Expand description
Visibility and access-policy evaluation for commands. Runtime command visibility and access policy evaluation.
This module exists to answer two related questions consistently: should a command be shown, and may the current caller run it? Command metadata can carry coarse auth requirements, but this module owns the normalized runtime evaluation rules.
In broad terms:
crate::core::command_policy::CommandPolicydescribes one command’s visibility and prerequisitescrate::core::command_policy::CommandPolicyContextcaptures the runtime facts used during evaluationcrate::core::command_policy::evaluate_policyturns the two into a concrete access decisioncrate::core::command_policy::CommandPolicyRegistrystores policies and applies per-path overrides
Contract:
- this module owns normalized policy evaluation, not command metadata shape
- visibility and runnability are distinct outcomes and should stay distinct
- callers should rely on the returned
crate::core::command_policy::CommandAccessinstead of re-deriving access rules ad hoc
Public API shape:
crate::core::command_policy::CommandPolicyremains a fluent semantic policy DSLcrate::core::command_policy::CommandPolicyOverrideuses an explicit constructor pluswith_*normalization helpers so overrides follow the same normalization rules as base policies
Structs§
- Command
Access - Effective access decision for a command under a specific context.
- Command
Path - Normalized command path used as the lookup key for policy evaluation.
- Command
Policy - Declarative policy used to decide whether a command is visible and runnable.
- Command
Policy Context - Runtime facts used to evaluate a command policy.
- Command
Policy Override - Partial override applied on top of a registered
CommandPolicy. - Command
Policy Registry - Registry of command policies and per-path overrides.
Enums§
- Access
Reason - Reason codes attached to denied or hidden command access.
- Command
Availability - Product-level availability state for a command.
- Command
Runnable - Runnable outcome produced by policy evaluation.
- Command
Visibility - Visibility outcome produced by policy evaluation.
- Visibility
Mode - Visibility contract applied before runtime capability checks.
Functions§
- evaluate_
policy - Evaluates a single policy against the supplied runtime context.