Expand description
Koi composition layer — the single place that constructs domain cores, installs the cross-domain integration bridges, runs the container orchestrator, assembles capability status, and tears everything down in order.
Three consumers share it: the koi daemon (daemon_mode), the Windows service
(run_service), and koi-embedded. Building the composition once makes Windows and
embedded parity true by construction — the verified koi install defect (a weaker
Windows daemon missing the orchestrator + certmesh background loops) cannot recur,
because all three call the same code.
This is a composition crate, not a domain crate: it depends on every domain it
wires. Nothing depends on it except the top-level consumers, so the koi-common
kernel and the domain crates keep clean dependency closures.
Modules§
- announce
- Per-host mDNS announce records (
_http._tcpself-announcement with the ADR-020 trust stamp,_mcp._tcptransport descriptor) shared by the daemon, the Windows service, and embedded so the stamp is present by construction on every boot path. Per-host mDNS announce records, built once and shared by every boot path. - bridges
- The cross-domain integration-trait bridges (moved from the binary’s
integrations.rs). Bridge implementations that wrap domain cores and implement the cross-domain integration traits fromkoi_common::integration. - certmesh
- Certmesh role-driven background loops + the enrollment-approval pump (moved from the
binary’s
main.rs). Shared so Windows-service and embedded daemons reach parity. Certmesh background orchestration — the member-pull renewal loop plus the enrollment-approval pump. - cores
- Daemon core composition:
build_cores(the one core+bridge construction graph the daemon and the Windows service share),init_certmesh_core, andordered_shutdown. Daemon core composition — the single place that constructs every domain core, wires the cross-domain integration bridges between them, spawns the domain background tasks (orchestrator + certmesh role loops), and tears it all down in order. - orchestrator
- The container-runtime orchestrator: translates runtime lifecycle events into
mDNS/DNS/health/proxy operations (moved from the binary’s
orchestrator.rs). Shared so Windows-service and embedded daemons can spawn it too. Runtime lifecycle orchestrator. - self_
announce - The posture-reactive self-announce supervisor: keeps the
_http._tcpposture stamp current across Open↔Authenticated flips and owns the_mcp._tcplifecycle. Spawned identically by all three boot paths (mirrors the trust-plane’s_certmesh._tcpreactivity). Posture-reactive self-announce supervisor for this host’s own service records. - snapshot
- The rich dashboard snapshot (
build_dashboard_snapshot) — the one detail projection of the live cores shared by the daemon’s dashboard adapter and the embedded snapshot. The rich dashboard snapshot — the one detail projection of the live domain cores. - status
- Unified capability-status assembly (
assemble_capabilities) — the single capability ladder shared by/v1/status, the dashboard snapshot, and the embedded snapshot. Unified capability-status assembly — the one capability ladder that the daemon’s/v1/status, the dashboard snapshot, and the embedded snapshot all share.