Crate cfgd_core 

Modules

compliance

composition

config

daemon

errors

generate

modules

oci

output

platform

providers

reconciler

server_client

sources

state

upgrade

Structs

ApplyLockGuard

RAII guard that releases the apply lock when dropped.

EffectiveReconcile

Fully resolved reconcile settings for a single entity (no Options).

FileState

Captured state of a file for backup purposes.

Constants

API_VERSION

The canonical API version string used in all cfgd YAML documents (local and CRD).

COMMAND_TIMEOUT

Default timeout for external commands (2 minutes).

CSI_DRIVER_NAME

GIT_NETWORK_TIMEOUT

Default timeout for git network operations (5 minutes).

MODULES_ANNOTATION

PROFILE_SCRIPT_TIMEOUT

Default timeout for profile-level scripts (5 minutes).

Functions

acquire_apply_lock

atomic_write

Atomically write content to a file using temp-file-then-rename.

atomic_write_str

Atomically write string content to a file.

capture_file_resolved_state

Like capture_file_state, but follows symlinks to capture the resolved content. For symlinks, is_symlink and symlink_target are recorded AND the actual file content behind the symlink is read. This is used for post-apply snapshots where we need to know both the link target and the content that was accessible through the symlink at the time of capture.

capture_file_state

Capture a file’s content and metadata for backup.

command_available

Check if a command is available on the system via PATH lookup. On Windows, tries common executable extensions (.exe, .cmd, .bat, .ps1, .com) since executables require an extension to be found.

command_output_with_timeout

Run a [Command] with a timeout, killing the process if it exceeds the limit. Returns Err if spawn fails or the process is killed due to timeout.

copy_dir_recursive

Recursively copy a directory from source to target. Skips symlinks to prevent symlink-following attacks and infinite loops.

create_symlink

Create a symbolic link. On Unix, uses std::os::unix::fs::symlink. On Windows, uses symlink_file or symlink_dir based on the source type. If symlink creation fails on Windows due to insufficient privileges, returns an error with guidance to enable Developer Mode or run as admin.

deep_merge_yaml

Deep merge two YAML values. Mappings are merged recursively; all other types are replaced by the overlay value.

default_config_dir

Default config directory: ~/.config/cfgd on Unix (respects XDG_CONFIG_HOME), AppData\Roaming\cfgd on Windows.

escape_double_quoted

Escape a value for use inside bash/zsh double quotes (single pass). Escapes \, ", `, and ! — the four characters with special meaning inside double-quoted strings.

expand_tilde

Expand ~ and ~/... paths to the user’s home directory.

file_permissions_mode

Get Unix permission mode bits from file metadata. Returns None on Windows.

git_cmd_safe

Prepare a git CLI command with SSH hang protection.

git_ssh_credentials

Git credential callback for git2 — handles SSH and HTTPS authentication. Used by sources/, modules/, and daemon/ for all git operations.

hostname_string

Get the system hostname as a String. Returns “unknown” on failure.

is_executable

Check if a file is executable. Unix: checks the executable bit in mode. Windows: checks file extension against known executable types.

is_file_encrypted

Check if a file is encrypted with the given backend.

is_root

Check if the current process is running with elevated privileges. Unix: checks euid == 0. Windows: checks IsUserAnAdmin().

is_same_inode

Check if two paths refer to the same file (same inode on Unix, same file index on Windows).

merge_aliases

Merge shell aliases by name: later entries override earlier ones with the same name. Same semantics as merge_env.

merge_env

Merge env vars by name: later entries override earlier ones with the same name. Used by config layer merging, composition, and reconciler module merge.

parse_alias

Parse a name=command string into a ShellAlias.

parse_duration_str

Parse a duration string like “30s”, “5m”, “1h”, or a plain number (as seconds).

parse_env_var

Parse a KEY=VALUE string into an EnvVar.

parse_loose_version

Parse a potentially loose version string into a semver Version. Handles “1.28” → “1.28.0” and “1” → “1.0.0”.

resolve_effective_reconcile

Resolve effective reconcile settings for a module given the profile inheritance chain and any patches in the global reconcile config.

resolve_relative_path

Resolve a relative path against a base directory with traversal validation. Absolute paths are returned as-is. Relative paths are joined to base and validated with validate_no_traversal. Returns Err if the relative path contains .. components.

sanitize_k8s_name

Escape a value for use in shell export statements.

set_file_permissions

Set Unix permission mode bits on a file. No-op on Windows (NTFS uses inherited ACLs).

sha256_hex

shell_escape_value

Uses single quotes for values containing shell metacharacters ($, backtick, \, "). Single quotes within the value are escaped via '\''. Single-pass scan: returns double-quoted string when no metacharacters are present (zero intermediate allocations in the common case).

split_add_remove

Split a list of values into adds and removes.

stderr_lossy_trimmed

Extract stderr from a Command output as a trimmed, lossy UTF-8 string.

stdout_lossy_trimmed

Extract stdout from a Command output as a trimmed, lossy UTF-8 string.

terminate_process

Send a termination signal to a process by PID. Unix: sends SIGTERM. Windows: calls TerminateProcess.

try_git_cmd

Try a git CLI command via git_cmd_safe, returning true on success. On failure, logs the stderr via tracing::debug and returns false.

union_extend

Extend a Vec<String> with items from source, skipping duplicates.

unix_secs_now

Returns the current time as seconds since the Unix epoch.

unix_secs_to_iso8601

Converts a Unix timestamp (seconds since epoch) to an ISO 8601 UTC string.

utc_now_iso8601

Returns the current UTC time as an ISO 8601 / RFC 3339 string.

validate_alias_name

Validate that a shell alias name is safe for shell interpolation. Accepts names matching [A-Za-z0-9_.-]+.

validate_env_var_name

Validate that an environment variable name is safe for shell interpolation. Accepts names matching [A-Za-z_][A-Za-z0-9_]*.

validate_no_traversal

Validate that a path contains no .. components (pre-canonicalization check).

validate_path_within

Validate that a resolved path does not escape a root directory.

version_satisfies

Check whether version_str satisfies requirement_str (semver range).

xml_escape

Escape a string for safe inclusion in XML/plist content (single pass).