Skip to main content

Crate codlet_core

Crate codlet_core 

Source
Expand description

§codlet-core

Runtime-neutral authentication primitives for codlet.

This crate holds pure types, policy objects, cryptographic lookup-key derivation, lifecycle state machines, and storage traits. It has no web framework, database, or async-executor dependencies.

codlet authenticates a subject; the host application authorizes that subject. This crate never decides membership, roles, permissions, or resource access.

Status: pre-release (v0.2.0). The full set of pure primitives is implemented: code generation/normalization/validation, HMAC lookup-key derivation, lifecycle classifiers (claim, session, form-token), storage traits, cookie policy, and in-memory stores for testing. Orchestration helpers, high-level API, and production adapters are still to come.

§License

Apache-2.0

§codlet-core

Runtime-neutral authentication primitives. This crate contains pure types, policy objects, cryptographic lookup-key derivation, lifecycle state machines, storage traits, and audit events. It deliberately contains no web framework, database, or async-executor dependencies (RFC-002).

§Boundary

codlet authenticates a subject. The host application authorizes that subject (RFC-001). Nothing in this crate decides community membership, roles, permissions, or resource access.

§Status

This release completes the M3 primitive layer:

  • code — code policy, generation, normalization, validation (RFC-003)
  • hashing — HMAC lookup-key derivation, key providers, domain separation, key versioning (RFC-004)
  • rng — fail-closed randomness abstraction (RFC-020)
  • secret — redacted secret newtypes and opaque IDs (RFC-019 foundation)
  • clockClock trait for testable time (RFC-020)
  • state — pure lifecycle classifiers: claim, session, form-token consume (RFC-005/006/007)
  • storeCodeStore, SessionStore, FormTokenStore, RateLimitStore traits (RFC-005/006/007/008)
  • cookie — secure cookie policy and builder (RFC-006)
  • auditCodeAuthEvent vocabulary and AuditSink trait (RFC-012)
  • error — two-layer error model: internal causes + public-safe failures (RFC-012/021)
  • mem — in-memory stores (test-utils feature only, RFC-011/008)

Re-exports§

pub use audit::AuditSink;
pub use audit::CodeAuthEvent;
pub use audit::NoopAuditSink;
pub use clock::Clock;
pub use clock::SystemClock;
pub use code::Alphabet;
pub use code::CodePolicy;
pub use code::generate_code;
pub use code::normalize;
pub use code::normalize;
pub use code::validate_code_input;
pub use cookie::CookiePolicy;
pub use cookie::CookieProfile;
pub use cookie::SameSitePolicy;
pub use error::CodeInputError;
pub use error::KeyError;
pub use error::PolicyError;
pub use error::PublicFormError;
pub use error::PublicRedemptionError;
pub use error::PublicSessionError;
pub use error::RandomError;
pub use error::RedemptionFailReason;
pub use hashing::HmacKeyRef;
pub use hashing::KeyProvider;
pub use hashing::KeyVersion;
pub use hashing::LookupKey;
pub use hashing::SecretDomain;
pub use hashing::SecretHasher;
pub use hashing::StaticKeyProvider;
pub use rng::RandomSource;
pub use rng::SystemRandom;
pub use secret::CodeId;
pub use secret::FormTokenSecret;
pub use secret::PlainCode;
pub use secret::SecretString;
pub use secret::SessionId;
pub use secret::SessionSecret;
pub use secret::SubjectId;
pub use state::ClaimOutcome;
pub use state::SessionValidationOutcome;
pub use state::TokenConsumeOutcome;
pub use state::classify_claim;
pub use state::classify_session;
pub use state::classify_token_consume;
pub use store::error::PublicAuthError;
pub use store::error::StoreError;
pub use store::ratelimit::RateLimitKey;
pub use store::ratelimit::RateLimitOutcome;
pub use store::ratelimit::RateLimitPolicy;
pub use store::ratelimit::RateLimitStore;
pub use store::ratelimit::RateLimitUnavailable;
pub use store::token::TokenSubject;

Modules§

audit
Security audit events and the AuditSink trait (RFC-012).
clock
Time abstraction (RFC-020 clock contract).
code
One-time code policy, generation, normalization, and validation (RFC-003).
cookie
Secure cookie construction (RFC-006 §13.2).
error
Error types for codlet-core.
hashing
Secret hashing, key providers, domain separation, and key versioning (RFC-004).
rng
Randomness abstraction (RFC-020).
secret
Secret-bearing and opaque-identifier newtypes.
state
Pure lifecycle classifiers (RFC-005, RFC-006, RFC-007).
store
Storage traits (RFC-005, RFC-006, RFC-007).

Constants§

FORMAT_VERSION
The codlet wire/format version embedded in domain-separated HMAC inputs.