cortex_airlock/
lib.rs

1//! TIBET Cortex Airlock — Zero plaintext lifetime processing
2//!
3//! The Airlock ensures data is NEVER plaintext outside a controlled scope:
4//! - Memory is mlock'd (pinned, never swapped to disk)
5//! - All buffers are zeroized on drop
6//! - Processing happens within a closure — plaintext cannot escape
7//! - Audit tokens are generated for every airlock session
8//!
9//! ```text
10//! ┌─── AIRLOCK ────────────────────────┐
11//! │  1. Data IN (encrypted envelope)   │
12//! │  2. Decrypt WITHIN airlock         │
13//! │  3. Process (closure scope)        │
14//! │  4. Result OUT (re-encrypted)      │
15//! │  5. WIPE — zero all plaintext      │
16//! └────────────────────────────────────┘
17//! ```
18
19mod secure_mem;
20mod session;
21
22pub use session::{Airlock, AirlockSession, AirlockConfig};
23pub use secure_mem::LockedBuffer;
cortex_airlock/lib.rs

cortex_airlock/
lib.rs
