Skip to main content

Module origin_authority

Module origin_authority 

Source
Expand description

Immutable origin-bound authority labels and governed access decisions. Immutable origin labels and laundering-resistant governed-access decisions.

Structs§

AudienceV1
The complete audience asserted at access time. It is a set, never a single ambiguous string.
AuthorityScopesV1
CallerPrincipalV1
The authenticated principal making an access request now.
DelegationElevationLeaseV1
A time-bounded delegation or explicit operator elevation. Leases are request data, never durable authority labels, and therefore cannot be replayed as an elevation after expiry.
GovernedAccessRequestV1
GovernedFactAccessV1
GovernedFactListResponseV1
GovernedGraphResponseV1
GovernedProjectionResponseV1
Projection rows have no implicit authority. Until an imported projection carries a durable origin label, governed reads return an empty collection plus denial receipts.
GovernedReplayResponseV1
GovernedSearchResponseV1
GovernedStateResolutionResponseV1
NamespaceScopeV1
Exact resource scope for v1. Optional fields must agree whenever both sides name them.
OriginAuthorityDecisionV1
OriginAuthorityLabelV1
Immutable label fixed at the canonical write boundary.
OriginAuthorityRecordV1
SubjectPrincipalV1
A principal whose data, consent, or delegated authority is being used.

Enums§

AuthorityScopeV1
ElevationRequirementV1
GovernedAccessPurposeV1
OriginClassV1
OriginDerivationKindV1
OriginRiskV1
PolicyDecisionV1
Typed terminal outcome carried by every governed access decision receipt.
RevocationStatusV1

Constants§

GOVERNED_ACCESS_POLICY_V1
ORIGIN_AUTHORITY_DECISION_V1
ORIGIN_AUTHORITY_LABEL_V1

Functions§

evaluate_governed_access_v1
The sole policy evaluator for every governed read and mutation path. Callers may acquire candidates through caches, replay, graph traversal, or a direct ID, but only this function may authorize returning content. It deliberately has no permissive compatibility branch.
label_digest