cellos_core/

error.rs

use thiserror::Error;

/// Typed errors for library boundaries (`thiserror`).
#[derive(Debug, Error)]
pub enum CellosError {
    #[error("invalid cell specification: {0}")]
    InvalidSpec(String),

    /// FC-66 — typed admission rejection for an over-sized `spec.run.argv`.
    ///
    /// Surfaced by the FC-17 admission helper
    /// `check_argv_size_within_kernel_cmdline_limit`. The Firecracker host
    /// encodes `spec.run.argv` as `cellos.argv=<base64(json_array)>` on the
    /// kernel boot cmdline; the kernel cmdline has a 4 KiB hard limit and is
    /// silently truncated past that. We budget a 3 KiB cap on the encoded
    /// payload (≈1 KiB of headroom for the rest of the cmdline) and reject
    /// over-sized argv at admission so callers see a structured error rather
    /// than an opaque in-VM boot failure later.
    ///
    /// `encoded_bytes` is the length of the base64-encoded JSON-array form of
    /// `argv` (i.e. exactly what the host would write into the cmdline).
    /// `limit_bytes` is the static cap (3072) so callers/operators do not have
    /// to dig into core to see the budget.
    #[error(
        "spec.run.argv encoded as base64 is {encoded_bytes} bytes; \
         exceeds {limit_bytes}-byte kernel cmdline limit"
    )]
    ArgvTooLarge {
        encoded_bytes: usize,
        limit_bytes: usize,
    },

    #[error("host backend: {0}")]
    Host(String),

    #[error("event sink: {0}")]
    EventSink(String),

    #[error("secret broker: {0}")]
    SecretBroker(String),

    #[error("export sink: {0}")]
    ExportSink(String),

    #[error("lifecycle: {0}")]
    Lifecycle(String),

    #[error("inference broker: {0}")]
    InferenceBroker(String),
}