Skip to main content

nexo_pairing/
lib.rs

1//! Phase 26 — pairing protocol.
2//!
3//! Two coexisting protocols:
4//!
5//! - **DM challenge** — opt-in inbound allowlist. A plugin (whatsapp,
6//!   telegram, …) calls [`PairingGate::should_admit`] before publishing
7//!   to the broker. Unknown senders get a one-time human-friendly code
8//!   and the operator approves them via CLI / admin-ui.
9//! - **Setup-code** — operator-initiated. `agent pair start` issues a
10//!   short-lived HMAC-signed bearer token + a gateway URL, packs them
11//!   into a base64url payload, and renders a QR. A companion app
12//!   scans, opens the WS, presents the token, and gets a session
13//!   token in return.
14//!
15//! This crate is a *leaf*: it does not depend on `nexo-core` or any
16//! plugin crate. The bin (`src/main.rs`) wires the store + the gate
17//! into the plugins, and registers the CLI subcommand.
18
19pub mod adapter;
20pub mod code;
21pub mod gate;
22pub mod qr;
23pub mod registry;
24pub mod session_store;
25pub mod setup_code;
26pub mod store;
27pub mod telemetry;
28pub mod types;
29pub mod url_resolver;
30
31pub use adapter::PairingChannelAdapter;
32pub use gate::PairingGate;
33pub use registry::PairingAdapterRegistry;
34pub use session_store::{PairingSessionStore, SessionRow};
35pub use setup_code::SetupCodeIssuer;
36pub use store::PairingStore;
37pub use types::{
38    AllowedSender, ApprovedRequest, Decision, PairingError, PairingPolicy, PendingRequest,
39    SetupCode, TokenClaims, UpsertOutcome,
40};