Skip to main content

ApprovalScope

treeship_core::statements

Struct ApprovalScope 

Source 
pub struct ApprovalScope {
    pub max_actions: Option<u32>,
    pub valid_until: Option<String>,
    pub allowed_actors: Vec<String>,
    pub allowed_actions: Vec<String>,
    pub allowed_subjects: Vec<String>,
    pub extra: Option<Value>,
}
Expand description

Scope constraints on an approval — who may perform what against which subject, how many times, and until when.

Treeship’s verify pass enforces these constraints statelessly (every field except max_actions can be checked from the signed envelope alone). max_actions is signed into the grant so a future ledger / Hub layer can enforce single-use across the global view; for now it is descriptive, and verify reports the replay-check posture honestly rather than claiming enforcement that did not happen.

An empty allowed_* list means “no constraint on that axis.” All-empty scope is equivalent to no scope at all (an unscoped / bearer approval) — which verify flags with a warning so callers know the binding is the only thing being attested.

Fields§

§max_actions: Option<u32>

Maximum number of actions this approval authorises. Signed into the grant for future stateful enforcement; not yet checked statelessly.

§valid_until: Option<String>

ISO 8601 timestamp after which the approval is no longer valid. Independent of ApprovalStatement.expires_at so a single approval can have an outer “key valid until X” and a tighter “scope valid until Y” if the operator wants both. Verify enforces both.

§allowed_actors: Vec<String>

Actor URIs permitted to consume this approval. Empty = no constraint on actor.

§allowed_actions: Vec<String>

Action labels permitted under this approval. Empty = no constraint on action.

§allowed_subjects: Vec<String>

Subject URIs permitted as the target of an action under this approval. Matched against ActionStatement.subject.uri (or artifact_id for chain-internal subjects). Empty = no constraint on subject.

§extra: Option<Value>

Arbitrary additional constraints (e.g. max payment amount).

Implementations§

Source§

impl ApprovalScope

Source

pub fn is_unscoped(&self) -> bool

True when no constraint axis is populated. An unscoped approval proves only nonce binding – it does NOT bind actor, action, or subject. Verify warns when this is true so the audit reader knows the limit of what was signed.

Trait Implementations§

Source§

impl Clone for ApprovalScope

Source§

fn clone(&self) -> ApprovalScope

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ApprovalScope

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for ApprovalScope

Source§

fn default() -> ApprovalScope

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for ApprovalScope

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for ApprovalScope

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,