Trait ControlPlane 

pub trait ControlPlane: Send + Sync {
    // Required methods
    fn lookup_client<'life0, 'life1, 'async_trait>(
        &'life0 self,
        api_key: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<ClientRecord, ControlPlaneError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn backend_name(&self) -> &str;

    // Provided method
    fn health_check<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait { ... }
}

Abstraction over the source of truth for client authentication and authorization.

Implementors resolve an API key to a ClientRecord. The server calls this on the POST /api/v1/auth/validate path and, optionally, in the per-request middleware.

Required Methods

fn lookup_client<'life0, 'life1, 'async_trait>( &'life0 self, api_key: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<ClientRecord, ControlPlaneError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Look up a client by raw API key.

Implementations MUST:

1. Hash the key (SHA-256) before any network/storage lookup.
2. Return Err(NotFound) when no record matches.
3. Return Err(Inactive) when the record exists but is_active is false.

fn backend_name(&self) -> &str

Human-readable backend name for logging (e.g. “remote”, “local”).

Provided Methods

fn health_check<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Quick connectivity check. Returns true if the backend is reachable.

Implementors

impl ControlPlane for RemoteControlPlane

impl ControlPlane for FallbackControlPlane

impl ControlPlane for LocalControlPlane