Skip to main content

car_server_core/
lib.rs

1// Raise the recursion limit so the deeply-nested async block at the
2// `accept_async` -> `run_dispatch` call site doesn't trip the rustc
3// query-depth limit on Windows / Linux. The default 128 is fine on
4// macOS but the larger query graph on the other platforms pushes
5// through the threshold; 256 has comfortable headroom. (Same fix
6// `car-server` carries; the library inherits the same call-site
7// shape.)
8#![recursion_limit = "512"]
9
10//! Transport-neutral library extracted from `car-server`.
11//!
12//! Holds the JSON-RPC dispatcher, per-client session state, and the
13//! WebSocket channel plumbing. The standalone `car-server` binary is
14//! a thin wrapper that loads `~/.car/env`, initializes telemetry,
15//! spawns the dream loop, binds a TCP listener, and on each
16//! connection calls [`run_dispatch`].
17//!
18//! Embedders (e.g. the future `tokhn-daemon` at U7) construct a
19//! [`ServerState`] via [`ServerState::embedded`] (or
20//! [`ServerStateConfig`] for advanced wiring), accept WebSocket
21//! connections in their own listener, and call [`run_dispatch`]
22//! directly — without re-implementing the dispatcher.
23//!
24//! ## Library boundary contract
25//!
26//! Per the U1 plan, this library MUST NOT:
27//! - spawn the dream loop (caller decides),
28//! - initialize telemetry (caller decides),
29//! - load `~/.car/env` (caller decides).
30//!
31//! Those bootstraps stay in the embedder's `main`. This contract
32//! prevents the dual-memgine bug U7 mitigates: if the library
33//! silently spawned its own dream loop, embedded users would end up
34//! with two memgine engines (the embedder's plus the library's).
35//!
36//! ## Lock primitive
37//!
38//! `ClientSession.memgine` uses `Arc<tokio::sync::Mutex<MemgineEngine>>`
39//! per the "one-wrapper rule" — dispatcher handlers can hold the lock
40//! across `.await` points without risking poisoning, and tokio's
41//! `Mutex` does not poison so a panicking handler does not poison the
42//! engine for sibling connections.
43
44pub mod a2a;
45pub mod admission;
46pub mod handler;
47pub mod host;
48pub mod mcp;
49pub mod meeting;
50pub mod parslee_auth;
51pub mod run_store;
52pub mod run_trace;
53pub mod session;
54pub mod ui_agent_loop;
55pub mod voice_turn;
56
57pub use admission::{InferenceAdmission, ENV_MAX_CONCURRENT};
58pub use handler::{
59    handle_connection, recover_workflow_checkpoints, run_dispatch, run_upgrade_nudge_check,
60    JsonRpcError, JsonRpcMessage, JsonRpcResponse,
61};
62// Unix-only — the underlying `tokio::net::UnixStream` doesn't exist
63// on Windows. Mirror the cfg gate on the function definition itself
64// so consumers that need both transports gate their call sites
65// the same way (`car-server::main::uds_accept_loop` already does).
66#[cfg(unix)]
67pub use handler::handle_connection_unix;
68pub use run_store::{
69    RetentionConfig, RunStatus, RunStore, RunSummary, DEFAULT_MAX_AGE_DAYS,
70    DEFAULT_MAX_RUNS_PER_AGENT,
71};
72pub use run_trace::record_turns;
73pub use session::{
74    ApprovalGate, ClientSession, RunMeta, ServerState, ServerStateConfig, WsChannel,
75    WsMemgineIngestSink, WsSink, WsToolExecutor, WsVoiceEventSink, RUN_COMPLETE_GRACE,
76};