pub struct Capabilities(/* private fields */);Expand description
What a source can do, plus two descriptive flags consumed by
doctor and the agent provisioning surface.
Per ADR-021 §1.1. The first five bits are operational —
the router refuses to dispatch an operation unless the
matching bit is set. The last two bits are descriptive —
they let agents and doctor reason about UX trade-offs
without trying the operation:
BIOMETRIC_PROMPT— the source may prompt for user-presence (TouchID, PIN, passphrase) on at least one of its operations in its default configuration. Single-bit flag on the source as a whole; the router does not infer per-operation cost from it.AUDIT_LOGGED— every read is durably logged on the upstream (Vault audit log, 1Password account activity). Surfaced indoctorso the user knows their reads are observable.
Typical declarations:
| Source | Capabilities |
|---|---|
| env-store | READ |
| keychain | READ | LIST | VALIDATE | WRITE |
| local-vault | READ | LIST | VALIDATE | WRITE | ROTATE | BIOMETRIC_PROMPT |
| 1password (cli) | READ | LIST | VALIDATE | BIOMETRIC_PROMPT | AUDIT_LOGGED |
| vault (kv v2) | READ | LIST | VALIDATE | WRITE | ROTATE | AUDIT_LOGGED |
Implementations§
Source§impl Capabilities
impl Capabilities
Sourcepub const VALIDATE: Self
pub const VALIDATE: Self
The source can validate that a reference is well-formed without round-tripping for the value.
Sourcepub const ROTATE: Self
pub const ROTATE: Self
The source can rotate (replace + invalidate prior) a
value at reference.
Sourcepub const BIOMETRIC_PROMPT: Self
pub const BIOMETRIC_PROMPT: Self
Descriptive — the source may prompt the user for biometrics / a PIN / a passphrase on at least one of its operations.
Sourcepub const AUDIT_LOGGED: Self
pub const AUDIT_LOGGED: Self
Descriptive — every read is observable in the upstream’s audit log.
Source§impl Capabilities
impl Capabilities
Sourcepub const fn bits(&self) -> u32
pub const fn bits(&self) -> u32
Get the underlying bits value.
The returned value is exactly the bits set in this flags value.
Sourcepub const fn from_bits(bits: u32) -> Option<Self>
pub const fn from_bits(bits: u32) -> Option<Self>
Convert from a bits value.
This method will return None if any unknown bits are set.
Sourcepub const fn from_bits_truncate(bits: u32) -> Self
pub const fn from_bits_truncate(bits: u32) -> Self
Convert from a bits value, unsetting any unknown bits.
Sourcepub const fn from_bits_retain(bits: u32) -> Self
pub const fn from_bits_retain(bits: u32) -> Self
Convert from a bits value exactly.
Sourcepub fn from_name(name: &str) -> Option<Self>
pub fn from_name(name: &str) -> Option<Self>
Get a flags value with the bits of a flag with the given name set.
This method will return None if name is empty or doesn’t
correspond to any named flag.
Sourcepub const fn intersects(&self, other: Self) -> bool
pub const fn intersects(&self, other: Self) -> bool
Whether any set bits in other are also set in self.
Sourcepub const fn contains(&self, other: Self) -> bool
pub const fn contains(&self, other: Self) -> bool
Whether all set bits in other are also set in self.
Sourcepub fn remove(&mut self, other: Self)
pub fn remove(&mut self, other: Self)
The intersection of self with the complement of other (&!).
This method is not equivalent to self & !other when other has unknown bits set.
remove won’t truncate other, but the ! operator will.
Sourcepub fn toggle(&mut self, other: Self)
pub fn toggle(&mut self, other: Self)
The bitwise exclusive-or (^) of the bits in self and other.
Sourcepub fn set(&mut self, other: Self, value: bool)
pub fn set(&mut self, other: Self, value: bool)
Call insert when value is true or remove when value is false.
Sourcepub const fn intersection(self, other: Self) -> Self
pub const fn intersection(self, other: Self) -> Self
The bitwise and (&) of the bits in self and other.
Sourcepub const fn union(self, other: Self) -> Self
pub const fn union(self, other: Self) -> Self
The bitwise or (|) of the bits in self and other.
Sourcepub const fn difference(self, other: Self) -> Self
pub const fn difference(self, other: Self) -> Self
The intersection of self with the complement of other (&!).
This method is not equivalent to self & !other when other has unknown bits set.
difference won’t truncate other, but the ! operator will.
Sourcepub const fn symmetric_difference(self, other: Self) -> Self
pub const fn symmetric_difference(self, other: Self) -> Self
The bitwise exclusive-or (^) of the bits in self and other.
Sourcepub const fn complement(self) -> Self
pub const fn complement(self) -> Self
The bitwise negation (!) of the bits in self, truncating the result.
Source§impl Capabilities
impl Capabilities
Sourcepub const fn iter(&self) -> Iter<Capabilities>
pub const fn iter(&self) -> Iter<Capabilities>
Yield a set of contained flags values.
Each yielded flags value will correspond to a defined named flag. Any unknown bits will be yielded together as a final flags value.
Sourcepub const fn iter_names(&self) -> IterNames<Capabilities>
pub const fn iter_names(&self) -> IterNames<Capabilities>
Yield a set of contained named flags values.
This method is like iter, except only yields bits in contained named flags.
Any unknown bits, or bits not corresponding to a contained flag will not be yielded.
Trait Implementations§
Source§impl Binary for Capabilities
impl Binary for Capabilities
Source§impl BitAnd for Capabilities
impl BitAnd for Capabilities
Source§impl BitAndAssign for Capabilities
impl BitAndAssign for Capabilities
Source§fn bitand_assign(&mut self, other: Self)
fn bitand_assign(&mut self, other: Self)
The bitwise and (&) of the bits in self and other.
Source§impl BitOr for Capabilities
impl BitOr for Capabilities
Source§fn bitor(self, other: Capabilities) -> Self
fn bitor(self, other: Capabilities) -> Self
The bitwise or (|) of the bits in self and other.
Source§type Output = Capabilities
type Output = Capabilities
| operator.Source§impl BitOrAssign for Capabilities
impl BitOrAssign for Capabilities
Source§fn bitor_assign(&mut self, other: Self)
fn bitor_assign(&mut self, other: Self)
The bitwise or (|) of the bits in self and other.
Source§impl BitXor for Capabilities
impl BitXor for Capabilities
Source§impl BitXorAssign for Capabilities
impl BitXorAssign for Capabilities
Source§fn bitxor_assign(&mut self, other: Self)
fn bitxor_assign(&mut self, other: Self)
The bitwise exclusive-or (^) of the bits in self and other.
Source§impl Clone for Capabilities
impl Clone for Capabilities
Source§fn clone(&self) -> Capabilities
fn clone(&self) -> Capabilities
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for Capabilities
impl Debug for Capabilities
Source§impl Default for Capabilities
impl Default for Capabilities
Source§fn default() -> Capabilities
fn default() -> Capabilities
Source§impl Extend<Capabilities> for Capabilities
impl Extend<Capabilities> for Capabilities
Source§fn extend<T: IntoIterator<Item = Self>>(&mut self, iterator: T)
fn extend<T: IntoIterator<Item = Self>>(&mut self, iterator: T)
The bitwise or (|) of the bits in each flags value.
Source§fn extend_one(&mut self, item: A)
fn extend_one(&mut self, item: A)
extend_one)Source§fn extend_reserve(&mut self, additional: usize)
fn extend_reserve(&mut self, additional: usize)
extend_one)Source§impl Flags for Capabilities
impl Flags for Capabilities
Source§const FLAGS: &'static [Flag<Capabilities>]
const FLAGS: &'static [Flag<Capabilities>]
Source§fn from_bits_retain(bits: u32) -> Capabilities
fn from_bits_retain(bits: u32) -> Capabilities
Source§fn known_bits(&self) -> Self::Bits
fn known_bits(&self) -> Self::Bits
Source§fn unknown_bits(&self) -> Self::Bits
fn unknown_bits(&self) -> Self::Bits
Source§fn contains_unknown_bits(&self) -> bool
fn contains_unknown_bits(&self) -> bool
true if any unknown bits are set.Source§fn from_bits_truncate(bits: Self::Bits) -> Self
fn from_bits_truncate(bits: Self::Bits) -> Self
Source§fn from_name(name: &str) -> Option<Self>
fn from_name(name: &str) -> Option<Self>
Source§fn iter_names(&self) -> IterNames<Self>
fn iter_names(&self) -> IterNames<Self>
Source§fn iter_defined_names() -> IterDefinedNames<Self>
fn iter_defined_names() -> IterDefinedNames<Self>
Self::FLAGS.Source§fn intersects(&self, other: Self) -> boolwhere
Self: Sized,
fn intersects(&self, other: Self) -> boolwhere
Self: Sized,
other are also set in self.Source§fn contains(&self, other: Self) -> boolwhere
Self: Sized,
fn contains(&self, other: Self) -> boolwhere
Self: Sized,
other are also set in self.Source§fn insert(&mut self, other: Self)where
Self: Sized,
fn insert(&mut self, other: Self)where
Self: Sized,
|) of the bits in self and other.Source§fn toggle(&mut self, other: Self)where
Self: Sized,
fn toggle(&mut self, other: Self)where
Self: Sized,
^) of the bits in self and other.Source§fn intersection(self, other: Self) -> Self
fn intersection(self, other: Self) -> Self
&) of the bits in self and other.Source§fn difference(self, other: Self) -> Self
fn difference(self, other: Self) -> Self
Source§fn symmetric_difference(self, other: Self) -> Self
fn symmetric_difference(self, other: Self) -> Self
^) of the bits in self and other.Source§fn complement(self) -> Self
fn complement(self) -> Self
!) of the bits in self, truncating the result.Source§impl FromIterator<Capabilities> for Capabilities
impl FromIterator<Capabilities> for Capabilities
Source§fn from_iter<T: IntoIterator<Item = Self>>(iterator: T) -> Self
fn from_iter<T: IntoIterator<Item = Self>>(iterator: T) -> Self
The bitwise or (|) of the bits in each flags value.
Source§impl Hash for Capabilities
impl Hash for Capabilities
Source§impl IntoIterator for Capabilities
impl IntoIterator for Capabilities
Source§impl LowerHex for Capabilities
impl LowerHex for Capabilities
Source§impl Not for Capabilities
impl Not for Capabilities
Source§impl Octal for Capabilities
impl Octal for Capabilities
Source§impl PartialEq for Capabilities
impl PartialEq for Capabilities
Source§fn eq(&self, other: &Capabilities) -> bool
fn eq(&self, other: &Capabilities) -> bool
self and other values to be equal, and is used by ==.Source§impl PublicFlags for Capabilities
impl PublicFlags for Capabilities
Source§impl Sub for Capabilities
impl Sub for Capabilities
Source§fn sub(self, other: Self) -> Self
fn sub(self, other: Self) -> Self
The intersection of self with the complement of other (&!).
This method is not equivalent to self & !other when other has unknown bits set.
difference won’t truncate other, but the ! operator will.
Source§type Output = Capabilities
type Output = Capabilities
- operator.Source§impl SubAssign for Capabilities
impl SubAssign for Capabilities
Source§fn sub_assign(&mut self, other: Self)
fn sub_assign(&mut self, other: Self)
The intersection of self with the complement of other (&!).
This method is not equivalent to self & !other when other has unknown bits set.
difference won’t truncate other, but the ! operator will.
Source§impl UpperHex for Capabilities
impl UpperHex for Capabilities
impl Copy for Capabilities
impl Eq for Capabilities
impl StructuralPartialEq for Capabilities
Auto Trait Implementations§
impl Freeze for Capabilities
impl RefUnwindSafe for Capabilities
impl Send for Capabilities
impl Sync for Capabilities
impl Unpin for Capabilities
impl UnsafeUnpin for Capabilities
impl UnwindSafe for Capabilities
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.