nythos-core 0.2.1

#![allow(async_fn_in_trait)]
//!
//! Public core library for Nythos.
//!
//! `nythos-core` contains implemented domain models, orchestration services,
//! and trait contracts only.
//! It intentionally excludes HTTP, storage drivers, and other infrastructure.
//! The OAuth surface is decision-first: gateway/provider adapters verify OAuth
//! data and pass `VerifiedExternalProfile` into core, then core returns explicit
//! login or linking outcomes without issuing OAuth sessions or creating users.
//! The crate root re-exports the main public surface, with grouped access also
//! available under `auth`, `domain`, `ports`, `rbac`, `session`, and `error`.

pub mod auth;
pub mod domain;
pub mod error;
pub mod ports;
pub mod rbac;
pub mod session;

pub use auth::{
    AccessToken, Claims, LoginAuthMaterial, LoginInput, LoginService, OAuthLoginOutcome,
    OAuthLoginService, PasswordHash, RefreshAuthMaterial, RefreshInput, RefreshService,
    RegisterAuthMaterial, RegisterInput, RegisterResult, RegisterService, RevokeAllSessionsInput,
    RevokeAllSessionsService, RevokeResult, RevokeSessionInput, RevokeSessionService, TokenPurpose,
};
pub use domain::{
    DisplayName, Email, ExternalIdentity, LoginIdentifier, OAuthProviderKind, Password, RoleId,
    SessionId, Tenant, TenantAuthPolicy, TenantId, TenantOAuthProviderConfig, TenantSettings, User,
    UserId, UserStatus, Username, VerifiedExternalProfile,
};
pub use error::{AuthError, NythosResult};
pub use ports::{
    ExternalIdentityRepository, NewUser, PasswordHasher, RefreshTokenRotation, RevocationChecker,
    RoleAssignmentInput, RoleRepository, SessionRecord, SessionStore,
    TenantOAuthProviderConfigPort, TenantPolicyPort, TokenSigner, UserCredentials, UserRepository,
};
pub use rbac::{Permission, Role, RoleAssignment, RoleRegistry};
pub use session::{RefreshToken, Session};