Enum Capability 

#[non_exhaustive]
pub enum Capability {
    Network {
        allow: Vec<SmolStr>,
    },
    Filesystem {
        read: Vec<SmolStr>,
        write: Vec<SmolStr>,
    },
    HostQuery {
        read_only: bool,
        scopes: Vec<SmolStr>,
    },
    Kms {
        key_ids: Vec<SmolStr>,
    },
    Secret {
        ids: Vec<SmolStr>,
    },
    Lock {
        granularity: LockGranularity,
    },
    Config {
        keys: Vec<SmolStr>,
    },
    PluginStorage,
    ScalarFn,
    AggregateFn,
    WindowFn,
    Procedure,
    ProcedureWrites,
    ProcedureSchema,
    ProcedureDbms,
    LocyAggregate,
    LocyPredicate,
    Operator,
    Index,
    Storage,
    Algorithm,
    Crdt,
    Hook,
    Trigger,
    BackgroundJob {
        max_concurrent: u32,
    },
    Type,
    Auth,
    Authz,
    Connector,
    Collation,
    Cdc,
    Catalog,
    PluginDeclare,
    MemoryBytes(u64),
    FuelPerCall(u64),
    WallClockMillisPerCall(u64),
    ConcurrentInstances(u32),
    TotalMemoryBytes(u64),
    MaxResultRows(u64),
}

A single permission grant.

Capability is the leaf node of the permission model. A CapabilitySet is a collection of capabilities.

Variants (Non-exhaustive)

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

Network

HTTP / TCP egress; allow-list of URI patterns.

Fields

allow: Vec<SmolStr>

Glob patterns of permitted URIs (https://api.example/**). Defaults to empty (deny-all) so a bare "network" declaration grants no egress until patterns are specified.

Filesystem

Filesystem read / write access with per-direction path patterns.

Fields

read: Vec<SmolStr>

Glob patterns of readable paths (empty = deny-all).

write: Vec<SmolStr>

Glob patterns of writable paths (empty = deny-all).

HostQuery

Invoking Cypher / Locy queries back into the host session.

Fields

read_only: bool

If true, only read queries are permitted.

scopes: Vec<SmolStr>

Optional scope-restriction (label / edge-type prefixes).

Kms

KMS access for sign / verify operations.

Fields

key_ids: Vec<SmolStr>

Permitted key identifiers (empty = deny-all).

Secret

Acquiring named secret handles (opaque to the plugin).

Fields

ids: Vec<SmolStr>

Permitted secret identifiers (empty = deny-all).

Lock

Explicit lock primitives (host.lock_nodes, host.lock_edges).

Fields

granularity: LockGranularity

Granularity of locks permitted.

Config

Scoped configuration K/V access (host.config_get).

Fields

keys: Vec<SmolStr>

Patterns of permitted config keys (empty = deny-all).

PluginStorage

Per-plugin K/V store (scoped namespace).

ScalarFn

Register Cypher scalar functions.

AggregateFn

Register Cypher aggregate functions.

WindowFn

Register Cypher window functions.

Procedure

Register Cypher procedures (read-only mode).

ProcedureWrites

Register procedures that may mutate the graph.

ProcedureSchema

Register procedures that may issue DDL.

ProcedureDbms

Register administrative procedures.

LocyAggregate

Register Locy aggregate functions.

LocyPredicate

Register Locy predicates (including neural).

Operator

Register physical operators / optimizer rules.

Index

Register index kinds.

Storage

Register storage backends by URI scheme.

Algorithm

Register graph algorithms.

Crdt

Register CRDT kinds.

Hook

Register session / query lifecycle hooks.

Trigger

Register fine-grained mutation triggers.

BackgroundJob

Register background / scheduled jobs.

Fields

max_concurrent: u32

Maximum concurrent invocations of this plugin’s jobs.

Type

Register logical (Arrow extension) types.

Auth

Register authentication providers.

Authz

Register authorization policies.

Connector

Register wire / connector protocols.

Collation

Register collations (sort orders).

Cdc

Register CDC output sinks.

Catalog

Register catalogs / virtual schemas.

PluginDeclare

Authority to call meta-procedures (uni.plugin.declare*).

MemoryBytes(u64)

Maximum wasm linear memory per instance.

FuelPerCall(u64)

Maximum wasmtime fuel per call.

WallClockMillisPerCall(u64)

Maximum wall-clock milliseconds per call.

ConcurrentInstances(u32)

Maximum concurrent instances in the wasm pool.

TotalMemoryBytes(u64)

Maximum total memory across all instances.

MaxResultRows(u64)

Cap on rows yielded by a procedure.

Implementations

impl Capability

pub fn network_allows(&self, url: &str) -> bool

True if this is a Capability::Network grant whose allow-list matches url.

Used for layer-3 (call-time) attenuation of uni.http.* host fns: a granted Network { allow } only permits URLs matching one of its patterns. Non-Network capabilities never match.

pub fn kms_allows(&self, key_id: &str) -> bool

True if this is a Capability::Kms grant permitting key_id.

pub fn secret_allows(&self, id: &str) -> bool

True if this is a Capability::Secret grant permitting id.

pub fn filesystem_read_allows(&self, path: &str) -> bool

True if this is a Capability::Filesystem grant whose read allow-list matches path.

Patterns are matched with wildcard_match (path-opaque — * and ** both span /), which suits the /data/**-style grants in use.

pub fn filesystem_write_allows(&self, path: &str) -> bool

True if this is a Capability::Filesystem grant whose write allow-list matches path.

Trait Implementations

impl Clone for Capability

fn clone(&self) -> Capability

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Capability

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Capability

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Eq for Capability

impl Ord for Capability

fn cmp(&self, other: &Capability) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl PartialEq for Capability

fn eq(&self, other: &Capability) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for Capability

fn partial_cmp(&self, other: &Capability) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl Serialize for Capability

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for Capability