cellos_core/
lib.rs

1//! CellOS core: execution cell model and **ports** (traits). No network, filesystem, or host syscalls here.
2//!
3//! **cellos-lite:** keep this crate free of local LLM / on-device inference dependencies; see `deny.toml` and [CONTRIBUTING.md](../../../CONTRIBUTING.md).
4//!
5//! See [EXTENSIBILITY.md](../../../EXTENSIBILITY.md) in the repo root.
6
7pub mod authority;
8pub mod cgroup_id;
9pub mod error;
10pub mod events;
11pub mod hostname_allowlist;
12pub mod noop_broker;
13pub mod observability;
14pub mod policy;
15pub mod ports;
16pub mod redaction;
17pub mod spec_validation;
18pub mod state_projection;
19pub mod trust_keys;
20pub mod types;
21
22pub use cgroup_id::sanitize_cgroup_leaf_segment;
23pub use error::CellosError;
24pub use events::{
25    authz_rejected_data_v1, cell_subject_urn, cloud_event_v1_cortex_dispatched,
26    cloud_event_v1_dns_authority_dnssec_failed, cloud_event_v1_dns_authority_drift,
27    cloud_event_v1_dns_authority_rebind_rejected, cloud_event_v1_dns_authority_rebind_threshold,
28    cloud_event_v1_dns_query, cloud_event_v1_dns_query_permitted, cloud_event_v1_dns_query_refused,
29    cloud_event_v1_firecracker_pool_checkout, cloud_event_v1_keyset_verification_failed,
30    cloud_event_v1_keyset_verified, cloud_event_v1_network_flow_decision,
31    command_completed_data_v1, compliance_summary_data_v1, cortex_dispatched_data_v1,
32    dns_authority_dnssec_failed_data_v1, dns_authority_drift_data_v1,
33    dns_authority_rebind_rejected_data_v1, dns_authority_rebind_threshold_data_v1,
34    dns_query_data_v1, dns_query_permitted_data_v1, dns_query_refused_data_v1,
35    evidence_bundle_emitted_data_v1, export_completed_data_v1, export_completed_data_v2,
36    export_failed_data_v2, firecracker_pool_event_data_v1, homeostasis_signal_data_v1,
37    homeostasis_violation_data_v1, identity_failed_data_v1, identity_materialized_data_v1,
38    identity_revoked_data_v1, keyset_verification_failed_data_v1, keyset_verified_data_v1,
39    lifecycle_destroyed_data_v1, lifecycle_destroyed_data_v1_typed, lifecycle_started_data_v1,
40    manifest_failed_data_v1, network_flow_decision_data_v1,
41    observability_container_security_data_v1, observability_dns_resolution_data_v1,
42    observability_dns_target_set_data_v1, observability_fs_touch_export_data_v1,
43    observability_l7_egress_decision_data_v1, observability_network_enforcement_data_v1,
44    observability_network_policy_data_v1, observability_network_scope_data_v1,
45    observability_process_spawned_data_v1, policy_rejected_data_v1, EvidenceBundleRefs,
46    IdentityFailureOperation, LifecycleDestroyOutcome, LifecycleReason, LifecycleResidueClass,
47    LifecycleTerminalState, Provenance, ResidueClass, SubjectUrn, SubjectUrnError,
48    LIFECYCLE_MANIFEST_FAILED_TYPE, TRUST_PLANE_AGGREGATE_EGRESS_FQDN,
49    TRUST_PLANE_BUILTIN_KEYSET_ID, TRUST_PLANE_BUILTIN_L7_KID, TRUST_PLANE_BUILTIN_RESOLVER_KID,
50};
51pub use noop_broker::NoopSecretBroker;
52pub use policy::{
53    check_policy_pack_version_compatibility, spec_matches_placement_scope,
54    validate_authorization_policy, validate_policy_pack_document, validate_spec_against_policy,
55    AuthorizationPolicy, AuthorizationPolicyDocument, PolicyPackDocument, PolicyPackSpec,
56    PolicyRules, PolicyViolation, MIN_SUPPORTED_POLICY_PACK_VERSION, POLICY_ALLOW_DOWNGRADE_ENV,
57};
58pub use ports::{NoopExportSink, NoopInferenceBroker, RuntimeSecretLeaseRequest};
59pub use redaction::{redact_url_credentials_for_logs, redact_url_if_echoed_in_text};
60pub use spec_validation::{
61    enforce_derivation_scope_policy, validate_execution_cell_document,
62    validate_tenant_id_for_subject_token, verify_authority_derivation,
63    verify_signed_trust_keyset_chain, verify_signed_trust_keyset_envelope,
64};
65pub use state_projection::{
66    CellStateProjection, CellStateSnapshot, ExportProjectionRecord, ProjectionCurrentState,
67    ProjectionExportStage, ProjectionIdentityStage, ProjectionLifecycleStage,
68};
69pub use trust_keys::{
70    canonical_event_signing_payload, load_trust_verify_keys_file, parse_trust_verify_keys,
71    sign_event_ed25519, sign_event_hmac_sha256, verify_signed_event_envelope,
72    SignedEventEnvelopeV1,
73};
74pub use types::{
75    canonical_spec_hash, qtype_to_dns_query_type, AuthorityBundle, AuthorityCapability,
76    AuthorityComponent, AuthorityDerivationToken, AuthorityNarrowing, AuthoritySignature,
77    CdnAuthority, CdnProvider, CloudEventV1, Correlation, DnsAuthority, DnsAuthorityDnssecFailed,
78    DnsAuthorityDnssecFailureReason, DnsAuthorityDrift, DnsAuthorityRebindRejected,
79    DnsAuthorityRebindThreshold, DnsQueryDecision, DnsQueryEvent, DnsQueryReasonCode, DnsQueryType,
80    DnsRebindingPolicy, DnsRefreshPolicy, DnsRefreshStrategy, DnsResolver, DnsResolverDnssecPolicy,
81    DnsResolverProtocol, EgressRule, EnvironmentSpec, ExecutionCellDocument, ExecutionCellSpec,
82    ExportArtifact, ExportArtifactMetadata, ExportChannels, ExportReceipt, ExportReceiptTargetKind,
83    ExportTarget, GitIngress, HomeostasisSignal, HttpExportTarget, InferenceMessage,
84    InferenceRequest, InferenceResponse, InferenceRole, Ingress, Lifetime, NetworkFlowDecision,
85    NetworkFlowDecisionOutcome, NetworkFlowDirection, OciImageIngress, PlacementSpec, PolicyRef,
86    RoleId, RunCpuMax, RunLimits, RunSpec, S3ExportTarget, SecretDeliveryMode, SecretView,
87    SignedTrustKeysetEnvelope, TelemetryChannel, TelemetrySpec, TrustKeysetSignature,
88    WorkloadIdentity, WorkloadIdentityKind,
89};
cellos_core/lib.rs

cellos_core/
lib.rs
