nautalid 0.1.0

Scratch container substrate — TLS 1.3 HTTP/2+3 kernel, LID/AetherDB, optional filter bus (GPL-3.0-or-later).
//! User-configurable security policy and secrets (env, files, KDL).
//!
//! ## Security model
//!
//! **Standalone / development:** policy is intentionally **open**. Secondary secrets
//! (bus token, admin token, WT frame proofs, cert allowlists) are optional until you
//! configure them. Do not expose an open configuration to untrusted networks.
//!
//! **Project / production:** set `NAUTALID_SECURITY_KDL_PATH` or
//! `NAUTALID_SECURITY_PROFILE=production` (or `profile "production"` in KDL) to enable
//! require flags, secrets files, and startup validation. Embedders ship their own
//! `security { … }` block when pulling Nautalid into a product.
//!
//! **Always remedied (not policy):** protocol DoS limits, loopback wire defaults,
//! IPC-only bus by default, and other blatant mis-exposure bugs — regardless of profile.

mod config;

pub use config::{
    SecurityConfig, SecurityError, admin_token, bus_credentials_configured, bus_scoped_tokens,
    bus_token, init, kwt_jti_replay_required, metrics_auth_required, reset_for_tests,
    validate_wt_aether_startup,
    wt_aether_hot_reload_locked, wt_control_token_required, BUS_MODULE_NAMES,
};