tryaudex-core 0.1.5

Core library for Audex — session management, policy engine, credential brokering
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

# tryaudex-core

Core library for [Audex](https://github.com/Aditya-PS-05/tryaudex) — scoped, short-lived cloud credentials for AI coding agents.

## What it provides

- **Policy engine** — Parse IAM actions (`s3:GetObject,lambda:Update*`) into inline session policies with deny list enforcement and wildcard matching
- **Credential issuance** — AWS STS `AssumeRole`, GCP service account impersonation, Azure CLI credentials, and HashiCorp Vault backend
- **Session management** — Create, persist, list, and kill credential sessions with full lifecycle tracking
- **Audit logging** — Append-only JSONL audit trail with HMAC chain integrity verification and secrets redaction
- **Multi-cloud support** — Unified policy syntax (`storage:read`) that maps to provider-specific actions across AWS, GCP, and Azure
- **Smart features** — TTL estimation from commands, credential caching, auto-suggest on AccessDenied, policy learning from CloudTrail

## Usage

```rust
use tryaudex_core::policy::Policy;
use tryaudex_core::session::SessionStore;
use tryaudex_core::credentials::CredentialIssuer;

// Parse a policy
let policy = Policy::from_allow_str("s3:GetObject,s3:ListBucket")?;

// Issue scoped credentials
let issuer = CredentialIssuer::new(role_arn);
let creds = issuer.issue(&policy, ttl).await?;

// Manage sessions
let store = SessionStore::new()?;
let sessions = store.list()?;
```

## Feature overview

| Module | Purpose |
|--------|---------|
| `policy` | IAM policy parsing, profiles, deny lists, network conditions |
| `credentials` | AWS STS credential issuance with permissions boundaries |
| `gcp` | GCP service account impersonation |
| `azure` | Azure CLI credential issuance |
| `vault` | HashiCorp Vault AWS secrets engine backend |
| `session` | Session CRUD, kill, credential caching |
| `audit` | JSONL audit trail with structured events |
| `integrity` | HMAC-SHA256 chain for tamper detection |
| `leakdetect` | Credential leak scanning and secrets redaction |
| `config` | TOML config file parsing |
| `smart_ttl` | Command-aware TTL estimation |
| `universal` | Cloud-agnostic permission mapping |
| `intent` | Natural language to IAM policy via Claude API |

## License

MIT — see [LICENSE](https://github.com/Aditya-PS-05/tryaudex/blob/main/LICENSE)