Typed, attested, Rust-native Kubernetes runtime. The engine that runs the land (terreno). Pillar 7 runtime half; sibling to magma. Spec: theory/ENGENHO.md.
engenho-controllers — the engenho K8s controller suite. Hosts the Controller trait + canonical implementations: ReplicaSetController (R9), DeploymentController (R9.5), ServiceController (R9.6), GC (R9.7). Each is a thin reconcile loop on engenho-store. Same shape as engenho-scheduler — the second-site for the controller pattern.
engenho-apiserver — HTTP K8s API wrapping engenho-store. Translates kubectl REST operations into typed ResourceCommand proposals via the distributed substrate. Layer R7 of the engenho K8s base layer.
engenho-scheduler — the first real K8s controller on the engenho substrate. Reconciles pending Pods (no spec.nodeName) by picking a Node via a pluggable SchedulingStrategy trait + patching the Pod through StoreMesh. R8 of the engenho K8s base layer.
engenho's K8s resource store — etcd-equivalent backed by openraft. Separate Raft group from engenho-revoada (which commits role assignments); this commits K8s resource CRUD. Layer of the Pillar 7 runtime that engenho-apiserver wraps to serve the K8s API surface.
engenho-config — the top-level shikumi-back typed configuration surface for the whole engenho substrate. EngenhoConfig owns cluster + revoada + teia + scheduler + controllers + consistency sub-structs; each provides shikumi::TieredConfig with reasonable prescribed_default()s so 90% of operators get a working substrate from cargo run.
engenho-substrate — shared helpers extracted to the third-site rule. atomic_write (fsync-anchored tmp+rename), magic-headered blob encoding, file-format versioning. The substrate building blocks that compose under engenho-store::persistence, kasou's machine-identifier, and tend's daemon state.
engenho-teia — the NATS fabric layer for engenho. Carries Raft RPC, watch streams, content sync, attestation receipts, and observability events across one typed transport. See docs/FABRIC.md.
Typed Kubernetes resource catalog for engenho. Generated from upstream OpenAPI v3 via forge-gen (Pillar 12 — generation over composition). One #[derive(KubeResource, TataraDomain)] per kind; no hand-authored types per the engenho prime directive.
Reqwest-backed implementation of engenho-types' KubeClient + Watcher traits. Speaks the upstream Kubernetes REST API over HTTPS with rustls + the four standard auth methods (anonymous, bearer token, client cert, exec plugin).
OpenAPI v3 → typed Rust source generator for engenho-types. Reads BLAKE3-attested vendored K8s schemas + emits one Rust struct per kind with `impl KubeResource`. Per theory/ENGENHO.md §IV — generation over composition (Pillar 12).
engenho-kubelet — the missing piece between 'Pod object in the store' and 'container running on host'. Per-node controller that watches Pods bound to its node + materializes containers via a pluggable ContainerRuntime backend (PodmanBackend / CriBackend / RunwasiBackend / FakeBackend for tests).