feat: permission annotations in Rust doc comments and codegen#209
Open
filvecchiato wants to merge 2 commits into
Open
feat: permission annotations in Rust doc comments and codegen#209filvecchiato wants to merge 2 commits into
filvecchiato wants to merge 2 commits into
Conversation
pgherveou
reviewed
Jun 11, 2026
pgherveou
left a comment
pgherveou
left a comment
Collaborator
There was a problem hiding this comment.
not sure the audit files belong here.
they should probably be issues in the related repo instead.
We should think of a way to automate this.
e2e tests should validate that permission gated methods show the permission modal on top of checking the results
Collaborator
Author
|
Host-specific permission compliance issues filed:
|
filvecchiato
force-pushed
the
docs/permission-requirements
branch
4 times, most recently
from
8b33234 to
d520726
Compare
pgherveou
reviewed
Jun 22, 2026
pgherveou
left a comment
pgherveou
left a comment
Collaborator
There was a problem hiding this comment.
We should really add these information directly in the rust docstring, so that host that implement it can get the information directly from the definitions.
We can then, extract that to enrich the explorer with these informations.
I believe that will be easier to consume from the explorer than searching markdown in the repo
filvecchiato
force-pushed
the
docs/permission-requirements
branch
from
ff535b3 to
d28d214
Compare
filvecchiato
changed the title
Embed `# Permissions` sections in API trait method doc comments so hosts can extract permission requirements directly from the rustdoc JSON output. The codegen pipeline parses these sections and emits `permissions` metadata in the generated TypeScript playground/explorer service descriptors. Methods with no permission requirements carry no `# Permissions` section at all. Annotated methods declare a combination of: - **auth**: whether authentication is required - **prompt**: user-facing confirmation dialog - **permission**: named permission gate (RemotePermission/DevicePermission) - **denial_error**: error variant returned on denial Includes `docs/host-permission-requirements.md` — the canonical permission matrix for all TrUAPI methods across tiers.
filvecchiato
force-pushed
the
docs/permission-requirements
branch
from
d28d214 to
fd47c43
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
# Permissionssections in API trait method doc comments (rust/crates/truapi/src/api/*.rs) declaring each method's authentication, prompt, permission gate, and denial error requirementstruapi-codegento parse# Permissionsfrom rustdoc JSON and emitpermissionsmetadata in generated TypeScript service descriptorsMethodPermissionstype toservices-types.tsfor downstream consumers (explorer, playground)docs/host-permission-requirements.md— the canonical permission matrix covering all ~55 TrUAPI methods across four tiersMethods with no permission requirements carry no annotation. Annotated methods declare a combination of
auth,prompt,permission, anddenial_errorkeys.Test plan
cargo build --workspacecompiles cleanlycargo clippy --workspace --all-targets --all-features -- -D warningspassescargo test --workspacepasses./scripts/codegen.shregenerates TS withpermissionsobjects inservices.ts