Expand description
Portable Chio kernel core.
This crate contains the pure-compute subset of Chio evaluation as a
no_std + alloc library so the same verdict-producing code can run
inside a browser (wasm32-unknown-unknown), a Cloudflare Worker
(wasm32-wasip1), a mobile app (UniFFI static lib), or the desktop
sidecar (chio-kernel). The contract is described in
docs/protocols/PORTABLE-KERNEL-ARCHITECTURE.md.
§What lives here
Verdict– the three-valued outcome of an evaluation.Guard– the sync guard trait (identical signature to the legacychio_kernel::Guard, moduloErrorsurface mapped ontoKernelCoreError).GuardContext– the inputs a guard sees.- [
evaluate] – pure compute that walks a capability + request through the sync checks (signature, time, subject binding, scope, guard pipeline) and returnsOk(Verdict::Allow)orOk(Verdict::Deny { reason }). No I/O, no budget mutation, no revocation lookup. verify_capability– offline capability verification used by tools that only need to inspect a token (no scope, no revocation).sign_receipt– sign anChioReceiptBodywith aSigningBackend.Clock/Rng– abstract trait boundaries for time/entropy so adapters on wasm/mobile can inject platform clocks and CSPRNGs.
§What stays in chio-kernel
The full chio-kernel crate keeps every piece that actually touches I/O
or async: tokio tasks, rusqlite receipt/revocation/budget stores,
ureq price-oracle client, lru DPoP nonce cache, async session ops,
HTTP/stdio transport, nested-flow bridges, tool-server dispatch. Those
modules depend on chio-kernel-core for the pure-compute kernels but
add the IO glue around them.
§no_std status
The crate is #![no_std] with extern crate alloc;. At the source level
we never name std::*, and the portable proof is scripted in
scripts/check-portable-kernel.sh.
That proof runs both:
cargo build -p chio-kernel-core --no-default-featurescargo build -p chio-kernel-core --target wasm32-unknown-unknown --no-default-features
The browser and mobile adapter crates perform their own platform-specific qualification on top of this core.
Re-exports§
pub use capability_verify::verify_capability;pub use capability_verify::CapabilityError;pub use capability_verify::VerifiedCapability;pub use clock::Clock;pub use clock::FixedClock;pub use evaluate::evaluate;pub use evaluate::EvaluateInput;pub use evaluate::EvaluationVerdict;pub use evaluate::KernelCoreError;pub use guard::Guard;pub use guard::GuardContext;pub use guard::PortableToolCallRequest;pub use normalized::NormalizationError;pub use normalized::NormalizedCapability;pub use normalized::NormalizedConstraint;pub use normalized::NormalizedEvaluationVerdict;pub use normalized::NormalizedMonetaryAmount;pub use normalized::NormalizedOperation;pub use normalized::NormalizedPromptGrant;pub use normalized::NormalizedRequest;pub use normalized::NormalizedResourceGrant;pub use normalized::NormalizedRuntimeAssuranceTier;pub use normalized::NormalizedScope;pub use normalized::NormalizedToolGrant;pub use normalized::NormalizedVerdict;pub use normalized::NormalizedVerifiedCapability;pub use passport_verify::verify_parsed_passport;pub use passport_verify::verify_passport;pub use passport_verify::PortablePassportBody;pub use passport_verify::PortablePassportEnvelope;pub use passport_verify::VerifiedPassport;pub use passport_verify::VerifyError;pub use passport_verify::PORTABLE_PASSPORT_SCHEMA;pub use receipts::sign_receipt;pub use receipts::ReceiptSigningError;pub use rng::NullRng;pub use rng::Rng;pub use scope::MatchedGrant;pub use scope::ScopeMatchError;
Modules§
- capability_
verify - Pure capability verification.
- clock
- Abstract clock for capability time-bound enforcement.
- evaluate
- Pure-compute verdict evaluation.
- guard
- Sync guard trait for portable evaluation.
- normalized
- Proof-facing normalized types for the bounded verified core.
- passport_
verify - Portable passport verification (Phase 20.1).
- receipts
- Portable receipt signing.
- rng
- Abstract entropy source for receipt IDs and DPoP nonces.
- scope
- Portable scope matching for tool grants.
Enums§
- Verdict
- Three-valued outcome of a kernel evaluation step.