Skip to main content

plexus_auth_core/tenant/
mod.rs

1//! Tenant primitives — AUTHZ-0 layer 4 (data isolation).
2//!
3//! This module hosts the sealed `Tenant` value, the `TenantError` enum,
4//! and the `TenantResolver` trait + default implementations. Together they
5//! are the structural foundation for tenant isolation:
6//!
7//! - `Tenant` is a sealed newtype over `String`. The constructor is
8//!   `pub(crate)` to `plexus-auth-core`. Activation code cannot fabricate a
9//!   `Tenant` from a string literal: the only path to a `Tenant` value is
10//!   through the framework's `TenantResolver`, which derives one from a
11//!   verified `AuthContext`.
12//!
13//! - `TenantResolver` is an async trait. Backends supply an impl;
14//!   `ClaimTenantResolver` covers the 80% case (pull tenant from a JWT
15//!   claim) and `SingleTenantResolver` is the explicit opt-out for
16//!   single-user dev installs.
17//!
18//! - The seal escalates from procedural (visibility within one crate) to
19//!   structural (crate-private constructor that no other crate can reach),
20//!   per AUTHZ-0 §"Crate-level isolation amplifies the seal".
21//!
22//! See `plans/AUTHZ/AUTHZ-DATA-1-TYPES.md` for the ticket contract and
23//! `plans/AUTHZ/AUTHZ-DATA-S01-output.md` §§1-2 for the design.
24
25pub mod resolver;
26pub mod storage;
27pub mod types;
28
29pub use resolver::{ClaimTenantResolver, SingleTenantResolver, TenantResolver};
30pub use storage::{Scoped, TenantBoundary, TenantScopedStore, Tenanted};
31pub use types::{Tenant, TenantError};