Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
secureops-napi
The Ring 1 in-process engine surface (PRODUCT.md A.2, Part G Phase 1:
"Rust core behind napi"). This crate is built as a Node native addon
(crate-type = ["cdylib", "rlib"]) and loaded by a thin TypeScript shim that
replaces the legacy @adversa/secureops audit body with a single FFI call.
Why a plain-Rust seam
The actual #[napi] wrappers (provided by napi-derive) are intentionally
not compiled in this scaffold — the napi / napi-derive / napi-build
crates require a Node toolchain and pull a large native build, which would
break the offline-fast workspace build. So the public functions here are
ordinary Rust (String-in / String-out, JSON on the wire). Each is annotated
with the #[napi] attribute it will carry once Phase 1 wiring lands, e.g.:
#[napi]
pub async fn audit_to_json(state_dir: String, deep: bool, fix: bool) -> napi::Result<String> {
Ok(crate::audit_to_json(state_dir, deep, fix).await)
}
Keeping the logic in plain functions means the standalone clap binary
(secureops-cli) and unit tests can drive the identical code path without
Node, and the FFI layer stays a thin, generated shim.
The full OpenClaw plugin surface (lifecycle hooks, command dispatch, MCP
tools — the TS legacyPlugin) is ported in [plugin]; the TS shim wires
OpenClaw's callbacks to those functions.
Trust model (PRODUCT.md A.2)
Ring 1 shares the agent's fate: it gives fast, in-context audit + monitoring while the host process is healthy but provides no enforcement. Enforcement lives in the Ring 2 daemon. This addon's job is feedback and convenience.
Wire-format contract (PRODUCT.md A.5 / A.3)
Everything crossing the FFI boundary is JSON produced by
[secureops_core::AuditReport::to_json_pretty], so the shim and a future
Rust daemon read/write byte-compatible <stateDir>/.secureops/ artifacts.
Treat the JSON field names as frozen.