cellos_core/
lib.rs

1//! CellOS core: execution cell model and **ports** (traits). No network, filesystem, or host syscalls here.
2//!
3//! **cellos-lite:** keep this crate free of local LLM / on-device inference dependencies; see `deny.toml` and [CONTRIBUTING.md](../../../CONTRIBUTING.md).
4//!
5//! See [EXTENSIBILITY.md](../../../EXTENSIBILITY.md) in the repo root.
6
7pub mod authority;
8pub mod cgroup_id;
9pub mod error;
10pub mod events;
11pub mod hostname_allowlist;
12pub mod noop_broker;
13pub mod observability;
14pub mod policy;
15pub mod ports;
16pub mod principal;
17pub mod redaction;
18pub mod spec_validation;
19pub mod state_projection;
20pub mod trust_keys;
21pub mod types;
22
23pub use cgroup_id::sanitize_cgroup_leaf_segment;
24pub use error::CellosError;
25pub use events::{
26    authz_rejected_data_v1, cell_subject_urn, cloud_event_v1_cortex_dispatched,
27    cloud_event_v1_dns_authority_dnssec_failed, cloud_event_v1_dns_authority_drift,
28    cloud_event_v1_dns_authority_rebind_rejected, cloud_event_v1_dns_authority_rebind_threshold,
29    cloud_event_v1_dns_query, cloud_event_v1_dns_query_permitted, cloud_event_v1_dns_query_refused,
30    cloud_event_v1_firecracker_pool_checkout, cloud_event_v1_keyset_verification_failed,
31    cloud_event_v1_keyset_verified, cloud_event_v1_network_flow_decision,
32    command_completed_data_v1, compliance_summary_data_v1, cortex_dispatched_data_v1,
33    dns_authority_dnssec_failed_data_v1, dns_authority_drift_data_v1,
34    dns_authority_rebind_rejected_data_v1, dns_authority_rebind_threshold_data_v1,
35    dns_query_data_v1, dns_query_permitted_data_v1, dns_query_refused_data_v1,
36    evidence_bundle_emitted_data_v1, export_completed_data_v1, export_completed_data_v2,
37    export_failed_data_v2, firecracker_pool_event_data_v1, homeostasis_signal_data_v1,
38    homeostasis_violation_data_v1, identity_failed_data_v1, identity_materialized_data_v1,
39    identity_revoked_data_v1, keyset_verification_failed_data_v1, keyset_verified_data_v1,
40    lifecycle_destroyed_data_v1, lifecycle_destroyed_data_v1_typed, lifecycle_started_data_v1,
41    manifest_failed_data_v1, network_flow_decision_data_v1,
42    observability_container_security_data_v1, observability_dns_resolution_data_v1,
43    observability_dns_target_set_data_v1, observability_fs_touch_export_data_v1,
44    observability_l7_egress_decision_data_v1, observability_network_enforcement_data_v1,
45    observability_network_policy_data_v1, observability_network_scope_data_v1,
46    observability_process_spawned_data_v1, policy_rejected_data_v1, EvidenceBundleRefs,
47    IdentityFailureOperation, LifecycleDestroyOutcome, LifecycleReason, LifecycleResidueClass,
48    LifecycleTerminalState, Provenance, ResidueClass, SubjectUrn, SubjectUrnError,
49    LIFECYCLE_MANIFEST_FAILED_TYPE, TRUST_PLANE_AGGREGATE_EGRESS_FQDN,
50    TRUST_PLANE_BUILTIN_KEYSET_ID, TRUST_PLANE_BUILTIN_L7_KID, TRUST_PLANE_BUILTIN_RESOLVER_KID,
51};
52pub use noop_broker::NoopSecretBroker;
53pub use policy::{
54    check_policy_pack_version_compatibility, spec_matches_placement_scope,
55    validate_authorization_policy, validate_policy_pack_document, validate_spec_against_policy,
56    AuthorizationPolicy, AuthorizationPolicyDocument, PolicyPackDocument, PolicyPackSpec,
57    PolicyRules, PolicyViolation, MIN_SUPPORTED_POLICY_PACK_VERSION, POLICY_ALLOW_DOWNGRADE_ENV,
58};
59pub use ports::{NoopExportSink, NoopInferenceBroker, RuntimeSecretLeaseRequest};
60pub use principal::{
61    AuthorityScope, AuthorityScopeViolation, Capability, DelegateId, ExternalId, OperatorId,
62    PlatformId, Principal, PrincipalParseError, TrustRoot,
63};
64pub use redaction::{redact_url_credentials_for_logs, redact_url_if_echoed_in_text};
65pub use spec_validation::{
66    enforce_derivation_scope_policy, validate_execution_cell_document,
67    validate_tenant_id_for_subject_token, verify_authority_derivation,
68    verify_signed_trust_keyset_chain, verify_signed_trust_keyset_envelope,
69};
70pub use state_projection::{
71    CellStateProjection, CellStateSnapshot, ExportProjectionRecord, ProjectionCurrentState,
72    ProjectionExportStage, ProjectionIdentityStage, ProjectionLifecycleStage,
73};
74pub use trust_keys::{
75    canonical_event_signing_payload, load_trust_verify_keys_file, parse_trust_verify_keys,
76    sign_event_ed25519, sign_event_hmac_sha256, verify_signed_event_envelope,
77    SignedEventEnvelopeV1,
78};
79pub use types::{
80    canonical_spec_hash, qtype_to_dns_query_type, AuthorityBundle, AuthorityCapability,
81    AuthorityComponent, AuthorityDerivationToken, AuthorityNarrowing, AuthoritySignature,
82    CdnAuthority, CdnProvider, CloudEventV1, Correlation, DnsAuthority, DnsAuthorityDnssecFailed,
83    DnsAuthorityDnssecFailureReason, DnsAuthorityDrift, DnsAuthorityRebindRejected,
84    DnsAuthorityRebindThreshold, DnsQueryDecision, DnsQueryEvent, DnsQueryReasonCode, DnsQueryType,
85    DnsRebindingPolicy, DnsRefreshPolicy, DnsRefreshStrategy, DnsResolver, DnsResolverDnssecPolicy,
86    DnsResolverProtocol, EgressRule, EnvironmentSpec, ExecutionCellDocument, ExecutionCellSpec,
87    ExportArtifact, ExportArtifactMetadata, ExportChannels, ExportReceipt, ExportReceiptTargetKind,
88    ExportTarget, GitIngress, HomeostasisSignal, HttpExportTarget, InferenceMessage,
89    InferenceRequest, InferenceResponse, InferenceRole, Ingress, Lifetime, NetworkFlowDecision,
90    NetworkFlowDecisionOutcome, NetworkFlowDirection, OciImageIngress, PlacementSpec, PolicyRef,
91    RoleId, RunCpuMax, RunLimits, RunSpec, S3ExportTarget, SecretDeliveryMode, SecretView,
92    SignedTrustKeysetEnvelope, TelemetryChannel, TelemetrySpec, TrustKeysetSignature,
93    WorkloadIdentity, WorkloadIdentityKind,
94};
cellos_core/lib.rs

cellos_core/
lib.rs
