handoff/
lib.rs

1//! Zero-downtime atomic binary handoff for long-running daemons.
2//!
3//! See the crate-root `ARCHITECTURE.md` for the wire protocol, state machine,
4//! and correctness invariants. This module re-exports the public surface.
5
6// Crate-wide safety gates. `unsafe_code` is denied by default; the four
7// modules that legitimately need it (FD inheritance, env mutation at
8// single-threaded startup, post-fork crash injection, and `FromRawFd` on
9// kernel-handed descriptors) opt back in with `#[allow(unsafe_code)]` and
10// carry per-block `// SAFETY:` comments. `unused_must_use` is denied so a
11// dropped `Result` becomes a hard error rather than a silent regression.
12#![deny(unsafe_code)]
13#![deny(unused_must_use)]
14
15pub mod crash;
16pub mod drainable;
17pub mod error;
18pub mod fd;
19pub mod frame;
20pub mod incumbent;
21pub mod lock;
22pub mod metrics;
23pub mod protocol;
24pub mod role;
25pub mod state;
26pub mod supervisor;
27mod util;
28
29pub use drainable::{DrainReport, Drainable, ReadinessSnapshot, SealReport, StateSnapshot};
30pub use error::{Error, Result};
31pub use fd::{arrange_inherited_fds_on_spawn, pass_listener_fds_on_spawn};
32pub use incumbent::Incumbent;
33pub use lock::DataDirLock;
34pub use protocol::HandoffId;
35pub use role::{
36    BegunSuccessor, HandshookSuccessor, HeartbeatGuard, InheritedListeners, Role, Successor,
37    detect_role,
38};
39pub use supervisor::{HandoffOutcome, SpawnSpec, Supervisor};
handoff/lib.rs

handoff/
lib.rs
