Skip to main content

ForwardDerivation

plexus_core::plexus

Struct ForwardDerivation 

Source 
pub struct ForwardDerivation {
    pub keep_verified_user: bool,
    pub keep_roles: bool,
    pub keep_capabilities: bool,
    pub keep_metadata: bool,
}
Expand description

What a policy returns: a derivation request, NOT a constructed context.

The framework consumes this and mints the next sealed AuthContext for the callee. The shape is intentionally minimal for v1 — four “keep” flags, one per logical group of the caller’s context. Future composable primitives (AUTHLANG v2) will replace this with a richer combinator AST without breaking the v1 trait signature.

§Derive-only invariant

Every field is a “keep” flag: forward this field from the caller to the callee, or drop it. There is no “add this role” or “set this user_id” knob. Policies cannot escalate authority across a boundary — the most-permissive a callee context can be is exactly the caller’s context.

§Field-to-AuthContext mapping (today)

FlagMaps to fields on the current AuthContext
keep_verified_useruser_id, session_id (identity of the originator)
keep_rolesroles
keep_capabilities(no field yet; reserved for AUTHZ-DATA / AUTHZ-CRED work)
keep_metadatametadata

keep_capabilities is intentionally surfaced now so the v1 shape is forward-compatible: when the sealed-context migration adds a capabilities field, no policy impl signature changes.

Fields§

§keep_verified_user: bool

Forward the IdP-verified originator’s identity (user_id, session_id).

§keep_roles: bool

Forward the caller’s role set (roles).

§keep_capabilities: bool

Forward the caller’s capability set. Reserved for the AUTHZ-DATA / AUTHZ-CRED migration; today this flag is a no-op on AuthContext because the field does not yet exist.

§keep_metadata: bool

Forward the caller’s opaque metadata bag (metadata).

Implementations§

Source§

impl ForwardDerivation

Source

pub const IDENTITY_ONLY: ForwardDerivation

Identity-only: keep verified user; drop roles, capabilities, metadata.

Source

pub const PASS_THROUGH: ForwardDerivation

Pass-through: keep every flag.

Source

pub const ANONYMOUS: ForwardDerivation

Anonymous: keep no flag.

Trait Implementations§

Source§

impl Clone for ForwardDerivation

Source§

fn clone(&self) -> ForwardDerivation

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ForwardDerivation

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for ForwardDerivation

Source§

fn deserialize<__D>( __deserializer: __D, ) -> Result<ForwardDerivation, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for ForwardDerivation

Source§

fn eq(&self, other: &ForwardDerivation) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for ForwardDerivation

Source§

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Copy for ForwardDerivation

Source§

impl Eq for ForwardDerivation

Source§

impl StructuralPartialEq for ForwardDerivation

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,