diff --git a/libraries/droplet/.envrc b/libraries/droplet/.envrc
new file mode 100644
index 00000000..3550a30f
--- /dev/null
+++ b/libraries/droplet/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/libraries/droplet/.github/workflows/test.yml b/libraries/droplet/.github/workflows/test.yml
new file mode 100644
index 00000000..02c5c64c
--- /dev/null
+++ b/libraries/droplet/.github/workflows/test.yml
@@ -0,0 +1,53 @@
+name: Rust CI
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  ci:
+    name: Build, Test, Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 3 # fix for when this gets triggered by tag
+          fetch-tags: true
+          ref: ${{ github.ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@nightly
+        with:
+          components: rustfmt, clippy
+
+      - name: Cache cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Install libarchive
+        run: |
+          sudo apt-get install libarchive-dev -y
+        
+
+      - name: Check formatting
+        run: cargo fmt --all -- --check
+
+      - name: Run Clippy (lint)
+        run: cargo clippy --all-targets --all-features -- -D warnings
+
+      - name: Run tests
+        run: cargo test --all-features --all --verbose
\ No newline at end of file
diff --git a/libraries/droplet/.gitignore b/libraries/droplet/.gitignore
new file mode 100644
index 00000000..340991a0
--- /dev/null
+++ b/libraries/droplet/.gitignore
@@ -0,0 +1,27 @@
+# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+# MSVC Windows builds of rustc generate these, which store debugging information
+*.pdb
+
+# RustRover
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Added by cargo
+
+/target
+
+perf.data
+flamegraph.svg
+*.json
+
+.direnv
\ No newline at end of file
diff --git a/libraries/droplet/.gitmodules b/libraries/droplet/.gitmodules
new file mode 100644
index 00000000..d471795d
--- /dev/null
+++ b/libraries/droplet/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "libarchive-rust"]
+	path = libarchive-rust
+	url = https://github.com/Drop-OSS/libarchive-rust.git
diff --git a/libraries/droplet/Cargo.lock b/libraries/droplet/Cargo.lock
new file mode 100644
index 00000000..2a1665cf
--- /dev/null
+++ b/libraries/droplet/Cargo.lock
@@ -0,0 +1,1243 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "addr2line"
+version = "0.25.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b"
+dependencies = [
+ "gimli",
+]
+
+[[package]]
+name = "adler2"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"
+
+[[package]]
+name = "anyhow"
+version = "1.0.100"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
+
+[[package]]
+name = "asn1-rs"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5493c3bedbacf7fd7382c6346bbd66687d12bbaad3a89a2d2c303ee6cf20b048"
+dependencies = [
+ "asn1-rs-derive 0.5.1",
+ "asn1-rs-impl",
+ "displaydoc",
+ "nom",
+ "num-traits",
+ "rusticata-macros",
+ "thiserror 1.0.69",
+ "time",
+]
+
+[[package]]
+name = "asn1-rs"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56624a96882bb8c26d61312ae18cb45868e5a9992ea73c58e45c3101e56a1e60"
+dependencies = [
+ "asn1-rs-derive 0.6.0",
+ "asn1-rs-impl",
+ "displaydoc",
+ "nom",
+ "num-traits",
+ "rusticata-macros",
+ "thiserror 2.0.12",
+ "time",
+]
+
+[[package]]
+name = "asn1-rs-derive"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+ "synstructure 0.13.1",
+]
+
+[[package]]
+name = "asn1-rs-derive"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3109e49b1e4909e9db6515a30c633684d68cdeaa252f215214cb4fa1a5bfee2c"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+ "synstructure 0.13.1",
+]
+
+[[package]]
+name = "asn1-rs-impl"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "async-trait"
+version = "0.1.89"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "autocfg"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
+
+[[package]]
+name = "backtrace"
+version = "0.3.76"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6"
+dependencies = [
+ "addr2line",
+ "cfg-if",
+ "libc",
+ "miniz_oxide",
+ "object",
+ "rustc-demangle",
+ "windows-link",
+]
+
+[[package]]
+name = "base64"
+version = "0.22.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
+
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "bumpalo"
+version = "3.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43"
+
+[[package]]
+name = "bytes"
+version = "1.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
+
+[[package]]
+name = "cc"
+version = "1.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fcb57c740ae1daf453ae85f16e37396f672b039e00d9d866e07ddb24e328e3a"
+dependencies = [
+ "shlex",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "data-encoding"
+version = "2.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "575f75dfd25738df5b91b8e43e14d44bda14637a58fae779fd2b064f8bf3e010"
+
+[[package]]
+name = "der-parser"
+version = "9.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5cd0a5c643689626bec213c4d8bd4d96acc8ffdb4ad4bb6bc16abf27d5f4b553"
+dependencies = [
+ "asn1-rs 0.6.2",
+ "displaydoc",
+ "nom",
+ "num-bigint",
+ "num-traits",
+ "rusticata-macros",
+]
+
+[[package]]
+name = "der-parser"
+version = "10.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07da5016415d5a3c4dd39b11ed26f915f52fc4e0dc197d87908bc916e51bc1a6"
+dependencies = [
+ "asn1-rs 0.7.1",
+ "displaydoc",
+ "nom",
+ "num-bigint",
+ "num-traits",
+ "rusticata-macros",
+]
+
+[[package]]
+name = "deranged"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28cfac68e08048ae1883171632c2aef3ebc555621ae56fbccce1cbf22dd7f058"
+dependencies = [
+ "powerfmt",
+]
+
+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+]
+
+[[package]]
+name = "displaydoc"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "droplet-rs"
+version = "0.16.3"
+dependencies = [
+ "anyhow",
+ "async-trait",
+ "dyn-clone",
+ "futures",
+ "getrandom 0.3.4",
+ "hex",
+ "humansize",
+ "libarchive-drop",
+ "rcgen",
+ "ring",
+ "serde",
+ "serde_json",
+ "sha2",
+ "speedometer",
+ "test-generator",
+ "time",
+ "tokio",
+ "uuid",
+ "x509-parser 0.17.0",
+]
+
+[[package]]
+name = "dyn-clone"
+version = "1.0.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555"
+
+[[package]]
+name = "failure"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86"
+dependencies = [
+ "backtrace",
+ "failure_derive",
+]
+
+[[package]]
+name = "failure_derive"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 1.0.109",
+ "synstructure 0.12.6",
+]
+
+[[package]]
+name = "futures"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-executor",
+ "futures-io",
+ "futures-sink",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-channel"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+]
+
+[[package]]
+name = "futures-core"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
+
+[[package]]
+name = "futures-executor"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"
+dependencies = [
+ "futures-core",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-io"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
+
+[[package]]
+name = "futures-macro"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "futures-sink"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"
+
+[[package]]
+name = "futures-task"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"
+
+[[package]]
+name = "futures-util"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-io",
+ "futures-macro",
+ "futures-sink",
+ "futures-task",
+ "memchr",
+ "pin-project-lite",
+ "pin-utils",
+ "slab",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "r-efi",
+ "wasip2",
+]
+
+[[package]]
+name = "gimli"
+version = "0.32.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"
+
+[[package]]
+name = "glob"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
+
+[[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
+[[package]]
+name = "humansize"
+version = "2.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6cb51c9a029ddc91b07a787f1d86b53ccfa49b0e86688c946ebe8d3555685dd7"
+dependencies = [
+ "libm",
+]
+
+[[package]]
+name = "itoa"
+version = "1.0.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
+
+[[package]]
+name = "js-sys"
+version = "0.3.83"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "464a3709c7f55f1f721e5389aa6ea4e3bc6aba669353300af094b29ffbdde1d8"
+dependencies = [
+ "once_cell",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+
+[[package]]
+name = "libarchive-drop"
+version = "0.1.1"
+dependencies = [
+ "libarchive3-sys",
+ "libc",
+]
+
+[[package]]
+name = "libarchive3-sys"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3cd3beae8f59a4c7a806523269b5392037577c150446e88d684dfa6de6031ca7"
+dependencies = [
+ "libc",
+ "pkg-config",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.182"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6800badb6cb2082ffd7b6a67e6125bb39f18782f793520caee8cb8846be06112"
+
+[[package]]
+name = "libm"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de"
+
+[[package]]
+name = "memchr"
+version = "2.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
+
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
+[[package]]
+name = "miniz_oxide"
+version = "0.8.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
+dependencies = [
+ "adler2",
+]
+
+[[package]]
+name = "mio"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69d83b0086dc8ecf3ce9ae2874b2d1290252e2a30720bea58a5c6639b0092873"
+dependencies = [
+ "libc",
+ "wasi",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "num-bigint"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
+dependencies = [
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-conv"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+
+[[package]]
+name = "num-integer"
+version = "0.1.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "object"
+version = "0.37.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "oid-registry"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8d8034d9489cdaf79228eb9f6a3b8d7bb32ba00d6645ebd48eef4077ceb5bd9"
+dependencies = [
+ "asn1-rs 0.6.2",
+]
+
+[[package]]
+name = "oid-registry"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "12f40cff3dde1b6087cc5d5f5d4d65712f34016a03ed60e9c08dcc392736b5b7"
+dependencies = [
+ "asn1-rs 0.7.1",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.21.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
+
+[[package]]
+name = "pem"
+version = "3.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38af38e8470ac9dee3ce1bae1af9c1671fffc44ddfd8bd1d0a3445bf349a8ef3"
+dependencies = [
+ "base64",
+ "serde",
+]
+
+[[package]]
+name = "pin-project-lite"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
+
+[[package]]
+name = "pin-utils"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
+
+[[package]]
+name = "pkg-config"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
+
+[[package]]
+name = "powerfmt"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
+
+[[package]]
+name = "proc-macro2"
+version = "0.4.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
+dependencies = [
+ "unicode-xid 0.1.0",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.94"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "0.6.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
+dependencies = [
+ "proc-macro2 0.4.30",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.40"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
+dependencies = [
+ "proc-macro2 1.0.94",
+]
+
+[[package]]
+name = "r-efi"
+version = "5.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
+
+[[package]]
+name = "rcgen"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75e669e5202259b5314d1ea5397316ad400819437857b90861765f24c4cf80a2"
+dependencies = [
+ "pem",
+ "ring",
+ "rustls-pki-types",
+ "time",
+ "x509-parser 0.16.0",
+ "yasna",
+]
+
+[[package]]
+name = "ring"
+version = "0.17.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom 0.2.15",
+ "libc",
+ "untrusted",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "rustc-demangle"
+version = "0.1.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b50b8869d9fc858ce7266cce0194bd74df58b9d0e3f6df3a9fc8eb470d95c09d"
+
+[[package]]
+name = "rusticata-macros"
+version = "4.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632"
+dependencies = [
+ "nom",
+]
+
+[[package]]
+name = "rustls-pki-types"
+version = "1.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c"
+
+[[package]]
+name = "rustversion"
+version = "1.0.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d"
+
+[[package]]
+name = "ryu"
+version = "1.0.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
+
+[[package]]
+name = "serde"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "serde_json"
+version = "1.0.145"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
+dependencies = [
+ "itoa",
+ "memchr",
+ "ryu",
+ "serde",
+ "serde_core",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
+[[package]]
+name = "signal-hook-registry"
+version = "1.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2a4719bff48cee6b39d12c020eeb490953ad2443b7055bd0b21fca26bd8c28b"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "slab"
+version = "0.4.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589"
+
+[[package]]
+name = "speedometer"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2789736092fa21b44baf8590acb4b360cb91f0f597bd6c1f1741ca9644c95c1e"
+dependencies = [
+ "failure",
+]
+
+[[package]]
+name = "syn"
+version = "0.15.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
+dependencies = [
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "unicode-xid 0.1.0",
+]
+
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "unicode-ident",
+]
+
+[[package]]
+name = "syn"
+version = "2.0.117"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "unicode-ident",
+]
+
+[[package]]
+name = "synstructure"
+version = "0.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 1.0.109",
+ "unicode-xid 0.2.6",
+]
+
+[[package]]
+name = "synstructure"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "test-generator"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b23be2add79223226e1cb6446cb3e37506a5927089870687a0f1149bb7a073a"
+dependencies = [
+ "glob",
+ "proc-macro2 0.4.30",
+ "quote 0.6.13",
+ "syn 0.15.44",
+]
+
+[[package]]
+name = "thiserror"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
+dependencies = [
+ "thiserror-impl 1.0.69",
+]
+
+[[package]]
+name = "thiserror"
+version = "2.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
+dependencies = [
+ "thiserror-impl 2.0.12",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "2.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "time"
+version = "0.3.41"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
+dependencies = [
+ "deranged",
+ "itoa",
+ "num-conv",
+ "powerfmt",
+ "serde",
+ "time-core",
+ "time-macros",
+]
+
+[[package]]
+name = "time-core"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
+
+[[package]]
+name = "time-macros"
+version = "0.2.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
+dependencies = [
+ "num-conv",
+ "time-core",
+]
+
+[[package]]
+name = "tokio"
+version = "1.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff360e02eab121e0bc37a2d3b4d4dc622e6eda3a8e5253d5435ecf5bd4c68408"
+dependencies = [
+ "bytes",
+ "libc",
+ "mio",
+ "pin-project-lite",
+ "signal-hook-registry",
+ "tokio-macros",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "tokio-macros"
+version = "2.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5"
+dependencies = [
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "typenum"
+version = "1.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
+
+[[package]]
+name = "unicode-xid"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+
+[[package]]
+name = "unicode-xid"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
+
+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
+[[package]]
+name = "uuid"
+version = "1.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2e054861b4bd027cd373e18e8d8d8e6548085000e41290d95ce0c373a654b4a"
+dependencies = [
+ "getrandom 0.3.4",
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
+[[package]]
+name = "wasi"
+version = "0.11.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+
+[[package]]
+name = "wasip2"
+version = "1.0.1+wasi-0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7"
+dependencies = [
+ "wit-bindgen",
+]
+
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.106"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0d759f433fa64a2d763d1340820e46e111a7a5ab75f993d1852d70b03dbb80fd"
+dependencies = [
+ "cfg-if",
+ "once_cell",
+ "rustversion",
+ "wasm-bindgen-macro",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.106"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48cb0d2638f8baedbc542ed444afc0644a29166f1595371af4fecf8ce1e7eeb3"
+dependencies = [
+ "quote 1.0.40",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.106"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cefb59d5cd5f92d9dcf80e4683949f15ca4b511f4ac0a6e14d4e1ac60c6ecd40"
+dependencies = [
+ "bumpalo",
+ "proc-macro2 1.0.94",
+ "quote 1.0.40",
+ "syn 2.0.117",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.106"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cbc538057e648b67f72a982e708d485b2efa771e1ac05fec311f9f63e5800db4"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
+[[package]]
+name = "windows-sys"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
+dependencies = [
+ "windows-targets",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.61.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
+dependencies = [
+ "windows-link",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
+dependencies = [
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_gnullvm",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
+
+[[package]]
+name = "wit-bindgen"
+version = "0.46.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59"
+
+[[package]]
+name = "x509-parser"
+version = "0.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fcbc162f30700d6f3f82a24bf7cc62ffe7caea42c0b2cba8bf7f3ae50cf51f69"
+dependencies = [
+ "asn1-rs 0.6.2",
+ "data-encoding",
+ "der-parser 9.0.0",
+ "lazy_static",
+ "nom",
+ "oid-registry 0.7.1",
+ "ring",
+ "rusticata-macros",
+ "thiserror 1.0.69",
+ "time",
+]
+
+[[package]]
+name = "x509-parser"
+version = "0.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4569f339c0c402346d4a75a9e39cf8dad310e287eef1ff56d4c68e5067f53460"
+dependencies = [
+ "asn1-rs 0.7.1",
+ "data-encoding",
+ "der-parser 10.0.0",
+ "lazy_static",
+ "nom",
+ "oid-registry 0.8.1",
+ "ring",
+ "rusticata-macros",
+ "thiserror 2.0.12",
+ "time",
+]
+
+[[package]]
+name = "yasna"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd"
+dependencies = [
+ "time",
+]
diff --git a/libraries/droplet/Cargo.toml b/libraries/droplet/Cargo.toml
new file mode 100644
index 00000000..5db83ec1
--- /dev/null
+++ b/libraries/droplet/Cargo.toml
@@ -0,0 +1,46 @@
+[package]
+edition = "2021"
+authors = ["Drop-OSS"]
+name = "droplet-rs"
+version = "0.16.3"
+license = "AGPL-3.0-only"
+description = "Droplet is a `napi.rs` Rust/Node.js package full of high-performance and low-level utils for Drop"
+
+[dependencies]
+hex = "0.4.3"
+time = "0.3.41"
+ring = "0.17.14"
+dyn-clone = "1.0.20"
+tokio = { version = "^1.48.0", features = [
+    "process",
+    "fs",
+    "io-util",
+    "rt",
+    "rt-multi-thread",
+    "macros",
+    "sync",
+] }
+anyhow = "1.0.100"
+async-trait = "0.1.89"
+serde = { version = "1.0.228", features = ["derive"] }
+serde_json = "1.0.145"
+humansize = "2.1.3"
+uuid = { version = "1.19.0", features = ["v4"] }
+sha2 = "0.10.9"
+futures = "0.3.31"
+getrandom = "0.3.4"
+libarchive-drop = { version = "*", path = "./libarchive-rust" }
+speedometer = "0.2.2"
+test-generator = "0.3.1"
+
+[dependencies.x509-parser]
+version = "0.17.0"
+features = ["verify"]
+
+[dependencies.rcgen]
+version = "0.13.2"
+features = ["crypto", "pem", "x509-parser"]
+
+[profile.release]
+lto = true
+strip = "symbols"
diff --git a/libraries/droplet/LICENSE b/libraries/droplet/LICENSE
new file mode 100644
index 00000000..0ad25db4
--- /dev/null
+++ b/libraries/droplet/LICENSE
@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.
diff --git a/libraries/droplet/README.md b/libraries/droplet/README.md
new file mode 100644
index 00000000..266e5152
--- /dev/null
+++ b/libraries/droplet/README.md
@@ -0,0 +1,8 @@
+# droplet-rs
+
+A Rust-based library for utilities and functionality required both by the server, client, and other tools.
+
+## manifest generation
+`droplet-rs` contains the manifest generation code, held in `manifest.rs`.
+
+It also includes the version backends to provide a unified read-write interface to files.
\ No newline at end of file
diff --git a/libraries/droplet/flake.lock b/libraries/droplet/flake.lock
new file mode 100644
index 00000000..e0d2640d
--- /dev/null
+++ b/libraries/droplet/flake.lock
@@ -0,0 +1,96 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1768886240,
+        "narHash": "sha256-C2TjvwYZ2VDxYWeqvvJ5XPPp6U7H66zeJlRaErJKoEM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "80e4adbcf8992d3fd27ad4964fbb84907f9478b0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1744536153,
+        "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs",
+        "rust-overlay": "rust-overlay"
+      }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1768963622,
+        "narHash": "sha256-n6VHiUgrYD9yjagzG6ncVVqFbVTsKCI54tR9PNAFCo0=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "2ef5b3362af585a83bafd34e7fc9b1f388c2e5e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/libraries/droplet/flake.nix b/libraries/droplet/flake.nix
new file mode 100644
index 00000000..7c806fd3
--- /dev/null
+++ b/libraries/droplet/flake.nix
@@ -0,0 +1,52 @@
+{
+  description = "Drop-OSS app development environment";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+    rust-overlay.url = "github:oxalica/rust-overlay";
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      flake-utils,
+      rust-overlay,
+    }:
+    flake-utils.lib.eachDefaultSystem (
+      system:
+      let
+        overlays = [ (import rust-overlay) ];
+        pkgs = import nixpkgs {
+          inherit system overlays;
+        };
+        libraries = with pkgs; [
+            glib
+            glibc
+            openssl
+          ];
+      in
+      {
+        devShells.default = pkgs.mkShell {
+          nativeBuildInputs = with pkgs; [
+            pkg-config
+            git
+            rust-bin.nightly.latest.default
+            rust-analyzer
+            cargo-expand
+          ];
+
+          
+          buildInputs = libraries;
+
+          shellHook = ''
+            export LD_LIBRARY_PATH="${
+              pkgs.lib.makeLibraryPath libraries
+            }:$LD_LIBRARY_PATH"
+          echo "Downpour development environment loaded"
+          '';
+        };
+      }
+    );
+}
diff --git a/libraries/droplet/libarchive-rust b/libraries/droplet/libarchive-rust
new file mode 160000
index 00000000..fdb73ef2
--- /dev/null
+++ b/libraries/droplet/libarchive-rust
@@ -0,0 +1 @@
+Subproject commit fdb73ef2dedb031e396153113ff9eee4ee082dc2
diff --git a/libraries/droplet/src/file_utils.rs b/libraries/droplet/src/file_utils.rs
new file mode 100644
index 00000000..332e61ff
--- /dev/null
+++ b/libraries/droplet/src/file_utils.rs
@@ -0,0 +1,24 @@
+use std::{
+    fs::{self, metadata},
+    path::{Path, PathBuf},
+};
+
+fn list_files_recursive(vec: &mut Vec<PathBuf>, path: &Path) {
+    if metadata(path).unwrap().is_dir() {
+        let paths = fs::read_dir(path).unwrap();
+        for path_result in paths {
+            let full_path = path_result.unwrap().path();
+            if metadata(&full_path).unwrap().is_dir() {
+                list_files_recursive(vec, &full_path);
+            } else {
+                vec.push(full_path);
+            }
+        }
+    }
+}
+
+pub fn list_files(path: &Path) -> Vec<PathBuf> {
+    let mut vec = Vec::new();
+    list_files_recursive(&mut vec, path);
+    vec
+}
diff --git a/libraries/droplet/src/lib.rs b/libraries/droplet/src/lib.rs
new file mode 100644
index 00000000..666a17bc
--- /dev/null
+++ b/libraries/droplet/src/lib.rs
@@ -0,0 +1,13 @@
+#![deny(clippy::all)]
+#![feature(impl_trait_in_bindings)]
+
+pub mod file_utils;
+pub mod manifest;
+pub mod ssl;
+pub mod versions;
+pub mod vm;
+
+extern crate libarchive_drop;
+
+#[cfg(test)]
+pub mod tests;
diff --git a/libraries/droplet/src/main.rs b/libraries/droplet/src/main.rs
new file mode 100644
index 00000000..b37cc682
--- /dev/null
+++ b/libraries/droplet/src/main.rs
@@ -0,0 +1,24 @@
+use std::{env, path::PathBuf};
+
+use droplet_rs::manifest::generate_manifest_rusty;
+use tokio::runtime::Handle;
+
+#[tokio::main]
+pub async fn main() {
+    let mut args = env::args();
+    let target_dir = PathBuf::from(args.nth(1).expect("Provide target directory"));
+
+    let metrics = Handle::current().metrics();
+    println!("using {} workers", metrics.num_workers());
+
+    let _manifest = generate_manifest_rusty(
+        &target_dir,
+        |progress| println!("PROGRESS: {}", progress),
+        |message| {
+            println!("{}", message);
+        },
+        None,
+    )
+    .await
+    .unwrap();
+}
diff --git a/libraries/droplet/src/manifest.rs b/libraries/droplet/src/manifest.rs
new file mode 100644
index 00000000..f4c80138
--- /dev/null
+++ b/libraries/droplet/src/manifest.rs
@@ -0,0 +1,258 @@
+use std::{
+    collections::HashMap,
+    mem,
+    path::Path,
+    sync::{
+        atomic::{AtomicU64, Ordering},
+        Arc,
+    },
+};
+
+use anyhow::anyhow;
+use hex::ToHex as _;
+use humansize::{format_size, BINARY};
+use serde::{Deserialize, Serialize};
+use sha2::{Digest as _, Sha256};
+use tokio::{
+    io::AsyncReadExt as _,
+    join,
+    sync::{Mutex, Semaphore},
+    task::JoinSet,
+};
+
+#[derive(Serialize, Deserialize, Clone)]
+pub struct FileEntry {
+    pub filename: String,
+    pub start: usize,
+    pub length: usize,
+    pub permissions: u32,
+}
+
+#[derive(Serialize, Deserialize, Clone)]
+pub struct ChunkData {
+    pub files: Vec<FileEntry>,
+    pub checksum: String,
+    pub iv: [u8; 16],
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct Manifest {
+    pub version: String,
+    pub chunks: HashMap<String, ChunkData>,
+    pub size: u64,
+    pub key: [u8; 16],
+}
+
+const CHUNK_SIZE: u64 = 1024 * 1024 * 64;
+const MAX_FILE_COUNT: usize = 512;
+
+use crate::versions::{
+    create_backend_constructor,
+    types::{VersionBackend, VersionFile},
+};
+
+pub async fn generate_manifest_rusty<T: Fn(String), V: Fn(f32)>(
+    dir: &Path,
+    progress_sfn: V,
+    log_sfn: T,
+    reader_semaphore: Option<Arc<Semaphore>>,
+) -> anyhow::Result<Manifest> {
+    let backend =
+        create_backend_constructor(dir).ok_or(anyhow!("Could not create backend for path."))?()?;
+
+    let required_single_file = backend.require_whole_files();
+
+    let mut files = backend.list_files().await?;
+    files.sort_by_key(|b| std::cmp::Reverse(b.size));
+    // Filepath to chunk data
+    let mut chunks: Vec<Vec<(VersionFile, u64, u64)>> = Vec::new();
+    let mut current_chunk: Vec<(VersionFile, u64, u64)> = Vec::new();
+
+    log_sfn("organizing files into chunks...".to_string());
+
+    if required_single_file {
+        for version_file in files {
+            if version_file.size >= CHUNK_SIZE {
+                let size = version_file.size;
+                chunks.push(vec![(version_file, 0, size)]);
+
+                continue;
+            }
+
+            let mut current_size = current_chunk.iter().map(|v| v.2).sum::<u64>();
+
+            let size = version_file.size;
+            current_chunk.push((version_file, 0, size));
+
+            current_size += size;
+
+            if current_size >= CHUNK_SIZE {
+                // Pop current and add, then reset
+                let new_chunk = std::mem::take(&mut current_chunk);
+                chunks.push(new_chunk);
+            }
+
+            if current_chunk.len() >= MAX_FILE_COUNT {
+                chunks.push(std::mem::take(&mut current_chunk));
+            }
+
+            continue;
+        }
+    } else {
+        for version_file in files {
+            if current_chunk.len() >= MAX_FILE_COUNT {
+                chunks.push(std::mem::take(&mut current_chunk));
+            }
+
+            let current_size = current_chunk.iter().map(|v| v.2).sum::<u64>();
+
+            if version_file.size + current_size < CHUNK_SIZE {
+                let size = version_file.size;
+                current_chunk.push((version_file, 0, size));
+
+                continue;
+            }
+
+            // Fill up current chunk
+            let remaining = CHUNK_SIZE - current_size;
+            current_chunk.push((version_file.clone(), 0, remaining));
+            chunks.push(std::mem::take(&mut current_chunk));
+
+            // This is our offset in our current file
+            let mut offset = remaining;
+            while offset < version_file.size {
+                let length = CHUNK_SIZE.min(version_file.size - offset);
+                if length == CHUNK_SIZE {
+                    chunks.push(vec![(version_file.clone(), offset, length)]);
+                } else {
+                    current_chunk.push((version_file.clone(), offset, length));
+                }
+                offset += length;
+            }
+        }
+    }
+
+    if !current_chunk.is_empty() {
+        chunks.push(current_chunk);
+    }
+
+    log_sfn(format!(
+        "organized into {} chunks, generating checksums...",
+        chunks.len()
+    ));
+
+    let manifest: Arc<Mutex<HashMap<String, ChunkData>>> = Arc::new(Mutex::new(HashMap::new()));
+    let total_manifest_length = Arc::new(AtomicU64::new(0));
+
+    // SAFETY: we .join_all() the futures using this
+    let backend: &'static (dyn VersionBackend + Send + Sync) = unsafe { mem::transmute(&*backend) };
+
+    let mut futures: JoinSet<Result<(), anyhow::Error>> = JoinSet::new();
+    let (send_log, mut recieve_log) = tokio::sync::mpsc::channel(16);
+    let chunks_length = chunks.len();
+    for (index, chunk) in chunks.into_iter().enumerate() {
+        let send_log = send_log.clone();
+        let total_manifest_length = total_manifest_length.clone();
+        let manifest = manifest.clone();
+        let reader_semaphore = reader_semaphore.clone();
+        futures.spawn(async move {
+            let mut read_buf = vec![0u8; 1024 * 1024 * 8];
+
+            let uuid = uuid::Uuid::new_v4().to_string();
+            let mut hasher = Sha256::new();
+
+            let mut iv = [0u8; 16];
+            getrandom::fill(&mut iv).map_err(|err| anyhow!("failed to generate IV: {:?}", err))?;
+            let mut chunk_data = ChunkData {
+                files: Vec::new(),
+                checksum: String::new(),
+                iv,
+            };
+
+            let mut chunk_length = 0;
+
+            for (file, start, length) in chunk {
+                let permit = if let Some(reader_semaphore) = &reader_semaphore {
+                    Some(reader_semaphore.acquire().await?)
+                } else {
+                    None
+                };
+
+                let mut reader = backend.reader(&file, start, start + length).await?;
+
+                let mut total = 0;
+
+                loop {
+                    let amount = reader.read(&mut read_buf).await?;
+                    if amount == 0 {
+                        break;
+                    }
+                    total += amount;
+                    hasher.update(&read_buf[0..amount]);
+                }
+
+                if total as u64 > length {
+                    panic!("read too much: target {}, got {}", length, total);
+                }
+
+                chunk_length += length;
+
+                chunk_data.files.push(FileEntry {
+                    filename: file.relative_filename,
+                    start: start.try_into().unwrap(),
+                    length: length.try_into().unwrap(),
+                    permissions: file.permission,
+                });
+
+                drop(permit);
+            }
+
+            send_log
+                .send(format!(
+                    "created chunk of size {} ({}b) from {} files (index {})",
+                    format_size(chunk_length, BINARY),
+                    chunk_length,
+                    chunk_data.files.len(),
+                    index
+                ))
+                .await?;
+
+            total_manifest_length.fetch_add(chunk_length, Ordering::Relaxed);
+
+            let hash: String = hasher.finalize().encode_hex();
+            chunk_data.checksum = hash;
+            {
+                let mut manifest_lock = manifest.lock().await;
+                manifest_lock.insert(uuid, chunk_data);
+            };
+
+            Ok(())
+        });
+    }
+    drop(send_log);
+    join!(
+        async move {
+            let mut current_progress = 0f32;
+            let total_progress = chunks_length as f32;
+            while let Some(message) = recieve_log.recv().await {
+                log_sfn(message);
+                current_progress += 1.0f32;
+                progress_sfn((current_progress / total_progress) * 100.0f32)
+            }
+        },
+        futures.join_all()
+    );
+
+    let manifest = manifest.lock().await;
+    let manifest = manifest.clone();
+
+    let mut key = [0u8; 16];
+    getrandom::fill(&mut key).map_err(|err| anyhow!("failed to generate key: {:?}", err))?;
+
+    Ok(Manifest {
+        version: "2".to_string(),
+        chunks: manifest,
+        size: total_manifest_length.fetch_add(0, Ordering::Relaxed),
+        key,
+    })
+}
diff --git a/libraries/droplet/src/ssl.rs b/libraries/droplet/src/ssl.rs
new file mode 100644
index 00000000..3a596497
--- /dev/null
+++ b/libraries/droplet/src/ssl.rs
@@ -0,0 +1,123 @@
+use rcgen::{
+    CertificateParams, DistinguishedName, Error, IsCa, KeyPair, KeyUsagePurpose, PublicKeyData,
+    SubjectPublicKeyInfo,
+};
+use ring::rand::SystemRandom;
+use ring::signature::{EcdsaKeyPair, VerificationAlgorithm};
+use time::{Duration, OffsetDateTime};
+use x509_parser::parse_x509_certificate;
+use x509_parser::pem::Pem;
+
+pub fn generate_root_ca() -> Result<Vec<String>, rcgen::Error> {
+    let mut params = CertificateParams::default();
+
+    let mut name = DistinguishedName::new();
+    name.push(rcgen::DnType::CommonName, "Drop Root Server");
+    name.push(rcgen::DnType::OrganizationName, "Drop");
+
+    params.distinguished_name = name;
+
+    params.not_before = OffsetDateTime::now_utc();
+    params.not_after = OffsetDateTime::now_utc()
+        .checked_add(Duration::days(365 * 1000))
+        .unwrap();
+
+    params.is_ca = IsCa::Ca(rcgen::BasicConstraints::Unconstrained);
+
+    params.key_usages = vec![
+        KeyUsagePurpose::CrlSign,
+        KeyUsagePurpose::KeyCertSign,
+        KeyUsagePurpose::DigitalSignature,
+    ];
+
+    let key_pair = KeyPair::generate()?;
+    let certificate = CertificateParams::self_signed(params, &key_pair)?;
+
+    // Returns certificate, then private key
+    Ok(vec![certificate.pem(), key_pair.serialize_pem()])
+}
+
+pub fn generate_client_certificate(
+    client_id: String,
+    _client_name: String,
+    root_ca: String,
+    root_ca_private: String,
+) -> Result<Vec<String>, rcgen::Error> {
+    let root_key_pair = KeyPair::from_pem(&root_ca_private)?;
+    let certificate_params = CertificateParams::from_ca_cert_pem(&root_ca)?;
+    let root_ca = CertificateParams::self_signed(certificate_params, &root_key_pair)?;
+
+    let mut params = CertificateParams::default();
+
+    let mut name = DistinguishedName::new();
+    name.push(rcgen::DnType::CommonName, client_id);
+    name.push(rcgen::DnType::OrganizationName, "Drop");
+    params.distinguished_name = name;
+
+    params.key_usages = vec![
+        KeyUsagePurpose::DigitalSignature,
+        KeyUsagePurpose::DataEncipherment,
+    ];
+
+    let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P384_SHA384)?;
+    let certificate = CertificateParams::signed_by(params, &key_pair, &root_ca, &root_key_pair)?;
+
+    // Returns certificate, then private key
+    Ok(vec![certificate.pem(), key_pair.serialize_pem()])
+}
+
+pub fn verify_client_certificate(client_cert: String, root_ca: String) -> Result<bool, Error> {
+    let root_ca = Pem::iter_from_buffer(root_ca.as_bytes())
+        .next()
+        .unwrap()
+        .unwrap();
+    let root_ca = root_ca.parse_x509().unwrap();
+
+    let client_cert = Pem::iter_from_buffer(client_cert.as_bytes())
+        .next()
+        .unwrap()
+        .unwrap();
+    let client_cert = client_cert.parse_x509().unwrap();
+
+    let valid = root_ca
+        .verify_signature(Some(client_cert.public_key()))
+        .is_ok();
+
+    Ok(valid)
+}
+
+pub fn sign_nonce(private_key: String, nonce: String) -> Result<String, Error> {
+    let rng = SystemRandom::new();
+
+    let key_pair = KeyPair::from_pem(&private_key).unwrap();
+
+    let key_pair = EcdsaKeyPair::from_pkcs8(
+        &ring::signature::ECDSA_P384_SHA384_FIXED_SIGNING,
+        &key_pair.serialize_der(),
+        &rng,
+    )
+    .unwrap();
+
+    let signature = key_pair.sign(&rng, nonce.as_bytes()).unwrap();
+    let hex_signature = hex::encode(signature);
+
+    Ok(hex_signature)
+}
+
+pub fn verify_nonce(public_cert: String, nonce: String, signature: String) -> Result<bool, Error> {
+    let (_, pem) = x509_parser::pem::parse_x509_pem(public_cert.as_bytes()).unwrap();
+    let (_, spki) = parse_x509_certificate(&pem.contents).unwrap();
+    let public_key = SubjectPublicKeyInfo::from_der(spki.public_key().raw).unwrap();
+
+    let raw_signature = hex::decode(signature).unwrap();
+
+    let valid = ring::signature::ECDSA_P384_SHA384_FIXED
+        .verify(
+            public_key.der_bytes().into(),
+            nonce.as_bytes().into(),
+            raw_signature[..].into(),
+        )
+        .is_ok();
+
+    Ok(valid)
+}
diff --git a/libraries/droplet/src/tests.rs b/libraries/droplet/src/tests.rs
new file mode 100644
index 00000000..0b81dd15
--- /dev/null
+++ b/libraries/droplet/src/tests.rs
@@ -0,0 +1,46 @@
+#![cfg(test)]
+extern crate test_generator;
+
+use std::path::Path;
+
+use test_generator::test_resources;
+
+use crate::manifest::generate_manifest_rusty;
+
+#[test_resources("testfiles/**/*.7z")]
+fn manifest_gen(resource: &str) {
+    let runtime = tokio::runtime::Builder::new_current_thread()
+        .enable_all()
+        .build()
+        .expect("failed to create tokio runtime");
+
+    runtime.block_on(async move {
+        let filepath = Path::new(resource);
+        let manifest = generate_manifest_rusty(
+            filepath,
+            |_| {},
+            |message| {
+                println!("({}) {}", filepath.display(), message);
+            },
+            None,
+        )
+        .await
+        .unwrap_or_else(|err| {
+            panic!(
+                "failed to generate manifest for {}: {:?}",
+                filepath.display(),
+                err
+            )
+        });
+
+        let first_chunk = manifest
+            .chunks
+            .values()
+            .next()
+            .expect("no chunks generated");
+        let first_chunk_length = first_chunk.files.len();
+        if first_chunk_length == 0 {
+            panic!("{} has no files in manifest", filepath.display());
+        }
+    });
+}
diff --git a/libraries/droplet/src/versions/archive_backend.rs b/libraries/droplet/src/versions/archive_backend.rs
new file mode 100644
index 00000000..2c0b4f22
--- /dev/null
+++ b/libraries/droplet/src/versions/archive_backend.rs
@@ -0,0 +1,143 @@
+use std::{path::PathBuf, task::Poll};
+
+use anyhow::anyhow;
+use async_trait::async_trait;
+use libarchive_drop::{
+    archive::{Entry, FileType, ReadCompression, ReadFormat},
+    reader::{Builder, FileReader, Reader},
+};
+use tokio::io::AsyncRead;
+
+use crate::versions::types::{MinimumFileObject, VersionBackend, VersionFile};
+
+pub struct ZipVersionBackend {
+    path: PathBuf,
+}
+impl ZipVersionBackend {
+    pub fn new(path: PathBuf) -> anyhow::Result<Self> {
+        Ok(Self { path })
+    }
+
+    fn open_archive(&self) -> Result<FileReader, anyhow::Error> {
+        let mut archive = Builder::new();
+        archive.support_format(ReadFormat::All)?;
+        archive.support_compression(ReadCompression::All)?;
+        let archive = archive.open_file(&self.path)?;
+
+        Ok(archive)
+    }
+}
+
+struct ArchiveReader<'a> {
+    archive: FileReader,
+    prev_block: Option<&'a [u8]>,
+}
+
+impl<'a> AsyncRead for ArchiveReader<'a> {
+    fn poll_read(
+        mut self: std::pin::Pin<&mut Self>,
+        _cx: &mut std::task::Context<'_>,
+        buf: &mut tokio::io::ReadBuf<'_>,
+    ) -> std::task::Poll<std::io::Result<()>> {
+        if let Some(block) = &mut self.prev_block {
+            let to_read = buf.remaining().min(block.len());
+            let result = block.split_off(..to_read);
+            let result = result.unwrap(); // SAFETY: above .min statement
+            buf.put_slice(result);
+
+            // If the block is empty, we can read more
+            if block.is_empty() {
+                self.prev_block = None;
+            } else {
+                return Poll::Ready(Ok(()));
+            }
+        }
+        let block = match self.archive.read_block() {
+            Ok(v) => v,
+            Err(err) => return Poll::Ready(Err(std::io::Error::other(err.to_string()))),
+        };
+
+        let mut block = match block {
+            Some(v) => v,
+            None => return Poll::Ready(Ok(())),
+        };
+
+        let write_amount = buf.remaining().min(block.len());
+        let to_write = block.split_off(..write_amount);
+        let to_write = to_write.unwrap(); // SAFETY: above .min statement
+        buf.put_slice(to_write);
+
+        if !block.is_empty() {
+            #[cfg(debug_assertions)]
+            if self.prev_block.is_some() {
+                panic!("replacing prev_block while it contains data")
+            }
+            self.prev_block.replace(&block[buf.remaining()..]);
+        }
+
+        Poll::Ready(Ok(()))
+    }
+}
+
+#[async_trait]
+impl VersionBackend for ZipVersionBackend {
+    async fn list_files(&self) -> anyhow::Result<Vec<VersionFile>> {
+        let mut archive = self.open_archive()?;
+        let mut results = Vec::new();
+
+        while let Some(header) = archive.next_header() {
+            match header.filetype() {
+                FileType::RegularFile => (),
+                _ => {
+                    continue;
+                }
+            }
+            results.push(VersionFile {
+                relative_filename: header.pathname().to_string(),
+                permission: 0o744,
+                size: header.size().try_into()?,
+            });
+        }
+
+        Ok(results)
+    }
+
+    async fn reader(
+        &self,
+        file: &VersionFile,
+        _start: u64,
+        _end: u64,
+    ) -> anyhow::Result<Box<dyn MinimumFileObject>> {
+        let mut archive = self.open_archive()?;
+
+        // Find entry in archive
+        loop {
+            let entry = match archive.next_header() {
+                Some(v) => v,
+                None => return Err(anyhow!("entry not found:{}", file.relative_filename)),
+            };
+            if entry.pathname() == file.relative_filename {
+                break;
+            }
+        }
+
+        Ok(Box::new(ArchiveReader {
+            archive,
+            prev_block: None,
+        }))
+    }
+
+    async fn peek_file(&self, sub_path: String) -> anyhow::Result<VersionFile> {
+        let files = self.list_files().await?;
+        let file = files
+            .iter()
+            .find(|v| v.relative_filename == sub_path)
+            .expect("file not found");
+
+        Ok(file.clone())
+    }
+
+    fn require_whole_files(&self) -> bool {
+        true
+    }
+}
diff --git a/libraries/droplet/src/versions/mod.rs b/libraries/droplet/src/versions/mod.rs
new file mode 100644
index 00000000..89874d1b
--- /dev/null
+++ b/libraries/droplet/src/versions/mod.rs
@@ -0,0 +1,60 @@
+use std::{
+    fs::{metadata, read_dir},
+    path::{Path, PathBuf},
+};
+
+use anyhow::Result;
+
+use crate::versions::{
+    archive_backend::ZipVersionBackend, path_backend::PathVersionBackend, types::VersionBackend,
+};
+
+pub mod archive_backend;
+pub mod path_backend;
+
+pub fn _list_files(vec: &mut Vec<PathBuf>, path: &Path) -> Result<()> {
+    if metadata(path)?.is_dir() {
+        let paths = read_dir(path)?;
+        for path_result in paths {
+            let full_path = path_result?.path();
+            if metadata(&full_path)?.is_dir() {
+                _list_files(vec, &full_path)?;
+            } else {
+                vec.push(full_path);
+            }
+        }
+    };
+
+    Ok(())
+}
+
+const SUPPORTED_FILE_EXTENSIONS: [&str; 11] = [
+    "tar", "pax", "cpio", "zip", "jar", "ar", "xar", "rar", "rpm", "7z", "iso",
+];
+
+pub mod types;
+#[allow(clippy::type_complexity)]
+pub fn create_backend_constructor<'a>(
+    path: &Path,
+) -> Option<Box<dyn FnOnce() -> Result<Box<dyn VersionBackend + Send + Sync + 'a>>>> {
+    if !path.exists() {
+        return None;
+    }
+
+    let is_directory = path.is_dir();
+    if is_directory {
+        let base_dir = path.to_path_buf();
+        return Some(Box::new(move || {
+            Ok(Box::new(PathVersionBackend { base_dir }))
+        }));
+    };
+
+    let file_extension = path.extension().and_then(|v| v.to_str())?;
+
+    if SUPPORTED_FILE_EXTENSIONS.contains(&file_extension) {
+        let buf = path.to_path_buf();
+        return Some(Box::new(move || Ok(Box::new(ZipVersionBackend::new(buf)?))));
+    }
+
+    None
+}
diff --git a/libraries/droplet/src/versions/path_backend.rs b/libraries/droplet/src/versions/path_backend.rs
new file mode 100644
index 00000000..e3b70570
--- /dev/null
+++ b/libraries/droplet/src/versions/path_backend.rs
@@ -0,0 +1,101 @@
+#[cfg(unix)]
+use std::os::unix::fs::PermissionsExt;
+use std::{io::SeekFrom, path::PathBuf};
+
+use anyhow::anyhow;
+use async_trait::async_trait;
+use tokio::{
+    fs::File,
+    io::{AsyncReadExt as _, AsyncSeekExt as _},
+};
+
+#[derive(Clone)]
+pub struct PathVersionBackend {
+    pub base_dir: PathBuf,
+}
+
+use crate::versions::{
+    _list_files,
+    types::{MinimumFileObject, VersionBackend, VersionFile},
+};
+
+#[async_trait]
+impl VersionBackend for PathVersionBackend {
+    async fn list_files(&self) -> anyhow::Result<Vec<VersionFile>> {
+        let mut vec = Vec::new();
+        _list_files(&mut vec, &self.base_dir)?;
+
+        let mut results = Vec::new();
+
+        for pathbuf in vec.iter() {
+            let relative = pathbuf.strip_prefix(self.base_dir.clone())?;
+
+            results.push(
+                self.peek_file(
+                    relative
+                        .to_str()
+                        .ok_or(anyhow!(
+                            "Could not parse path: {}",
+                            relative.to_string_lossy()
+                        ))?
+                        .to_owned(),
+                )
+                .await?,
+            );
+        }
+
+        Ok(results)
+    }
+
+    async fn reader(
+        &self,
+        file: &VersionFile,
+        start: u64,
+        end: u64,
+    ) -> anyhow::Result<Box<dyn MinimumFileObject>> {
+        let mut file = File::open(self.base_dir.join(file.relative_filename.clone())).await?;
+
+        if start != 0 {
+            file.seek(SeekFrom::Start(start)).await?;
+        }
+
+        if end != 0 {
+            return Ok(Box::new(file.take(end - start)));
+        }
+
+        Ok(Box::new(file))
+    }
+
+    async fn peek_file(&self, sub_path: String) -> anyhow::Result<VersionFile> {
+        let pathbuf = self.base_dir.join(sub_path.clone());
+        if !pathbuf.exists() {
+            return Err(anyhow!("Path doesn't exist: {}", pathbuf.to_string_lossy()));
+        };
+
+        let file = File::open(pathbuf.clone()).await?;
+        let metadata = file.try_clone().await?.metadata().await?;
+        let permission_object = metadata.permissions();
+        let permissions = {
+            let perm: u32;
+            #[cfg(target_family = "unix")]
+            {
+                perm = permission_object.mode();
+            }
+            #[cfg(not(target_family = "unix"))]
+            {
+                perm = 0
+            }
+            perm
+        };
+
+        Ok(VersionFile {
+            relative_filename: sub_path,
+            permission: permissions,
+            size: metadata.len(),
+        })
+    }
+
+    fn require_whole_files(&self) -> bool {
+        false
+    }
+}
diff --git a/libraries/droplet/src/versions/types.rs b/libraries/droplet/src/versions/types.rs
new file mode 100644
index 00000000..d80c1b36
--- /dev/null
+++ b/libraries/droplet/src/versions/types.rs
@@ -0,0 +1,27 @@
+use std::fmt::Debug;
+
+use async_trait::async_trait;
+use tokio::io::AsyncRead;
+
+#[derive(Debug, Clone)]
+pub struct VersionFile {
+    pub relative_filename: String,
+    pub permission: u32,
+    pub size: u64,
+}
+
+pub trait MinimumFileObject: AsyncRead + Send + Unpin {}
+impl<T: AsyncRead + Send + Unpin> MinimumFileObject for T {}
+
+#[async_trait]
+pub trait VersionBackend {
+    fn require_whole_files(&self) -> bool;
+    async fn list_files(&self) -> anyhow::Result<Vec<VersionFile>>;
+    async fn peek_file(&self, sub_path: String) -> anyhow::Result<VersionFile>;
+    async fn reader(
+        &self,
+        file: &VersionFile,
+        start: u64,
+        end: u64,
+    ) -> anyhow::Result<Box<dyn MinimumFileObject>>;
+}
diff --git a/libraries/droplet/src/vm/mod.rs b/libraries/droplet/src/vm/mod.rs
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/libraries/droplet/src/vm/mod.rs
@@ -0,0 +1 @@
+
diff --git a/libraries/droplet/testfiles/bare_files/dotfile.7z b/libraries/droplet/testfiles/bare_files/dotfile.7z
new file mode 100644
index 00000000..9c278ed2
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/dotfile.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/empty_file.7z b/libraries/droplet/testfiles/bare_files/empty_file.7z
new file mode 100644
index 00000000..0e4fa0bc
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/empty_file.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/file and archive with spaces.7z b/libraries/droplet/testfiles/bare_files/file and archive with spaces.7z
new file mode 100644
index 00000000..4d3aab56
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/file and archive with spaces.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/file_with_space_in_extension.7z b/libraries/droplet/testfiles/bare_files/file_with_space_in_extension.7z
new file mode 100644
index 00000000..59728fa0
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/file_with_space_in_extension.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/file_with_spaces.7z b/libraries/droplet/testfiles/bare_files/file_with_spaces.7z
new file mode 100644
index 00000000..4d3aab56
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/file_with_spaces.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/file_without_extension.7z b/libraries/droplet/testfiles/bare_files/file_without_extension.7z
new file mode 100644
index 00000000..309a706f
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/file_without_extension.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_only_environment_variable_name.7z b/libraries/droplet/testfiles/bare_files/filename_only_environment_variable_name.7z
new file mode 100644
index 00000000..9bedd36f
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_only_environment_variable_name.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_asterisk.7z b/libraries/droplet/testfiles/bare_files/filename_with_asterisk.7z
new file mode 100644
index 00000000..9435c06c
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_asterisk.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_backslashes.7z b/libraries/droplet/testfiles/bare_files/filename_with_backslashes.7z
new file mode 100644
index 00000000..8a96cec6
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_backslashes.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_colon.7z b/libraries/droplet/testfiles/bare_files/filename_with_colon.7z
new file mode 100644
index 00000000..7379dbe3
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_colon.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_dollar.7z b/libraries/droplet/testfiles/bare_files/filename_with_dollar.7z
new file mode 100644
index 00000000..7d63273d
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_dollar.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_environment_variable_name.7z b/libraries/droplet/testfiles/bare_files/filename_with_environment_variable_name.7z
new file mode 100644
index 00000000..8b7c3559
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_environment_variable_name.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_full_windows_path_name.7z b/libraries/droplet/testfiles/bare_files/filename_with_full_windows_path_name.7z
new file mode 100644
index 00000000..9a81afaa
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_full_windows_path_name.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_lessthan.7z b/libraries/droplet/testfiles/bare_files/filename_with_lessthan.7z
new file mode 100644
index 00000000..44a59cf2
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_lessthan.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_newline.7z b/libraries/droplet/testfiles/bare_files/filename_with_newline.7z
new file mode 100644
index 00000000..8bda74ea
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_newline.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_spaces_and_backslashes.7z b/libraries/droplet/testfiles/bare_files/filename_with_spaces_and_backslashes.7z
new file mode 100644
index 00000000..0d970e53
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_spaces_and_backslashes.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_tab.7z b/libraries/droplet/testfiles/bare_files/filename_with_tab.7z
new file mode 100644
index 00000000..5bc3e38c
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_tab.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/filename_with_windows_environment_variable_name.7z b/libraries/droplet/testfiles/bare_files/filename_with_windows_environment_variable_name.7z
new file mode 100644
index 00000000..2f2c2612
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/filename_with_windows_environment_variable_name.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/standard_archive.7z b/libraries/droplet/testfiles/bare_files/standard_archive.7z
new file mode 100644
index 00000000..8d0c97cf
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/standard_archive.7z differ
diff --git a/libraries/droplet/testfiles/bare_files/windows_reserved_file_name.7z b/libraries/droplet/testfiles/bare_files/windows_reserved_file_name.7z
new file mode 100644
index 00000000..cbcbf9ef
Binary files /dev/null and b/libraries/droplet/testfiles/bare_files/windows_reserved_file_name.7z differ
diff --git a/libraries/droplet/testfiles/subdirectories/dotsubdirectory.7z b/libraries/droplet/testfiles/subdirectories/dotsubdirectory.7z
new file mode 100644
index 00000000..44e6e5fc
Binary files /dev/null and b/libraries/droplet/testfiles/subdirectories/dotsubdirectory.7z differ
diff --git a/libraries/droplet/testfiles/subdirectories/subdirectory_and_file_with_double_backslashes.7z b/libraries/droplet/testfiles/subdirectories/subdirectory_and_file_with_double_backslashes.7z
new file mode 100644
index 00000000..344b4010
Binary files /dev/null and b/libraries/droplet/testfiles/subdirectories/subdirectory_and_file_with_double_backslashes.7z differ
diff --git a/libraries/droplet/testfiles/subdirectories/subdirectory_and_file_with_spaces.7z b/libraries/droplet/testfiles/subdirectories/subdirectory_and_file_with_spaces.7z
new file mode 100644
index 00000000..99db08e7
Binary files /dev/null and b/libraries/droplet/testfiles/subdirectories/subdirectory_and_file_with_spaces.7z differ
diff --git a/libraries/droplet/testfiles/subdirectories/subdirectory_file_with_double_backslashes.7z b/libraries/droplet/testfiles/subdirectories/subdirectory_file_with_double_backslashes.7z
new file mode 100644
index 00000000..a04225ec
Binary files /dev/null and b/libraries/droplet/testfiles/subdirectories/subdirectory_file_with_double_backslashes.7z differ
diff --git a/libraries/droplet/testfiles/subdirectories/subdirectory_with_single_backslashes.7z b/libraries/droplet/testfiles/subdirectories/subdirectory_with_single_backslashes.7z
new file mode 100644
index 00000000..1fbde22e
Binary files /dev/null and b/libraries/droplet/testfiles/subdirectories/subdirectory_with_single_backslashes.7z differ