Crate harn_vm 

harn-vm

The Harn compiler, virtual machine, standard library, provider/LLM layer, orchestration runtime, and host bridge.

Stability

This crate is consumed both by the in-tree surfaces (harn-cli, harn-serve, the LSP and DAP) and by external embedders. The intended embedding entry points are Vm, Harness, compile_source, and the llm, orchestration, agent_events, agent_sessions, config, and security modules. Other public items exist primarily for in-workspace use and may change between minor releases; anything marked #[doc(hidden)] is an implementation detail with no stability guarantee. The crate follows the workspace version and is pre-1.0, so the public surface may still evolve.

Re-exports

pub use actor_chain::ActorChain;

pub use actor_chain::ActorChainEntry;

pub use actor_chain::ActorChainError;

pub use actor_chain::Principal;

pub use actor_chain::ScopeAttenuationMode;

pub use actor_chain::ScopeAttenuationPolicy;

pub use actor_chain::ScopeAttenuationViolation;

pub use call_budget::charge_mcp_call;

pub use call_budget::charge_pg_query;

pub use call_budget::install_mcp_call_budget;

pub use call_budget::install_pg_query_budget;

pub use call_budget::McpCallBudgetGuard;

pub use call_budget::PgQueryBudgetGuard;

pub use checkpoint::register_checkpoint_builtins;

pub use connectors::active_connector_client;

pub use connectors::active_metrics_registry;

pub use connectors::clear_active_connector_clients;

pub use connectors::clear_active_metrics_registry;

pub use connectors::connector_export_denied_builtin_reason;

pub use connectors::connector_export_effect_class;

pub use connectors::cron::CatchupMode;

pub use connectors::cron::CronConnector;

pub use connectors::default_connector_export_policy;

pub use connectors::harn_module::load_contract as load_harn_connector_contract;

pub use connectors::harn_module::HarnConnector;

pub use connectors::harn_module::HarnConnectorContract;

pub use connectors::hmac::verify_hmac_signed;

pub use connectors::hmac::SIGNATURE_VERIFY_AUDIT_TOPIC;

pub use connectors::install_active_connector_clients;

pub use connectors::install_active_metrics_registry;

pub use connectors::postprocess_normalized_event;

pub use connectors::ActivationHandle;

pub use connectors::ClientError;

pub use connectors::Connector;

pub use connectors::ConnectorClient;

pub use connectors::ConnectorCtx;

pub use connectors::ConnectorError;

pub use connectors::ConnectorExportEffectClass;

pub use connectors::ConnectorHttpResponse;

pub use connectors::ConnectorMetricsSnapshot;

pub use connectors::ConnectorNormalizeResult;

pub use connectors::ConnectorRegistry;

pub use connectors::GenericWebhookConnector;

pub use connectors::HarnConnectorEffectPolicies;

pub use connectors::MetricsRegistry;

pub use connectors::PostNormalizeOutcome;

pub use connectors::ProviderPayloadSchema;

pub use connectors::RateLimitConfig;

pub use connectors::RateLimiterFactory;

pub use connectors::RawInbound;

pub use connectors::StreamConnector;

pub use connectors::TriggerBinding;

pub use connectors::TriggerKind;

pub use connectors::TriggerRegistry;

pub use connectors::WebhookSignatureVariant;

pub use corrections::append_correction_record;

pub use corrections::apply_corrections_to_policy;

pub use corrections::correction_query_filters_from_json;

pub use corrections::correction_record_from_json;

pub use corrections::policy_with_corrections;

pub use corrections::query_correction_records;

pub use corrections::CorrectionQueryFilters;

pub use corrections::CorrectionRecord;

pub use corrections::CorrectionScope;

pub use corrections::CORRECTIONS_TOPIC;

pub use corrections::CORRECTION_EVENT_KIND;

pub use corrections::CORRECTION_SCHEMA_V0;

pub use harness::DenyEvent;

pub use harness::Harness;

pub use harness::HarnessCall;

pub use harness::HarnessClock;

pub use harness::HarnessCrypto;

pub use harness::HarnessEnv;

pub use harness::HarnessFs;

pub use harness::HarnessKind;

pub use harness::HarnessLlm;

pub use harness::HarnessNet;

pub use harness::HarnessObs;

pub use harness::HarnessProcess;

pub use harness::HarnessRandom;

pub use harness::HarnessSecrets;

pub use harness::HarnessStdio;

pub use harness::HarnessSystem;

pub use harness::HarnessTenant;

pub use harness::HarnessTerm;

pub use harness::MockAwareClock;

pub use harness::MockHarnessBuilder;

pub use harness::VmHarness;

pub use harness_auth::current_auth_principal;

pub use harness_auth::enter_auth_principal;

pub use harness_auth::AuthPrincipal;

pub use harness_auth::AuthPrincipalScopeGuard;

pub use harness_auth::MISSING_PRINCIPAL_MESSAGE;

pub use harness_net::bypass_enabled as net_policy_bypass_enabled;

pub use harness_net::NetMatcher;

pub use harness_net::NetPolicy;

pub use harness_net::NetPolicyAudit;

pub use harness_net::NetPolicyDecision;

pub use harness_net::NetPolicyDefault;

pub use harness_net::NetPolicyRule;

pub use harness_net::OnViolation;

pub use harness_net::HARN_NET_POLICY_BYPASS_ENV;

pub use harness_net::NET_POLICY_AUDIT_TOPIC;

pub use harness_tenant::current_tenant_id;

pub use harness_tenant::enter_tenant;

pub use harness_tenant::TenantScopeGuard;

pub use harness_tenant::MISSING_TENANT_MESSAGE;

pub use llm::register_llm_builtins;

pub use llm::current_agent_session_id;

pub use llm::install_llm_cost_budget;

pub use llm::install_llm_token_budget;

pub use llm::peek_llm_cost_budget;

pub use llm::peek_llm_token_budget;

pub use llm::register_session_end_hook;

pub use llm::set_llm_cost_budget;

pub use llm::set_llm_token_budget;

pub use llm::LlmBudgetGuard;

pub use llm::LlmTokenBudgetGuard;

pub use mcp::connect_mcp_server_from_json;

pub use mcp::connect_mcp_server_from_spec;

pub use mcp::register_mcp_builtins;

pub use mcp_allowlist::build_catalog as build_mcp_catalog;

pub use mcp_allowlist::catalog_for_request as mcp_catalog_for_request;

pub use mcp_allowlist::AdvertisedItem as McpAdvertisedItem;

pub use mcp_allowlist::CatalogRequest as McpCatalogRequest;

pub use mcp_allowlist::McpAllowlist;

pub use mcp_allowlist::McpAllowlistItem;

pub use mcp_allowlist::McpCatalog;

pub use mcp_allowlist::McpCatalogItem;

pub use mcp_allowlist::McpCatalogServer;

pub use mcp_allowlist::McpItemKind;

pub use mcp_allowlist::MCP_ALLOWLIST_SCHEMA_VERSION;

pub use mcp_card::fetch_server_card;

pub use mcp_card::load_server_card_from_path;

pub use mcp_card::CardError;

pub use mcp_host::cache_stats as mcp_host_cache_stats;

pub use mcp_host::set_allowlist as set_mcp_host_allowlist;

pub use mcp_host::AllowlistDecision as McpHostAllowlistDecision;

pub use mcp_host::AllowlistGuard as McpHostAllowlistGuard;

pub use mcp_host::BreakerState as McpHostBreakerState;

pub use mcp_host::CacheStats as McpHostCacheStats;

pub use mcp_host::McpHostStatus;

pub use mcp_host::SpawnOptions as McpHostSpawnOptions;

pub use mcp_host::SupervisionPolicy as McpHostSupervisionPolicy;

pub use mcp_registry::active_handle as mcp_active_handle;

pub use mcp_registry::ensure_active as mcp_ensure_active;

pub use mcp_registry::get_registration as mcp_get_registration;

pub use mcp_registry::install_active as mcp_install_active;

pub use mcp_registry::is_registered as mcp_is_registered;

pub use mcp_registry::register_servers as mcp_register_servers;

pub use mcp_registry::release as mcp_release;

pub use mcp_registry::reset as mcp_reset_registry;

pub use mcp_registry::snapshot_status as mcp_snapshot_status;

pub use mcp_registry::sweep_expired as mcp_sweep_expired;

pub use mcp_registry::RegisteredMcpServer;

pub use mcp_registry::RegistryStatus;

pub use mcp_server::take_mcp_serve_prompts;

pub use mcp_server::take_mcp_serve_registry;

pub use mcp_server::take_mcp_serve_resource_templates;

pub use mcp_server::take_mcp_serve_resources;

pub use mcp_server::tool_registry_to_mcp_tools;

pub use mcp_server::McpServer;

pub use metadata::register_metadata_builtins;

pub use observability::audit::audit_events as audit_obs_events;

pub use observability::audit::AuditFinding;

pub use observability::audit::AuditFindingKind;

pub use observability::request_id::current_request_id;

pub use observability::request_id::enter_request_id;

pub use observability::request_id::RequestIdScopeGuard;

pub use orchestration::benchmark_adapted_replay_pair;

pub use orchestration::benchmark_replay_trace;

pub use orchestration::build_replay_benchmark_report;

pub use orchestration::OpenCodeJsonlAdapter;

pub use orchestration::ReplayBenchmarkCloudIngest;

pub use orchestration::ReplayBenchmarkError;

pub use orchestration::ReplayBenchmarkFixtureReceipt;

pub use orchestration::ReplayBenchmarkFixtureReport;

pub use orchestration::ReplayBenchmarkMetrics;

pub use orchestration::ReplayBenchmarkReport;

pub use orchestration::ReplayBenchmarkSuiteIdentity;

pub use orchestration::ReplayBenchmarkSummary;

pub use orchestration::ReplayCategoryMetric;

pub use orchestration::ReplayDebuggingProxyMetrics;

pub use orchestration::ReplayRuntimeCostMetrics;

pub use orchestration::ReplayTraceAdapter;

pub use orchestration::OPENCODE_JSONL_ADAPTER_ID;

pub use orchestration::OPENCODE_JSONL_ADAPTER_SCHEMA_VERSION;

pub use orchestration::REPLAY_BENCHMARK_CLOUD_INGEST_KIND;

pub use orchestration::REPLAY_BENCHMARK_REPORT_SCHEMA_VERSION;

pub use orchestration::canonicalize_run;

pub use orchestration::first_divergence;

pub use orchestration::run_replay_oracle_trace;

pub use orchestration::ReplayAllowlistRule;

pub use orchestration::ReplayDivergence;

pub use orchestration::ReplayExpectation;

pub use orchestration::ReplayOracleError;

pub use orchestration::ReplayOracleReport;

pub use orchestration::ReplayOracleTrace;

pub use orchestration::ReplayTraceRun;

pub use orchestration::ReplayTraceRunCounts;

pub use orchestration::REPLAY_TRACE_SCHEMA_VERSION;

pub use orchestration::install_handoff_routes;

pub use orchestration::snapshot_handoff_routes;

pub use orchestration::HandoffRouteConfig;

pub use orchestration::HandoffRouteDecisionRecord;

pub use orchestration::HandoffRouteTargetConfig;

pub use personas::disable_persona;

pub use personas::fire_schedule as fire_persona_schedule;

pub use personas::fire_trigger as fire_persona_trigger;

pub use personas::format_ms as format_persona_ms;

pub use personas::now_ms as persona_now_ms;

pub use personas::parse_rfc3339_ms as parse_persona_ms;

pub use personas::pause_persona;

pub use personas::persona_status;

pub use personas::record_persona_spend;

pub use personas::register_persona_supervision_sink;

pub use personas::register_persona_value_sink;

pub use personas::report_repair_worker_status;

pub use personas::restore_persona_checkpoint;

pub use personas::resume_persona;

pub use personas::PersonaAssignmentStatus;

pub use personas::PersonaBudgetPolicy;

pub use personas::PersonaBudgetStatus;

pub use personas::PersonaCheckpointAction;

pub use personas::PersonaCheckpointRestoreOutcome;

pub use personas::PersonaCheckpointRestoreRequest;

pub use personas::PersonaCheckpointResume;

pub use personas::PersonaCheckpointUpdate;

pub use personas::PersonaHandoffInboxItem;

pub use personas::PersonaLease;

pub use personas::PersonaLifecycleState;

pub use personas::PersonaQueuePositionUpdate;

pub use personas::PersonaQueuedWork;

pub use personas::PersonaReceiptUpdate;

pub use personas::PersonaRepairWorkerLifecycle;

pub use personas::PersonaRepairWorkerStatusUpdate;

pub use personas::PersonaRunCost;

pub use personas::PersonaRunReceipt;

pub use personas::PersonaRuntimeBinding;

pub use personas::PersonaStatus;

pub use personas::PersonaSupervisionEvent;

pub use personas::PersonaSupervisionSink;

pub use personas::PersonaSupervisionSinkRegistration;

pub use personas::PersonaTriggerEnvelope;

pub use personas::PersonaValueEvent;

pub use personas::PersonaValueEventKind;

pub use personas::PersonaValueReceipt;

pub use personas::PersonaValueSink;

pub use personas::PersonaValueSinkRegistration;

pub use personas::StageDecl;

pub use personas::StageExit;

pub use personas::PERSONA_RUNTIME_TOPIC;

pub use provenance::build_signed_receipt;

pub use provenance::load_or_generate_agent_signing_key;

pub use provenance::verify_receipt;

pub use provenance::ProvenanceReceipt;

pub use provenance::ReceiptBuildOptions;

pub use provenance::ReceiptVerificationReport;

pub use receipts::Receipt;

pub use receipts::ReceiptSink;

pub use receipts::ReceiptStatus;

pub use receipts::ReceiptValidationError;

pub use receipts::RedactingReceiptSink;

pub use receipts::RedactionClass;

pub use receipts::RECEIPT_SCHEMA_ID;

pub use receipts::RECEIPT_SCHEMA_JSON;

pub use receipts::RECEIPT_SCHEMA_VERSION;

pub use record_filter::normalize_record_filter_expression;

pub use record_filter::CompiledRecordFilter;

pub use runtime_limits::RuntimeLimitDescription;

pub use runtime_limits::RuntimeLimitEntry;

pub use runtime_limits::RuntimeLimits;

pub use runtime_limits::RuntimeLimitsReport;

pub use runtime_limits::RUNTIME_LIMIT_DESCRIPTIONS;

pub use schema::json_to_vm_value;

pub use sessions::CreateSession;

pub use sessions::ExpireSession;

pub use sessions::Session;

pub use sessions::SessionAttributes;

pub use sessions::SessionError;

pub use sessions::SessionStore;

pub use sessions::TouchSession;

pub use sessions::SESSIONS_TOPIC;

pub use stdlib::host::clear_host_call_bridge;

pub use stdlib::host::set_host_call_bridge;

pub use stdlib::host::HostCallBridge;

pub use stdlib::http_response::parse_envelope as parse_http_envelope;

pub use stdlib::http_response::HttpEnvelope;

pub use stdlib::http_response::HttpHeaderValue;

pub use stdlib::http_response::WsUpgradeSpec;

pub use stdlib::http_response::HTTP_RESPONSE_TAG_KEY;

pub use stdlib::http_response::HTTP_RESPONSE_TAG_VERSION;

pub use stdlib::install_shared_pool_registry;

pub use stdlib::long_running::cancel_handle as cancel_long_running_handle;

pub use stdlib::secret_scan::append_secret_scan_audit;

pub use stdlib::secret_scan::audit_secret_scan_active;

pub use stdlib::secret_scan::scan_content as secret_scan_content;

pub use stdlib::secret_scan::SecretFinding;

pub use stdlib::secret_scan::SECRET_SCAN_AUDIT_TOPIC;

pub use stdlib::template::lookup_prompt_consumers;

pub use stdlib::template::lookup_prompt_span;

pub use stdlib::template::prompt_render_indices;

pub use stdlib::template::record_prompt_render_index;

pub use stdlib::template::PromptSourceSpan;

pub use stdlib::template::PromptSpanKind;

pub use stdlib::workflow_messages::workflow_pause_for_base;

pub use stdlib::workflow_messages::workflow_publish_query_for_base;

pub use stdlib::workflow_messages::workflow_query_for_base;

pub use stdlib::workflow_messages::workflow_respond_update_for_base;

pub use stdlib::workflow_messages::workflow_resume_for_base;

pub use stdlib::workflow_messages::workflow_signal_for_base;

pub use stdlib::workflow_messages::workflow_update_for_base;

pub use stdlib::workflow_messages::WorkflowMailboxState;

pub use stdlib::register_agent_stdlib;

pub use stdlib::register_core_stdlib;

pub use stdlib::register_io_stdlib;

pub use stdlib::register_vm_stdlib;

pub use store::register_store_builtins;

pub use tenant::tenant_event_topic_prefix;

pub use tenant::tenant_secret_namespace;

pub use tenant::tenant_topic;

pub use tenant::validate_tenant_id;

pub use tenant::ApiKeyId;

pub use tenant::TenantApiKeyRecord;

pub use tenant::TenantBudget;

pub use tenant::TenantEventLog;

pub use tenant::TenantRecord;

pub use tenant::TenantRegistrySnapshot;

pub use tenant::TenantResolutionError;

pub use tenant::TenantScope;

pub use tenant::TenantSecretProvider;

pub use tenant::TenantStatus;

pub use tenant::TenantStore;

pub use tenant::TENANT_EVENT_TOPIC_PREFIX;

pub use tenant::TENANT_REGISTRY_DIR;

pub use tenant::TENANT_REGISTRY_FILE;

pub use tenant::TENANT_SECRET_NAMESPACE_PREFIX;

pub use triggers::append_dispatch_cancel_request;

pub use triggers::begin_in_flight;

pub use triggers::binding_autonomy_budget_would_exceed;

pub use triggers::binding_budget_would_exceed;

pub use triggers::binding_version_as_of;

pub use triggers::classify_trigger_dlq_error;

pub use triggers::clear_dispatcher_state;

pub use triggers::clear_orchestrator_budget;

pub use triggers::clear_trigger_registry;

pub use triggers::drain;

pub use triggers::dynamic_deregister;

pub use triggers::dynamic_register;

pub use triggers::expected_predicate_cost_usd_micros;

pub use triggers::finish_in_flight;

pub use triggers::install_manifest_triggers;

pub use triggers::install_orchestrator_budget;

pub use triggers::install_provider_catalog;

pub use triggers::micros_to_usd;

pub use triggers::note_autonomous_decision;

pub use triggers::note_orchestrator_budget_cost;

pub use triggers::orchestrator_budget_would_exceed;

pub use triggers::parse_flow_control_duration;

pub use triggers::pause;

pub use triggers::pin_trigger_binding;

pub use triggers::provider_metadata;

pub use triggers::record_predicate_cost_sample;

pub use triggers::redact_headers;

pub use triggers::register_provider_schema;

pub use triggers::registered_provider_metadata;

pub use triggers::registered_provider_schema_names;

pub use triggers::reset_binding_budget_windows;

pub use triggers::reset_provider_catalog;

pub use triggers::reset_provider_catalog_with;

pub use triggers::resolve_live_or_as_of;

pub use triggers::resolve_live_trigger_binding;

pub use triggers::resolve_trigger_binding_as_of;

pub use triggers::resume;

pub use triggers::run_trigger_harness_fixture;

pub use triggers::scheduler_in_flight_by_key;

pub use triggers::scheduler_ready_stats_by_key;

pub use triggers::snapshot_dispatcher_stats;

pub use triggers::snapshot_orchestrator_budget;

pub use triggers::snapshot_trigger_bindings;

pub use triggers::unpin_trigger_binding;

pub use triggers::usd_to_micros;

pub use triggers::worker_claims_topic_name;

pub use triggers::worker_job_topic_name;

pub use triggers::worker_response_topic_name;

pub use triggers::ClaimedWorkerJob;

pub use triggers::DispatchCancelRequest;

pub use triggers::DispatchError;

pub use triggers::DispatchOutcome;

pub use triggers::DispatchStatus;

pub use triggers::Dispatcher;

pub use triggers::DispatcherDrainReport;

pub use triggers::DispatcherStatsSnapshot;

pub use triggers::FairnessKey;

pub use triggers::HeaderRedactionPolicy;

pub use triggers::InboxIndex;

pub use triggers::NotionPolledChangeEvent;

pub use triggers::OrchestratorBudgetConfig;

pub use triggers::OrchestratorBudgetSnapshot;

pub use triggers::ProviderCatalog;

pub use triggers::ProviderCatalogError;

pub use triggers::ProviderId;

pub use triggers::ProviderMetadata;

pub use triggers::ProviderOutboundMethod;

pub use triggers::ProviderPayload;

pub use triggers::ProviderRuntimeMetadata;

pub use triggers::ProviderSchema;

pub use triggers::ProviderSecretRequirement;

pub use triggers::ReadyKeyStats;

pub use triggers::RecordedTriggerBinding;

pub use triggers::RetryPolicy;

pub use triggers::SchedulableJob;

pub use triggers::SchedulerKeyStat;

pub use triggers::SchedulerPolicy;

pub use triggers::SchedulerSnapshot;

pub use triggers::SchedulerState;

pub use triggers::SchedulerStrategy;

pub use triggers::SignatureStatus;

pub use triggers::SignatureVerificationMetadata;

pub use triggers::StreamEventPayload;

pub use triggers::TenantId;

pub use triggers::TraceId;

pub use triggers::TriggerBatchConfig;

pub use triggers::TriggerBindingSnapshot;

pub use triggers::TriggerBindingSource;

pub use triggers::TriggerBindingSpec;

pub use triggers::TriggerBudgetExhaustionStrategy;

pub use triggers::TriggerConcurrencyConfig;

pub use triggers::TriggerDebounceConfig;

pub use triggers::TriggerDispatchOutcome;

pub use triggers::TriggerEvent;

pub use triggers::TriggerEventId;

pub use triggers::TriggerExpressionSpec;

pub use triggers::TriggerFlowControlConfig;

pub use triggers::TriggerHandlerSpec;

pub use triggers::TriggerHarnessResult;

pub use triggers::TriggerId;

pub use triggers::TriggerMetricsSnapshot;

pub use triggers::TriggerPredicateSpec;

pub use triggers::TriggerPriorityOrderConfig;

pub use triggers::TriggerRateLimitConfig;

pub use triggers::TriggerRegistryError;

pub use triggers::TriggerRetryConfig;

pub use triggers::TriggerSingletonConfig;

pub use triggers::TriggerState;

pub use triggers::TriggerThrottleConfig;

pub use triggers::WorkerQueue;

pub use triggers::WorkerQueueClaimHandle;

pub use triggers::WorkerQueueEnqueueReceipt;

pub use triggers::WorkerQueueInspectSnapshot;

pub use triggers::WorkerQueueJob;

pub use triggers::WorkerQueueJobState;

pub use triggers::WorkerQueuePriority;

pub use triggers::WorkerQueueResponseRecord;

pub use triggers::WorkerQueueState;

pub use triggers::WorkerQueueSummary;

pub use triggers::DEFAULT_INBOX_RETENTION_DAYS;

pub use triggers::DEFAULT_STARVATION_AGE_MS;

pub use triggers::TRIGGERS_LIFECYCLE_TOPIC;

pub use triggers::TRIGGER_ATTEMPTS_TOPIC;

pub use triggers::TRIGGER_CANCEL_REQUESTS_TOPIC;

pub use triggers::TRIGGER_DLQ_TOPIC;

pub use triggers::TRIGGER_INBOX_CLAIMS_TOPIC;

pub use triggers::TRIGGER_INBOX_ENVELOPES_TOPIC;

pub use triggers::TRIGGER_INBOX_LEGACY_TOPIC;

pub use triggers::TRIGGER_INBOX_OBSERVABILITY_TOPIC;

pub use triggers::TRIGGER_OPERATION_AUDIT_TOPIC;

pub use triggers::TRIGGER_OUTBOX_TOPIC;

pub use triggers::TRIGGER_TEST_FIXTURES;

pub use triggers::WORKER_QUEUE_CATALOG_TOPIC;

pub use trust_graph::append_active_scope_attenuation_alert;

pub use trust_graph::append_active_trust_record;

pub use trust_graph::append_scope_attenuation_alert;

pub use trust_graph::append_trust_record;

pub use trust_graph::export_trust_chain;

pub use trust_graph::group_trust_records_by_trace;

pub use trust_graph::policy_for_agent;

pub use trust_graph::policy_for_autonomy_tier;

pub use trust_graph::query_trust_graph_records;

pub use trust_graph::query_trust_records;

pub use trust_graph::resolve_agent_autonomy_tier;

pub use trust_graph::summarize_trust_records;

pub use trust_graph::topic_for_agent;

pub use trust_graph::trust_score_for;

pub use trust_graph::verify_trust_chain;

pub use trust_graph::AutonomyTier;

pub use trust_graph::TrustAgentSummary;

pub use trust_graph::TrustChainExport;

pub use trust_graph::TrustChainExportMetadata;

pub use trust_graph::TrustChainExportProducer;

pub use trust_graph::TrustChainReport;

pub use trust_graph::TrustGraphRecord;

pub use trust_graph::TrustOutcome;

pub use trust_graph::TrustQueryFilters;

pub use trust_graph::TrustRecord;

pub use trust_graph::TrustRecordActionKind;

pub use trust_graph::TrustScore;

pub use trust_graph::TrustTraceGroup;

pub use trust_graph::METADATA_KEY_ACTOR_CHAIN;

pub use trust_graph::METADATA_KEY_ACTOR_CHAIN_ALERT;

pub use trust_graph::METADATA_KEY_EFFECTS_GRANT;

pub use trust_graph::METADATA_KEY_EFFECTS_USED;

pub use trust_graph::METADATA_KEY_PARENT_RECORD_ID;

pub use trust_graph::OPENTRUSTGRAPH_ACCEPTED_SCHEMAS;

pub use trust_graph::OPENTRUSTGRAPH_CHAIN_SCHEMA_V0;

pub use trust_graph::OPENTRUSTGRAPH_SCHEMA_V0;

pub use trust_graph::OPENTRUSTGRAPH_SCHEMA_V0_1;

pub use trust_graph::TRUST_ACTION_RELEASE;

pub use trust_graph::TRUST_GRAPH_GLOBAL_TOPIC;

pub use trust_graph::TRUST_GRAPH_LEGACY_GLOBAL_TOPIC;

pub use trust_graph::TRUST_GRAPH_LEGACY_TOPIC_PREFIX;

pub use trust_graph::TRUST_GRAPH_RECORDS_TOPIC;

pub use trust_graph::TRUST_GRAPH_TOPIC_PREFIX;

pub use harn_clock as clock;

pub use value::*;

Modules

a2a

actor_chain

RFC 8693 actor/principal chain support.

agent_events

Agent event stream — the ACP-aligned observation surface for the agent loop.

agent_sessions

First-class session storage.

atomic_io

Atomic file write helpers.

autonomy

bridge

JSON-RPC 2.0 bridge for host communication.

bytecode_cache

Content-addressed on-disk cache for compiled .harn pipelines.

call_budget

Per-dispatch ceilings on outbound call counts — MCP tool calls and Postgres queries — mirroring the LLM cost/token budgets in [crate::llm::cost]. A .harn handler exported through harn-serve declares @budget(mcp_calls: 20, pg_queries: 50); the dispatcher installs the matching guards for the lifetime of the call. Each charge increments a per-thread counter and, once the ceiling is crossed, raises a structured BudgetExceeded-categorised error that adapter codecs render as HTTP 429.

channel_guardrails

Channel guardrails middleware (CH-11, #1911 — epic #1870).

channels

checkpoint

Checkpoint system for resilient pipeline execution.

clock_mock

Crate-wide deterministic clock mock used by stdlib time builtins, the trigger dispatcher, the cron scheduler, and Rust-side tests. Re-exports the long-lived implementation under triggers::test_util::clock so all callers go through one source of truth.

composition

Language-neutral executable tool-composition contract.

config

Canonical layered Harn runtime configuration.

connectors

Connector traits and shared helpers for inbound event-source providers.

corrections

coverage

Line coverage for executed Harn programs.

egress

event_log

events

Structured event emission for observability.

external_agent

flow

Harn Flow — agent-native shipping substrate.

harness

Capability handle threaded into every Harn script as the harness parameter of main.

harness_auth

Ambient authenticated-principal scope threaded into .harn callees by hosts that authenticate a request before dispatch (today: harn-serve, which resolves an [crate::auth-style] principal — subject, scheme, granted scopes, and an optional embedder-assigned kind — at admission).

harness_net

Per-harness NetPolicy rules and enforcement for harness.net.*.

harness_system

Host introspection for the harness.system.* capability surface.

harness_tenant

Ambient tenant scope threaded into .harn callees by hosts that resolve a tenant before dispatch (today: harn-serve via AuthenticatedPrincipal::tenant_id; future: in-process orchestrators that already hold a TenantId).

iter

Lazy iterator protocol for the Harn VM.

jsonrpc

Shared JSON-RPC 2.0 message construction helpers.

llm

LLM integration: API calls, streaming, agent loops, tool handling, and tracing.

llm_config

mcp

MCP (Model Context Protocol) client for connecting to external tool servers.

mcp_allowlist

Persisted MCP enable/disable allowlist + effective catalog (harn#2647).

mcp_auth

MCP OAuth/OIDC authorization helpers.

mcp_bulk_auth

Bulk MCP OAuth driver (harn#3355) — the keystone of the bulk-login program (harn#3354).

mcp_card

MCP Server Card consumer + publisher (2026 MCP v2.1 spec, harn#75).

mcp_elicit

MCP elicitation/create plumbing — server-to-client structured prompts.

mcp_file_upload

Experimental MCP file-input support.

mcp_host

Supervised external-tool MCP host primitive (harn#2504, A.7).

mcp_identity

MCP authenticated-identity resolution (harn#3349).

mcp_json_discovery

Unofficial /.well-known/mcp.json server discovery.

mcp_oauth

Interactive MCP OAuth flow engine — the harn-owned core that every surface (the harn mcp login CLI, and the ACP mcp/authorize / mcp/oauth_callback requests) drives. It builds the authorization URL, exchanges the authorization code, refreshes tokens (single-flight, with a cross-process advisory lock), and stores them in the OS keyring. No client ever speaks OAuth directly: token exchange and storage stay in harn.

mcp_presets

Canonical catalog of well-known MCP server presets (harn#2650).

mcp_progress

MCP notifications/progress plumbing — server-to-client progress updates emitted from a long-running tool handler.

mcp_protocol

Shared MCP protocol-version and feature-gap helpers.

mcp_registry

Process-local MCP server registry for lazy boot + skill-scoped binding (harn#75).

mcp_sampling

MCP sampling/createMessage plumbing — server-to-client LLM sampling.

mcp_server

MCP server mode: expose Harn tools, resources, resource templates, and prompts as MCP capabilities over stdio.

metadata

Project metadata store for Harn’s runtime state root.

module_artifact

Serializable shape of a compiled .harn module — the unit the on-disk module cache stores.

observability

orchestration

personas

process_sandbox

Public re-exports of the platform-specific process sandbox primitives.

profile

Categorical profile rollup over completed crate::tracing::Spans.

provenance

provider_catalog

Generated provider/model catalog artifact support.

receipts

record_filter

redact

Unified redaction policy for persisted and rendered operational data.

run_events

Run-event sink: an in-process bus the CLI installs to capture every observable side effect of a harn run invocation as a single ordered stream.

runtime_context

runtime_limits

Central runtime ceilings for VM execution and stdlib resource guards.

runtime_paths

schema

secrets

security

Prompt-injection defense substrate (defense Layers 0/1).

session_bundle

Canonical session bundle export/import support.

session_timeline

Session timeline projection for client-facing observability.

sessions

shells

skills

Filesystem-and-host skill discovery for Harn.

stdlib

Standard library builtins for the Harn VM.

stdlib_modules

step_runtime

Per-step runtime state for @step-annotated persona functions.

store

Persistent key-value store backed by Harn’s runtime state root.

tenant

testbench

Testbench: hermetic-execution composition primitive.

tool_annotations

Tool annotations — the single source of truth for tool semantics.

tool_call_cancellations

Per-tool-call cancellation registry.

tool_surface

Validation for coherent tool surfaces before an agent spends model tokens.

tracing

Pipeline Observability: structured tracing spans with parent/child relationships.

triggers

trust_graph

typecheck

Runtime type & arity validation, shared between user-defined function calls and registry-known builtin calls.

user_dirs

Portable resolution of the current user’s home directory.

value

visible_text

waitpoints

workspace_anchor

Typed workspace anchor primitives for first-class sessions.

workspace_path

Structs

ApprovalRequest

AsyncBuiltinCtx

Explicit handle to the parent VM’s execution context for the duration of one async-builtin call. Threaded into every async builtin by the dispatch loop (and the #[harn_builtin] macro), so context can no longer be “lost across a spawn boundary”: a handler that needs VM access receives or clones this handle deliberately instead of reading ambient state.

BuiltinId

Compact, deterministic identifier for a builtin name.

CachedChunk

Serializable snapshot of a Chunk suitable for the on-disk bytecode cache and for in-memory stdlib artifact caches. Inline-cache state is dropped at freeze time because it warms at runtime per VM isolate; the rest of the chunk round-trips byte-identically.

CachedCompiledFunction

Chunk

A compiled chunk of bytecode.

CompileError

Compile error.

CompiledFunction

A compiled function (closure body).

Compiler

Compiles an AST into bytecode.

CompilerOptions

Controls semantic-preserving compiler optimizations.

DebugState

Information about current execution state for the debugger.

HitlHostResponse

LocalSlotInfo

Debug metadata for a slot-indexed local in a compiled chunk.

ParamSlot

One parameter slot of a compiled user-defined function. Carries the declared name, the (optional) declared type expression, and a flag for whether a default value was provided. The runtime consults the type expression in bind_param_slots to enforce declared types against the values supplied at the call site.

TriggerPredicateBudget

Vm

The Harn bytecode virtual machine.

VmBaseline

Reusable VM baseline for hosts that need many clean executions with the same stable builtin/source setup.

VmBuiltinMetadata

Discoverable metadata for a VM builtin.

Enums

Constant

A constant value in the constant pool.

DebugAction

Debug action returned by the debug hook.

Op

Bytecode opcodes for the Harn VM. The enum, the byte-to-variant mapping, the sync and async dispatch tables, the disassembly renderer, and the per-opcode classification helpers are all emitted by harn_opcode_macros::define_opcodes! in [crate::vm::ops]. Re-exported here so callers that import crate::chunk::Op need no awareness of the macro layout. Bytecode opcodes for the Harn VM. Defined by define_opcodes!; the u8 representation is the on-disk bytecode encoding.

VmBuiltinArity

Lightweight arity metadata for registered builtins.

VmBuiltinKind

Runtime kind for a registered VM builtin.

Constants

HARN_DISABLE_OPTIMIZATIONS_ENV

Environment variable that disables optional compiler optimizations.

HITL_APPROVALS_TOPIC

HITL_DUAL_CONTROL_TOPIC

HITL_ESCALATIONS_TOPIC

HITL_QUESTIONS_TOPIC

WAITPOINT_RESUME_TOPIC

Functions

append_hitl_response

compile_source

Lex, parse, type-check, and compile source to bytecode in one call. Bails on the first type error. For callers that need diagnostics rather than early exit, use harn_parser::check_source directly and then call Compiler::new().compile(&program).

compile_source_named

Same as compile_source but compiles a specific named pipeline as the program entry point instead of the default-pipeline-or-first selection rule. Returns a runtime error when no pipeline with pipeline_name exists in the source.

install_obs_default_backend

Replace the active observability backend with a single named backend. Callers pass values like "pretty_stdout", "pretty_stderr", or "otel" — anything [normalize_backend] accepts. Errors when the kind is unknown so the CLI can surface a typo before the server boots.

json_schema_for_type_expr

json_schema_for_typed_params

process_waitpoint_resume_event

register_http_builtins

Register HTTP builtins on a VM.

reset_http_state

Reset thread-local HTTP mock state. Call between test runs.

reset_thread_local_state

Reset all thread-local state that can leak between test runs.

resolve_module_import_path

service_waitpoints_once

set_stdout_passthrough

Enable or disable direct stdout writes for CLI-style runs.

take_stderr_buffer

Drain and return the buffered stderr output. The CLI flushes this to the real stderr at the end of execution.

Type Aliases

ChunkRef

CompiledFunctionRef