Crate typesec_core 

typesec-core

Foundational trait library for type-level security enforcement.

The Core Idea

Security policies encoded in types are enforced by the compiler, not by conditional checks at runtime. If an agent type doesn’t carry the trait bound HasCapability<CanWrite, Report>, the method simply doesn’t exist in its API. There is no path to a runtime permission error — the program won’t compile.

This is fundamentally different from guard-based approaches:

// Guard-based (runtime check — can be forgotten, bypassed, skipped):
if acl.check(user, "write", resource) {
    resource.write(data)
}

// Type-level (compile-time check — impossible to bypass):
fn write<P: HasPermission<CanWrite>>(agent: &Agent<P>, cap: Capability<CanWrite, R>) {
    // cap's existence IS the proof. No check needed.
}

Key Abstractions

• Permission — zero-sized marker trait; each permission is a distinct type.
• Capability — unforgeable proof token: Capability<P, R> proves the bearer holds permission P on resource R. The phantom types make Capability<CanRead, Report> and Capability<CanWrite, Report> different types.
• Agent — typestate machine: Agent<Unauthenticated> → Agent<Authenticated>. Authenticated methods are literally absent on the unauthenticated state.
• PolicyEngine — the runtime bridge: dynamic policies (RBAC, ODRL) evaluated once, their result minted into an unforgeable Capability.

Re-exports

pub use capability::Capability;

pub use combinator::CombineStrategy;

pub use combinator::ComposedEngine;

pub use combinator::PolicyEngineBuilder;

pub use lattice::Implies;

pub use lattice::LatticeEngine;

pub use permissions::AiCanExfiltrate;

pub use permissions::AiCanInfer;

pub use permissions::AiCanTrain;

pub use permissions::CanDelegate;

pub use permissions::CanDelete;

pub use permissions::CanExecute;

pub use permissions::CanRead;

pub use permissions::CanReadSensitive;

pub use permissions::CanWrite;

pub use permissions::CanWriteSensitive;

pub use permissions::Permission;

pub use policy::AuditEvent;

pub use policy::FallbackEngine;

pub use policy::PolicyEngine;

pub use policy::PolicyResult;

pub use policy::mint_capability;

pub use resource::Resource;

pub use role::Role;

pub use typestate::Agent;

pub use typestate::AgentState;

pub use typestate::Authenticated;

pub use typestate::Credentials;

pub use typestate::Unauthenticated;

Modules

capability

Capability — the unforgeable proof token

combinator

Policy Combinator

lattice

Capability Lattice

permissions

Permission marker traits

policy

Policy engine trait and audit trail types.

resource

Resource trait — the thing a capability grants access to.

role

Role abstraction — a named collection of permissions.

typestate

Agent typestate