systemprompt_security/
error.rs

1//! Error types raised by the security infrastructure.
2//!
3//! Public APIs in this crate return `thiserror`-derived error enums:
4//!
5//! - [`AuthError`] — request validation, JWT decoding, claim extraction.
6//! - [`JwtError`] — JWT minting (admin tokens, session tokens).
7//! - [`ManifestSigningError`] — Ed25519 signing of cowork manifests.
8//!
9//! All three implement `std::error::Error` and can be composed into larger
10//! `thiserror` enums via `#[from]`.
11
12use thiserror::Error;
13
14#[derive(Debug, Error)]
15pub enum AuthError {
16    #[error("missing authorization header")]
17    MissingAuthorization,
18
19    #[error("invalid JWT token: {0}")]
20    InvalidToken(#[source] jsonwebtoken::errors::Error),
21
22    #[error("missing session_id in token")]
23    MissingSessionId,
24}
25
26#[derive(Debug, Error)]
27pub enum JwtError {
28    #[error("jwt encoding failed: {0}")]
29    Encoding(#[from] jsonwebtoken::errors::Error),
30}
31
32#[derive(Debug, Error)]
33pub enum ManifestSigningError {
34    #[error("manifest signing seed unavailable: {0}")]
35    SeedUnavailable(String),
36
37    #[error("jcs canonicalize: {0}")]
38    Canonicalize(String),
39
40    #[error("signing key missing after initialization")]
41    KeyMissing,
42}
43
44pub type AuthResult<T> = Result<T, AuthError>;
45
46pub type JwtResult<T> = Result<T, JwtError>;
47
48pub type ManifestSigningResult<T> = Result<T, ManifestSigningError>;
systemprompt_security/error.rs

systemprompt_security/
error.rs
