Re-exports§
pub use graph_id::GraphId;pub use identity::AuthSource;pub use identity::GraphKey;pub use identity::ResolvedActor;pub use identity::Scope;pub use identity::TenantId;pub use registry::GraphHandle;pub use registry::GraphRegistry;pub use registry::InsertError;pub use registry::RegistryLookup;pub use registry::RegistrySnapshot;pub use auth::AWS_SECRET_ENV;pub use auth::EnvOrFileTokenSource;pub use auth::TokenSource;pub use auth::resolve_token_source;pub use config::AliasCommand;pub use config::AliasConfig;pub use config::CliDefaults;pub use config::DEFAULT_CONFIG_FILE;pub use config::OmnigraphConfig;pub use config::PolicySettings;pub use config::ProjectConfig;pub use config::QueryDefaults;pub use config::ReadOutputFormat;pub use config::ServerDefaults;pub use config::TableCellLayout;pub use config::TargetConfig;pub use config::graph_resource_id_for_selection;pub use config::load_config;
Modules§
- api
- auth
- Bearer token sources.
- config
- graph_
id GraphId— registry-level identity for a graph in multi-graph mode (MR-668).- identity
- Identity types for the multi-graph server (MR-668) + forward-compatible shapes for Cloud mode (RFC 0003) and OAuth provider (RFC 0004).
- policy
- queries
- Stored-query registry.
- registry
GraphRegistry— the multi-graph routing substrate (MR-668).- workload
- Per-actor admission control for the HTTP server (MR-686 §VII.A).
Structs§
- ApiDoc
- ApiError
- AppState
- Graph
Startup Config - One graph’s startup-time configuration: id, opened URI, optional
per-graph policy file path. Constructed by
load_server_settingsin multi mode; consumed byserve’s parallel open loop. - Policy
Compiler - Policy
Config - Policy
Decision - Policy
Engine - Policy
Request - What a caller wants to do, sans identity. Actor identity flows
through a separate
actor_id: &strparameter onPolicyEngine::authorize/PolicyChecker::check— encoding the architectural invariant that actor identity is server-authoritative and must not be supplied by the same code path that supplies the requested action. In the HTTP layer, the bearer-token middleware resolves the actor and passes it independently; clients cannot smuggle identity inside this struct. - Policy
Test Config - Server
Config
Enums§
- Graph
Routing - Runtime routing for the server. Single mode = legacy
omnigraph-server <URI>invocation, one graph, flat HTTP routes. Multi mode =--config omnigraph.yamlwith a non-emptygraphs:map, N graphs, cluster routes (/graphs/{graph_id}/...). Mode is determined at startup byload_server_settings. - Policy
Action - Policy
Expectation - Policy
Resource Kind - Which Cedar entity an action’s policies apply to. Internal to
omnigraph-policy— drives thecompile_policy_sourcetemplate and the request-time resource UID construction. - Server
Config Mode - What
load_server_settingsproduces after applying the four-rule mode inference matrix (MR-668 decision 2). - Server
Runtime State - MR-723 server runtime state, classified from the three-state matrix of (bearer tokens configured) × (policy file configured) at startup.
Functions§
- build_
app - classify_
server_ runtime_ state - Compute the
ServerRuntimeStatefrom the configured inputs. Pulled out as a pure function so the matrix is unit-testable without standing up the full server. - init_
tracing - load_
server_ settings - serve
- server_
config_ is_ multi - Whether the loaded config will run the server in multi-graph mode.
Useful for the test that constructs
ServerConfigdirectly.