ibkr-agent-gateway 0.5.2

Unofficial local-first CLI and MCP gateway for Interactive Brokers workflows.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

//! Local user identity and authorization context.

use super::scopes::ScopeSet;
use crate::internal::domain::{LocalUserId, RequestId, SessionId};
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};

/// Auth context source supported by local mode.
#[derive(Clone, Copy, Debug, Eq, PartialEq, Serialize, Deserialize, JsonSchema)]
#[serde(rename_all = "snake_case")]
pub enum AuthContextSource {
    /// Local configuration, not OAuth/OIDC.
    LocalConfig,
    /// Remote OAuth/OIDC bearer token.
    RemoteOauth,
}

/// Local user configured for the gateway.
#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, JsonSchema)]
pub struct LocalUser {
    /// Stable local user id.
    pub user_id: LocalUserId,
    /// Optional display label.
    pub display_name: Option<String>,
    /// Allowed local read scopes.
    pub allowed_scopes: ScopeSet,
}

/// Authorization context attached to one operation.
#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, JsonSchema)]
pub struct AuthContext {
    /// Auth source.
    pub source: AuthContextSource,
    /// Local user id.
    pub user_id: LocalUserId,
    /// Granted scopes.
    pub scopes: ScopeSet,
    /// Request correlation id.
    pub request_id: RequestId,
    /// Session correlation id.
    pub session_id: SessionId,
}

impl AuthContext {
    /// Creates a local auth context.
    #[must_use]
    pub fn local(user: &LocalUser, request_id: RequestId, session_id: SessionId) -> Self {
        Self {
            source: AuthContextSource::LocalConfig,
            user_id: user.user_id.clone(),
            scopes: user.allowed_scopes.clone(),
            request_id,
            session_id,
        }
    }
}