Expand description
Axum middleware for policy and RBAC enforcement on HTTP routes.
Maps HTTP write operations (PUT, POST, DELETE, PATCH) to synthetic
tool names and evaluates them against the PolicyEngine. Read
operations pass through without policy checks.
After policy evaluation, RBAC is enforced based on the session tier derived from the session ID prefix:
site-assets:/site-content:→ public (anonymous read-only)vault:→ user (only the owning user may read/write)agent:→ agent (only the owning agent may access)- Anything else → default (no additional RBAC restriction)
Functions§
- policy_
middleware - Axum middleware that evaluates write operations against the policy engine and enforces RBAC tier restrictions.