pdk/lib.rs
1// Copyright (c) 2026, Salesforce, Inc.,
2// All rights reserved.
3// For full license text, see the LICENSE.txt file
4
5//! PDK - Policy Development Kit
6//!
7//! Features
8//! - `ll`: USE AT OWN RISK: low-level items that may change without notice. Exposes the low level implementation details.
9//! - `experimental_metrics`: USE AT OWN RISK: this feature is experimental and might change without notice. Exposes the api for host metrics.
10//! - `script_stream`: Enable the [`Evaluator`](script::Evaluator) to consume streamed payloads.
11
12pub mod classy {
13 //! Classy - an asynchronous policy development kit
14 //!
15 //! An abstraction layer over the proxy_wasm framework that transforms the event oriented framework into an async/await model.
16
17 #[cfg(feature = "ll")]
18 pub use classy::*;
19
20 /// Re-export of the host calls of the proxy_wasm crate.
21 pub use classy::proxy_wasm;
22}
23
24#[cfg(feature = "ll")]
25pub use pdk_macros::{entrypoint, entrypoint_flex};
26
27/// # High Level Framework
28///
29/// The PDK High Level Framework is the foundation for writing single-threaded
30/// non-blocking filters as main building block for custom policies.
31///
32/// `pdk::hl` relies on a reduced portion of the Rust async ecosystem, due to the limitations
33/// of the underlying WebAssembly platform and their single-threaded nature.
34/// Despite being single-threaded, `pdk::hl` supports concurrent execution of
35/// multiple incoming HTTP flows (Request/Response pairs).
36pub mod hl {
37 pub use classy::hl::*;
38 pub use pdk_macros::{entrypoint, entrypoint_flex};
39}
40
41pub mod logger {
42 //! Wrapper of the log package to enrich log messages with policy and request metadata.
43 pub use pdk_core::logger::{debug, error, info, trace, warn};
44}
45
46pub mod authentication {
47 //! Utils to access and share authentication data between filters.
48 pub use pdk_core::policy_context::authentication::{
49 Authentication, AuthenticationData, AuthenticationHandler,
50 };
51}
52
53pub mod metadata {
54 //! Exposes metadata for the policy.
55 pub use pdk_core::policy_context::api::*;
56}
57
58pub mod jwt {
59 //! JWT Library
60 //!
61 //! Library for JWT token validation. It provides JWT handling including
62 //! signature validation, claims parsing and token extraction from HTTP headers.
63 pub use jwt_lib::api::*;
64}
65
66pub mod cache {
67 //! Cache Library
68 //!
69 //! A caching library that provides a simple [`Cache`] trait and a FIFO-based
70 //! in-memory implementation. It is designed to be injected and configured during the policy
71 //! configuration phase and supports both policy-isolated and shared caches across policies.
72 pub use cache_lib::{builder::CacheBuilder, error::CacheError, Cache};
73}
74
75pub mod data_storage {
76 //! Data Storage Library
77 //!
78 //! This library provides data storage functionality with support for:
79 //!
80 //! - Local and distributed data storage
81 //! - Support for CAS (Compare-And-Swap) operations
82 //! - Configurable storage modes (Always, Absent, CAS)
83 //! - Asynchronous API for high-performance applications
84 //!
85 pub use data_storage_lib::*;
86}
87
88pub mod contracts {
89 //! Contracts Library
90 //!
91 //! Library for validating client credentials against Anypoint Platform API contracts
92 //! in Flex Gateway custom policies. It periodically fetches contracts from the
93 //! platform and keeps a local cache to enable fast authentication and authorization
94 //! decisions within the policy request path.
95 pub use contracts_lib::*;
96}
97
98pub mod cors {
99 //! CORS Library
100 //!
101 //! Library for validating CORS requests and producing CORS responses in Flex Gateway custom
102 //! policies. It evaluates request headers against a provided configuration and
103 //! returns the appropriate CORS response headers for preflight and main flows.
104 pub use cors_lib::*;
105}
106
107pub mod ldap {
108 //! LDAP Library
109 //!
110 //! Library which provides LDAP functionality.
111 pub use ldap_lib::*;
112}
113
114pub mod lock {
115 //! Lock Library
116 //!
117 //! Primitives for coordinating work among Flex Gateway workers and policies. Generated locks
118 //! expire automatically if not refreshed and are released on drop.
119 pub use lock_lib::*;
120}
121
122pub mod rl {
123 //! Rate Limit Library
124 //!
125 //! Library which provides rate limiting functionality with support for both local and distributed
126 //! storage backends.
127 pub use rate_limit_lib::*;
128}
129
130pub mod spike_control {
131 //! Spike Control Library
132 //!
133 //! Library for spike control (rate limiting with queuing) in Flex Gateway custom policies.
134 //! Provides a PDK-injectable builder that supports per-bucket limits, per-call retry with
135 //! configurable delays and optional clustered mode for distributed environments.
136 pub use spike_control_lib::*;
137}
138
139pub mod ip_filter {
140 //! IP Filter Library
141 //!
142 //! Library for filtering IP addresses.
143 pub use ip_filter_lib::*;
144}
145
146pub mod json_validator {
147 //! JSON Validator Library
148 //!
149 //! Library for JSON validation with configurable constraints.
150 //! Provides incremental/streaming validation of JSON payloads with support
151 //! for depth, array length, object entries, and string/key length constraints.
152 pub use json_validator_lib::*;
153}
154
155pub mod token_introspection {
156 //! Token Introspection Library
157 //!
158 //! Library for OAuth2/OpenID token introspection and validation.
159 //! Provides token extraction, parsing, scope validation and caching utilities.
160 pub use token_introspection_lib::*;
161}
162
163pub mod xml_validator {
164 //! XML Validator Library
165 //!
166 //! Library for XML validation with configurable constraints.
167 //! Provides validation for XML payloads with support for depth, attributes,
168 //! children, text and comment length constraints.
169 pub use xml_validator_lib::*;
170}
171
172pub mod flex_abi {
173 //! Flex ABI
174 //!
175 //! This library provides the Application Binary Interface (ABI) for PDK Flex policies,
176 //! enabling communication between policy implementations and the Flex Gateway runtime.
177 pub use pdk_flex_abi::api;
178 pub use pdk_flex_abi::entrypoint;
179}
180
181pub mod script {
182 //! Script Library
183 //!
184 //! An interpreter for script expressions and the set of operations and types to interoperate with Rust.
185 pub use pdk_script::*;
186}
187
188pub mod policy_violation {
189 //! Information regarding if a policy from the chain reached a scenario that can be considered
190 //! an expected error. E.g. a policy that checks credentials and they were invalid.
191 pub use pdk_core::policy_context::policy_violation::*;
192}
193
194pub mod serde {
195 //! Serializing and deserializing of service names.
196 pub use pdk_core::client::{
197 deserialize_service, deserialize_service_opt, deserialize_service_opt_vec,
198 deserialize_service_vec, service_name,
199 };
200}
201
202#[doc(hidden)]
203pub mod __internal {
204 //! Internal module for PDK
205 //!
206 //! This module contains internal types and functions that are not intended to be used
207 //! directly by policy authors.
208 //! They are the wrappers needed to declare the contexts for the proxy wasm environment.
209 pub use pdk_core::host::context::root::RootContextAdapter;
210 pub use pdk_core::init::configure;
211}
212
213#[cfg(feature = "ll")]
214pub mod policy_context {
215 //! Policy context related APIs to access Flex policy data.
216 pub use pdk_core::policy_context::*;
217}
218
219#[cfg(feature = "experimental_metrics")]
220pub mod metrics {
221 //! Metrics Library
222 //!
223 //! USE AT OWN RISK: The metrics library is experimental and subject to change.
224 //!
225 //! Exposes interfaces to handle counters and gauges for custom policies.
226 pub use metrics_lib::*;
227}
228
229#[cfg(feature = "experimental_websocket")]
230pub mod websockets {
231 //! WebSockets Library
232 //!
233 //! USE AT OWN RISK: The WebSockets library is experimental and subject to change.
234 //!
235 //! Library for decoding and encoding WebSocket frames in Flex Gateway custom policies.
236 //! It wraps [`websocket-sans-io`] to provide ergonomic frame-level access for policies
237 //! that operate on WebSocket upgrade connections.
238 pub use pdk_websockets_lib::*;
239}