aimdb_core/remote/mod.rs
1//! Remote access subsystem for AimDB (AimX protocol)
2//!
3//! Provides introspection and management APIs over Unix domain sockets,
4//! enabling external tools (CLI, dashboards, MCP adapters) to interact
5//! with running AimDB instances.
6//!
7//! # Protocol
8//!
9//! AimX v1 uses NDJSON (newline-delimited JSON) over Unix domain sockets.
10//! See `docs/design/remote-access/aimx-v1.md` for full specification.
11//!
12//! # Security
13//!
14//! - **Read-only by default**: No writes unless explicitly enabled
15//! - **UDS permissions**: Primary security mechanism (file permissions)
16//! - **Optional auth tokens**: Additional authentication layer
17//! - **Per-record write permissions**: Explicit opt-in required
18//!
19//! # Usage
20//!
21//! ```rust,ignore
22//! use aimdb_core::remote::{AimxConfig, SecurityPolicy};
23//!
24//! let db = AimDbBuilder::new()
25//! .runtime(tokio_adapter)
26//! .with_remote_access(
27//! AimxConfig::uds_default()
28//! .socket_path("/var/run/aimdb/aimdb.sock")
29//! .security_policy(SecurityPolicy::ReadOnly)
30//! .max_connections(16)
31//! .subscription_queue_size(100)
32//! )
33//! .build()?;
34//! ```
35
36mod config;
37mod error;
38mod metadata;
39mod protocol;
40
41pub use config::{AimxConfig, SecurityPolicy};
42pub use error::{RemoteError, RemoteResult};
43pub use metadata::RecordMetadata;
44pub use protocol::{ErrorObject, Event, HelloMessage, Request, Response, WelcomeMessage};
45
46// Internal exports for implementation
47pub(crate) mod handler;
48pub(crate) mod supervisor;