Module engine 

Multi-volume engine assembly.

Owns one VolumeIndex per NTFS volume, drives initial scans and USN tailing threads, and answers queries with a k-way-merged, sort-ordered result set (docs/ARCHITECTURE.md). This is the layer the FFI exposes 1:1 — and the layer a v2 service would host.

Modules

results 🔒

seams 🔒

The engine’s only two OS-effect seams (ADR-0018 — this is the hard cap, do not add a third): snapshot persistence and the USN journal session. They exist so the volume worker’s failure paths (corrupt snapshot, journal-gone, failed saves, stat-fetch storms) replay in unprivileged, deterministic tests (worker_tests.rs). The Windows implementations are thin wrappers over the exact calls the worker made before the seam was introduced — behavior-identical by construction.

search 🔒

volume 🔒

Per-volume state: the slot the engine and the worker thread share (VolumeSlot), the index install rule, the journal checkpoint, and the snapshot save helper. The thread that drives the flow lives in worker.rs; the OS-effect seams it runs against live in seams.rs.

watch 🔒

Scope-mode change source (ADR-0024), the JournalSource second implementation that pairs with the folder-walk scanner.

worker 🔒

The volume worker: the thread that drives one volume through restore-or-scan → Ready → USN tailing → (journal-gone) rescan, forever. volume.rs is the state’s home (VolumeSlot, checkpoint, save helper); this file is the flow’s home. Decisions are pure functions; effects (counters, logs, events, installs, saves) stay in the loop, keyed off the decisions — that split is what lets worker_tests.rs replay the failure paths deterministically without elevation (ADR-0018, S4b).

Structs

Engine

The multi-volume engine: owns one index per NTFS volume, drives scans and USN tailing, and answers queries. Holds the single-writer lock for its whole lifetime.

EngineConfig

Engine startup configuration.

ResultSet

Materialized, sort-ordered result. Pages are O(1) slices; reads stay valid across content mutations and fail with Stale only after a structural change (compaction/rescan).

Row

One row handed across the FFI: everything the UI list needs.

Enums

EngineCreateError

Why Engine::new refused to start. Locked is the cross-process arm of the single-writer invariant (FFI: FMF_E_LOCKED, docs/ARCHITECTURE.md Pipe protocol §single-writer exclusion).

EngineError

A failure answering a query (parse, compile, or a stale result set).

EngineEvent

Asynchronous notification a volume emits to the event sink during scanning and tailing (mapped 1:1 to a contract POD by EngineEvent::to_wire).

VolumeState

Lifecycle state of a volume’s index (FmfVolumeStatus.state).

Type Aliases

EventSink

Callback the engine invokes (from any thread) to deliver an EngineEvent.