hessra-cap-schema 0.1.0

Principal schema definitions for the Hessra capability engine
Documentation
  • Coverage
  • 55.26%
    21 out of 38 items documented0 out of 15 items with examples
  • Size
  • Source code size: 21.63 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 596.67 kB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 17s Average build duration of successful builds.
  • all releases: 17s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Hessra-Labs/hessra-cap
    1 0 0
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • jcorrv

Hessra Capability Schema

Declarative schemas for principals that own targets in a Hessra deployment. A schema names the targets a principal owns, the operations on each target, and the designations the principal requires at mint time for each operation.

Schemas are policy-side configuration: they tell the capability engine "the engine refuses to mint a capability for this target/operation unless these designations are attached." This is the issuer-side guard against silently broadening capabilities by forgetting to designate.

Reserved labels

Some designation labels are reserved for engine-built-in semantics and cannot appear in required_designations. The schema validator rejects them at load time with [SchemaError::ReservedLabel]. Currently:

  • "anchor": the principal that can verify a capability. Configured via policy (anchor_to_subject = true or anchor = "<principal>") or via MintOptions.anchor. Implemented in the token using the same designation mechanism as application labels but treated as a distinct concept.
  • "facet": a per-capability ULID-style identifier the engine attaches when forwarding facets are enabled. Pairs with an in-memory map the issuer-and-verifier engine consults, giving per-cap revocation and single-use-on-ack semantics.

See [RESERVED_LABELS].