road-runner-common 0.9.0

Shared Rust utilities for exchange ecosystem backend services.
Documentation
//! Embedded authorization: verify + evaluate the signed authz snapshot published by
//! cex-policy, and enforce per-endpoint permissions.
//!
//! - Pure core (feature `authz`): [`model`], [`verify`], [`pdp`], [`pep`], [`manifest`].
//! - Live wiring (feature `authz-kafka`): [`consumer`] (snapshot follower) and
//!   [`audit`] (async decision sink).
//!
//! Typical service wiring:
//! ```ignore
//! let pdp = std::sync::Arc::new(authz::Pdp::new());
//! let verifier = authz::SnapshotVerifier::from_env()?;
//! authz::spawn_snapshot_consumer(pdp.clone(), verifier, cfg, move || bootstrap_fetch());
//! // per endpoint:
//! authz::require(&pdp, &user_ctx, "finance:write")?;
//! ```

pub mod manifest;
pub mod model;
pub mod pdp;
pub mod pep;
pub mod verify;

pub use manifest::{ManifestEntry, PermissionManifest};
pub use pdp::{Decision, DenyReason, Pdp};
pub use pep::{evaluate, require};
pub use verify::{SnapshotVerifier, VerifyError};

#[cfg(feature = "authz-kafka")]
pub mod audit;
#[cfg(feature = "authz-kafka")]
pub mod consumer;

#[cfg(feature = "authz-kafka")]
pub use audit::{DecisionAuditSink, DecisionEvent};
#[cfg(feature = "authz-kafka")]
pub use consumer::{spawn_snapshot_consumer, SnapshotConsumerConfig};