nexo_pairing/lib.rs
1//! Pairing protocol.
2//!
3//! Two coexisting protocols:
4//!
5//! - **DM challenge** — opt-in inbound allowlist. A plugin (whatsapp,
6//! telegram, …) calls [`PairingGate::should_admit`] before publishing
7//! to the broker. Unknown senders get a one-time human-friendly code
8//! and the operator approves them via CLI / admin-ui.
9//! - **Setup-code** — operator-initiated. `agent pair start` issues a
10//! short-lived HMAC-signed bearer token + a gateway URL, packs them
11//! into a base64url payload, and renders a QR. A companion app
12//! scans, opens the WS, presents the token, and gets a session
13//! token in return.
14//!
15//! This crate is a *leaf*: it does not depend on `nexo-core` or any
16//! plugin crate. The bin (`src/main.rs`) wires the store + the gate
17//! into the plugins, and registers the CLI subcommand.
18
19pub mod adapter;
20pub mod code;
21pub mod gate;
22pub mod generic_adapter;
23pub mod plugin_admin;
24pub mod plugin_http;
25pub mod plugin_metrics;
26pub mod plugin_poller;
27pub mod qr;
28pub mod registry;
29pub mod session_store;
30pub mod setup_code;
31pub mod store;
32pub mod telemetry;
33pub mod types;
34pub mod url_resolver;
35
36pub use adapter::PairingChannelAdapter;
37pub use gate::PairingGate;
38pub use registry::PairingAdapterRegistry;
39pub use session_store::{PairingSessionStore, SessionRow};
40pub use setup_code::SetupCodeIssuer;
41pub use store::PairingStore;
42pub use types::{
43 AllowedSender, ApprovedRequest, Decision, PairingError, PairingPolicy, PendingRequest,
44 SetupCode, TokenClaims, UpsertOutcome,
45};