heldar-kernel 0.2.0

Heldar kernel — media/DVR control plane, perception ingest + sampler, zone engine, auth, and the worker SDK contract. The open, domain-agnostic platform that domain apps build on.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

[package]
name = "heldar-kernel"
version = "0.2.0"
edition = "2021"
rust-version = "1.85"
description = "Heldar kernel — media/DVR control plane, perception ingest + sampler, zone engine, auth, and the worker SDK contract. The open, domain-agnostic platform that domain apps build on."
license = "Apache-2.0"
readme = "README.md"
repository = "https://github.com/Straits-AI/heldar"
keywords = ["cctv", "nvr", "rtsp", "surveillance", "video"]
categories = ["multimedia::video", "web-programming::http-server"]

[lib]
name = "heldar_kernel"
path = "src/lib.rs"

[features]
# Email/SMTP alerting — OFF by default so the lean appliance build links no SMTP/TLS stack. Enable to
# deliver matching events by email (env-configured: HELDAR_SMTP_*). Mirrors the `wasm` opt-in pattern.
smtp = ["dep:lettre"]

[dependencies]
# Optional SMTP client for the `smtp` feature (email notifier). Async (tokio) + rustls TLS.
lettre = { version = "0.11", default-features = false, features = [
    "builder",
    "smtp-transport",
    "tokio1",
    "tokio1-rustls-tls",
    "ring",
], optional = true }
tokio = { version = "1", features = ["full"] }
axum = { version = "0.8", features = ["macros"] }
tower = "0.5"
tower-http = { version = "0.6", features = ["cors", "trace", "fs"] }
sqlx = { version = "0.8", default-features = false, features = [
    "runtime-tokio",
    "sqlite",
    "chrono",
    "macros",
    "migrate",
    "json",
] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
chrono = { version = "0.4", features = ["serde"] }
uuid = { version = "1", features = ["v4"] }
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
anyhow = "1"
thiserror = "1"
dotenvy = "0.15"
libc = "0.2"
async-trait = "0.1"
# Stage 4 (RBAC): argon2id password hashing + SHA-256 token hashing + CSPRNG for tokens/salts.
argon2 = "0.5"
sha2 = "0.10"
rand_core = { version = "0.6", features = ["std"] }
# ONVIF WS-Security UsernameToken digest = base64(sha1(nonce + created + password)). Both crates are
# already resolved in Cargo.lock (transitive deps); declared here so the ONVIF service can use them.
sha1 = "0.10"
base64 = "0.22"
# HTTP Digest (RFC 2617) auth for HikVision ISAPI camera configuration; already resolved in Cargo.lock.
md-5 = "0.10"
# HMAC-SHA256 webhook signatures (X-Heldar-Signature). Already resolved in Cargo.lock (transitive
# dep of argon2/digest); declared here so the webhooks delivery engine can sign delivery bodies.
hmac = "0.12"
# Ed25519 verification of signed plugin-registry catalogs (the "verified publisher" badge). ring is
# already resolved in Cargo.lock (the rustls TLS backend under reqwest), so declaring it directly adds
# zero new compiled crates while giving asymmetric verify with a PUBLIC key (no forgeable secret).
ring = "0.17"