1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
//! # mcp-authorization
//!
//! Type-state authorization for MCP servers, built on top of
//! [rmcp](https://docs.rs/rmcp) (the official Rust MCP SDK).
//!
//! ## Core idea
//!
//! In Ruby, `can?(:flag)` is a runtime policy check you could forget.
//! In Rust, `Proof<C>` is a zero-sized token that can only be obtained
//! by verifying a capability — if a function demands it, the compiler
//! refuses to build code that skips the check.
//!
//! ## Three layers of authorization
//!
//! | Layer | Ruby gem | Rust crate |
//! |-------|----------|-----------|
//! | Tool visibility | `authorization :flag` | `authorize("tool", "flag")` |
//! | Field shaping | `@requires(:flag)` on param | `#[requires("flag")]` on field |
//! | Variant shaping | `@requires(:flag)` on variant | `#[requires("flag")]` on enum variant |
//!
//! ## Quick example
//!
//! ```rust
//! use mcp_authorization::{Capability, Proof, AuthContext};
//!
//! // Define a capability as a zero-sized type
//! struct Admin;
//! impl Capability for Admin {
//! const NAME: &'static str = "admin";
//! }
//!
//! // A function that REQUIRES admin proof to call
//! fn delete_everything(_proof: Proof<Admin>) -> String {
//! "deleted".to_string()
//! }
//!
//! // At runtime: the check happens once, the proof flows through
//! let auth = AuthContext::new(vec!["admin"]);
//! if let Some(proof) = auth.check::<Admin>() {
//! delete_everything(proof); // compiles
//! }
//!
//! // Without the proof, this would not compile:
//! // delete_everything(???); // error[E0061]: missing argument
//! ```
// Re-exports for convenience
pub use ;
pub use AuthSchemaMetadata;
pub use ;
pub use SchemaShaper;
pub use AuthorizedServer;
// Re-export the derive macro
pub use AuthSchema;