systemprompt_cli/commands/admin/access_control/
mod.rs

1mod export;
2mod lint;
3
4use anyhow::Result;
5use clap::{Args, Subcommand};
6
7use crate::CliConfig;
8use crate::shared::{CommandResult, render_result};
9
10#[derive(Debug, Clone, Copy, Subcommand)]
11pub enum AccessControlCommands {
12    #[command(
13        about = "Print current role rules as a YAML snippet for promotion to the committed \
14                 baseline"
15    )]
16    ExportYaml(ExportYamlArgs),
17
18    #[command(
19        about = "Lint the live access-control tables for unknown entities and unreachable rules; \
20                 exits non-zero on findings"
21    )]
22    Lint(LintArgs),
23}
24
25#[derive(Debug, Clone, Copy, Args)]
26pub struct ExportYamlArgs;
27
28#[derive(Debug, Clone, Copy, Args)]
29pub struct LintArgs;
30
31pub async fn execute(cmd: AccessControlCommands, config: &CliConfig) -> Result<()> {
32    match cmd {
33        AccessControlCommands::ExportYaml(args) => {
34            let result = export::run(args, config).await?;
35            render_result(&result);
36            Ok(())
37        },
38        AccessControlCommands::Lint(args) => {
39            let (text, exit_nonzero) = lint::run(args, config).await?;
40            let result = CommandResult::raw_text(text).with_title("Access-control lint");
41            render_result(&result);
42            if exit_nonzero {
43                anyhow::bail!("access-control lint failed; see report above");
44            }
45            Ok(())
46        },
47    }
48}
systemprompt_cli/commands/admin/access_control/mod.rs

systemprompt_cli/commands/admin/access_control/
mod.rs
