enforcement
Module: config::enforcement
Section titled “Module: config::enforcement”Contents
Section titled “Contents”Structs
CapabilityValidationConfig- Capability validation configuration.ConstraintEnforcementConfig- Constraint enforcement configuration.EnforcementConfig- Enforcement engine configuration.MappingConfig- Mapping rules configuration.MappingRuleConfig- A single mapping rule as deserialized from the rules TOML file.MappingRulesFile- Top-level structure of the mapping rules TOML file.
firma_sidecar::config::enforcement::CapabilityValidationConfig
Section titled “firma_sidecar::config::enforcement::CapabilityValidationConfig”Struct
Capability validation configuration.
Fields:
clock_skew_tolerance_seconds: u64- Clock skew tolerance for expiry checks (seconds).
firma_sidecar::config::enforcement::ConstraintEnforcementConfig
Section titled “firma_sidecar::config::enforcement::ConstraintEnforcementConfig”Struct
Constraint enforcement configuration.
Fields:
bundle_ttl_seconds: u64- Policy bundle TTL in seconds. Default: 30.enforcement_timeout_ms: u64- Optional Stage 2 evaluation timeout in milliseconds.
firma_sidecar::config::enforcement::EnforcementConfig
Section titled “firma_sidecar::config::enforcement::EnforcementConfig”Struct
Enforcement engine configuration.
Groups the three enforcement sub-systems: intent-mapping rules, capability validation (Stage 1), and constraint enforcement (Stage 2).
Fields:
mapping: MappingConfig- Intent normalization / mapping rules.capability_validation: CapabilityValidationConfig- Capability validation settings.constraint_enforcement: ConstraintEnforcementConfig- Constraint enforcement settings.
Methods:
fn validate(self: &Self) -> Result<(), String>- Validate the enforcement configuration tree.fn rebase_defaults(self: & mut Self, config_dir: &std::path::Path)- Re-base every relative mapping path (rules_pathand each entry
Trait Implementations:
- Default
fn default() -> EnforcementConfig
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
- Deserialize
fn deserialize<__D>(__deserializer: __D) -> _serde::__private228::Result<Self, <__D as >::Error>
- Clone
fn clone(self: &Self) -> EnforcementConfig
firma_sidecar::config::enforcement::MappingConfig
Section titled “firma_sidecar::config::enforcement::MappingConfig”Struct
Mapping rules configuration.
Fields:
rules_path: String- Path to the primary mapping rules TOML file.rules_paths: Vec<String>- Additional mapping rule files merged on top ofrules_path.default_protected: bool- Whether unlisted hosts are protected by default.
firma_sidecar::config::enforcement::MappingRuleConfig
Section titled “firma_sidecar::config::enforcement::MappingRuleConfig”Struct
A single mapping rule as deserialized from the rules TOML file.
Fields:
method: Option<String>- HTTP method to match (None= any method).host: String- Host pattern to match (supports*wildcard).path: Option<String>- Path pattern to match (supports*wildcard).action_class: String- Canonical action class this rule maps to.
Methods:
fn validate(self: &Self) -> Result<(), String>- Validate a single mapping rule.
Trait Implementations:
- Clone
fn clone(self: &Self) -> MappingRuleConfig
- Deserialize
fn deserialize<__D>(__deserializer: __D) -> _serde::__private228::Result<Self, <__D as >::Error>
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
firma_sidecar::config::enforcement::MappingRulesFile
Section titled “firma_sidecar::config::enforcement::MappingRulesFile”Struct
Top-level structure of the mapping rules TOML file.
Fields:
rules: Vec<MappingRuleConfig>- Individual mapping rules.
Methods:
fn validate(self: &Self) -> Result<(), String>- Validate all rules in the file.
Trait Implementations:
- Clone
fn clone(self: &Self) -> MappingRulesFile
- Deserialize
fn deserialize<__D>(__deserializer: __D) -> _serde::__private228::Result<Self, <__D as >::Error>
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result