Expand description
Core runtime for tsafe.
tsafe-core owns encrypted vault storage, authority contracts, audit
records, deny reasons, and Agent Authority Firewall data types. It is the
shared layer used by safe command execution (tsafe exec) and by bound MCP
server instances that run through a fixed profile, contract, and workdir.
Current Agent Authority Firewall support is deliberately local and contract-first:
contractsparses named authority contracts, trust posture, allowed targets, and no-secret diagnostic contract shapes.authoritydefines model-safe decisions, refusal payloads, metadata, and receipts for bound MCP command authority.deny_reasoncarries stable denial categories for execution and diagnostic surfaces.
This crate does not expose an MCP server. Use tsafe-cli or tsafe-mcp
when you need the tsafe mcp serve --profile <profile> --contract <contract> --workdir <repo> normal form.
§Algol-merged surface (Phase 1)
Two algol-derived modules live alongside the existing surface:
attest_contract— per-run env-injection contract (AttestContract), distinct fromcontracts::AuthorityContract(vault-policy semantics); the two have zero field overlap and represent different abstractions.run_evidence— typed-evidence artifact for an attested command run, including parent-vs-child env diff with per-var SHA-256 hashes.
See ecosystem-catalog/docs/adr/draft-algol-into-tsafe-merge.md for the
merge rationale; modules carry full provenance + relicense notes at the
top of each file.
Modules§
- age_
crypto - age encryption wrappers for team vault use.
- agent
- Agent protocol — shared types used by both the daemon (tsafe-agent)
and the client (tsafe-cli
open_vault_via_agent). - attest_
contract - Attestation contract — algol-merged, env-injection-shaped policy.
- audit
- Append-only structured audit logging for vault operations.
- audit_
explain - Plaintext-free audit explanation projections.
- authority
- baseline_
contracts - compliance_
narrative - Compliance narrative format for exec audit explanation.
- contracts
- Authority contracts — named, reusable runtime authority definitions.
- crypto
- Low-level cryptography primitives for tsafe.
- deny_
reason - Explicit deny reason codes for auditable exec policy enforcement.
- env
- Environment variable formatting and injection utilities.
- errors
- Error types for tsafe-core.
- events
- CloudEvents 1.0 projection layer for tsafe.
- fsperm
- Small helpers for writing files with restrictive (owner-only) permissions.
- gen
- Cryptographically secure random secret generation.
- health
- Structured health data model for the
doctorsubstrate. - keyring_
store - OS credential store for vault passwords (biometric / keyring unlock).
- lifecycle
- Shared audit/event lifecycle classification.
- migrate
- Safe schema upgrade path for vault files.
- namespace_
bulk - Bulk copy/move all vault keys under a namespace prefix (
FROM/→TO/). - profile
- Profile management — path resolution, validation, and global config.
- pullconfig
- Pull configuration — parsing
.tsafe.yml/.tsafe.jsonrepo manifests. - pushconfig
- Push configuration — parsing
.tsafe.yml/.tsafe.jsonrepo manifests. - rbac
- RBAC access profiles for runtime authority.
- run_
evidence - Run evidence — typed-evidence artifact for a single command execution.
- sign
- Ed25519 signing of
RunEvidenceartifacts — Phase 5 of the algol→tsafe migration. - snapshot
- Local snapshot management — keeps the last N vault file copies so secrets are never permanently lost due to corruption or accidental deletion.
- sync
- Three-way vault merge for concurrent edit reconciliation.
- team
- Team vault — age-encrypted shared secret store for multi-user environments.
- tooling_
inventory - Repo-local secret inventory for agent-facing tooling.
- totp
- TOTP (Time-based One-Time Password) — RFC 6238 code generation and secret management.
- trust_
store - Pinned-pubkey trust store for
RunEvidencesignature verification — closes the Phase 5 TOFU gap. - update
- Optional self-update check against a ProGet Universal Package feed.
- vault
- Encrypted vault read/write — the core data layer.