Every request now opens the camera, grabs fresh frames, conditions them
with SHA-256, and returns. No pool, no background harvester, no buffered
data. Camera not available = immediate error.
- Delete src/entropy/pool/ (ring buffer, harvester, subscriber channels)
- Add src/entropy/live.rs (extract_entropy, fill_entropy, stream_entropy)
- Health endpoint now tests live camera reachability instead of pool stats
- /stream opens a dedicated camera session per connection
- Remove rand/rand_chacha dependencies (only used by removed CSPRNG)
- Include monotonic nonce + timestamp in SHA-256 conditioning to guarantee
unique output even on rapid back-to-back calls
Co-authored-by: Cursor <cursoragent@cursor.com>
- Replace all Mutex::lock().unwrap() with lock_or_recover() that recovers
from poisoned mutexes instead of panicking (cascading failure prevention)
- Wrap harvester loop in catch_unwind with a supervisor thread that
automatically restarts on panic (requires panic=unwind in release profile)
- Add exponential backoff with jitter for camera reconnection (2s base,
60s cap) instead of fixed 10s intervals
- Enforce frame deadline: frames exceeding FRAME_TIMEOUT are treated as
errors rather than just logged
- Add graceful shutdown via SIGINT/SIGTERM with axum's
with_graceful_shutdown
- Track harvester restart count via AtomicU64 for diagnostics
- Extract docs/MCP handlers into src/docs_handlers.rs to keep main.rs
under 400 lines
- Change release profile from panic=abort to panic=unwind so
catch_unwind actually works in production
- Add tokio signal feature for shutdown handling
Co-authored-by: Cursor <cursoragent@cursor.com>
Leopere