SecurityPrincipal
The authenticated caller behind a request, as resolved by a {@see \Milpa\Live\Contracts\Security\TokenVerifierInterface} and consulted by {@see \Milpa\Live\Contracts\Security\InteractionAuthorizerInterface}. There is no "principal not authenticated" state modeled here — an unauthenticated caller is represented by the *absence* of a `SecurityPrincipal` (a `null` where one is expected), not an instance with empty scopes.
SecurityPrincipal::__construct()
public function __construct(string $id, array $scopes = [], array $claims = []):Parameters
| Name | Type | Description |
|---|---|---|
| $id | string | The principal's stable identifier. |
| $scopes | array<int, string> | Granted scope strings (e.g. `'milpa:component:autocomplete:search'`); the wildcard `'milpa:*'` grants every scope, see {@see can()}. |
| $claims | array<string, mixed> | Additional caller-defined claims about this principal. |
SecurityPrincipal::can()
public function can(string $scope): boolWhether this principal has the given scope, either directly or via the `'milpa:*'` wildcard scope.
Parameters
| Name | Type | Description |
|---|---|---|
| $scope | string |