Expand description
Capability Tokens + ACLs (Task 8)
This module implements staged ACLs via capability tokens for the local-first architecture. The design prioritizes:
- Simplicity - Easy to reason about, hard to misapply
- Local-first - No external auth service required
- Composability - ACLs integrate with existing filter infrastructure
§Token Structure
CapabilityToken {
allowed_namespaces: ["prod", "staging"],
tenant_id: Option<"acme_corp">,
project_id: Option<"project_123">,
capabilities: { read: true, write: false, ... },
expires_at: 1735689600,
signature: HMAC-SHA256(...)
}§Verification
Token verification is O(1):
- HMAC-SHA256 for symmetric tokens
- Ed25519 for asymmetric tokens (cached verification)
§Row-Level ACLs (Future)
Row-level ACL tags become “just another metadata atom”:
HasTag(acl_tag) → bitmap lookup → AllowedSet intersectionThis composes cleanly with existing filter infrastructure.
Structs§
- AclTag
- A row-level ACL tag
- AclTag
Index - ACL tag index for row-level security
- Capability
Token - A capability token that encodes access permissions
- Revocation
List - Simple in-memory token revocation list
- Token
Builder - Builder for creating capability tokens
- Token
Capabilities - Capability flags in the token
- Token
Signer - Token signer using HMAC-SHA256
- Token
Validator - Complete token validator
Enums§
- Token
Error - Token errors