Bringing web accessibility education to your favorite online IDE
Axess CRM
SDK to integrate with Axess AI's event system
Type definitions for Axessplace
An accessible datepicker. Supports natural language manual input, keyboard and screen readers.
haynespro workshopdata ati !!link!! 16
Modular authentication and authorization for Axum. Typed session state machine, multi-factor authentication (password, TOTP, FIDO2, OAuth/OIDC), Cedar Policy authorization, and deterministic simulation testing.
Core implementation for the axess library. Session state machine, multi-factor authentication engine, Cedar Policy evaluation, and pluggable storage backends. Use the `axess` facade crate unless you need direct access to internals.
Identity primitives for the axess workspace: typed identifiers (TenantId, UserId, DeviceId, SessionId, EventId; all `FooId(Uuid)` newtypes via the `define_id!` macro) plus the principal abstraction (unified `Principal` enum with `Human` + `Workload` variants, SPIFFE-shaped `WorkloadId` / `TrustDomain` / `Issuer`, and the async `PrincipalResolver` trait + `CliResolver` impl). Foundation crate, deliberately small: depends only on `axess-rng` (for the DST-injectable `SecureRng` trait), `uuid`, and `thiserror`. No tokio, no axum, no Cedar; axess-core layers session integration plus Cedar entity emission on top of these primitives. See `docs/workload-identity/README.md` for the broader design.
Auth guard macros for axess: require_authn!, require_partial_authn!, require_authz! for Axum handlers.
DST-friendly local hot-path cache primitives for the axess auth library. All time-dependent decisions go through an injected `Clock` from the `axess-clock` crate, so TTL eviction is reproducible under MockClock. The flagship type, `ClockTtlCache`, is a TTL+LRU cache that replaces moka in any code path where DST or compliance forbids wall-clock internal timers.
Shared event vocabulary for the axess workspace and platform domains. The Event<P> envelope carries cross-cutting metadata (id, time, tenant, kind, subject, actor, trace context, status) while leaving the payload type-parameterised per domain. EventSink<P> is the trait every producer rides; concrete sinks include a no-op default and a LogAndSwallow wrapper for best-effort emission paths.
Authentication factor implementations for axess: Argon2id passwords, TOTP (RFC 6238), HOTP (RFC 4226), FIDO2, LDAP, mTLS, OAuth/OIDC, JWT, bearer.
Injectable Clock trait for deterministic simulation testing (DST). Foundational primitive used by axess and adjacent crates: production code depends on the `Clock` trait, tests inject `MockClock` to make time-dependent behaviour reproducible.
Short, hot-path string primitive for the axess workspace. ShortString is optimized for the workload of short identifiers that are hashed, compared, and cloned at high volume: event taxonomy tags, factor names, routing discriminators. The current internal representation is a placeholder (heap Box<str> + &'static str) suitable for getting the API contract in place; it will be swapped to an Umbra-style 16-byte representation in a follow-up commit. The public API is stable across the swap.
Injectable cryptographically-secure RNG trait for deterministic simulation testing (DST). Production code depends on the `SecureRng` trait; tests inject `MockRng` (a seeded PRNG) for reproducible randomness in auth flows, token issuance, and key generation.