Skip to main content

orcs_runtime/auth/
mod.rs

1//! Authentication and authorization for ORCS CLI.
2//!
3//! Core types ([`Session`], [`PrivilegeLevel`]) are defined in `orcs-auth`.
4//! This module provides runtime-specific implementations:
5//!
6//! - [`DefaultPolicy`]: Concrete [`PermissionChecker`] with session-based access control
7//! - [`DefaultGrantStore`]: Concrete [`GrantPolicy`] (in-memory grant store)
8//! - [`CommandCheckResult`]: HIL-aware command check result (with `ApprovalRequest`)
9//!
10//! # Architecture
11//!
12//! ```text
13//! orcs-auth (traits + data types)
14//!     Session, PrivilegeLevel, PermissionPolicy, GrantPolicy, CommandPermission
15//!         ↓
16//! orcs-runtime/auth (implementations)
17//!     PermissionChecker, DefaultPolicy, DefaultGrantStore, CommandCheckResult
18//! ```
19
20mod checker;
21mod command_check;
22mod grant_store;
23// Re-export from orcs-auth (thin wrappers for backward compatibility)
24mod privilege;
25mod session;
26
27pub use checker::{DefaultPolicy, PermissionChecker};
28pub use command_check::CommandCheckResult;
29pub use grant_store::DefaultGrantStore;
30pub use privilege::PrivilegeLevel;
31pub use session::Session;
32
33// Re-export from orcs-auth for convenience
34pub use orcs_auth::{AccessDenied, CommandPermission, GrantPolicy, PermissionPolicy};
35
36// Re-export Principal from orcs_types for convenience
37pub use orcs_types::Principal;