Trellis.Yarp 0.1.0-alpha.29

This is a prerelease version of Trellis.Yarp.

dotnet add package Trellis.Yarp --version 0.1.0-alpha.29

NuGet\Install-Package Trellis.Yarp -Version 0.1.0-alpha.29

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Trellis.Yarp" Version="0.1.0-alpha.29" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Trellis.Yarp" Version="0.1.0-alpha.29" />
                    

                            Directory.Packages.props

<PackageReference Include="Trellis.Yarp" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Trellis.Yarp --version 0.1.0-alpha.29

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Trellis.Yarp, 0.1.0-alpha.29"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Trellis.Yarp@0.1.0-alpha.29

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Trellis.Yarp&version=0.1.0-alpha.29&prerelease
                    

                            Install as a Cake Addin

#tool nuget:?package=Trellis.Yarp&version=0.1.0-alpha.29&prerelease
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Trellis.Yarp

YARP gateway integration for Trellis. Re-mints a per-cluster internal JWT from the full Trellis Actor (id + permissions + forbidden permissions + ABAC attributes), exposes an OIDC discovery + JWKS endpoint pair so downstream services can use AddJwtBearer(o => o.Authority = gatewayUrl) for transparent key rotation, and emits redacted audit telemetry on every mint.

Pairs with the consumer-side TrellisInternalJwtActorProvider in Trellis.Microservices.AspNetCore.

Key features

AddTrellisActorForwarding — IReverseProxyBuilder extension; per-request transform that mints a fresh per-cluster JWT from the full Actor and overwrites the upstream Authorization header.
MapTrellisDiscoveryEndpoint — exposes /.well-known/openid-configuration + /.well-known/jwks.json. JWKS includes every key in the active rotation ring.
Asymmetric-only signing, kid required on every key (startup-validated).
Sentinel + count claims — trellis_actor_contract_version=1, trellis_permissions_count, trellis_forbidden_permissions_count (always emitted, even when zero) + fresh jti per token. Detects the privilege-escalation footgun where a misbehaving proxy strips the deny-permission set.
Redacted audit telemetry — every mint emits a [LoggerMessage] event carrying only low-cardinality metadata: kid, jti, iss, aud, exp (unix-seconds), and projected permission / forbidden counts. NEVER the raw JWT, raw claim values, or actor IDs.

Security boundary

Signing-key compromise = full identity spoof until key revocation propagates. Mitigations: short token lifetimes (capped [1m, 30m] at startup), kid-aware overlapping JWKS rotation, audit-log redaction, emergency revocation procedure.

Not AOT-compatible (YARP itself is not AOT-clean).

See the Trellis Microservices cookbook (Recipe 2 — "Microservices behind YARP, end-to-end") for the full operational walkthrough.

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- Microsoft.IdentityModel.JsonWebTokens (>= 8.19.1)
- Microsoft.IdentityModel.Tokens (>= 8.19.1)
- Trellis.Authorization (>= 3.0.0-alpha.360)
- Trellis.Core (>= 3.0.0-alpha.360)
- Trellis.Microservices.Abstractions (>= 0.1.0-alpha.29)
- Yarp.ReverseProxy (>= 2.3.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.