Expand description
Package manager core library for .cpkg packages.
Provides manifest parsing, archive creation/extraction, a local package store, lockfile management, and cryptographic integrity verification.
Re-exports§
pub use archive::content_hash;pub use archive::pack;pub use archive::unpack;pub use index::IndexVersion;pub use index::MockRegistryIndex;pub use index::PackageIndexEntry;pub use index::RegistryIndex;pub use index::DEFAULT_REGISTRY_URL;pub use integrity::sign_package;pub use integrity::verify_package;pub use integrity::PackageSignature;pub use lockfile::LockedDependency;pub use lockfile::LockedPackage;pub use lockfile::Lockfile;pub use manifest::parse_pkg_manifest_toml;pub use manifest::PkgManifest;pub use manifest::PkgType;pub use resolver::PackagePolicyResolver;pub use resolver_deps::lockfile_from_resolution;pub use resolver_deps::DependencyResolver;pub use resolver_deps::PkgId;pub use resolver_deps::ResolvedPackage;pub use resolver_deps::ResolverError;pub use store::InstalledPackage;pub use store::PackageStore;pub use store::StoreMetadata;pub use trust::check_trust;pub use trust::compute_trust_level;pub use trust::TrustError;pub use trust::TrustLevel;pub use trust::TrustRequirement;pub use version::parse_version;pub use version::parse_version_req;pub use version::VersionReq;
Modules§
- archive
.cpkgarchive format — zstd-compressed tar with content-hash integrity.- index
- Sparse registry index client for fetching package metadata.
- integrity
- Package signing and verification using Ed25519 + SHA-256.
- lockfile
- Package lockfile (
clawdstrike-pkg.lock) for reproducible installs. - manifest
- Package manifest (
clawdstrike-pkg.toml) parsing and validation. - merkle
- Merkle transparency log for the package registry.
- resolver
- Resolves
pkg:references to installed packages. - resolver_
deps - PubGrub-based dependency resolver for
.cpkgpackages. - store
- Local package store — manages installed
.cpkgpackages on disk. - trust
- Trust level computation and enforcement for packages.
- version
- Semver version constraint parsing and matching for package dependencies.