From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 15 Jul 2025 16:37:08 -0600
Subject: feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
---
 vendor/logos-codegen/src/util.rs | 64 ----------------------------------------
 1 file changed, 64 deletions(-)
 delete mode 100644 vendor/logos-codegen/src/util.rs

(limited to 'vendor/logos-codegen/src/util.rs')

diff --git a/vendor/logos-codegen/src/util.rs b/vendor/logos-codegen/src/util.rs
deleted file mode 100644
index 156de035..00000000
--- a/vendor/logos-codegen/src/util.rs
+++ /dev/null
@@ -1,64 +0,0 @@
-use proc_macro2::{Spacing, Span, TokenStream, TokenTree};
-use quote::{quote, ToTokens};
-use syn::Ident;
-
-/// Analog to Option<TokenStream>, except when put into the quote!
-/// macro, `MaybeVoid::Void` will produce `()`
-#[derive(Clone, Default)]
-pub enum MaybeVoid {
-    Some(TokenStream),
-    #[default]
-    Void,
-}
-
-impl MaybeVoid {
-    pub fn replace(&mut self, stream: TokenStream) -> MaybeVoid {
-        std::mem::replace(self, MaybeVoid::Some(stream))
-    }
-
-    pub fn take(&mut self) -> MaybeVoid {
-        std::mem::replace(self, MaybeVoid::Void)
-    }
-}
-
-impl ToTokens for MaybeVoid {
-    fn to_tokens(&self, out: &mut TokenStream) {
-        match self {
-            MaybeVoid::Some(stream) => out.extend(stream.clone()),
-            MaybeVoid::Void => out.extend(quote!(())),
-        }
-    }
-
-    fn to_token_stream(&self) -> TokenStream {
-        match self {
-            MaybeVoid::Some(stream) => stream.clone(),
-            MaybeVoid::Void => quote!(()),
-        }
-    }
-
-    fn into_token_stream(self) -> TokenStream {
-        match self {
-            MaybeVoid::Some(stream) => stream,
-            MaybeVoid::Void => quote!(()),
-        }
-    }
-}
-
-pub fn is_punct(tt: &TokenTree, expect: char) -> bool {
-    matches!(tt, TokenTree::Punct(punct) if punct.as_char() == expect && punct.spacing() == Spacing::Alone)
-}
-
-/// If supplied `tt` is a punct matching a char, returns `None`, else returns `tt`
-pub fn expect_punct(tt: Option<TokenTree>, expect: char) -> Option<TokenTree> {
-    tt.filter(|tt| !is_punct(tt, expect))
-}
-
-pub trait ToIdent {
-    fn to_ident(&self) -> Ident;
-}
-
-impl ToIdent for str {
-    fn to_ident(&self) -> Ident {
-        Ident::new(self, Span::call_site())
-    }
-}
-- 
cgit v1.2.3