Expand description
§Hessra Capability Schema
Declarative schemas for principals that own targets in a Hessra deployment. A schema names the targets a principal owns, the operations on each target, and the designations the principal requires at mint time for each operation.
Schemas are policy-side configuration: they tell the capability engine “the engine refuses to mint a capability for this target/operation unless these designations are attached.” This is the issuer-side guard against silently broadening capabilities by forgetting to designate.
§Reserved labels
Some designation labels are reserved for engine-built-in semantics and
cannot appear in required_designations. The schema validator rejects
them at load time with SchemaError::ReservedLabel. Currently:
"anchor": the principal that can verify a capability. Configured via policy (anchor_to_subject = trueoranchor = "<principal>") or viaMintOptions.anchor. Implemented in the token using the same designation mechanism as application labels but treated as a distinct concept."facet": a per-capability ULID-style identifier the engine attaches when forwarding facets are enabled. Pairs with an in-memory map the issuer-and-verifier engine consults, giving per-cap revocation and single-use-on-ack semantics.
See RESERVED_LABELS.
Structs§
- Operation
Schema - The schema for a single operation on a target.
- Schema
Registry - Registry of target schemas, populated from one or more TOML sources.
- Target
Schema - The schema for a single target object: the operations it exposes and the designations each operation requires.
Enums§
- Schema
Error - Errors from schema parsing and validation.
Constants§
- RESERVED_
LABELS - Designation labels that the engine handles through dedicated paths and
must not appear in any operation’s
required_designations.