Skip to main content

chio_kernel/
revocation_runtime.rs

1use std::collections::HashSet;
2
3use crate::RevocationStoreError;
4
5/// Trait for checking whether a capability has been revoked.
6///
7/// Implementations may be in-memory, SQLite-backed, or subscribe to a
8/// distributed revocation feed via Spine/NATS.
9pub trait RevocationStore: Send {
10    /// Check if a capability ID has been revoked.
11    fn is_revoked(&self, capability_id: &str) -> Result<bool, RevocationStoreError>;
12
13    /// Revoke a capability. Returns `true` if it was newly revoked.
14    fn revoke(&mut self, capability_id: &str) -> Result<bool, RevocationStoreError>;
15}
16
17/// In-memory revocation store for development and testing.
18#[derive(Debug, Default)]
19pub struct InMemoryRevocationStore {
20    revoked: HashSet<String>,
21}
22
23impl InMemoryRevocationStore {
24    /// Create an empty revocation store.
25    pub fn new() -> Self {
26        Self::default()
27    }
28}
29
30impl RevocationStore for InMemoryRevocationStore {
31    fn is_revoked(&self, capability_id: &str) -> Result<bool, RevocationStoreError> {
32        Ok(self.revoked.contains(capability_id))
33    }
34
35    fn revoke(&mut self, capability_id: &str) -> Result<bool, RevocationStoreError> {
36        Ok(self.revoked.insert(capability_id.to_owned()))
37    }
38}