Crate gestura_core_security

Crate gestura_core_security 

Source
Expand description

Security primitives, secure storage, sandboxing, and privacy helpers.

gestura-core-security owns the core security-related functionality for the workspace. It combines secret storage, optional encryption, execution sandboxing, and GDPR-focused data handling into a single domain crate.

§Responsibilities

  • secure storage abstraction with OS-keychain and mock implementations
  • AES-256-GCM encryption helpers behind the security feature
  • secret-provider integration for runtime config and provider credentials
  • sandbox configuration and isolation primitives
  • GDPR support such as export, deletion, consent, and audit-oriented helpers

§Security model

The workspace follows a default-deny posture for dangerous behavior. This crate does not implement the full tool-permission system itself, but it provides the lower-level building blocks used by higher-level orchestration:

  • secure secret storage instead of plaintext where possible
  • explicit sandbox boundaries for untrusted execution
  • typed privacy and token models used across protocol and tool flows

§Feature-gated behavior

  • security: enables AES-256-GCM encryption and OS keychain integration

When the security feature is unavailable or keychain access is disabled, the crate can fall back to mock/in-memory behavior that keeps tests and reduced environments usable without pretending secrets are durably protected.

§Stable import paths

Most application code should import through the facade paths exposed by gestura-core, such as:

  • gestura_core::security::*
  • gestura_core::gdpr::*
  • gestura_core::sandbox::*

Re-exports§

pub use secrets::SecureStorageSecretProvider;
pub use storage::MockSecureStorage;
pub use storage::SecureStorage;
pub use storage::SecureStorageError;
pub use encryption::Encryptor;
pub use encryption::SecureConfigManager;
pub use storage::KeychainStorage;
pub use gdpr::*;
pub use sandbox::*;

Modules§

encryption
Encryption utilities for local data protection
gdpr
GDPR compliance features for Gestura.app Provides data export, deletion, consent management, and audit trails
sandbox
Agent sandboxing and isolation utilities
secrets
Secret (API key) retrieval backed by secure storage.
storage
Secure storage implementations for secrets management

Structs§

McpToken
Token for MCP authentication

Functions§

create_secure_storage
Create the appropriate secure storage implementation based on features.
keychain_access_disabled
Check if keychain access is disabled via environment variables