Expand description
Kintsugi core library.
Houses the pieces that must never have surprising I/O side effects: the shared event types exchanged between interception and the daemon, the deterministic rule engine, policy and decision memory, and the append-only hash-chained event log.
Security spine (see CLAUDE.md): rules block, the model only explains. Nothing
in this crate ever lets a model downgrade a rule-based block.
Re-exports§
pub use log::ChainStatus;pub use log::EventLog;pub use log::Filter;pub use log::LogError;pub use log::LoggedEvent;pub use log::PendingItem;pub use log::GENESIS_HASH;pub use memory::command_hash;pub use policy::adjust_for_policy;pub use policy::Policy;pub use policy::PolicyAction;pub use rules::classify;pub use rules::classify_and_decide;pub use rules::classify_line;pub use rules::decide;pub use rules::RuleMatch;pub use snapshot::capture as capture_snapshot;pub use snapshot::restore as restore_snapshot;pub use snapshot::Manifest;pub use types::Class;pub use types::Decision;pub use types::Mode;pub use types::ProposedCommand;pub use types::Verdict;
Modules§
- admin
- Admin-locked, password-protected, encrypted settings (the crypto core).
- log
- Append-only, hash-chained event log (SQLite).
- memory
- Decision-memory helpers.
- parse
- Shell AST front-end for the classifier (pure-Rust, via
brush-parser). - policy
- Project and global policy (
.kintsugi.toml). - redact
- Command-line secret redaction.
- rules
- Tier-1 deterministic rule engine.
- shell
- A small, dependency-free shell tokenizer.
- snapshot
- Snapshots for reversibility (“nothing is unrecoverable”).
- types
- Shared event types exchanged between the interception layer and the daemon.