pub trait PolicyEngine: Send + Sync {
// Required methods
fn outbound_decision(&self, ctx: OutboundCtx<'_>) -> PolicyDecision;
fn inbound_decision(&self, ctx: InboundCtx<'_>) -> PolicyDecision;
fn accept_peer(&self, caps: &PeerCapabilities) -> bool;
}Expand description
Policy engine: decides the protection level for a concrete (peer, topic, interface) triple.
§Safety classification
The trait is Send + Sync so it can be used via Arc<dyn PolicyEngine> in
a multi-thread runtime. This triggers
zerodds-lint: allow no_dyn_in_safe (documented in
08_heterogeneous_security.md §7).
§Default contract
- Implementations must be deterministic: same context inputs → same decision. No randomness, no time-dependent branches (otherwise replay attacks are possible).
accept_peermay returnfalseif the peer does not meet the minimal requirements (e.g. a missingauth_plugin_classfor a domain withallow_unauthenticated_participants=false).outbound_decision/inbound_decisionmust not block — they run in the hot path.
Required Methods§
Sourcefn outbound_decision(&self, ctx: OutboundCtx<'_>) -> PolicyDecision
fn outbound_decision(&self, ctx: OutboundCtx<'_>) -> PolicyDecision
Outbound path: which protection level should the wire packet have?
Sourcefn inbound_decision(&self, ctx: InboundCtx<'_>) -> PolicyDecision
fn inbound_decision(&self, ctx: InboundCtx<'_>) -> PolicyDecision
Inbound path: accept / drop / decrypt the packet?
Sourcefn accept_peer(&self, caps: &PeerCapabilities) -> bool
fn accept_peer(&self, caps: &PeerCapabilities) -> bool
SEDP admission: is this peer (according to its capabilities) fundamentally acceptable for a match?
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".