Skip to main content

SecureAgent

typesec_agent::agent

Struct SecureAgent 

Source 
pub struct SecureAgent<S: AgentState> { /* private fields */ }
Expand description

A secure agent that ties together typestate, policy engines, and capabilities.

S is the typestate parameter: Unauthenticated or Authenticated.

§Why a newtype wrapper?

typesec-core’s Agent is the minimal typestate foundation. SecureAgent adds the async request_capability and execute methods on top, keeping the core crate dependency-free (no tokio).

Implementations§

Source§

impl SecureAgent<Unauthenticated>

Source

pub fn new(engine: Arc<dyn PolicyEngine>) -> Self

Create a new unauthenticated agent with the given policy engine.

Source

pub fn authenticate( self, credentials: Credentials, ) -> Result<SecureAgent<Authenticated>, AgentError>

Authenticate the agent.

On success, returns SecureAgent<Authenticated>. The unauthenticated agent is consumed — you can’t hold onto the unauthenticated handle after calling this.

Source§

impl SecureAgent<Authenticated>

Source

pub fn subject(&self) -> &str

The authenticated subject identity.

Source

pub fn engine(&self) -> Arc<dyn PolicyEngine>

Access the underlying policy engine.

Useful for composing raw check() calls alongside capability-based access.

Source

pub async fn request_capability<P: Permission, R: Resource>( &self, resource: &R, ) -> Result<Capability<P, R>, CapabilityError>

Request a capability for permission P on resource.

This is the only way to obtain a Capability<P, R> from outside typesec-core. The policy engine is called, the decision is logged, and either a capability or an error is returned.

The capability is a zero-sized proof token — holding it means the policy engine approved the request at the time of this call.

Source

pub async fn execute<P, R, F, Fut>( &self, cap: &Capability<P, R>, resource: &R, action: F, ) -> Result<(), TaskError>
where P: Permission, R: Resource, F: FnOnce(&R) -> Fut, Fut: Future<Output = Result<(), TaskError>>,

Execute an async action, requiring a valid capability as proof.

The key design point: execute takes cap: &Capability<P, R> as an argument. There is no code path through execute that doesn’t hold a capability. If you don’t have a capability, you can’t call this method (the type system ensures it).

This is different from:

// ❌ Guard-based — the check can be skipped, the condition forgotten.
if has_permission { do_thing(); }

// ✅ Capability-based — the capability IS the check.
agent.execute(&cap, &resource, action).await?;

Trait Implementations§

Source§

impl<S: AgentState> Debug for SecureAgent<S>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<S> !RefUnwindSafe for SecureAgent<S>

§

impl<S> !UnwindSafe for SecureAgent<S>

§

impl<S> Freeze for SecureAgent<S>

§

impl<S> Send for SecureAgent<S>

§

impl<S> Sync for SecureAgent<S>

§

impl<S> Unpin for SecureAgent<S>
where S: Unpin,

§

impl<S> UnsafeUnpin for SecureAgent<S>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more