Skip to main content

Crate kintsugi_daemon

Crate kintsugi_daemon 

Source
Expand description

Kintsugi resident daemon library.

Long-lived process that owns the event log and runs the decision loop. The interception layer connects over a local socket, sends a ProposedCommand, and blocks on the returned Verdict.

In Phase 0 the daemon is a pure recorder: it logs every proposal and allows it. The Tier-1 rule engine (Phase 1) plugs into Daemon::decide without changing the IPC or logging paths.

Re-exports§

pub use ipc::Client;
pub use ipc::Observation;
pub use ipc::Resolution;
pub use ipc::Server;

Modules§

ipc
Local IPC transport between interception and the daemon.
watch
Filesystem-watcher backstop.

Structs§

Daemon
The resident decision loop: owns the event log, the warm scorer, classifies, records.

Constants§

FAIL_CLOSED_FILE
The fail-closed marker file name, alongside the event-log database.
KILL_SWITCH_FILE
The kill-switch flag file name, alongside the event-log database.
VERSION

Functions§

default_db_path
Resolve the event-log database path. Override with KINTSUGI_DB (handy in tests).
fail_closed_marker_path
Path to the fail-closed marker (alongside the default event log). Its mere existence is the signal — the content is irrelevant. The interception layer (shim/hook/MCP) reads it without the daemon, so that killing the daemon can’t be used to open the gate: with the marker present, an unreachable daemon means block, not run unguarded.
is_fail_closed_marked
Whether the admin-set fail-closed marker is present. Cheap, daemon-free, and callable from the interception fast path. In the locked posture the marker is owned by the privileged account (root / a dedicated kintsugi user), so an audited non-root agent cannot remove it to re-open the gate.
kill_switch_path
Path to the panic kill-switch flag (alongside the default event log).
load_policy
Load and merge the effective policy for a command’s working directory: global defaults (config dir) overridden by the repo’s .kintsugi.toml.
pid_file_path
Path to the daemon’s PID file (next to the event log).
repo_key
Identify the “repo” a command runs in: the nearest ancestor containing a .git directory, else the working directory itself.
run
Run the daemon: open the default log, bind the socket, serve forever.
set_fail_closed_marker
Create or remove the fail-closed marker to match on. Best-effort, atomic create; called by the admin flow when the locked fail_closed setting changes so the posture survives a daemon restart and a kill.