From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 15 Jul 2025 16:37:08 -0600
Subject: feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
---
 vendor/bytes/src/serde.rs | 89 -----------------------------------------------
 1 file changed, 89 deletions(-)
 delete mode 100644 vendor/bytes/src/serde.rs

(limited to 'vendor/bytes/src/serde.rs')

diff --git a/vendor/bytes/src/serde.rs b/vendor/bytes/src/serde.rs
deleted file mode 100644
index 0a5bd144..00000000
--- a/vendor/bytes/src/serde.rs
+++ /dev/null
@@ -1,89 +0,0 @@
-use super::{Bytes, BytesMut};
-use alloc::string::String;
-use alloc::vec::Vec;
-use core::{cmp, fmt};
-use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
-
-macro_rules! serde_impl {
-    ($ty:ident, $visitor_ty:ident, $from_slice:ident, $from_vec:ident) => {
-        impl Serialize for $ty {
-            #[inline]
-            fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-            where
-                S: Serializer,
-            {
-                serializer.serialize_bytes(&self)
-            }
-        }
-
-        struct $visitor_ty;
-
-        impl<'de> de::Visitor<'de> for $visitor_ty {
-            type Value = $ty;
-
-            fn expecting(&self, formatter: &mut fmt::Formatter<'_>) -> fmt::Result {
-                formatter.write_str("byte array")
-            }
-
-            #[inline]
-            fn visit_seq<V>(self, mut seq: V) -> Result<Self::Value, V::Error>
-            where
-                V: de::SeqAccess<'de>,
-            {
-                let len = cmp::min(seq.size_hint().unwrap_or(0), 4096);
-                let mut values: Vec<u8> = Vec::with_capacity(len);
-
-                while let Some(value) = seq.next_element()? {
-                    values.push(value);
-                }
-
-                Ok($ty::$from_vec(values))
-            }
-
-            #[inline]
-            fn visit_bytes<E>(self, v: &[u8]) -> Result<Self::Value, E>
-            where
-                E: de::Error,
-            {
-                Ok($ty::$from_slice(v))
-            }
-
-            #[inline]
-            fn visit_byte_buf<E>(self, v: Vec<u8>) -> Result<Self::Value, E>
-            where
-                E: de::Error,
-            {
-                Ok($ty::$from_vec(v))
-            }
-
-            #[inline]
-            fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
-            where
-                E: de::Error,
-            {
-                Ok($ty::$from_slice(v.as_bytes()))
-            }
-
-            #[inline]
-            fn visit_string<E>(self, v: String) -> Result<Self::Value, E>
-            where
-                E: de::Error,
-            {
-                Ok($ty::$from_vec(v.into_bytes()))
-            }
-        }
-
-        impl<'de> Deserialize<'de> for $ty {
-            #[inline]
-            fn deserialize<D>(deserializer: D) -> Result<$ty, D::Error>
-            where
-                D: Deserializer<'de>,
-            {
-                deserializer.deserialize_byte_buf($visitor_ty)
-            }
-        }
-    };
-}
-
-serde_impl!(Bytes, BytesVisitor, copy_from_slice, from);
-serde_impl!(BytesMut, BytesMutVisitor, from, from_vec);
-- 
cgit v1.2.3