chio-kernel-core 0.1.0

Portable (no_std + alloc) Chio kernel core: pure verdict evaluation, capability verification, and receipt signing
Documentation
  • Coverage
  • 64.76%
    136 out of 210 items documented0 out of 57 items with examples
  • Size
  • Source code size: 124.89 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 14.81 MB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 1m 44s Average build duration of successful builds.
  • all releases: 1m 44s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Repository
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • bb-connor

Portable Chio kernel core.

This crate contains the pure-compute subset of Chio evaluation as a no_std + alloc library so the same verdict-producing code can run inside a browser (wasm32-unknown-unknown), a Cloudflare Worker (wasm32-wasip1), a mobile app (UniFFI static lib), or the desktop sidecar (chio-kernel). The contract is described in docs/protocols/PORTABLE-KERNEL-ARCHITECTURE.md.

What lives here

  • [Verdict] -- the three-valued outcome of an evaluation.
  • [Guard] -- the sync guard trait (identical signature to the legacy chio_kernel::Guard, modulo Error surface mapped onto [KernelCoreError]).
  • [GuardContext] -- the inputs a guard sees.
  • [evaluate] -- pure compute that walks a capability + request through the sync checks (signature, time, subject binding, scope, guard pipeline) and returns Ok(Verdict::Allow) or Ok(Verdict::Deny { reason }). No I/O, no budget mutation, no revocation lookup.
  • [verify_capability] -- offline capability verification used by tools that only need to inspect a token (no scope, no revocation).
  • [sign_receipt] -- sign an ChioReceiptBody with a SigningBackend.
  • [Clock] / [Rng] -- abstract trait boundaries for time/entropy so adapters on wasm/mobile can inject platform clocks and CSPRNGs.

What stays in chio-kernel

The full chio-kernel crate keeps every piece that actually touches I/O or async: tokio tasks, rusqlite receipt/revocation/budget stores, ureq price-oracle client, lru DPoP nonce cache, async session ops, HTTP/stdio transport, nested-flow bridges, tool-server dispatch. Those modules depend on chio-kernel-core for the pure-compute kernels but add the IO glue around them.

no_std status

The crate is #![no_std] with extern crate alloc;. At the source level we never name std::*, and the portable proof is scripted in scripts/check-portable-kernel.sh.

That proof runs both:

  • cargo build -p chio-kernel-core --no-default-features
  • cargo build -p chio-kernel-core --target wasm32-unknown-unknown --no-default-features

The browser and mobile adapter crates perform their own platform-specific qualification on top of this core.