Expand description
Pluggable authorization gate for verb dispatch.
The runtime consults a Gate impl before dispatching each verb. The default
AllowAllGate is permissive. For production enforcement, plug a Rego-backed
or capability-witness-backed impl into RuntimeConfig.gate.
Wire types validate invariants at construction and deserialization boundaries.
Structs§
- Actor
Ref - Caller identity.
kinddistinguishes user vs agent vs lambda etc. - Allow
AllGate - Permissive gate — every request is allowed with no obligations.
- Audit
Event - Structured audit record emitted once per gate consultation.
- Gate
Context - Per-request context — session, timing, transport source.
- Gate
Request - What the gate sees on every verb invocation.
Enums§
- Audit
Decision - The outcome field of an
AuditEvent, serialised as"allow"/"deny". - Gate
Decision - Gate decision: allow (with optional obligations) or deny (with reason).
- Gate
Error - Errors returned by
crate::Gate::check. - Gate
Validation Error - Validation error for gate wire types.
- Obligation
- Side-effects a policy may attach to an
Allowdecision.
Traits§
- Gate
- Authorization gate consulted before each verb dispatch.
Type Aliases§
- GateRef
- Shareable handle to a
Gateimpl.