Module resolver 

TenantResolver — derives a sealed Tenant from an AuthContext.

The framework invokes a TenantResolver once per request, after SessionValidator::validate produces the AuthContext and before method-scope authorization runs. The resulting Tenant flows through the dispatch as an extension; activation methods that declare a &Tenant parameter extract it from there.

Two reference implementations are provided:

• ClaimTenantResolver — the 80% case: pull a configured claim out of AuthContext.metadata (default key: "tenant_id"). When the claim is absent and single_user_fallback is true, fall back to the verified user id (single-user-deployment safe default).

• SingleTenantResolver — the explicit opt-out: always resolve to one fixed tenant value, regardless of the caller. Use this for single-user dev installs that want tenancy off; the opt-out is grep-able in the hub builder.

See plans/AUTHZ/AUTHZ-DATA-S01-output.md §2 for the trait design.

Structs

ClaimTenantResolver

Reference impl: derive the tenant from an AuthContext claim.

SingleTenantResolver

Reference impl: always resolve to one fixed tenant.

Traits

TenantResolver

Derives a sealed Tenant for an authenticated caller.