Expand description
§typesec-core
Foundational trait library for type-level security enforcement.
§The Core Idea
Security policies encoded in types are enforced by the compiler, not by
conditional checks at runtime. If an agent type doesn’t carry the trait bound
HasCapability<CanWrite, Report>, the method simply doesn’t exist in its API.
There is no path to a runtime permission error — the program won’t compile.
This is fundamentally different from guard-based approaches:
// Guard-based (runtime check — can be forgotten, bypassed, skipped):
if acl.check(user, "write", resource) {
resource.write(data)
}
// Type-level (compile-time check — impossible to bypass):
fn write<P: HasPermission<CanWrite>>(agent: &Agent<P>, cap: Capability<CanWrite, R>) {
// cap's existence IS the proof. No check needed.
}§Key Abstractions
Permission— zero-sized marker trait; each permission is a distinct type.Capability— unforgeable proof token:Capability<P, R>proves the bearer holds permissionPon resourceR. The phantom types makeCapability<CanRead, Report>andCapability<CanWrite, Report>different types.SecureValue— an opaque labeled value that supports safe transformations while requiring typed authority to reveal or declassify protected data.Agent— typestate machine:Agent<Unauthenticated>→Agent<Authenticated>. Authenticated methods are literally absent on the unauthenticated state.PolicyEngine— the runtime bridge: dynamic policies (RBAC, ODRL) evaluated once, their result minted into an unforgeableCapability.
Re-exports§
pub use capability::Capability;pub use combinator::CombineStrategy;pub use combinator::ComposedEngine;pub use combinator::PolicyEngineBuilder;pub use lattice::Implies;pub use lattice::LatticeEngine;pub use permissions::AiCanExfiltrate;pub use permissions::AiCanInfer;pub use permissions::AiCanTrain;pub use permissions::CanDeclassify;pub use permissions::CanDelegate;pub use permissions::CanDelete;pub use permissions::CanExecute;pub use permissions::CanRead;pub use permissions::CanReadSensitive;pub use permissions::CanWrite;pub use permissions::CanWriteSensitive;pub use permissions::Permission;pub use policy::AuditEvent;pub use policy::FallbackEngine;pub use policy::PolicyEngine;pub use policy::PolicyResult;pub use policy::mint_capability;pub use resource::Resource;pub use role::Role;pub use secure_value::Internal;pub use secure_value::Join;pub use secure_value::PrivacyLevel;pub use secure_value::Public;pub use secure_value::Secret;pub use secure_value::SecureValue;pub use secure_value::Sensitive;pub use typestate::Agent;pub use typestate::AgentState;pub use typestate::Authenticated;pub use typestate::Credentials;pub use typestate::Unauthenticated;
Modules§
- capability
- Capability — the unforgeable proof token
- combinator
- Policy Combinator
- lattice
- Capability Lattice
- permissions
- Permission marker traits
- policy
- Policy engine trait and audit trail types.
- resource
- Resource trait — the thing a capability grants access to.
- role
- Role abstraction — a named collection of permissions.
- secure_
value - Opaque labeled values for information-flow style data handling.
- typestate
- Agent typestate