inferd-daemon
The binary. Owns the lifecycle, admission queue, single-instance lock, NDJSON endpoints (Unix socket / Windows named pipe / loopback TCP), admin socket, activity log, model store, fetch, and boot/shutdown flow.
Invariants
This crate is the security and lifecycle perimeter of inferd. The
non-negotiable invariants live in ../../context.md under
"Invariants you must preserve". Notable ones:
- The inference socket does not exist until the backend is
ready(THREAT_MODEL F-13). The admin socket is bound earlier so progress events are visible during bring-up. - Single-instance lock via
std::fs::File::try_lock; pre-existing symlinks at the lock path are refused (F-2). - 64 MiB per-line NDJSON frame cap (F-5).
- Constant-time SHA-256 compare on model verification (
subtle). - Per-caller identity (
peercred.rs): UID on Unix, SID on Windows. - No subprocess engines (ADR 0005). llama.cpp linked via FFI.
- No HTTP server (ADR 0006). The narrow ADR 0010 HTTPS exception is for first-boot model bootstrap only.
See crates/inferd-daemon/src/ for the implementation.