Skip to content
OpenFirma
Search
Ctrl
K
Cancel
GitHub
RSS
Blog
Select theme
Dark
Light
Auto
Blog
Start Here
Overview
Quickstart
Concepts
Architecture & invariants
The enforcement pipeline
Action classes
Capabilities
Policies
Interception
Connectors
The sandbox boundary
Threat model & bypasses
User Guides
Initialize a project (firma init)
Run the sidecar standalone
Inspect live sidecars (firma sidecar status)
Start & monitor the daemon (firma sidecar & monitor)
Diagnose with firma doctor
Write your first Cedar policy
Test policies offline (firma policy)
Issue capability tokens
Wrap an agent with firma run
Enable HTTPS MITM
Extend the action-class mapping
Inject credentials
Read & verify the audit log
Secure a local coding agent
Deploy a GenAI web app
Rust API Reference
Rust API Reference
firma_authority
firma-authority
Crate root
authorized_clients
cedar_loader
config
issuance
profiles
profiles
developer
revocation
seed
server
service
startup
startup
log_contract
tls_verifier
firma_config
firma_config
Crate root
provider
resolver
schema
firma_core
firma-core
Crate root
agent
cedar
connector
credential
decision
envelope
policy
session
token
token
paseto
transport
firma_demo_fixture
firma-demo-fixture
Crate root
firma_grpc_interceptor_proto
firma-grpc-interceptor-proto
Crate root
firma
firma
interceptor
interceptor
v1
v1
interceptor_hook_client
interceptor_hook_server
firma_proto
firma-proto
Crate root
firma
firma
v1
v1
audit_service_client
audit_service_server
authority_service_client
authority_service_server
execution_intent
firma_run
firma-run
Crate root
authority
authority
config
prompt
selection
supervisor
backend
backend
firecracker
linux_bwrap
macos_vz
windows_wsl2
capability
config
dns_stub
error
identity
mediator
proxy_bridge
routing
runtime
seccomp
sidecar
sidecar
selection
supervisor
firma_sidecar
firma-sidecar
Crate root
audit
audit
builder
sink
file
grpc
stdout
wal
authority_client
authority_client
backoff
channel
policy_bundle
readiness
revocation
swappable_policy
config
config
audit
authority
capability_seed
connector
enforcement
revocation
connector
connector
provider
http
registry
credential
credential
provider
basic
composite
vault
enforcement
enforcement
capability_map
capability_validation
cedar_evaluator
constraint_enforcement
decision
error
registry
revocation
revocation
metrics
session_state
handler
health
interceptor
interceptor
grpc
http
unix_socket
local_exec
local_exec
endpoint
handler
token_store
normalizer
normalizer
mapping
pipeline
startup
startup
audit
authority
capability
connector
credential
interceptor
local_exec
log_contract
pipeline
preflight
firma_stack
firma_stack
Crate root
config
error
pidfile
runtime_paths
shutdown_event
sidecar_markers
start
state_dir
status
stop
GitHub
RSS
Blog
Select theme
Dark
Light
Auto
interceptor
Module: firma::interceptor
Section titled “Module: firma::interceptor”
Contents
Section titled “Contents”
Modules
v1
Module: v1
Section titled “Module: v1”
