Mountain/IPC/Security/mod.rs
1//! # Security Module (IPC)
2//!
3//! ## RESPONSIBILITIES
4//! This module provides role-based access control (RBAC) and security auditing
5//! for IPC operations. It validates permissions for all incoming IPC messages
6//! and logs security events for audit trails.
7//!
8//! ## ARCHITECTURAL ROLE
9//! This module is the security layer in the IPC architecture, sitting between
10//! the message router and handlers to enforce permission policies.
11//!
12//! ## KEY COMPONENTS
13//!
14//! - **PermissionManager**: Validates permissions and manages role/permission
15//! definitions
16//! - **Role**: Role definitions with associated permissions
17//! - **Permission**: Individual permission definitions
18//!
19//! ## ERROR HANDLING
20//! Permission validation returns Result types with descriptive errors for
21//! debugging access denials.
22//!
23//! ## LOGGING
24//! Info-level security event logging, debug for permission checks, error for
25//! violations.
26//!
27//! ## PERFORMANCE CONSIDERATIONS
28//! - Permission definitions cached in RwLock for fast concurrent access
29//! - Role resolution optimized with HashMap lookups
30//! - Audit log limited to last 1000 events to prevent memory bloat
31//!
32//! ## TODO
33//! - Add permission caching with TTL
34//! - Implement permission inheritance
35//! - Add permission alias support
36//! - Implement group-based permissions
37
38pub mod PermissionManager;
39pub mod Role;
40pub mod Permission;
41
42// Note: Consumers should use Security::PermissionManager::PermissionManager
43// This avoids naming conflicts between module name and type name