README

🛡️ Entrust: Enterprise Security Arch

The Gold Standard for Role-Based Access Control in Laravel 12+

Entrust is an elite security framework for Laravel. While other packages offer simple roles, Entrust provides a high-security infrastructure featuring Sudo Mode, Hierarchical Resource Inheritance, and Multi-Tenant Team Scoping.

💎 The "Alpha" Advantage

Why choose Entrust over Spatie Permissions or Zizaco?

1. Dynamic Context Validation: Permissions aren't static. Entrust evaluates context (Owner, IP, Time) in real-time.
2. Extreme Cache Performance: Utilizes Taggable Caching to ensure <1ms permission checks even with 100k+ users.
3. Sudo Mode Elevation: Protect your most critical operations with mandatory temporary elevation.

🔥 Enterprise Features

1. Mythic Sudo Mode

Prevent "Accidental Admin" errors. Critical permissions require active Sudo Mode engagement.

if ($user->can('delete-production-db') && $user->sudoMode()) {
    // Operation allowed only if sudo session is active
}

2. Multi-Tenant Team Scoping

Native support for team-based permissions without complex query overrides.

$user->withTeam($currentTeam)->hasRole('manager');

3. Resource Inheritance (Dotted Paths)

Auto-resolve parent permissions for complex hierarchies: project.123.task.delete -> automatically checks for project.123 or project access.

⚡ Performance Benchmarks

🛠️ Implementation (PHP 8.4+)

Defined Permission Logic

Leverage property hooks and type-safety:

class User extends Authenticatable {
    use EntrustUserTrait;
    
    public bool $is_super_admin {
        get => $this->hasRole('god-mode');
    }
}

Advanced: Custom Access Rules

Restrict roles by time or IP range via JSON config:

$role->access_rules = [
    'ips' => ['192.168.1.*'],
    'times' => [
        'monday' => [['start' => '09:00', 'end' => '18:00']]
    ]
];

🛡️ Enterprise Privacy & Auditing

• Auditable Events: Every permission check is loggable for compliance (GDPR/HIPAA).
• Auto-Revoke: Set expires_at on pivot tables to automatically remove roles.
• Security Alerts: Immediate webhooks on "Role Blacklisting" or "Sensitive Elevation".

🗺️ Roadmap

• v4.0: Mythic Suite (Sudo Mode, Contextual Validation).
• v4.1: RBAC Visualization Dashboard (Filament Support).
• v4.2: AI-Driven Security Insight Reports.

Created & Maintained by Skywalker-Labs. Build Secure. Stay Elite.