Stream, TLS and SASL utils for Pimalaya
Warning
This crate is published for internal Pimalaya usage. Its API is intentionally minimal, follows the needs of the io- protocol crates and may change without notice. It is not intended as a general-purpose stream/TLS/SASL library.
- Blocking stream: one handle wrapping a TCP socket, a Unix-domain socket or a TLS session, with the plain-to-TLS upgrade STARTTLS flows need (requires
stdfeature). - TLS support:
- Rustls with ring crypto (requires
rustls-ringfeature, enabled by default) - Rustls with aws crypto (requires
rustls-awsfeature) - Native TLS (requires
native-tlsfeature)
- Rustls with ring crypto (requires
- SASL credentials: shared configuration for the mechanisms the protocol crates implement (ANONYMOUS, LOGIN, PLAIN, OAUTHBEARER, XOAUTH2, SCRAM-SHA-256).
Tip
pimalaya-stream is written in Rust and uses cargo features to gate TLS providers. The default feature set is declared in Cargo.toml or on docs.rs.
The whole API is documented on docs.rs; the io- protocol crates are its real-world consumers.
This project is developed with AI assistance. This section documents how, so users and downstream packagers can make informed decisions.
- Tools: Claude Code (Anthropic), invoked locally with a persistent project-scoped memory and a small set of repo-specific rules.
- Used for: Refactors, mechanical multi-file edits, boilerplate (feature gates, error enums, derive macros, trait impls), test scaffolding, doc polish, exploratory design conversations.
- Not used for: Engineering, critical code, git manipulation (commit, merge, rebase…), real-world tests.
- Verification: Every AI-assisted change is read, compiled, tested, and formatted before commit. Behavioural correctness is verified against the relevant RFC or upstream spec, not assumed from the model output. Tests are never adjusted to fit AI-generated code; the code is adjusted to fit correct behaviour.
- Limitations: AI models occasionally produce code that compiles and passes tests but is subtly wrong. The verification workflow catches most of this; it does not catch all of it. Bug reports are welcome and taken seriously.
- Last reviewed: 15/07/2026
This project is dual-licensed under either of:
at your option.
- Chat on Matrix
- News on Mastodon or RSS
- Mail at pimalaya.org@posteo.net
Contributions are welcome: start with CONTRIBUTING.md, which opens with the Pimalaya-wide guides to read first.
Special thanks to the NLnet foundation and the European Commission that have been financially supporting the project for years:
- 2022 → 2023: NGI Assure
- 2023 → 2024: NGI Zero Entrust
- 2024 → 2026: NGI Zero Core
- 2027 in preparation…
If you appreciate the project, feel free to donate using one of the following providers:
