Expand description
Role-based access control for the Styrene mesh.
Provides a hierarchical role model with fine-grained capabilities,
roster-based identity binding, and policy evaluation. Shared by
styrened (device-level RBAC) and aether (agent-to-agent RBAC).
§Design
- Roles are cumulative: each tier inherits all capabilities from tiers below it (PEER ⊂ MONITOR ⊂ OPERATOR ⊂ ADMIN).
- Capabilities are dot-separated strings (
chat.send,rpc.exec). - Orthogonal grants (e.g.
vpn.handshake) sit outside the hierarchy and must be explicitly assigned regardless of role. - Policy evaluation is pure — no I/O, no side effects. Takes a roster and an identity hash, returns allow/deny.
§Features
config— enables serde deserialization from YAML/TOML/JSON config.
Re-exports§
pub use signed::SignedRosterEntry;pub use signed::TrustedHub;
Modules§
- signed
- Hub-signed roster entries — portable, cryptographically-verified role bindings.
Structs§
- Capability
- Capability string constants.
- Rbac
Policy - Central authorization policy. Resolves identities → roles → capabilities.
- Roster
Entry - A single identity’s role assignment with optional explicit grants.
Enums§
- Policy
Warning - A non-fatal issue discovered during policy config loading.
- Role
- Privilege tiers on the Styrene mesh. Each role inherits all capabilities from tiers below it. The numeric value determines ordering.
Constants§
- ADMIN_
CAPS - Capabilities granted at the Admin tier (includes Operator).
Note:
vpn.handshakeandrelay.rejectare intentionally excluded — they are orthogonal and require explicit grants. - MIN_
BLOCKED_ PREFIX_ LEN - Minimum length for blocked prefixes (4 bytes = 8 hex chars). Shorter prefixes would block unacceptably large portions of the identity space.
- MONITOR_
CAPS - Capabilities granted at the Monitor tier (includes Peer).
- OPERATOR_
CAPS - Capabilities granted at the Operator tier (includes Monitor).
- PEER_
CAPS - Capabilities granted at the Peer tier (cumulative base).