Expand description
CellOS core: execution cell model and ports (traits). No network, filesystem, or host syscalls here.
cellos-lite: keep this crate free of local LLM / on-device inference dependencies; see deny.toml and CONTRIBUTING.md.
See EXTENSIBILITY.md in the repo root.
Re-exports§
pub use cgroup_id::sanitize_cgroup_leaf_segment;pub use error::CellosError;pub use events::authz_rejected_data_v1;pub use events::cell_subject_urn;pub use events::cloud_event_v1_cortex_dispatched;pub use events::cloud_event_v1_dns_query;pub use events::cloud_event_v1_dns_query_permitted;pub use events::cloud_event_v1_dns_query_refused;pub use events::cloud_event_v1_firecracker_pool_checkout;pub use events::cloud_event_v1_keyset_verification_failed;pub use events::cloud_event_v1_keyset_verified;pub use events::cloud_event_v1_network_flow_decision;pub use events::command_completed_data_v1;pub use events::compliance_summary_data_v1;pub use events::cortex_dispatched_data_v1;pub use events::dns_query_data_v1;pub use events::dns_query_permitted_data_v1;pub use events::dns_query_refused_data_v1;pub use events::evidence_bundle_emitted_data_v1;pub use events::export_completed_data_v1;pub use events::export_completed_data_v2;pub use events::export_failed_data_v2;pub use events::firecracker_pool_event_data_v1;pub use events::homeostasis_signal_data_v1;pub use events::homeostasis_violation_data_v1;pub use events::identity_failed_data_v1;pub use events::identity_materialized_data_v1;pub use events::identity_revoked_data_v1;pub use events::keyset_verification_failed_data_v1;pub use events::keyset_verified_data_v1;pub use events::lifecycle_destroyed_data_v1;pub use events::lifecycle_destroyed_data_v1_typed;pub use events::lifecycle_started_data_v1;pub use events::manifest_failed_data_v1;pub use events::network_flow_decision_data_v1;pub use events::observability_container_security_data_v1;pub use events::observability_dns_resolution_data_v1;pub use events::observability_dns_target_set_data_v1;pub use events::observability_fs_touch_export_data_v1;pub use events::observability_l7_egress_decision_data_v1;pub use events::observability_network_enforcement_data_v1;pub use events::observability_network_policy_data_v1;pub use events::observability_network_scope_data_v1;pub use events::observability_process_spawned_data_v1;pub use events::policy_rejected_data_v1;pub use events::EvidenceBundleRefs;pub use events::IdentityFailureOperation;pub use events::LifecycleDestroyOutcome;pub use events::LifecycleReason;pub use events::LifecycleResidueClass;pub use events::LifecycleTerminalState;pub use events::Provenance;pub use events::ResidueClass;pub use events::SubjectUrn;pub use events::SubjectUrnError;pub use events::LIFECYCLE_MANIFEST_FAILED_TYPE;pub use events::TRUST_PLANE_AGGREGATE_EGRESS_FQDN;pub use events::TRUST_PLANE_BUILTIN_KEYSET_ID;pub use events::TRUST_PLANE_BUILTIN_L7_KID;pub use events::TRUST_PLANE_BUILTIN_RESOLVER_KID;pub use noop_broker::NoopSecretBroker;pub use policy::check_policy_pack_version_compatibility;pub use policy::spec_matches_placement_scope;pub use policy::validate_policy_pack_document;pub use policy::validate_spec_against_policy;pub use policy::AuthorizationPolicy;pub use policy::AuthorizationPolicyDocument;pub use policy::PolicyPackDocument;pub use policy::PolicyPackSpec;pub use policy::PolicyRules;pub use policy::PolicyViolation;pub use policy::MIN_SUPPORTED_POLICY_PACK_VERSION;pub use policy::POLICY_ALLOW_DOWNGRADE_ENV;pub use ports::NoopExportSink;pub use ports::NoopInferenceBroker;pub use ports::RuntimeSecretLeaseRequest;pub use principal::AuthorityScope;pub use principal::AuthorityScopeViolation;pub use principal::Capability;pub use principal::DelegateId;pub use principal::ExternalId;pub use principal::OperatorId;pub use principal::PlatformId;pub use principal::Principal;pub use principal::PrincipalParseError;pub use principal::TrustRoot;pub use redaction::redact_url_credentials_for_logs;pub use redaction::redact_url_if_echoed_in_text;pub use spec_validation::enforce_derivation_scope_policy;pub use spec_validation::validate_execution_cell_document;pub use spec_validation::validate_tenant_id_for_subject_token;pub use spec_validation::verify_signed_trust_keyset_chain;pub use spec_validation::verify_signed_trust_keyset_envelope;pub use state_projection::CellStateProjection;pub use state_projection::CellStateSnapshot;pub use state_projection::ExportProjectionRecord;pub use state_projection::ProjectionCurrentState;pub use state_projection::ProjectionExportStage;pub use state_projection::ProjectionIdentityStage;pub use state_projection::ProjectionLifecycleStage;pub use trust_keys::canonical_event_signing_payload;pub use trust_keys::load_trust_verify_keys_file;pub use trust_keys::parse_trust_verify_keys;pub use trust_keys::sign_event_ed25519;pub use trust_keys::sign_event_hmac_sha256;pub use trust_keys::verify_signed_event_envelope;pub use trust_keys::SignedEventEnvelopeV1;pub use types::canonical_spec_hash;pub use types::qtype_to_dns_query_type;pub use types::AuthorityBundle;pub use types::AuthorityCapability;pub use types::AuthorityComponent;pub use types::AuthorityDerivationToken;pub use types::AuthorityNarrowing;pub use types::AuthoritySignature;pub use types::CdnAuthority;pub use types::CdnProvider;pub use types::CloudEventV1;pub use types::Correlation;pub use types::DnsAuthority;pub use types::DnsAuthorityDnssecFailed;pub use types::DnsAuthorityDnssecFailureReason;pub use types::DnsAuthorityDrift;pub use types::DnsAuthorityRebindRejected;pub use types::DnsAuthorityRebindThreshold;pub use types::DnsQueryDecision;pub use types::DnsQueryEvent;pub use types::DnsQueryReasonCode;pub use types::DnsQueryType;pub use types::DnsRebindingPolicy;pub use types::DnsRefreshPolicy;pub use types::DnsRefreshStrategy;pub use types::DnsResolver;pub use types::DnsResolverDnssecPolicy;pub use types::DnsResolverProtocol;pub use types::EgressRule;pub use types::EnvironmentSpec;pub use types::ExecutionCellDocument;pub use types::ExecutionCellSpec;pub use types::ExportArtifact;pub use types::ExportArtifactMetadata;pub use types::ExportChannels;pub use types::ExportReceipt;pub use types::ExportReceiptTargetKind;pub use types::ExportTarget;pub use types::GitIngress;pub use types::HomeostasisSignal;pub use types::HttpExportTarget;pub use types::InferenceMessage;pub use types::InferenceRequest;pub use types::InferenceResponse;pub use types::InferenceRole;pub use types::Ingress;pub use types::Lifetime;pub use types::NetworkFlowDecision;pub use types::NetworkFlowDecisionOutcome;pub use types::NetworkFlowDirection;pub use types::OciImageIngress;pub use types::PlacementSpec;pub use types::PolicyRef;pub use types::RoleId;pub use types::RunCpuMax;pub use types::RunLimits;pub use types::RunSpec;pub use types::S3ExportTarget;pub use types::SecretDeliveryMode;pub use types::SecretView;pub use types::SignedTrustKeysetEnvelope;pub use types::TelemetryChannel;pub use types::TelemetrySpec;pub use types::TrustKeysetSignature;pub use types::WorkloadIdentity;pub use types::WorkloadIdentityKind;
Modules§
- authority
- Typed authority validator (Authority Model §14 + ADG).
- cgroup_
id - Pure helpers for cgroup v2 directory naming (no filesystem I/O).
- error
- events
- Versioned CloudEvents
datapayloads (JSON only — no I/O). - hostname_
allowlist - Shared hostname allowlist matcher used by every L7 / DNS gate.
- noop_
broker SecretBrokerthat refuses resolution and no-ops revoke — for stub-backend-only runs.- observability
- Operator-facing tracing-subscriber primitives.
- policy
- Policy pack — operator-defined execution constraints applied at admission.
- ports
- Ports (traits) — implemented by host, sinks, and brokers at the composition root.
- principal
- ADR-0019 Authority Pluralism —
Principalas a first-class type. - redaction
- Redact secrets from strings intended for operator logs (not a crypto primitive).
- spec_
validation - Pure validation for parsed
ExecutionCellDocument. - state_
projection - Event-driven cell state projection over versioned CloudEvents.
- trust_
keys - Operator-managed trust-keyset verifying-keys file (SEC-25 Phase 2).
- types