Skip to main content

pdk/
lib.rs

1// Copyright (c) 2026, Salesforce, Inc.,
2// All rights reserved.
3// For full license text, see the LICENSE.txt file
4
5//! PDK - Policy Development Kit
6//!
7//! Features
8//! - `ll`: USE AT OWN RISK: low-level items that may change without notice. Exposes the low level implementation details.
9//! - `experimental_metrics`: USE AT OWN RISK: this feature is experimental and might change without notice. Exposes the api for host metrics.
10//! - `script_stream`: Enable the [`Evaluator`](script::Evaluator) to consume streamed payloads.
11
12pub mod classy {
13    //! Classy - an asynchronous policy development kit
14    //!
15    //! An abstraction layer over the proxy_wasm framework that transforms the event oriented framework into an async/await model.
16
17    #[cfg(feature = "ll")]
18    pub use classy::*;
19
20    /// Re-export of the host calls of the proxy_wasm crate.
21    pub use classy::proxy_wasm;
22}
23
24#[cfg(feature = "ll")]
25pub use pdk_macros::{entrypoint, entrypoint_flex};
26
27/// # High Level Framework
28///
29/// The PDK High Level Framework is the foundation for writing single-threaded
30/// non-blocking filters as main building block for custom policies.
31///
32/// `pdk::hl` relies on a reduced portion of the Rust async ecosystem, due to the limitations
33/// of the underlying WebAssembly platform and their single-threaded nature.
34/// Despite being single-threaded, `pdk::hl` supports concurrent execution of
35/// multiple incoming HTTP flows (Request/Response pairs).
36pub mod hl {
37    pub use classy::hl::*;
38    pub use pdk_macros::{entrypoint, entrypoint_flex};
39}
40
41pub mod logger {
42    //! Wrapper of the log package to enrich log messages with policy and request metadata.
43    pub use pdk_core::logger::{debug, error, info, trace, warn};
44}
45
46pub mod authentication {
47    //! Utils to access and share authentication data between filters.
48    pub use pdk_core::policy_context::authentication::{
49        Authentication, AuthenticationData, AuthenticationHandler,
50    };
51}
52
53pub mod metadata {
54    //! Exposes metadata for the policy.
55    pub use pdk_core::policy_context::api::*;
56}
57
58pub mod jwt {
59    //! JWT Library
60    //!
61    //! Library for JWT token validation. It provides JWT handling including
62    //! signature validation, claims parsing and token extraction from HTTP headers.
63    pub use jwt_lib::api::*;
64}
65
66pub mod cache {
67    //! Cache Library
68    //!
69    //! A caching library that provides a simple [`Cache`] trait and a FIFO-based
70    //! in-memory implementation. It is designed to be injected and configured during the policy
71    //! configuration phase and supports both policy-isolated and shared caches across policies.
72    pub use cache_lib::{builder::CacheBuilder, error::CacheError, Cache};
73}
74
75pub mod data_storage {
76    //! Data Storage Library
77    //!
78    //! This library provides data storage functionality with support for:
79    //!
80    //! - Local and distributed data storage
81    //! - Support for CAS (Compare-And-Swap) operations
82    //! - Configurable storage modes (Always, Absent, CAS)
83    //! - Asynchronous API for high-performance applications
84    //!
85    pub use data_storage_lib::*;
86}
87
88pub mod contracts {
89    //! Contracts Library
90    //!
91    //! Library for validating client credentials against Anypoint Platform API contracts
92    //! in Flex Gateway custom policies. It periodically fetches contracts from the
93    //! platform and keeps a local cache to enable fast authentication and authorization
94    //! decisions within the policy request path.
95    pub use contracts_lib::*;
96}
97
98pub mod cors {
99    //! CORS Library
100    //!
101    //! Library for validating CORS requests and producing CORS responses in Flex Gateway custom
102    //! policies. It evaluates request headers against a provided configuration and
103    //! returns the appropriate CORS response headers for preflight and main flows.
104    pub use cors_lib::*;
105}
106
107pub mod ldap {
108    //! LDAP Library
109    //!
110    //! Library which provides LDAP functionality.
111    pub use ldap_lib::*;
112}
113
114pub mod lock {
115    //! Lock Library
116    //!
117    //! Primitives for coordinating work among Flex Gateway workers and policies. Generated locks
118    //! expire automatically if not refreshed and are released on drop.
119    pub use lock_lib::*;
120}
121
122pub mod rl {
123    //! Rate Limit Library
124    //!
125    //! Library which provides rate limiting functionality with support for both local and distributed
126    //! storage backends.
127    pub use rate_limit_lib::*;
128}
129
130pub mod spike_control {
131    //! Spike Control Library
132    //!
133    //! Library for spike control (rate limiting with queuing) in Flex Gateway custom policies.
134    //! Provides a PDK-injectable builder that supports per-bucket limits, per-call retry with
135    //! configurable delays and optional clustered mode for distributed environments.
136    pub use spike_control_lib::*;
137}
138
139pub mod ip_filter {
140    //! IP Filter Library
141    //!
142    //! Library for filtering IP addresses.
143    pub use ip_filter_lib::*;
144}
145
146pub mod json_validator {
147    //! JSON Validator Library
148    //!
149    //! Library for JSON validation with configurable constraints.
150    //! Provides incremental/streaming validation of JSON payloads with support
151    //! for depth, array length, object entries, and string/key length constraints.
152    pub use json_validator_lib::*;
153}
154
155pub mod token_introspection {
156    //! Token Introspection Library
157    //!
158    //! Library for OAuth2/OpenID token introspection and validation.
159    //! Provides token extraction, parsing, scope validation and caching utilities.
160    pub use token_introspection_lib::*;
161}
162
163pub mod xml_validator {
164    //! XML Validator Library
165    //!
166    //! Library for XML validation with configurable constraints.
167    //! Provides validation for XML payloads with support for depth, attributes,
168    //! children, text and comment length constraints.
169    pub use xml_validator_lib::*;
170}
171
172pub mod flex_abi {
173    //! Flex ABI
174    //!
175    //! This library provides the Application Binary Interface (ABI) for PDK Flex policies,
176    //! enabling communication between policy implementations and the Flex Gateway runtime.
177    pub use pdk_flex_abi::api;
178    pub use pdk_flex_abi::entrypoint;
179}
180
181pub mod script {
182    //! Script Library
183    //!
184    //! An interpreter for script expressions and the set of operations and types to interoperate with Rust.
185    pub use pdk_script::*;
186}
187
188pub mod policy_violation {
189    //! Information regarding if a policy from the chain reached a scenario that can be considered
190    //! an expected error. E.g. a policy that checks credentials and they were invalid.
191    pub use pdk_core::policy_context::policy_violation::*;
192}
193
194pub mod serde {
195    //! Serializing and deserializing of service names.
196    pub use pdk_core::client::{
197        deserialize_service, deserialize_service_opt, deserialize_service_opt_vec,
198        deserialize_service_vec, service_name,
199    };
200}
201
202#[doc(hidden)]
203pub mod __internal {
204    //! Internal module for PDK
205    //!
206    //! This module contains internal types and functions that are not intended to be used
207    //! directly by policy authors.
208    //! They are the wrappers needed to declare the contexts for the proxy wasm environment.
209    pub use pdk_core::host::context::root::RootContextAdapter;
210    pub use pdk_core::init::configure;
211}
212
213#[cfg(feature = "ll")]
214pub mod policy_context {
215    //! Policy context related APIs to access Flex policy data.
216    pub use pdk_core::policy_context::*;
217}
218
219#[cfg(feature = "experimental_metrics")]
220pub mod metrics {
221    //! Metrics Library
222    //!
223    //! USE AT OWN RISK: The metrics library is experimental and subject to change.
224    //!
225    //! Exposes interfaces to handle counters and gauges for custom policies.
226    pub use metrics_lib::*;
227}
228
229#[cfg(feature = "experimental_websocket")]
230pub mod websockets {
231    //! WebSockets Library
232    //!
233    //! USE AT OWN RISK: The WebSockets library is experimental and subject to change.
234    //!
235    //! Library for decoding and encoding WebSocket frames in Flex Gateway custom policies.
236    //! It wraps [`websocket-sans-io`] to provide ergonomic frame-level access for policies
237    //! that operate on WebSocket upgrade connections.
238    pub use pdk_websockets_lib::*;
239}