Skip to main content

claw_guard/
types.rs

1use chrono::{DateTime, Utc};
2use serde::{Deserialize, Serialize};
3use uuid::Uuid;
4
5/// A validated session returned by the guard engine.
6#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
7pub struct GuardSession {
8    /// Session identifier.
9    pub id: Uuid,
10    /// Agent identifier associated with the session.
11    pub agent_id: Uuid,
12    /// Workspace identifier associated with the session.
13    pub workspace_id: Uuid,
14    /// Assigned role for policy evaluation.
15    pub role: String,
16    /// Granted scopes for the session.
17    pub scopes: Vec<String>,
18    /// Expiration time of the session.
19    pub expires_at: DateTime<Utc>,
20    /// Signed JWT token returned to callers.
21    pub token: String,
22}
23
24/// Outcome of a policy evaluation.
25#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
26pub enum PolicyDecision {
27    /// The request is allowed.
28    Allow,
29    /// The request is denied with a reason.
30    Deny { reason: String },
31    /// The request is allowed only with masking directives for the listed fields.
32    Mask { fields: Vec<String> },
33}
34
35/// Public alias for policy evaluation results.
36pub type AccessResult = PolicyDecision;