capsec 0.1.6

Compile-time capability-based security for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

# capsec

Compile-time capability-based security for Rust.

This is the facade crate — it re-exports everything from `capsec-core`, `capsec-macro`, and `capsec-std` under a single dependency. This is the crate you should depend on.

## Install

```bash
cargo add capsec

# Or from source:
cargo install --path crates/capsec
```

## Quick start

```rust,ignore
use capsec::prelude::*;

#[capsec::context]
struct AppCtx {
    fs: FsRead,
    net: NetConnect,
}

#[capsec::main]
fn main(root: CapRoot) {
    let ctx = AppCtx::new(&root);
    let data = load_data("/tmp/data.csv", &ctx).unwrap();
}

// Leaf functions take &impl Has<P> — works with raw caps AND context structs
fn load_data(path: &str, cap: &impl Has<FsRead>) -> Result<String, CapSecError> {
    capsec::fs::read_to_string(path, cap)
}
```

## What's re-exported

| From | What you get |
|------|-------------|
| `capsec-core` | `Cap`, `SendCap`, `Has`, `Permission`, `CapRoot`, `FsRead`, `NetConnect`, etc. |
| `capsec-macro` | `#[capsec::requires]`, `#[capsec::deny]`, `#[capsec::main]`, `#[capsec::context]` |
| `capsec-std` | `capsec::fs`, `capsec::net`, `capsec::env`, `capsec::process` |

Also provides:
- `capsec::run(|root| { ... })` — convenience entry point
- `capsec::prelude::*` — common imports

## Testing

`test_root()` bypasses the singleton check and is available in debug/test builds (`#[cfg(debug_assertions)]`). It cannot be enabled in release builds — there is no feature flag:

```rust,ignore
#[cfg(test)]
mod tests {
    use capsec::test_root;

    #[test]
    fn my_test() {
        let root = test_root();
        let cap = root.fs_read();
        // ...
    }
}
```

## License

Apache-2.0