hessra_cap_engine/
lib.rs

1//! # Hessra Capability Engine
2//!
3//! Core capability engine for the Hessra authorization system.
4//!
5//! This crate provides:
6//! - Unified object model where everything is an object with a capability space
7//! - `PolicyBackend` trait for pluggable policy evaluation
8//! - Context tokens for information flow control (exposure tracking)
9//! - `CapabilityEngine` that orchestrates minting, verification, and policy evaluation
10
11// EngineError is a rich, structured error type. The `result_large_err` lint
12// would push us to box variants for clippy's stack-size threshold; we prefer
13// the structured variants and accept the slightly larger Result on engine
14// paths. Mint/verify are not hot enough for the size to matter in practice.
15#![allow(clippy::result_large_err)]
16
17pub mod context;
18pub mod engine;
19pub mod error;
20pub mod facet;
21pub mod resolver;
22pub mod types;
23
24pub use context::{ContextToken, HessraContext};
25pub use engine::CapabilityEngine;
26pub use error::{ChainCheckFailure, EngineError};
27pub use facet::FacetMap;
28pub use resolver::{
29    ArgsResolver, ArgsResolverBuilder, AuthSession, CompositeResolver, CompositeResolverBuilder,
30    DesignationContext, DesignationResolver, Event, EventResolver, EventResolverBuilder,
31    NoopResolver, RequestUrl, ResolverError, WebappResolver, WebappResolverBuilder,
32};
33pub use types::{
34    AnchorBinding, CapabilityGrant, Designation, ExposureLabel, IdentityConfig, MintOptions,
35    MintResult, ObjectId, Operation, PolicyBackend, PolicyDecision, SessionConfig,
36};
37
38// Re-export commonly needed types from token crates
39pub use hessra_token_core::{KeyPair, PublicKey, TokenTimeConfig};
hessra_cap_engine/lib.rs

hessra_cap_engine/
lib.rs
