Skip to main content

Expr

auths_policy::expr

Enum Expr

#[non_exhaustive]pub enum Expr {
Show 35 variants    True,
    False,
    And(Vec<Expr>),
    Or(Vec<Expr>),
    Not(Box<Expr>),
    HasCapability(String),
    HasAllCapabilities(Vec<String>),
    HasAnyCapability(Vec<String>),
    IssuerIs(String),
    IssuerIn(Vec<String>),
    SubjectIs(String),
    DelegatedBy(String),
    NotRevoked,
    NotExpired,
    ExpiresAfter(i64),
    IssuedWithin(i64),
    RoleIs(String),
    RoleIn(Vec<String>),
    RepoIs(String),
    RepoIn(Vec<String>),
    RefMatches(String),
    PathAllowed(Vec<String>),
    EnvIs(String),
    EnvIn(Vec<String>),
    WorkloadIssuerIs(String),
    WorkloadClaimEquals {
        key: String,
        value: String,
    },
    IsAgent,
    IsHuman,
    IsWorkload,
    MaxChainDepth(u32),
    AttrEquals {
        key: String,
        value: String,
    },
    AttrIn {
        key: String,
        values: Vec<String>,
    },
    MinAssurance(String),
    AssuranceLevelIs(String),
    ApprovalGate {
        inner: Box<Expr>,
        approvers: Vec<String>,
        ttl_seconds: u64,
        scope: Option<String>,
    },
}

Expand description

Serializable policy expression.

This is the wire format stored in JSON/TOML files. All identifiers are strings. Must be compiled to CompiledPolicy before evaluation. Compilation validates and canonicalizes all string fields.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

True

Always allow.

False

Always deny.

And(Vec<Expr>)

All children must evaluate to Allow.

Or(Vec<Expr>)

At least one child must evaluate to Allow.

Not(Box<Expr>)

Invert the child’s outcome.

HasCapability(String)

Subject must have this capability.

HasAllCapabilities(Vec<String>)

Subject must have all listed capabilities.

HasAnyCapability(Vec<String>)

Subject must have at least one of the listed capabilities.

IssuerIs(String)

Issuer DID must match exactly.

IssuerIn(Vec<String>)

Issuer DID must be in the set.

SubjectIs(String)

Subject DID must match exactly.

DelegatedBy(String)

Attestation must be delegated by this DID.

NotRevoked

Attestation must not be revoked.

NotExpired

Attestation must not be expired.

ExpiresAfter(i64)

Attestation must have at least this many seconds remaining.

IssuedWithin(i64)

Attestation must have been issued within this many seconds.

RoleIs(String)

Subject’s role must match exactly.

RoleIn(Vec<String>)

Subject’s role must be in the set.

RepoIs(String)

Repository must match exactly.

RepoIn(Vec<String>)

Repository must be in the set.

RefMatches(String)

Git ref must match the glob pattern.

PathAllowed(Vec<String>)

All paths must match at least one of the glob patterns.

EnvIs(String)

Environment must match exactly.

EnvIn(Vec<String>)

Environment must be in the set.

WorkloadIssuerIs(String)

Workload issuer DID must match exactly.

WorkloadClaimEquals

Workload claim must equal the expected value.

Fields

§key: String

Claim key (alphanumeric + underscore only).

§value: String

Expected value.

IsAgent

Signer must be an AI agent.

IsHuman

Signer must be a human.

IsWorkload

Signer must be a workload (CI/CD).

MaxChainDepth(u32)

Delegation chain depth must not exceed this value.

AttrEquals

Match a flat string attribute. Keys must be alphanumeric+underscore, max 64 chars. No dot-paths. No nested JSON. No Value type.

Fields

§key: String

Attribute key (alphanumeric + underscore only).

§value: String

Expected value.

AttrIn

Attribute must be one of the values.

Fields

§key: String

Attribute key (alphanumeric + underscore only).

§values: Vec<String>

Allowed values.

MinAssurance(String)

Assurance level must be at least this level (uses Ord comparison).

AssuranceLevelIs(String)

Assurance level must match exactly.

ApprovalGate

Approval gate: if inner evaluates to Allow, return RequiresApproval instead. Transparent to Deny/Indeterminate — those pass through unchanged.

Fields

§inner: Box<Expr>

The inner expression to evaluate.

§approvers: Vec<String>

DIDs of allowed approvers (validated at compile time).

§ttl_seconds: u64

Approval request TTL in seconds (default 300 = 5 minutes).

§scope: Option<String>

Approval scope: “identity” (default), “scoped”, or “full”.

Implementations§

impl Expr

pub fn and(conditions: impl IntoIterator<Item = Expr>) -> Self

Create an And expression from multiple conditions.

pub fn or(conditions: impl IntoIterator<Item = Expr>) -> Self

Create an Or expression from multiple conditions.

pub fn negate(expr: Expr) -> Self

Create a Not expression (negation).

Trait Implementations§

impl Clone for Expr

fn clone(&self) -> Expr

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for Expr

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl<'de> Deserialize<'de> for Expr

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

impl PartialEq for Expr

fn eq(&self, other: &Expr) -> bool

Tests for self and other values to be equal, and is used by ==.

1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Expr

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

impl StructuralPartialEq for Expr

Auto Trait Implementations§

impl Freeze for Expr

impl RefUnwindSafe for Expr

impl Send for Expr

impl Sync for Expr

impl Unpin for Expr

impl UnsafeUnpin for Expr

impl UnwindSafe for Expr

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,