compile, compile_from_json, compile_from_json_with_limits,
52    compile_with_limits,
53};
54pub use compiled::{ApprovalScope, CompiledExpr, CompiledPolicy};
55pub use context::EvalContext;
56pub use decision::{Decision, Outcome, ReasonCode};
57pub use enforce::{Divergence, enforce, enforce_simple};
58pub use eval::{evaluate_batch, evaluate_strict, evaluate3};
59pub use expr::Expr;
60pub use glob::glob_match;
61pub use trust::{TrustRegistry, TrustRegistryEntry, ValidatedIssuerUrl};
62pub use types::{
63    AssuranceLevel, AssuranceLevelParseError, CanonicalCapability, CanonicalDid,
64    CapabilityParseError, DidParseError, GlobParseError, QuorumPolicy, SignerType, ValidatedGlob,
65};