{"id":36236326,"url":"https://github.com/inferadb/rust","last_synced_at":"2026-01-11T06:00:10.590Z","repository":{"id":329896939,"uuid":"1117393752","full_name":"inferadb/rust","owner":"inferadb","description":"InferaDB Rust SDK — type-safe, ergonomic access to distributed ReBAC authorization APIs, designed for low-latency permission checks in modern SaaS and AI workloads.","archived":false,"fork":false,"pushed_at":"2025-12-31T07:13:10.000Z","size":1047,"stargazers_count":1,"open_issues_count":4,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-04T10:12:36.963Z","etag":null,"topics":["access-control","async","authorization","client-library","derive-macro","fine-grained-access-control","grpc","inferadb","permissions","rebac","rust","sdk","tokio","tonic","zanzibar"],"latest_commit_sha":null,"homepage":"https://inferadb.com","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/inferadb.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-16T08:54:01.000Z","updated_at":"2025-12-31T18:03:52.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/inferadb/rust","commit_stats":null,"previous_names":["inferadb/rust"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/inferadb/rust","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Frust","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Frust/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Frust/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Frust/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/inferadb","download_url":"https://codeload.github.com/inferadb/rust/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Frust/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28293188,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-11T04:44:51.577Z","status":"ssl_error","status_checked_at":"2026-01-11T04:44:44.232Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","async","authorization","client-library","derive-macro","fine-grained-access-control","grpc","inferadb","permissions","rebac","rust","sdk","tokio","tonic","zanzibar"],"created_at":"2026-01-11T06:00:10.392Z","updated_at":"2026-01-11T06:00:10.564Z","avatar_url":"https://github.com/inferadb.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n    \u003cp\u003e\u003ca href=\"https://inferadb.com\"\u003e\u003cimg src=\".github/inferadb.png\" width=\"100\" /\u003e\u003c/a\u003e\u003c/p\u003e\n    \u003ch1\u003eInferaDB Rust SDK\u003c/h1\u003e\n    \u003cp\u003e\n        \u003ca href=\"https://discord.gg/inferadb\"\u003e\u003cimg src=\"https://img.shields.io/badge/Discord-Join%20us-5865F2?logo=discord\u0026logoColor=white\" alt=\"Discord\" /\u003e\u003c/a\u003e\n        \u003ca href=\"https://crates.io/crates/inferadb\"\u003e\u003cimg src=\"https://img.shields.io/crates/v/inferadb.svg\" alt=\"Crates.io\" /\u003e\u003c/a\u003e\n        \u003ca href=\"https://docs.rs/inferadb\"\u003e\u003cimg src=\"https://docs.rs/inferadb/badge.svg\" alt=\"Docs.rs\" /\u003e\u003c/a\u003e\n        \u003ca href=\"https://codecov.io/github/inferadb/rust\"\u003e\u003cimg src=\"https://codecov.io/github/inferadb/rust/branch/main/graph/badge.svg?token=HBlxbXsvny\" alt=\"Code Coverage\" /\u003e\u003c/a\u003e\n        \u003ca href=\"#license\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT%2FApache--2.0-blue.svg\" alt=\"License\" /\u003e\u003c/a\u003e\n    \u003c/p\u003e\n    \u003cp\u003eType-safe Rust client for InferaDB\u003c/p\u003e\n\u003c/div\u003e\n\n\u003e [!IMPORTANT]\n\u003e Under active development. Not production-ready.\n\n[InferaDB](https://inferadb.com/) is a [Zanzibar](https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/)-inspired authorization engine. Define permissions as policy-as-code; integrate in a few lines.\n\n- **Async-first:** Built on [Tokio](https://crates.io/crates/tokio) and [Tracing](https://crates.io/crates/tracing)\n- **Compile-time safety:** Catch permission model mistakes before production\n- **Standards-based:** [AuthZEN](https://openid.net/wg/authzen/) compliant with multi-tenant isolation\n\n## Quick Start\n\n1. Sign up for an account at [InferaDB](https://inferadb.com/) and create a new organization and vault.\n\n2. Run the following Cargo command in your project directory:\n\n   ```shell\n   cargo add inferadb\n   ```\n\n3. In your project, create and configure a client instance:\n\n   ```rust\n   use inferadb::prelude::*;\n\n   #[tokio::main]\n   async fn main() -\u003e Result\u003c(), Error\u003e {\n       let client = Client::builder()\n           .url(\"https://api.inferadb.com\")\n           .credentials(ClientCredentialsConfig {\n               client_id: \"my_service\".into(),\n               private_key: Ed25519PrivateKey::from_pem_file(\"private-key.pem\")?,\n           })\n           .build()\n           .await?;\n\n       let vault = client.organization(\"org_...\").vault(\"vlt_...\");\n\n       let allowed = vault.check(\"user:alice\", \"view\", \"document:readme\").await?;\n       println!(\"Allowed: {allowed}\");\n\n       Ok(())\n   }\n   ```\n\n## In Action\n\n### \"Can this user do this?\"\n\nThe most common authorization question. One line:\n\n```rust\nif vault.check(\"user:alice\", \"edit\", \"document:readme\").await? {\n    // allow the edit\n}\n```\n\n### \"Who can access this?\"\n\nBuilding a share dialog or audit view? List all subjects with access:\n\n```rust\nlet viewers = vault.subjects()\n    .with_permission(\"view\")\n    .on_resource(\"document:readme\")\n    .collect()\n    .await?;\n// [\"user:alice\", \"user:bob\", \"team:engineering\"]\n```\n\n### \"What can this user see?\"\n\nFilter a dashboard or search results by accessible resources:\n\n```rust\nlet docs = vault.resources()\n    .accessible_by(\"user:alice\")\n    .with_permission(\"view\")\n    .of_type(\"document\")\n    .collect()\n    .await?;\n```\n\n### \"Grant access to a team\"\n\nWhen Alice shares a folder with her team, all team members gain access:\n\n```rust\nvault.relationships()\n    .write(Relationship::new(\"folder:designs\", \"viewer\", \"team:engineering\"))\n    .await?;\n```\n\n### \"Inherit permissions from a parent\"\n\nDocuments inherit their parent folder's permissions:\n\n```rust\nvault.relationships()\n    .write(Relationship::new(\"document:spec\", \"parent\", \"folder:designs\"))\n    .await?;\n\n// Now anyone who can view the folder can view the document\n```\n\n### \"Check multiple permissions at once\"\n\nRendering edit, delete, and share buttons? Check all permissions in one call:\n\n```rust\nlet [can_edit, can_delete, can_share] = vault.batch_check(\u0026[\n    (\"user:alice\", \"edit\", \"document:readme\"),\n    (\"user:alice\", \"delete\", \"document:readme\"),\n    (\"user:alice\", \"share\", \"document:readme\"),\n]).await?[..] else { unreachable!() };\n```\n\n## Usage\n\n### Authorization API\n\n```rust\nlet vault = client.organization(\"org_...\").vault(\"vlt_...\");\n```\n\n#### Permission Checks\n\n```rust\nlet allowed = vault.check(\"user:alice\", \"view\", \"doc:1\").await?;\n```\n\n#### Relationships\n\n```rust\nvault.relationships()\n    .write(Relationship::new(\"document:readme\", \"viewer\", \"user:alice\"))\n    .await?;\n```\n\n#### Lookups\n\n```rust\nlet docs = vault.resources()\n    .accessible_by(\"user:alice\")\n    .with_permission(\"view\")\n    .collect()\n    .await?;\n```\n\nSee the [Authorization API Guide](docs/guides/authorization-api.md) for ABAC context, batch checks, explain, simulate, and watch.\n\n### Management API\n\n```rust\nlet org = client.organization(\"org_...\");\n```\n\n#### Vaults\n\n```rust\nlet vault = org.vaults()\n    .create(CreateVaultRequest::new(\"production\"))\n    .await?;\n```\n\n#### Schemas\n\n```rust\nvault.schemas().push(r#\"\ntype user {}\n\ntype document {\n    relation viewer: user\n    permission view = viewer\n}\n\"#).await?;\n```\n\n#### Members \u0026 Teams\n\n```rust\norg.members()\n    .invite(InviteMemberRequest::new(\"alice@example.com\", OrgRole::Admin))\n    .await?;\n\norg.teams()\n    .create(CreateTeamRequest::new(\"Engineering\"))\n    .await?;\n```\n\n#### Audit Logs\n\n```rust\nlet events = org.audit().list().collect().await?;\n```\n\nSee the [Management API Guide](docs/guides/management-api.md) for organizations, API clients, schema versioning, and more.\n\n## Local Development\n\n[Deploy InferaDB locally](https://github.com/inferadb/deploy/), then configure your client:\n\n```rust\nlet client = Client::builder()\n    .url(\"http://localhost:8080\")\n    .insecure()  // Disables TLS verification for local development\n    .credentials(BearerCredentialsConfig {\n        token: \"dev-token\".into(),\n    })\n    .build()\n    .await?;\n```\n\n## Testing\n\nUse `MockClient` for unit tests:\n\n```rust\nuse inferadb::testing::{AuthorizationClient, MockClient};\n\n#[tokio::test]\nasync fn test_authorization() {\n    let mock = MockClient::builder()\n        .check(\"user:alice\", \"view\", \"document:readme\", true)\n        .check(\"user:bob\", \"delete\", \"document:readme\", false)\n        .build();\n\n    assert!(mock\n        .check(\"user:alice\", \"view\", \"document:readme\")\n        .await\n        .unwrap());\n}\n```\n\nSee the [Testing Guide](docs/guides/testing.md) for `InMemoryClient` (full policy evaluation) and integration testing patterns.\n\n## Documentation\n\n- [API Reference](https://docs.rs/inferadb) - Full rustdoc documentation\n\n### Guides\n\n| Topic                                                       | Description                                       |\n| ----------------------------------------------------------- | ------------------------------------------------- |\n| [Installation](docs/guides/installation.md)                 | Feature flags, optimized builds, TLS, MSRV        |\n| [Authentication](docs/guides/authentication.md)             | Client credentials, bearer tokens, key management |\n| [Authorization API](docs/guides/authorization-api.md)       | Permission checks, relationships, lookups, watch  |\n| [Integration Patterns](docs/guides/integration-patterns.md) | Axum, Actix-web, GraphQL, gRPC middleware         |\n| [Error Handling](docs/guides/errors.md)                     | Error types, retries, graceful degradation        |\n| [Testing](docs/guides/testing.md)                           | MockClient, InMemoryClient, TestVault             |\n| [Schema Design](docs/guides/schema-design.md)               | ReBAC patterns, role hierarchy, anti-patterns     |\n| [Production Checklist](docs/guides/production-checklist.md) | Deployment readiness                              |\n| [Troubleshooting](docs/troubleshooting.md)                  | Common issues and solutions                       |\n\nSee [docs/README.md](docs/README.md) for the complete documentation index.\n\n## Examples\n\n```bash\ncargo run -p inferadb-examples --bin basic_check\ncargo run -p inferadb-examples --bin batch_operations\ncargo run -p inferadb-examples --bin axum_middleware\n```\n\n## Development\n\n```bash\n# Setup (one-time)\nmise trust \u0026\u0026 mise install\nrustup component add rustfmt clippy\nrustup toolchain install nightly --component rustfmt\n\n# Build\ncargo build --workspace --all-features\n\n# Run tests\ncargo test --lib\n\n# Format and lint\ncargo +nightly fmt --all\ncargo clippy --workspace --all-targets -- -D warnings\n\n# Generate documentation\ncargo doc --workspace --no-deps --open\n\n# Code coverage\ncargo llvm-cov --lib --ignore-filename-regex 'proto|inferadb\\.authorization\\.v1'\n```\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for development setup and guidelines.\n\n## Community\n\nJoin us on [Discord](https://discord.gg/inferadb) for questions, discussions, and contributions.\n\n## License\n\nDual-licensed under [MIT](LICENSE-MIT) or [Apache 2.0](LICENSE-APACHE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finferadb%2Frust","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finferadb%2Frust","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finferadb%2Frust/lists"}