Crate tsafe_core 

Modules

age_crypto

age encryption wrappers for team vault use.

agent

Agent protocol — shared types used by both the daemon (tsafe-agent) and the client (tsafe-cli open_vault_via_agent).

audit

Append-only structured audit logging for vault operations.

audit_explain

Plaintext-free audit explanation projections.

baseline_contracts

compliance_narrative

Compliance narrative format for exec audit explanation.

contracts

Authority contracts — named, reusable runtime authority definitions.

crypto

Low-level cryptography primitives for tsafe.

deny_reason

Explicit deny reason codes for auditable exec policy enforcement.

env

Environment variable formatting and injection utilities.

errors

Error types for tsafe-core.

events

CloudEvents 1.0 projection layer for tsafe.

gen

Cryptographically secure random secret generation.

health

Structured health data model for the doctor substrate.

keyring_store

OS credential store for vault passwords (biometric / keyring unlock).

lifecycle

Shared audit/event lifecycle classification.

migrate

Safe schema upgrade path for vault files.

namespace_bulk

Bulk copy/move all vault keys under a namespace prefix (FROM/ → TO/).

profile

Profile management — path resolution, validation, and global config.

pullconfig

Pull configuration — parsing .tsafe.yml / .tsafe.json repo manifests.

pushconfig

Push configuration — parsing .tsafe.yml / .tsafe.json repo manifests.

rbac

RBAC access profiles for runtime authority.

snapshot

Local snapshot management — keeps the last N vault file copies so secrets are never permanently lost due to corruption or accidental deletion.

sync

Three-way vault merge for concurrent edit reconciliation.

team

Team vault — age-encrypted shared secret store for multi-user environments.

totp

TOTP (Time-based One-Time Password) — RFC 6238 code generation and secret management.

update

Optional self-update check against a ProGet Universal Package feed.

vault

Encrypted vault read/write — the core data layer.