core_policy/lib.rs
1// SPDX-License-Identifier: Apache-2.0
2// Copyright 2025 P47H Team <https://p47h.com>
3
4//! # mesh-policy-core
5//!
6//! Pure RBAC/ABAC policy engine with zero dependencies on crypto or network layers.
7//!
8//! This crate provides the core domain logic for authorization policies, including:
9//! - Policy rules and evaluation
10//! - Resource path matching
11//! - Role-Based Access Control (RBAC)
12//! - Attribute-Based Access Control (ABAC)
13//!
14//! ## Security
15//!
16//! - **T20 Mitigation**: Strict limits on policy size to prevent algorithmic DoS
17//! - MAX_RULES_PER_POLICY = 1024
18//! - MAX_RESOURCE_PATTERN_LENGTH = 256
19
20#![no_std]
21#![forbid(unsafe_code)]
22#![warn(missing_docs)]
23
24extern crate alloc;
25
26pub mod authorizer;
27pub mod builder;
28pub mod context_expr;
29pub mod error;
30pub mod path;
31pub mod policy;
32pub mod resource_matcher;
33
34pub use authorizer::{Authorizer, PolicyAuthorizer};
35pub use builder::{PolicyBuilder, PolicyRuleBuilder};
36pub use context_expr::{CompareOp, ContextExpr, MAX_EXPR_DEPTH, MAX_EXPR_LENGTH};
37/// Re-export commonly used types
38pub use error::{PolicyError, Result};
39pub use path::PathPattern;
40pub use policy::{Action, Policy, PolicyRule, Resource};
41pub use resource_matcher::{ResourceMatcher, ResourceMatcherRegistry};
42
43/// Maximum number of rules per policy (T20 DoS mitigation)
44pub const MAX_RULES_PER_POLICY: usize = 1024;
45
46/// Maximum length for resource patterns (T20 DoS mitigation)
47pub const MAX_RESOURCE_PATTERN_LENGTH: usize = 256;
48
49/// Maximum length for policy name (T20 DoS mitigation)
50pub const MAX_POLICY_NAME_LENGTH: usize = 128;