codetether-agent 4.7.0-a-002.4

A2A-native AI coding agent for the CodeTether ecosystem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

use serde::{Deserialize, Serialize};

/// JWT claims extracted from a Bearer token payload.
///
/// These claims are attached to the request after authentication succeeds so
/// downstream handlers can scope behavior such as bus topic access.
///
/// # Examples
///
/// ```rust
/// use codetether_agent::server::auth::JwtClaims;
///
/// let claims = JwtClaims {
///     topics: vec!["agent.alpha".into()],
///     subject: Some("worker-1".into()),
///     scopes: vec!["bus:read".into()],
///     roles: vec!["viewer".into()],
///     tenant_id: Some("tenant-1".into()),
///     auth_source: Some("jwt".into()),
/// };
///
/// assert_eq!(claims.subject.as_deref(), Some("worker-1"));
/// assert_eq!(claims.topics, vec!["agent.alpha"]);
/// ```
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct JwtClaims {
    /// Allowed topics for bus stream filtering.
    #[serde(default)]
    pub topics: Vec<String>,
    /// Optional user identifier.
    #[serde(default, rename = "sub")]
    pub subject: Option<String>,
    /// Additional scopes from the JWT.
    #[serde(default)]
    pub scopes: Vec<String>,
    /// Authorization roles from the JWT or API key claim payload.
    #[serde(default)]
    pub roles: Vec<String>,
    /// Optional tenant identifier for policy isolation.
    #[serde(default)]
    pub tenant_id: Option<String>,
    /// Authentication source, for example `jwt` or `api_key`.
    #[serde(default)]
    pub auth_source: Option<String>,
}