adk-awp 0.8.2

Agentic Web Protocol (AWP) implementation for ADK-Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

//! Trust level assignment from request headers.

use async_trait::async_trait;
use awp_types::TrustLevel;
use axum::http::HeaderMap;

/// Trait for assigning a [`TrustLevel`] based on request headers.
///
/// Implementations can integrate with authentication systems (e.g. `adk-auth`)
/// to validate tokens and extract scopes.
#[async_trait]
pub trait TrustLevelAssigner: Send + Sync {
    /// Determine the trust level for a request based on its headers.
    async fn assign(&self, headers: &HeaderMap) -> TrustLevel;
}

/// Default trust assigner that checks for `Authorization` headers.
///
/// - No credentials → [`TrustLevel::Anonymous`]
/// - `Bearer` or `ApiKey` token present → [`TrustLevel::Known`]
///
/// Replace with `adk-auth` integration for full JWT scope extraction
/// (Partner/Internal levels) when available.
pub struct DefaultTrustAssigner;

#[async_trait]
impl TrustLevelAssigner for DefaultTrustAssigner {
    async fn assign(&self, headers: &HeaderMap) -> TrustLevel {
        if let Some(auth) = headers.get("Authorization") {
            if let Ok(val) = auth.to_str() {
                if val.starts_with("Bearer ") || val.starts_with("ApiKey ") {
                    return TrustLevel::Known;
                }
            }
        }
        TrustLevel::Anonymous
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[tokio::test]
    async fn test_no_auth_is_anonymous() {
        let assigner = DefaultTrustAssigner;
        let headers = HeaderMap::new();
        assert_eq!(assigner.assign(&headers).await, TrustLevel::Anonymous);
    }

    #[tokio::test]
    async fn test_bearer_token_is_known() {
        let assigner = DefaultTrustAssigner;
        let mut headers = HeaderMap::new();
        headers.insert("Authorization", "Bearer some-token-here".parse().unwrap());
        assert_eq!(assigner.assign(&headers).await, TrustLevel::Known);
    }

    #[tokio::test]
    async fn test_api_key_is_known() {
        let assigner = DefaultTrustAssigner;
        let mut headers = HeaderMap::new();
        headers.insert("Authorization", "ApiKey my-api-key".parse().unwrap());
        assert_eq!(assigner.assign(&headers).await, TrustLevel::Known);
    }

    #[tokio::test]
    async fn test_invalid_auth_scheme_is_anonymous() {
        let assigner = DefaultTrustAssigner;
        let mut headers = HeaderMap::new();
        headers.insert("Authorization", "Basic dXNlcjpwYXNz".parse().unwrap());
        assert_eq!(assigner.assign(&headers).await, TrustLevel::Anonymous);
    }

    #[tokio::test]
    async fn test_empty_auth_header_is_anonymous() {
        let assigner = DefaultTrustAssigner;
        let mut headers = HeaderMap::new();
        headers.insert("Authorization", "".parse().unwrap());
        assert_eq!(assigner.assign(&headers).await, TrustLevel::Anonymous);
    }
}