Expand description
RFC-001 Phase 1b — map a verified org-membership outcome + the receiver’s per-org policy to a pairing action.
This is the bridge between crate::org_membership::evaluate_card_membership
(Phase 1, the offline verify chain) and the live accept/pin path. It is a
pure function over an OrgPolicy lookup that Phase 3 (slate-lotus’s
org_policies.json table) implements. Keeping it pure means the Option-A /
Option-B / default-deny decision is unit-testable without any live state.
Invariant (RFC-001 §5): the strongest action this can return is
ORG_VERIFIED (auto or via one-tap). VERIFIED still requires bilateral
SPAKE2+SAS and is never produced here. Anything that isn’t a verified
membership in a trusted org falls through to Manual (today’s default-deny
bilateral flow), preserving the v0.5.14 phonebook-scrape closure.
Enums§
- Inbound
Mode - Receiver-side inbound treatment for a peer that is a verified member of a
trusted org. Phase 3’s policy table maps an
org_didto one of these (or toNone= not in the receiver’s trusted set → default-deny). - Pair
Action - The action P1b takes for a received card.
Traits§
- OrgPolicy
- The receiver’s per-org pairing policy. Phase 3 (slate-lotus) implements this
over
config/wire/org_policies.json(first-match-wins, immutable default-deny).Nonemeans the org is not in the receiver’s trusted set.
Functions§
- decide
- Map a membership outcome + the receiver’s policy to a pairing action.