Skip to main content

Module forward

plexus_auth_core

Module forward 

Source
Expand description

Forwarding-policy primitives — CallSite, ForwardDerivation, ForwardPolicyName, the ForwardPolicy trait, and the v1 named impls (IdentityOnly, PassThrough, Anonymous).

Per AUTHLANG-S01-output §1 (pinned design) and AUTHLANG-2.

§Sealed-type invariant (load-bearing)

A ForwardPolicy impl receives a sealed &AuthContext and a &CallSite and returns a ForwardDerivationparameters for how to derive the callee’s auth context, NOT a constructed AuthContext. The framework consumes the derivation and mints the next sealed context via crate::auth::AuthContext::derive_callee_context, which is pub(crate) to plexus-auth-core. Activations and other downstream crates cannot reach that constructor.

Per AUTHZ-0 §“The sealed-type pattern”: the policy proposes; the framework disposes. Policies can shrink a context (drop fields) but never grow it (add or set fields). ForwardDerivation’s shape enforces this structurally — every field is a “keep” flag; there is no “add” or “set” knob.

§Module surface

Structs§

Anonymous
Anonymous: drop the entire AuthContext.
CallSite
Identifies a single edge in the call graph at the moment a policy runs.
ForwardDerivation
What a policy returns: a derivation request, NOT a constructed context.
ForwardPolicyName
Stable identifier for a forwarding policy, surfaced into audit records and diagnostics.
IdentityOnly
Identity-only: forwards the caller’s IdP-verified user identity and drops roles, capabilities, and metadata.
PassThrough
Pass-through: forward every field of the caller’s context.

Constants§

ANONYMOUS_NAME
The anonymous policy name (stable string surfaced in audit).
IDENTITY_ONLY_NAME
The identity_only policy name (stable string surfaced in audit).
PASS_THROUGH_NAME
The pass_through policy name (stable string surfaced in audit).

Traits§

ForwardPolicy
The forwarding-policy trait.