Skip to content
OpenFirma OpenFirma
Blog

normalizer

Module: normalizer

Section titled “Module: normalizer”

Contents

Section titled “Contents”

Structs

  • IntentNormalizer - Maps raw intercepted requests to canonical [NormalizedEnvelope] instances.
  • NormalizedEnvelope - Output of the intent normalizer — contains only the fields the normalizer can fill.
  • RawRequest - Raw intercepted request — the input to the enforcement pipeline.

firma_sidecar::normalizer::IntentNormalizer

Section titled “firma_sidecar::normalizer::IntentNormalizer”

Struct

Maps raw intercepted requests to canonical [NormalizedEnvelope] instances.

Uses the MappingTable to find the matching action class, then builds a NormalizedEnvelope with the five intent sub-fields and a timestamp. Fields that depend on token validation (capability, session_id, agent_id) are populated later by the pipeline.

Methods:

  • fn new(mapping_table: MappingTable) -> Self
  • fn normalize(self: &Self, request: &RawRequest) -> Result<NormalizedEnvelope, EnforcementDecision> - Normalize a raw request into a [NormalizedEnvelope].

Trait Implementations:

  • Debug
    • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result

firma_sidecar::normalizer::NormalizedEnvelope

Section titled “firma_sidecar::normalizer::NormalizedEnvelope”

Struct

Output of the intent normalizer — contains only the fields the normalizer can fill.

Missing fields (capability, agent_id, session_id) are populated by the pipeline after Stage 1 validation when constructing the full ExecutionEnvelope.

Fields:

  • intent: firma_core::ExecutionIntent
  • timestamp: chrono::DateTime<chrono::Utc>

Trait Implementations:

  • Clone
    • fn clone(self: &Self) -> NormalizedEnvelope
  • Debug
    • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result

firma_sidecar::normalizer::RawRequest

Section titled “firma_sidecar::normalizer::RawRequest”

Struct

Raw intercepted request — the input to the enforcement pipeline.

Produced by an Interceptor from transport-specific input and consumed by [IntentNormalizer] to build a canonical [NormalizedEnvelope]. All three interception modes (HTTP proxy, gRPC hook, Unix socket) produce an identical RawRequest, keeping downstream stages transport-agnostic.

Sensitive headers (authorization, cookie, x-api-key) are stripped during normalization and never reach policy evaluation.

Fields:

  • method: String - HTTP method verb (e.g. GET, POST, DELETE).
  • host: String - Target host or domain (e.g. api.stripe.com).
  • path: String - Request path including any query string (e.g. /v1/charges).
  • headers: std::collections::HashMap<String, String> - HTTP headers as key-value pairs.
  • body: Option<Vec<u8>> - Optional request body as raw bytes.
  • is_https: bool - Whether the original request used HTTPS.

Trait Implementations:

  • Debug
    • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result