VAC is a capability-based security system using a sidecar pattern.
- Control Plane (trusted): Issues Root Biscuits, heartbeats, revocation, kill switch.
- Sidecar (semi-trusted): Verifies Biscuits, evaluates Datalog policies, mints receipts, injects API keys. Can be compromised; mitigation: short-lived session keys, heartbeat revocation.
- Agent (untrusted): Never sees API keys; carries receipts; all requests go through sidecar.
Sidecar (sidecar/): main.rs (routing), config.rs, state.rs, biscuit.rs, receipt.rs, policy.rs, proxy.rs, heartbeat.rs, revocation.rs, adapter.rs, delegation.rs.
Control Plane (control-plane/): Mock server — heartbeat, revocation, kill switch, sidecar registry.
- Extract token, correlation ID, receipts.
- Verify Root Biscuit (revocation check, signature).
- Verify receipts (signature, expiry, correlation ID match); inject
prior_eventfacts. - Add context facts (
operation,correlation_id). - Evaluate Datalog policy (fail-closed).
- If allow: forward to upstream with API key; on 2xx, mint receipt and add
X-VAC-Receipt.
Sidecar is stateless for request processing. Session key rotates every 5 min; receipts expire in 5 min + 30s. Agents carry receipts; policy uses receipt facts, not a DB.
- Fail-closed: Deny unless policy explicitly allows.
- Bounded risk: Session key rotation (5 min), heartbeat (60s), receipt expiry (5 min).