actionqueue-core 0.1.2

Pure domain types and state machine for the ActionQueue durable task queue engine.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

//! Platform domain types for multi-tenant isolation, RBAC, and ledger entries.
//!
//! These types are consumed by `actionqueue-platform` (for enforcement) and
//! `actionqueue-storage` (for WAL events and snapshot persistence). They live in
//! `actionqueue-core` so all crates share a single canonical definition.

use crate::ids::{ActorId, LedgerEntryId, TenantId};

/// Organizational role for an actor within a tenant.
///
/// Roles map to capability sets via the RBAC enforcer. The `Custom` variant
/// allows org-specific extension beyond the standard triad.
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub enum Role {
    /// Operator: submits work plans, manages tasks.
    Operator,
    /// Auditor: reviews plans, produces approval/rejection decisions.
    Auditor,
    /// Gatekeeper: executes privileged actions after approval.
    Gatekeeper,
    /// Extension role. The inner string must be non-empty.
    Custom(String),
}

impl Role {
    /// Creates a validated custom role.
    ///
    /// # Errors
    ///
    /// Returns an error if `name` is empty.
    pub fn custom(name: impl Into<String>) -> Result<Self, String> {
        let name = name.into();
        if name.is_empty() {
            return Err("custom role name must be non-empty".to_string());
        }
        Ok(Role::Custom(name))
    }
}

/// Typed permission for an actor within a tenant.
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub enum Capability {
    /// Actor may submit new tasks.
    CanSubmit,
    /// Actor may execute (claim and complete) tasks.
    CanExecute,
    /// Actor may review tasks and produce approval/rejection outcomes.
    CanReview,
    /// Actor may approve proposed actions.
    CanApprove,
    /// Actor may cancel tasks and runs.
    CanCancel,
    /// Extension capability. The inner string must be non-empty.
    Custom(String),
}

impl Capability {
    /// Creates a validated custom capability.
    ///
    /// # Errors
    ///
    /// Returns an error if `name` is empty.
    pub fn custom(name: impl Into<String>) -> Result<Self, String> {
        let name = name.into();
        if name.is_empty() {
            return Err("custom capability name must be non-empty".to_string());
        }
        Ok(Capability::Custom(name))
    }
}

/// Tenant registration record.
#[derive(Debug, Clone, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct TenantRegistration {
    tenant_id: TenantId,
    name: String,
}

impl TenantRegistration {
    /// Creates a new tenant registration.
    ///
    /// # Panics
    ///
    /// Panics if `name` is empty.
    pub fn new(tenant_id: TenantId, name: impl Into<String>) -> Self {
        let name = name.into();
        assert!(!name.is_empty(), "tenant name must be non-empty");
        TenantRegistration { tenant_id, name }
    }

    /// Returns the tenant identifier.
    pub fn tenant_id(&self) -> TenantId {
        self.tenant_id
    }

    /// Returns the tenant name.
    pub fn name(&self) -> &str {
        &self.name
    }
}

/// Generic ledger entry for append-only platform ledgers.
///
/// Ledger keys identify the logical ledger (e.g. `"audit"`, `"decision"`,
/// `"relationship"`, `"incident"`, `"reality"`). The payload is opaque bytes
/// whose schema is defined by the consumer (Caelum, Digicorp).
#[derive(Debug, Clone, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
pub struct LedgerEntry {
    entry_id: LedgerEntryId,
    tenant_id: TenantId,
    /// The logical ledger name (e.g. `"audit"`, `"decision"`).
    ledger_key: String,
    /// The actor that produced this entry, if any.
    actor_id: Option<ActorId>,
    /// Opaque payload bytes. Schema is consumer-defined.
    payload: Vec<u8>,
    /// Unix epoch seconds when this entry was recorded.
    timestamp: u64,
}

impl LedgerEntry {
    /// Creates a new ledger entry.
    ///
    /// `actor_id` can be set via [`with_actor`](Self::with_actor) after construction.
    ///
    /// # Panics
    ///
    /// Panics if `ledger_key` is empty.
    pub fn new(
        entry_id: LedgerEntryId,
        tenant_id: TenantId,
        ledger_key: impl Into<String>,
        payload: Vec<u8>,
        timestamp: u64,
    ) -> Self {
        let ledger_key = ledger_key.into();
        assert!(!ledger_key.is_empty(), "ledger_key must be non-empty");
        LedgerEntry { entry_id, tenant_id, ledger_key, actor_id: None, payload, timestamp }
    }

    /// Attaches an actor identifier, returning the modified entry.
    pub fn with_actor(mut self, actor_id: ActorId) -> Self {
        self.actor_id = Some(actor_id);
        self
    }

    /// Returns the entry identifier.
    pub fn entry_id(&self) -> LedgerEntryId {
        self.entry_id
    }

    /// Returns the tenant identifier.
    pub fn tenant_id(&self) -> TenantId {
        self.tenant_id
    }

    /// Returns the logical ledger key.
    pub fn ledger_key(&self) -> &str {
        &self.ledger_key
    }

    /// Returns the actor identifier, if any.
    pub fn actor_id(&self) -> Option<ActorId> {
        self.actor_id
    }

    /// Returns the opaque payload bytes.
    pub fn payload(&self) -> &[u8] {
        &self.payload
    }

    /// Returns the entry timestamp (Unix epoch seconds).
    pub fn timestamp(&self) -> u64 {
        self.timestamp
    }
}