Actor
A verified identity: who is acting ({@see self::$id}, {@see self::$type}), what they are allowed to do ({@see self::$scopes}), and whatever else the verifier proved about them ({@see self::$claims}). It is produced by verifying a {@see Credential} — an `Actor` only ever exists because some credential was checked — and it is the unit the policy layer authorises against. Immutable by construction.
Actor::__construct()
public function __construct(string $id, Milpa\Auth\ActorType $type, array $scopes = [], array $claims = []):Parameters
| Name | Type | Description |
|---|---|---|
| $id | string | the identity's opaque id, unique within its {@see self::$type} |
| $type | ActorType | whether this is a user, agent, or service |
| $scopes | list<string> | the exact permission strings this identity holds; the only wildcard is the explicit `'*'`, which grants every scope |
| $claims | array<string, mixed> | everything else the verifier proved (email, name, tenant, …) |
Actor::hasScope()
public function hasScope(string $scope): boolWhether this actor holds `$scope`. Fail-closed: an exact string match, or the presence of the explicit wildcard `'*'` in {@see self::$scopes}. Nothing else grants — no prefix, suffix, or glob magic. The `'*'` is the one documented escape hatch (a superuser, a trusted stdio process), never an implicit one.
Parameters
| Name | Type | Description |
|---|---|---|
| $scope | string |
Actor::hasAnyScope()
public function hasAnyScope(array $scopes): boolWhether this actor holds at least one of `$scopes`. Fail-closed: an empty list is never satisfied, and each entry is checked with the exact-match rules of {@see self::hasScope()}.
Parameters
| Name | Type | Description |
|---|---|---|
| $scopes | list<string> |