Documentation
¶
Overview ¶
Package routepolicy builds the api-gateway's per-route authorization policy: it resolves a caller's roles and checks a (connection, method, path) tuple against the persona authorizer's APIRoutes rules.
It layers on top of the standard MCP authorizer, which already gates whether a caller may invoke the api-gateway tool at all and on a given connection; this policy adds the per-route (which HTTP method on which path) check that the tool-level gate cannot express.
New returns the concrete *Policy. The package imports only middleware and persona, not pkg/toolkits/apigateway: the SetRoutePolicy call site in pkg/platform is the compile-time proof that *Policy satisfies apigatewaykit.RoutePolicy, so this package does not depend on the toolkit it serves.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Deps ¶
type Deps struct {
// Authenticator is the fallback used to resolve roles for callers that did
// not pass through the standard MCP middleware chain. May be nil.
Authenticator middleware.Authenticator
// Authorizer holds the persona APIRoutes rules the policy enforces.
Authorizer *persona.Authorizer
}
Deps are the dependencies a Policy needs.