oxios_kernel/capability/mod.rs
1//! Capability-based access control for the Oxios kernel.
2//!
3//! This module implements a capability system inspired by seL4 and
4//! capability-based security research. Capabilities are unforgeable
5//! tokens that encode authority over specific resources.
6//!
7//! # Architecture
8//!
9//! - **Capability**: An unforgeable token binding rights to a resource.
10//! - **CSpace**: An agent's complete set of capabilities (capability space).
11//! - **Rights**: Bit-flag permissions (READ, WRITE, EXECUTE, DELEGATE).
12//! - **ResourceRef**: Identifies a protected resource in the system.
13//!
14//! # Module layout
15//!
16//! | Module | Purpose |
17//! |--------|---------|
18//! | `types` | Core types: Capability, CSpace, Rights, ResourceRef, etc. |
19//! | `template` | Preset CSpace configurations for common agent roles. |
20//! | `resolve` | Resolves an agent's CSpace from Seed + Config. |
21
22pub mod resolve;
23pub mod template;
24pub mod types;
25
26// Re-export core types at module root for convenience.
27pub use types::{CSpace, Capability, CapabilityId, Issuer, ResourceRef, Rights};