capability_map

Module: enforcement::capability_map

Contents

Structs

• CapabilityEntry - A pre-provisioned capability token with pre-parsed claims.
• CapabilityMap - Holds pre-provisioned capability tokens and selects the best match

---

firma_sidecar::enforcement::capability_map::CapabilityEntry

Struct

A pre-provisioned capability token with pre-parsed claims.

Fields:

• raw_token: String - Raw signed token string for Stage 1 validation.
• claims: firma_core::CapabilityClaims - Pre-parsed claims for fast selection (parsed at load time).

Trait Implementations:

• Clone
  • fn clone(self: &Self) -> CapabilityEntry
• Debug
  • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result

firma_sidecar::enforcement::capability_map::CapabilityMap

Struct

Holds pre-provisioned capability tokens and selects the best match based on action class and resource.

Tokens are indexed by action class at construction time so that select() only scores the subset of entries that can possibly match, avoiding a full linear scan on every request.

The agent knows nothing about Firma — the sidecar selects the correct token internally after intent normalization (ADR-002).

Methods:

• fn new(entries: Vec<CapabilityEntry>) -> Self - Create a new capability map from pre-provisioned entries.
• fn select(self: &Self, session_id: &str, action_class: &str, resource: &str) -> Result<&CapabilityEntry, EnforcementDecision> - Select the best-matching token for the given action and resource.
• fn len(self: &Self) -> usize - Return the number of entries in the map.
• fn is_empty(self: &Self) -> bool - Check if the map is empty.

Trait Implementations:

• Debug
  • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result