elastik-core 8.0.1

Elastik — Audi-ted L5 storage engine. SQLite for files.
Documentation

Elastik — Audi-ted L5 Storage Engine

elastik-core is a protocol-neutral storage engine: canonical paths, opaque bytes, content-addressed versioning, an HMAC-chained audit log, and a four-tier access model. SQLite for files.

Quick start

# #[cfg(feature = "unstable-engine")]
# async fn run() {
use elastik_core::{
    AccessTier, Engine, Preconditions, Representation, SecretBytes, ValidatedWorldPath,
};
use bytes::Bytes;

let engine = Engine::builder()
    .data_root("./data")
    .key(SecretBytes::new(b"shared-hmac-secret".to_vec()).expect("hmac key"))
    .build()
    .expect("engine builds");

let world = ValidatedWorldPath::new("home/hello").expect("canonical path");

// Store bytes at a path.
engine
    .replace(
        &world,
        Representation::new(Bytes::from_static(b"hi"), "text/plain", Vec::new()),
        Preconditions::none(),
        AccessTier::Write,
    )
    .await
    .expect("write succeeds");

// Retrieve bytes by path.
let read = engine.read(&world, AccessTier::Read).expect("read succeeds");
assert!(read.is_some());
# }

What the library does

  • Bytes at paths. Canonical home/, tmp/, dev/, sys/, etc/, lib/, boot/, usr/, var/ namespaces decide durable-vs-transient without per-call configuration.
  • Versions everything. Every successful write returns an ETag; reads, replaces, and appends honour Preconditions::if_match / if_none_match.
  • Audits everything. HMAC-chained ledger; Engine::verify_audit returns a typed [AuditVerify] result and refuses to start when an existing chain is corrupted.
  • Authenticates everything. [AccessTier] (Anon / Read / Write / Approve) plus token-bytes verification via [Engine::verify_token].
  • Subscribes to changes. [Engine::subscribe] returns an [EngineSubscription] with replay-then-live ordering.

What the library does not do

No HTTP, no CoAP, no SSE, no server runtime. Those live in the elastik-core binary and consume this library through the unstable public [Engine] API. In a minimal library-only build, the library does not read environment variables, does not bind sockets, and does not depend on axum, hyper, tower, tokio-stream, futures-util, or base64.

Feature flags

  • bundled-sqlite (default) — link a bundled SQLite via rusqlite/bundled.
  • coap (default) — enable the CoAP adapter inside the binary.
  • multi-thread (default) — enable Tokio's multi-thread runtime for the binary.
  • unstable-engine — expose the public [Engine] facade. The API shape is allowed to change between minor versions while this gate stays.
  • unstable-engine-bin (default) — superset that adds axum, base64, futures-util, Tokio net/signal, and tracing-subscriber; the elastik-core binary requires this feature.

Minimal library-only build: cargo build --lib --no-default-features --features bundled-sqlite,unstable-engine.