1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
//! Core runtime for tsafe.
//!
//! `tsafe-core` owns encrypted vault storage, authority contracts, audit
//! records, deny reasons, and Agent Authority Firewall data types. It is the
//! shared layer used by safe command execution (`tsafe exec`) and by bound MCP
//! server instances that run through a fixed profile, contract, and workdir.
//!
//! Current Agent Authority Firewall support is deliberately local and
//! contract-first:
//!
//! - [`contracts`] parses named authority contracts, trust posture, allowed
//! targets, and no-secret diagnostic contract shapes.
//! - [`authority`] defines model-safe decisions, refusal payloads, metadata,
//! and receipts for bound MCP command authority.
//! - [`deny_reason`] carries stable denial categories for execution and
//! diagnostic surfaces.
//!
//! This crate does not expose an MCP server. Use `tsafe-cli` or `tsafe-mcp`
//! when you need the `tsafe mcp serve --profile <profile> --contract <contract>
//! --workdir <repo>` normal form.
//!
//! ## Algol-merged surface (Phase 1)
//!
//! Two algol-derived modules live alongside the existing surface:
//!
//! - [`attest_contract`] — per-run env-injection contract (`AttestContract`),
//! distinct from [`contracts::AuthorityContract`] (vault-policy semantics);
//! the two have zero field overlap and represent different abstractions.
//! - [`run_evidence`] — typed-evidence artifact for an attested command run,
//! including parent-vs-child env diff with per-var SHA-256 hashes.
//!
//! See `ecosystem-catalog/docs/adr/draft-algol-into-tsafe-merge.md` for the
//! merge rationale; modules carry full provenance + relicense notes at the
//! top of each file.