Crates
NixFleet’s Rust workspace consists of 9 crates with clear separation of concerns. Each file in this directory is a one-screen mental model for one crate; for type signatures and method-level detail, follow the rustdoc link.
| Crate | One-line summary |
|---|---|
| nixfleet-proto | Wire types: Serde-derived schema for every artefact and HTTP body. |
| nixfleet-canonicalize | JCS canonical JSON for signing - lean deps, no async runtime. |
| nixfleet-verify-artifact | Offline auditor: verifies signed artefacts against trust roots. |
| nixfleet-state-machine | Pure per-host reducer (RFC-0005 §3); same code on agent + CP. |
| nixfleet-reconciler | Pure decision procedure: reconcile, verify_artifact, planner gates. |
| nixfleet-release | CI release tool: signs fleet.resolved.json + revocations sidecar. |
| nixfleet-cli | Operator umbrella binary (nixfleet subcommands). |
| nixfleet-agent | Host daemon: polls CP, fetches/applies closures, reports back. |
| nixfleet-control-plane | Axum HTTP service + SQLite; routes signed intent to agents. |