rust_memex/security/mod.rs
1//! Namespace security configuration.
2//!
3//! Historically this module hosted `NamespaceAccessManager` + `TokenStore`: a
4//! single-token-per-namespace auth layer with a bespoke on-disk schema. That
5//! implementation was superseded by [`crate::auth::AuthManager`], which
6//! provides per-token scopes, namespace ACLs, argon2id-hashed storage, and
7//! rotation.
8//!
9//! What remains here is the runtime-configuration struct consumed by
10//! [`crate::ServerConfig`]. The rest of the legacy surface was deleted along
11//! with the Track C migration (v0.6.0). If you are looking for "how do I
12//! check access to a namespace?" — go to `crate::auth::AuthManager`.
13//!
14//! Vibecrafted with AI Agents by Loctree (c)2024-2026 The LibraxisAI Team
15
16use serde::{Deserialize, Serialize};
17
18/// Configuration for namespace security (token-based access control).
19///
20/// Preserved as a config DTO so CLI/file-config surfaces keep working. The
21/// actual enforcement now lives in [`crate::auth::AuthManager`]; this struct
22/// only tells the runtime *whether* to spin up an auth manager and where the
23/// token store lives on disk.
24#[derive(Debug, Clone, Default, Serialize, Deserialize)]
25pub struct NamespaceSecurityConfig {
26 /// Whether token-based access control is enabled.
27 ///
28 /// When `false`, the runtime wires up an `AuthManager` with an empty
29 /// store and no legacy token — every request is allowed.
30 #[serde(default)]
31 pub enabled: bool,
32 /// Path to the token store file (`tokens.json`, v2 schema).
33 ///
34 /// Defaults to `~/.rmcp-servers/rust-memex/tokens.json` when `enabled`
35 /// is set but no path is configured.
36 #[serde(default)]
37 pub token_store_path: Option<String>,
38}