lilo-im-core 0.1.1

Identity Matters core: Authorizer trait, Principal types, peer credential extraction (Helioy v1 IAM)
Documentation

lilo-im-core

AuthZ is NOT enforced in identity-matters v1. This crate locks the shared IAM boundary for callers today, while the v2+ roadmap replaces lilo-im-stub with an enforcing lilo-im-daemon behind the same Authorizer contract.

lilo-im-core owns the stable authorization types:

  • Principal identifies the caller. v1 supports Local(uid) and preserves unknown tagged variants so newer producers can write audit rows that older readers can still inspect.
  • Action is closed in v1: Spawn, Kill, List, Read, Logs, MailSend, MailRead, Nudge, Link, Doctor, and Daemon. v2+ may extend the enum through a deliberate contract change.
  • ResourceSpec describes the target of the request without binding identity-matters to a specific caller.
  • AuditRow records every authorization decision, including nullable reserved fields that later policy engines can populate without changing the table shape.

The principal wire format uses a kind tag. Local(uid) serializes as:

{
  "kind": "Local",
  "uid": 501
}

Unknown principal kinds deserialize into Principal::Unknown with their original fields preserved for audit inspection and reserialization.