Skip to content
OpenFirma OpenFirma
Blog

session_state

Module: enforcement::session_state

Section titled “Module: enforcement::session_state”

Contents

Section titled “Contents”

Structs

  • LruSessionStateStore - In-memory LRU-capped SessionStateStore for V1. Single-process only.
  • RuntimeSignals - Runtime signals sourced from the session store and passed into

Traits

firma_sidecar::enforcement::session_state::LruSessionStateStore

Section titled “firma_sidecar::enforcement::session_state::LruSessionStateStore”

Struct

In-memory LRU-capped SessionStateStore for V1. Single-process only.

Methods:

  • fn new(capacity: usize) -> Self - Construct with an explicit capacity (minimum 1).
  • fn with_default_capacity() -> Self - Construct with the default capacity (DEFAULT_CAPACITY).

Trait Implementations:

  • SessionStateStore
    • fn record_action(self: &Self, session_id: &SessionId) -> u64
    • fn signals(self: &Self, session_id: &SessionId) -> RuntimeSignals
  • Default
    • fn default() -> Self

firma_sidecar::enforcement::session_state::RuntimeSignals

Section titled “firma_sidecar::enforcement::session_state::RuntimeSignals”

Struct

Runtime signals sourced from the session store and passed into Stage 2 for Cedar context construction.

Built by the pipeline on every admitted request, used by ConstraintEnforcer::build_context() and then reused to populate the outgoing ExecutionMetadata so audit and enforcement see the same numbers.

Fields:

  • action_count: u64 - Number of calls observed in the current session, including this
  • budget_consumed: f64 - Cumulative budget used in this session. V1 placeholder = 0.0.
  • risk_score: f64 - Static or pre-computed numeric risk attribute. V1 placeholder

Methods:

  • fn budget_remaining_long(self: &Self, ceiling: Option<f64>) -> i64 - Compute budget_remaining as a Cedar Long (i64). None
  • fn risk_score_long(self: &Self) -> i64 - risk_score as a Cedar Long — floor-rounded.

Traits: Copy

Trait Implementations:

  • Debug
    • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
  • PartialEq
    • fn eq(self: &Self, other: &RuntimeSignals) -> bool
  • Clone
    • fn clone(self: &Self) -> RuntimeSignals

firma_sidecar::enforcement::session_state::SessionStateStore

Section titled “firma_sidecar::enforcement::session_state::SessionStateStore”

Trait

Per-session runtime state used by Stage 2.

Implementations must be Send + Sync — the pipeline holds them in an Arc and every request reads/writes through a shared reference.

Methods:

  • record_action: Record an admitted call for session_id and return the new
  • signals: Read the current signals for session_id. Returns defaults