inferadb/
lib.rs

1//! # InferaDB Rust SDK
2//!
3//! Official Rust SDK for the InferaDB authorization service.
4//!
5//! ## Quick Start
6//!
7//! ```rust,ignore
8//! use inferadb::prelude::*;
9//!
10//! #[tokio::main]
11//! async fn main() -> Result<(), inferadb::Error> {
12//!     // Create client
13//!     let client = Client::builder()
14//!         .url("https://api.inferadb.com")
15//!         .credentials(ClientCredentialsConfig {
16//!             client_id: "your-client-id".into(),
17//!             private_key: Ed25519PrivateKey::from_pem_file("private-key.pem")?,
18//!             certificate_id: None,
19//!         })
20//!         .build()
21//!         .await?;
22//!
23//!     // Get vault context
24//!     let vault = client.organization("org_...").vault("vlt_...");
25//!
26//!     // Check permission
27//!     let allowed = vault.check("user:alice", "view", "document:readme").await?;
28//!     println!("Allowed: {}", allowed);
29//!
30//!     Ok(())
31//! }
32//! ```
33//!
34//! ## Key Concepts
35//!
36//! - **Client Hierarchy**: `Client` → `OrganizationClient` → `VaultClient`
37//! - **Argument Order**: `check(subject, permission, resource)` - "Can subject do X to resource?"
38//! - **Relationship Order**: `Relationship::new(resource, relation, subject)` - "resource has relation subject"
39//! - **Denial ≠ Error**: `check()` returns `Ok(false)` for denied access, not `Err`
40//!
41//! ## Features
42//!
43//! - `grpc` (default): Enable gRPC transport via tonic
44//! - `rest` (default): Enable REST transport via reqwest
45//! - `rustls` (default): Use rustls for TLS
46//! - `native-tls`: Use native TLS (OpenSSL on Linux, Secure Transport on macOS)
47//! - `tracing`: Enable tracing integration
48//! - `blocking`: Enable blocking API
49//! - `derive`: Enable derive macros for type-safe schemas
50//! - `wasm`: Enable WASM/browser support (REST only)
51//!
52//! ## Minimum Supported Rust Version
53//!
54//! This crate requires Rust **1.88.0** or later (MSRV). We target two releases
55//! behind stable where possible. See the [CHANGELOG] for MSRV increase notices.
56//!
57//! [CHANGELOG]: https://github.com/inferadb/rust/blob/main/CHANGELOG.md
58
59#![cfg_attr(docsrs, feature(doc_cfg))]
60// Documentation lints
61#![warn(missing_docs)]
62#![warn(rustdoc::broken_intra_doc_links)]
63#![warn(rustdoc::private_intra_doc_links)]
64#![warn(rustdoc::invalid_codeblock_attributes)]
65#![warn(rustdoc::invalid_html_tags)]
66#![warn(rustdoc::bare_urls)]
67// Code quality lints
68#![warn(clippy::all)]
69#![deny(unsafe_code)]
70
71// Core modules
72pub mod auth;
73pub mod client;
74pub mod config;
75pub mod error;
76pub mod types;
77pub mod vault;
78
79// Transport layer
80pub mod transport;
81
82// User-Agent generation (internal)
83mod user_agent;
84
85// Middleware
86pub mod middleware;
87
88// Control plane API
89pub mod control;
90
91// Testing utilities
92pub mod testing;
93
94// Tracing support
95#[cfg(feature = "tracing")]
96#[cfg_attr(docsrs, doc(cfg(feature = "tracing")))]
97pub mod tracing_support;
98
99// WASM support
100#[cfg(feature = "wasm")]
101#[cfg_attr(docsrs, doc(cfg(feature = "wasm")))]
102pub mod wasm;
103
104// Prelude for convenient imports
105pub mod prelude;
106
107// Re-export main types at crate root for convenience
108pub use client::{
109    Client, ClientBuilder, ComponentHealth, HealthResponse, HealthStatus, ReadinessCriteria,
110    ShutdownGuard, ShutdownHandle,
111};
112pub use error::{AccessDenied, Error, ErrorKind};
113pub use types::{
114    ConsistencyToken, Context, ContextValue, Decision, DecisionMetadata, DecisionReason, EntityRef,
115    ParseError, Relationship, Resource, Subject, SubjectRef,
116};
117pub use vault::VaultClient;
118
119// Re-export auth types
120pub use auth::{
121    BearerCredentialsConfig, ClientCredentialsConfig, Credentials, CredentialsProvider,
122    Ed25519PrivateKey,
123};
124
125// Re-export config types
126pub use config::{
127    CacheConfig, CircuitBreakerConfig, CircuitEvent, CircuitState, CircuitStats, DegradationConfig,
128    FailureMode, FailurePredicate, RetryConfig, TlsConfig,
129};
130
131// Re-export transport types
132pub use transport::{
133    FallbackReason, FallbackTrigger, GrpcStats, PoolConfig, RestStats, Transport, TransportEvent,
134    TransportStats, TransportStrategy,
135};
136
137// Testing support
138pub use testing::{AuthorizationClient, InMemoryClient, MockClient};
139
140// Re-export derive macros when feature is enabled
141#[cfg(feature = "derive")]
142#[cfg_attr(docsrs, doc(cfg(feature = "derive")))]
143pub mod derive {
144    //! Derive macros for Resource and Subject traits.
145    //!
146    //! Enable the `derive` feature to use these macros:
147    //!
148    //! ```toml
149    //! [dependencies]
150    //! inferadb = { version = "0.1", features = ["derive"] }
151    //! ```
152    //!
153    //! ## Example
154    //!
155    //! ```rust,ignore
156    //! use inferadb::derive::{Resource, Subject};
157    //!
158    //! #[derive(Resource)]
159    //! #[resource(type = "document")]
160    //! struct Document {
161    //!     #[resource(id)]
162    //!     id: String,
163    //! }
164    //!
165    //! #[derive(Subject)]
166    //! #[subject(type = "user")]
167    //! struct User {
168    //!     #[subject(id)]
169    //!     id: String,
170    //! }
171    //! ```
172    pub use inferadb_derive::{Resource, Subject};
173}
174
175#[cfg(test)]
176mod tests {
177    use super::*;
178
179    #[test]
180    fn test_crate_compiles() {
181        // Basic smoke test
182        let _ = ErrorKind::Unauthorized;
183    }
184}