1
0
Fork
You've already forked bac-rules
0
No description
  • Rust 78.3%
  • TypeScript 7.6%
  • Python 5.6%
  • Shell 3.6%
  • HTML 2.7%
  • Other 2.2%
Alexander Bokovoy 495c291b59
All checks were successful
CI / Rustfmt (pull_request) Successful in 2m14s
CI / Build (pull_request) Successful in 10m35s
CI / Examples (pull_request) Successful in 4m57s
CI / Documentation (pull_request) Successful in 9m5s
CI / Benchmark Smoke Test (pull_request) Successful in 9m57s
CI / Clippy (pull_request) Successful in 10m9s
CI / Test Suite (pull_request) Successful in 13m31s
CI / WASM Build (pull_request) Successful in 25m52s
CI / WASM Tests (pull_request) Successful in 8m3s
CI / Rustfmt (push) Successful in 2m1s
CI / Build (push) Successful in 6m21s
CI / Examples (push) Successful in 4m16s
CI / Documentation (push) Successful in 8m27s
CI / Clippy (push) Successful in 9m30s
CI / Benchmark Smoke Test (push) Successful in 10m0s
CI / Test Suite (push) Successful in 11m56s
CI / WASM Build (push) Successful in 20m16s
CI / WASM Tests (push) Successful in 11m19s
docs: update documentation to reflect current WASM implementation state
- Remove deprecated wasm32-wasi target from prerequisites
- Replace stale "fastbloom needs verification" caveat with resolved
 status (bloom feature disabled for WASM via default-features=false)
- Add missing WASM-compatible dependencies (getrandom, js-sys,
 web-sys, console_error_panic_hook) and note feature flags
- Document registerMatcher, getAllRulesJson, and addDimensionAll APIs
 in abac-wasm README
- Document "all" wildcard dimension values in rule JSON format
- Document structured error objects ({type, message}) in both
 abac-wasm and hbac-wasm READMEs
- Add abacQueue.ts and alertManager.ts to typescript-sensors project
 structure listing
- Add abac-wasm and hbac-wasm to introduction.md crate list
- Add WASM examples to getting-started/examples.md
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2026年07月04日 09:25:23 +03:00
.cargo feat(abac-wasm): add WebAssembly bindings for ABAC engine 2026年07月04日 08:31:12 +03:00
.claude/agents feat(claude): add agent definitions for project development 2026年06月30日 14:28:17 +03:00
.github ci: add WASM build/test workflow, scripts, and documentation 2026年07月04日 09:25:23 +03:00
contrib/release chore: update CI and release scripts 2026年07月02日 01:03:31 +03:00
crates docs: update documentation to reflect current WASM implementation state 2026年07月04日 09:25:23 +03:00
docs docs: update documentation to reflect current WASM implementation state 2026年07月04日 09:25:23 +03:00
fixtures feat(fixtures): add missing ABAC baselines 2026年07月03日 08:25:56 +03:00
scripts ci: add WASM build/test workflow, scripts, and documentation 2026年07月04日 09:25:23 +03:00
.gitignore feat(claude): add agent definitions for project development 2026年06月30日 14:28:17 +03:00
Cargo.toml feat(hbac-wasm): add WebAssembly bindings for HBAC engine 2026年07月04日 08:31:12 +03:00
CHANGELOG.md docs: update documentation to reflect current implementation state 2026年07月02日 23:17:21 +03:00
README.md docs: update documentation to reflect current implementation state 2026年07月02日 23:17:21 +03:00

bac-rules

Business Access Control Rules - Rust workspace for FreeIPA-specific access control implementations.

Project: https://codeberg.org/abbra/bac-rules

Documentation

📖 Read the full documentation book (build with mdbook)

Overview

This workspace contains Rust libraries for modeling and evaluating access control systems, with a focus on FreeIPA-specific implementations.

Crates

acls-rs

Algebraically-correct permissions system with RBAC, ABAC, and temporal support. Provides the foundational abstractions for access control.

  • Zero runtime dependencies
  • Algebraic permission composition
  • RBAC and ABAC policy support
  • Temporal permissions

hbac-rs

FreeIPA Host-Based Access Control (HBAC) rule evaluation library. Implements FreeIPA's HBAC semantics on top of the acls-rs foundation.

  • HBAC rule modeling and evaluation
  • Category-based matching (all, specific)
  • Group membership support
  • Compatible with FreeIPA's pyhbac semantics

abac-rs

Generic Attribute-Based Access Control (ABAC) evaluation engine with high-performance optimization pipeline.

  • Arbitrary attribute dimensions (not limited to user/host/service)
  • Multi-type attributes (String, Integer, Float, IpAddr, IpCidr, custom)
  • Pluggable matchers for custom matching logic
  • Bitmap-based deny index and compiled evaluator

See individual crate READMEs for detailed documentation.

Building

# Build all crates
cargo build
# Run tests for all crates
cargo test
# Build specific crate
cargo build --package hbac-rs
# Run examples
cargo run --package hbac-rs --example basic_usage
cargo run --package hbac-rs --example freeipa_simulation

Development

Local CI

Run the complete CI pipeline locally:

# Run all CI jobs
./scripts/local-ci.sh all
# Run specific jobs
./scripts/local-ci.sh build fmt clippy test
# See scripts/README.md for full documentation

Performance Testing

# Run comprehensive benchmark suite
./scripts/bench.sh
# Custom benchmark configuration
./scripts/bench.sh --rules 1000,10000 --scenarios throughput
# Compare performance between commits
./scripts/bench.sh --compare ~/.cache/bac-bench/baseline
# See scripts/README.md for full documentation

License

Licensed under either of:

  • Apache License, Version 2.0
  • MIT license

at your option.