Skip to main content

RelayFabric

Struct RelayFabric 

Source
pub struct RelayFabric { /* private fields */ }
Expand description

A remote or relayed EvalFabric node carrying a surface session.

RelayFabric wraps an inner EvalFabricRef reached across a link and enforces a non-escalating capability policy in front of it. Because EvalFabric is location-transparent, code that targets the realize surface treats a relay exactly like a local fabric; the relay differs only in that it can refuse and that its link can drop (failing closed, with no resume).

The relay preserves each request’s Consistency unchanged and lets the inner fabric honor it: the inner node beyond the link is the remote authority, so a relay boundary is naturally a RemoteOnly/LocalFirst hop, but the relay never rewrites the caller’s declared consistency.

§Trust of declared capabilities

The capability gate matches each request’s self-declared EvalRequest::required_capabilities against the allowed set. The relay therefore PRESUMES truthful capability declaration: it is a connectivity gate, not the enforcement authority. A caller that under-declares its capabilities can pass the relay; the inner / far-side fabric, which performs the real operations behind its own cx.require(...) checks, is the actual authority. The relay’s gate exists to fail fast and avoid even reaching the link for plainly out-of-policy requests, not to substitute for far-side enforcement.

Implementations§

Source§

impl RelayFabric

Source

pub fn new(inner: EvalFabricRef, allowed: Vec<CapabilityName>) -> Self

Builds a connected relay over inner that allows only allowed.

The relay starts RelayStatus::Connected. Any request whose EvalRequest::required_capabilities step outside allowed is refused rather than forwarded, so the relay can never grant more than it was configured to pass through.

Source

pub fn status(&self) -> RelayStatus

Returns the relay’s current link RelayStatus.

Source

pub fn allows(&self, capability: &CapabilityName) -> bool

Reports whether capability is within the relay’s allowed set.

Source

pub fn disconnect(&mut self)

Severs the link, moving the relay to RelayStatus::Disconnected.

While disconnected, RelayFabric::realize fails closed and never reaches the inner fabric.

Source

pub fn begin_reconnect(&mut self)

Marks the link as RelayStatus::Reconnecting.

Requests still fail closed until RelayFabric::reconnect completes the handshake.

Source

pub fn reconnect(&mut self)

Restores the link to RelayStatus::Connected.

This only re-opens the gate so that subsequent RelayFabric::realize attempts may proceed. It carries no session state and does NOT resume any request that was in flight when the link dropped: such a request already returned Err and is the caller’s to retry as a fresh attempt.

Trait Implementations§

Source§

impl EvalFabric for RelayFabric

Source§

fn realize(&self, cx: &mut Cx, request: EvalRequest) -> Result<EvalReply>

Evaluates request and returns its reply.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.