car-server-core 0.9.0

Transport-neutral library for the CAR daemon JSON-RPC dispatcher (used by car-server and tokhn-daemon)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

// Raise the recursion limit so the deeply-nested async block at the
// `accept_async` -> `run_dispatch` call site doesn't trip the rustc
// query-depth limit on Windows / Linux. The default 128 is fine on
// macOS but the larger query graph on the other platforms pushes
// through the threshold; 256 has comfortable headroom. (Same fix
// `car-server` carries; the library inherits the same call-site
// shape.)
#![recursion_limit = "256"]

//! Transport-neutral library extracted from `car-server`.
//!
//! Holds the JSON-RPC dispatcher, per-client session state, and the
//! WebSocket channel plumbing. The standalone `car-server` binary is
//! a thin wrapper that loads `~/.car/env`, initializes telemetry,
//! spawns the dream loop, binds a TCP listener, and on each
//! connection calls [`run_dispatch`].
//!
//! Embedders (e.g. the future `tokhn-daemon` at U7) construct a
//! [`ServerState`] via [`ServerState::embedded`] (or
//! [`ServerStateConfig`] for advanced wiring), accept WebSocket
//! connections in their own listener, and call [`run_dispatch`]
//! directly — without re-implementing the dispatcher.
//!
//! ## Library boundary contract
//!
//! Per the U1 plan, this library MUST NOT:
//! - spawn the dream loop (caller decides),
//! - initialize telemetry (caller decides),
//! - load `~/.car/env` (caller decides).
//!
//! Those bootstraps stay in the embedder's `main`. This contract
//! prevents the dual-memgine bug U7 mitigates: if the library
//! silently spawned its own dream loop, embedded users would end up
//! with two memgine engines (the embedder's plus the library's).
//!
//! ## Lock primitive
//!
//! `ClientSession.memgine` uses `Arc<tokio::sync::Mutex<MemgineEngine>>`
//! per the "one-wrapper rule" — dispatcher handlers can hold the lock
//! across `.await` points without risking poisoning, and tokio's
//! `Mutex` does not poison so a panicking handler does not poison the
//! engine for sibling connections.

pub mod a2a;
pub mod admission;
pub mod handler;
pub mod host;
pub mod mcp;
pub mod meeting;
pub mod session;
pub mod ui_agent_loop;
pub mod voice_turn;

pub use admission::{InferenceAdmission, ENV_MAX_CONCURRENT};
pub use handler::{handle_connection, run_dispatch, JsonRpcError, JsonRpcMessage, JsonRpcResponse};
// Unix-only — the underlying `tokio::net::UnixStream` doesn't exist
// on Windows. Mirror the cfg gate on the function definition itself
// so consumers that need both transports gate their call sites
// the same way (`car-server::main::uds_accept_loop` already does).
#[cfg(unix)]
pub use handler::handle_connection_unix;
pub use session::{
    ApprovalGate, ClientSession, ServerState, ServerStateConfig, WsChannel, WsMemgineIngestSink,
    WsSink, WsToolExecutor, WsVoiceEventSink,
};