pdk 1.7.0

Policy Development Kit
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

// Copyright (c) 2026, Salesforce, Inc.,
// All rights reserved.
// For full license text, see the LICENSE.txt file

//! PDK - Policy Development Kit
//!
//! Features
//! - `ll`: USE AT OWN RISK: low-level items that may change without notice. Exposes the low level implementation details.
//! - `experimental_metrics`: USE AT OWN RISK: this feature is experimental and might change without notice. Exposes the api for host metrics.
//! - `script_stream`: Enable the [`Evaluator`](script::Evaluator) to consume streamed payloads.

pub mod classy {
    //! Classy - an asynchronous policy development kit
    //!
    //! An abstraction layer over the proxy_wasm framework that transforms the event oriented framework into an async/await model.

    #[cfg(feature = "ll")]
    pub use classy::*;

    /// Re-export of the host calls of the proxy_wasm crate.
    pub use classy::proxy_wasm;
}

#[cfg(feature = "ll")]
pub use pdk_macros::{entrypoint, entrypoint_flex};

/// # High Level Framework
///
/// The PDK High Level Framework is the foundation for writing single-threaded
/// non-blocking filters as main building block for custom policies.
///
/// `pdk::hl` relies on a reduced portion of the Rust async ecosystem, due to the limitations
/// of the underlying WebAssembly platform and their single-threaded nature.
/// Despite being single-threaded, `pdk::hl` supports concurrent execution of
/// multiple incoming HTTP flows (Request/Response pairs).
pub mod hl {
    pub use classy::hl::*;
    pub use pdk_macros::{entrypoint, entrypoint_flex};
}

pub mod logger {
    //! Wrapper of the log package to enrich log messages with policy and request metadata.
    pub use pdk_core::logger::{debug, error, info, trace, warn};
}

pub mod authentication {
    //! Utils to access and share authentication data between filters.
    pub use pdk_core::policy_context::authentication::{
        Authentication, AuthenticationData, AuthenticationHandler,
    };
}

pub mod metadata {
    //! Exposes metadata for the policy.
    pub use pdk_core::policy_context::api::*;
}

pub mod jwt {
    //! JWT Library
    //!
    //! Library for JWT token validation. It provides JWT handling including
    //! signature validation, claims parsing and token extraction from HTTP headers.
    pub use jwt_lib::api::*;
}

pub mod cache {
    //! Cache Library
    //!
    //! A caching library that provides a simple [`Cache`] trait and a FIFO-based
    //! in-memory implementation. It is designed to be injected and configured during the policy
    //! configuration phase and supports both policy-isolated and shared caches across policies.
    pub use cache_lib::{builder::CacheBuilder, error::CacheError, Cache};
}

pub mod data_storage {
    //! Data Storage Library
    //!
    //! This library provides data storage functionality with support for:
    //!
    //! - Local and distributed data storage
    //! - Support for CAS (Compare-And-Swap) operations
    //! - Configurable storage modes (Always, Absent, CAS)
    //! - Asynchronous API for high-performance applications
    //!
    pub use data_storage_lib::*;
}

pub mod contracts {
    //! Contracts Library
    //!
    //! Library for validating client credentials against Anypoint Platform API contracts
    //! in Flex Gateway custom policies. It periodically fetches contracts from the
    //! platform and keeps a local cache to enable fast authentication and authorization
    //! decisions within the policy request path.
    pub use contracts_lib::*;
}

pub mod cors {
    //! CORS Library
    //!
    //! Library for validating CORS requests and producing CORS responses in Flex Gateway custom
    //! policies. It evaluates request headers against a provided configuration and
    //! returns the appropriate CORS response headers for preflight and main flows.
    pub use cors_lib::*;
}

pub mod lock {
    //! Lock Library
    //!
    //! Primitives for coordinating work among Flex Gateway workers and policies. Generated locks
    //! expire automatically if not refreshed and are released on drop.
    pub use lock_lib::*;
}

pub mod rl {
    //! Rate Limit Library
    //!
    //! Library which provides rate limiting functionality with support for both local and distributed
    //! storage backends.
    pub use rate_limit_lib::*;
}

pub mod ip_filter {
    //! IP Filter Library
    //!
    //! Library for filtering IP addresses.
    pub use ip_filter_lib::*;
}

pub mod token_introspection {
    //! Token Introspection Library
    //!
    //! Library for OAuth2/OpenID token introspection and validation.
    //! Provides token extraction, parsing, scope validation and caching utilities.
    pub use token_introspection_lib::*;
}

pub mod flex_abi {
    //! Flex ABI
    //!
    //! This library provides the Application Binary Interface (ABI) for PDK Flex policies,
    //! enabling communication between policy implementations and the Flex Gateway runtime.
    pub use pdk_flex_abi::api;
    pub use pdk_flex_abi::entrypoint;
}

pub mod script {
    //! Script Library
    //!
    //! An interpreter for script expressions and the set of operations and types to interoperate with Rust.
    pub use pdk_script::*;
}

pub mod policy_violation {
    //! Information regarding if a policy from the chain reached a scenario that can be considered
    //! an expected error. E.g. a policy that checks credentials and they were invalid.
    pub use pdk_core::policy_context::policy_violation::*;
}

pub mod serde {
    //! Serializing and deserializing of service names.
    pub use pdk_core::client::{
        deserialize_service, deserialize_service_opt, deserialize_service_opt_vec,
        deserialize_service_vec, service_name,
    };
}

#[doc(hidden)]
pub mod __internal {
    //! Internal module for PDK
    //!
    //! This module contains internal types and functions that are not intended to be used
    //! directly by policy authors.
    //! They are the wrappers needed to declare the contexts for the proxy wasm environment.
    pub use pdk_core::host::context::root::RootContextAdapter;
    pub use pdk_core::init::configure;
}

#[cfg(feature = "ll")]
pub mod policy_context {
    //! Policy context related APIs to access Flex policy data.
    pub use pdk_core::policy_context::*;
}

#[cfg(feature = "experimental_metrics")]
pub mod metrics {
    //! Metrics Library
    //!
    //! USE AT OWN RISK: The metrics library is experimental and subject to change.
    //!
    //! Exposes interfaces to handle counters and gauges for custom policies.
    pub use metrics_lib::*;
}