enact-core 0.0.2

Core agent runtime for Enact - Graph-Native AI agents
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

//! Streaming Protection Layer
//!
//! Output processors that run AFTER kernel execution, BEFORE storage/streaming.
//!
//! ## Architecture
//!
//! This module implements the protection layer from [17-GUARDRAILS-PROTECTION.md].
//! All observability data passes through this layer before storage or transmission.
//!
//! ```text
//! ExecutionKernel
//!//!       ▼ (StreamEvent)
//! ┌─────────────────────────────────────┐
//! │      Protection Pipeline            │
//! │  ┌───────────┐  ┌────────────────┐ │
//! │  │    PII    │→ │   Encryption   │ │
//! │  │ Protection│  │   (storage)    │ │
//! │  └───────────┘  └────────────────┘ │
//! └─────────────────────────────────────┘
//!       │                    │
//!       ▼ (masked)           ▼ (encrypted)
//!    SSE/GUI              EventStore
//! ```
//!
//! ## Key Invariants
//!
//! - **No raw PII to frontend**: Kernel never emits raw PII to frontend-visible channels
//! - **Protection before storage**: All events pass through protection before storage
//! - **Streaming is read-only**: Processors transform payloads, don't mutate state
//!
//! @see docs/TECHNICAL/17-GUARDRAILS-PROTECTION.md
//! @see docs/TECHNICAL/25-STREAM-PROCESSORS.md

mod context;
mod encryption;
mod pii_protection;
mod processor;

pub use context::{DataDestination, ProtectionContext};
pub use encryption::EncryptionProcessor;
pub use pii_protection::PiiProtectionProcessor;
pub use processor::{OutputProcessor, ProcessedEvent, ProcessorPipeline};