Expand description
Phase 1.4 emergency kill-switch HTTP surface.
This module is intentionally substrate-agnostic – chio-http-core
does not embed an HTTP server. It exposes:
- Route constants used by every substrate adapter
(
chio-tower,chio-api-protect, hosted sidecars). - Request/response DTOs that serialize into the wire shapes
documented in
STRUCTURAL-SECURITY-FIXES.mdsection 5.4. - Pure handler functions that take parsed inputs and return a structured response. Each substrate adapter calls the handler from its own framework route, preserving framework-native streaming, tracing, and error-mapping behavior.
Authentication: the handlers require an X-Admin-Token header
whose value matches the string configured on EmergencyAdmin.
No new middleware layer is introduced. Adapters that already have
their own auth middleware can either pass the caller’s bearer
token through as the admin token (when configured that way) or
short-circuit the expected_admin_token check.
Re-exports§
pub use crate::routes::EMERGENCY_ADMIN_TOKEN_HEADER as ADMIN_TOKEN_HEADER;pub use crate::routes::EMERGENCY_RESUME_PATH as RESUME_PATH;pub use crate::routes::EMERGENCY_STATUS_PATH as STATUS_PATH;pub use crate::routes::EMERGENCY_STOP_PATH as STOP_PATH;
Structs§
- Emergency
Admin - Admin handle bound to a kernel and a configured admin token.
- Emergency
Resume Response - Wire response for
POST /emergency-resume. - Emergency
Status Response - Wire response for
GET /emergency-status. - Emergency
Stop Request - Canonical JSON body for
POST /emergency-stop. - Emergency
Stop Response - Wire response for
POST /emergency-stop.
Enums§
- Emergency
Handler Error - Errors returned by the emergency handlers. Each variant maps
cleanly onto an HTTP status code via
EmergencyHandlerError::status.
Functions§
- handle_
emergency_ resume - Handler for
POST /emergency-resume. - handle_
emergency_ status - Handler for
GET /emergency-status. - handle_
emergency_ stop - Handler for
POST /emergency-stop.