Expand description
doover-core — snapshot, journal, and undo primitives for AI agent shell actions.
Module map (built strictly test-first; see doover-implementation-plan.md):
registry(step 1): reversibility classification of commandsparser(step 2): bash parsing + affected-path scope resolutionsnapshot(step 3): content-addressed CoW snapshot storejournal(step 4): SQLite action journalhooks(step 5): harness adapters (Claude Code first)undo(step 6): restore engine with conflict detection
Modules§
- hooks
- Hook engine: the composition point where harness events become protected
actions.
handle_pre= parse → resolve scope → snapshot (ALWAYS under limits) → journal pending;handle_post= correlate by tool_use_id → completed. Contract facts baked in from the live capture (fixtures README): the harness sends the session’s live cwd per call, there are no exit codes, and failed commands never emit a post event. - inspect
- Read-only inspection: compare a recorded manifest against the live
filesystem, per entry (step 8,
doover diff). - journal
- Append-only action journal (SQLite, WAL).
- maintenance
- Maintenance / garbage collection (step 7).
- redact
- Display-time secret redaction for journaled commands (step 8).
- registry
- Reversibility registry: classifies commands and shell constructs by effect,
affected-path scope, and undo strategy. Data lives in
registry/*.yaml(CC0); a user overlay directory can add rules or upgrade severity, but a shipped destructive classification can never be silently downgraded. - resolver
- Bash command parsing and affected-path scope resolution.
- snapshot
- Content-addressed snapshot store.
- undo
- Undo/redo engine (step 6): the user-facing payoff of everything upstream.
Constants§
- VERSION
- Crate version, single source of truth for the CLI
--versionoutput.