corp-finance-core 1.1.0

Institutional-grade corporate finance calculations with 128-bit decimal precision — DCF, WACC, comps, LBO, credit metrics, derivatives, fixed income, options, and 60+ specialty modules. No f64 in financials. WASM-compatible.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

//! Multi-tenant federation bounded context (Phase 27, ADR-019).
//!
//! v1 is **simple tenancy only** — per-tenant output path scoping, per-tenant
//! memory partitions, PII redaction policies. v2 will layer the
//! cross-installation handshake (mTLS via `rustls`, ed25519 signatures via
//! `ed25519-dalek`) on top; the module structure is identical so v2 is a
//! focused add-on rather than a rewrite.
//!
//! ## Module layout
//!
//! - [`types`] — domain value objects: `Tenant`, `TenantContext`,
//!   `TrustTier`, `PIIRedactionPolicy`, `RedactionAction`, `TrustScore`,
//!   `FederatedSession`.
//! - [`tenant`] — tenant provisioning, surface-resolution helpers (CLI,
//!   MCP, plugin), per-tenant path composition, and isolation enforcement.
//! - [`pii_redaction`] — outbound PII policy application; reuses the
//!   security module's 14-category scanner.
//! - [`trust_score`] — behavioral trust scoring per peer; SQLite
//!   persistence helpers.
//! - [`session`] — federated session lifecycle (v2 stub).
//!
//! ## Feature gating
//!
//! The whole module is gated behind the `federation` cargo feature at the
//! crate root. The feature pulls in `rusqlite` (trust score persistence),
//! `sha2` (the `Hash` redaction action), `uuid` (session IDs), and
//! transitively `security` (the PII scanner).
//!
//! ## Tier-to-trust mapping
//!
//! `cookbook_tier_to_trust_tier` and `mcp_server_tier_to_trust_tier` are the
//! single sources of truth for translating an upstream tier label into a
//! federation `TrustTier` (RUF-FED-009 / FED-INV-007).

pub mod attestation;
pub mod pii_redaction;
pub mod session;
pub mod tenant;
pub mod trust_score;
pub mod types;

#[cfg(test)]
mod tests;

pub use attestation::{
    check_capability, init_attestation_schema, is_revoked, issue_attestation,
    list_attestations_by_subject, load_attestation, revoke_attestation, save_attestation,
    status_with_revocations, verify_attestation,
};
pub use pii_redaction::{apply_policy, default_policy_for_tier, redact_text, RedactionResult};
pub use session::{close_session, open_authenticated_session, open_session, record_payload};
pub use tenant::{
    enforce_isolation, provision_tenant, resolve_tenant_for_cli, resolve_tenant_for_mcp,
    resolve_tenant_for_plugin, tenant_scoped_path, ResourceKind,
};
pub use trust_score::{
    compute_trust_score, instant_downgrade_on_threat, upgrade_eligibility, InteractionRecord,
    ThreatSeverity,
};
pub use types::{
    AttestationRevocation, AttestationStatus, FederatedSession, PIIRedactionPolicy,
    RedactionAction, Tenant, TenantContext, TrustAttestation, TrustScore, TrustTier,
};

use crate::managed_agent::types::CookbookTier;
use crate::mcp_servers::types::McpServerTier;

/// Single source of truth for `CookbookTier` -> `TrustTier` mapping
/// (RUF-FED-009 / FED-INV-007). Cookbook deploys are CLI invocations and
/// inherit a deploy-time tier; this function maps that tier into the
/// federation trust posture.
pub fn cookbook_tier_to_trust_tier(tier: CookbookTier) -> TrustTier {
    match tier {
        CookbookTier::CoreOnly => TrustTier::Open,
        CookbookTier::Freemium => TrustTier::Verified,
        CookbookTier::PaidVendor => TrustTier::Trusted,
    }
}

/// Single source of truth for `McpServerTier` -> `TrustTier` mapping
/// (RUF-FED-009). Runtime CLI invocations and MCP tool calls take their
/// trust posture from the consumed MCP server tier.
pub fn mcp_server_tier_to_trust_tier(tier: McpServerTier) -> TrustTier {
    match tier {
        // Free native + free public both map to Open: no client-data inputs,
        // outputs are computation results that may be shared subject to PII.
        McpServerTier::FreeNative => TrustTier::Open,
        McpServerTier::FreePublicWithApiKey => TrustTier::Open,
        McpServerTier::Freemium => TrustTier::Verified,
        McpServerTier::PaidVendor => TrustTier::Trusted,
    }
}