Add a Zanzibar-style relationship-based access control engine with
OPA-style ABAC condition evaluation. Policies, roles, resources, and
grants are defined in KDL files loaded from a configured directory at
startup. Exposes a read-only REST API (POST /v1/check, /v1/expand,
GET /healthz) on a dedicated port when authz.enabled = true.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace raw SQL CREATE TABLE statements with proper SeaORM migration
system. This eliminates verbose SQL logs on startup and provides
proper migration tracking and rollback support.
Changes:
- Add sea-orm-migration dependency and migration crate
- Create initial migration (m20250101_000001) with all 8 tables
- Update storage::init() to only connect to database
- Run migrations automatically in main.rs on startup
- Remove unused detect_backend() function and imports
The migration system properly handles both SQLite and PostgreSQL
backends with appropriate type handling (e.g., BIGSERIAL vs INTEGER
for auto-increment columns).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Cargo.lock should be committed for applications (not libraries) to ensure
reproducible builds across environments. This is required for Docker builds
and is the recommended practice per Rust guidelines.
Removed Cargo.lock from:
- .gitignore
- .dockerignore
This fixes the Docker build error:
ERROR: "/Cargo.lock": not found
