KeiSeiKit-1.0

History

Parfii-bot e5cd0d6790 feat(v0.21): kei-store real S3 backend behind opt-in 's3' feature flag Promotes S3 from MVP stub to functional via aws-sdk-s3. Default builds unchanged (zero new deps). Feature flag ensures users who don't need S3 don't pay the ~5MB binary / C-toolchain cost. Cargo.toml: new [features] s3 = [...] gating 4 optional deps: aws-sdk-s3 = 1.130.0 aws-config = 1.8.16 (with behavior-version-latest) tokio = 1.52.1 (current-thread runtime, no multi-threaded bloat) bytes = 1 (S3 body passthrough) s3_cloud/ module (4 files, Constructor Pattern): mod.rs (190 LOC) — S3CloudStore + MemoryStore trait impl client.rs (81 LOC) — aws-config builder, KEI_STORE_S3_ENDPOINT override for R2 / Wasabi / MinIO / any S3-compat keys.rs (60 LOC) — path-traversal guard + DJB2 hash helper tests.rs (63 LOC) — builder + prefix + key-guard unit tests Factory routing (factory.rs): with 's3' feature + bucket URL → S3CloudStore (real network) without 's3' feature → S3Store stub (existing MVP, preserved) Security posture: - Branch-prefix isolation rejects traversal at keys.rs layer - aws-config default credential chain (env → ~/.aws → IMDS); no bespoke credential handling - rustls, not OpenSSL (matches existing crate tree) Tests: 22 existing + 11 new (4 keys + 3 client + 5 mod + 5 smoke) cargo test -p kei-store (default features): 9 passed cargo test -p kei-store --features s3: 22 + 9 + 5 = 36 passed cargo clippy -p kei-store --features s3: clean Real stdout verified for all verify criteria. No fabrication. MANIFEST.toml [primitive.kei-store] deps updated to reflect feature opt-in model. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 17:59:11 +08:00
..
integration.rs	fix(kei-store): path-traversal guard (F2 RELEASE BLOCKER) + S3 stub gate (F7) + GitHub RULE 0.1 guard (F8)	2026-04-22 13:36:17 +08:00
s3_smoke.rs	feat(v0.21): kei-store real S3 backend behind opt-in 's3' feature flag	2026-04-22 17:59:11 +08:00

Parfii-bot e5cd0d6790 feat(v0.21): kei-store real S3 backend behind opt-in 's3' feature flag

Promotes S3 from MVP stub to functional via aws-sdk-s3. Default builds
unchanged (zero new deps). Feature flag ensures users who don't need
S3 don't pay the ~5MB binary / C-toolchain cost.

Cargo.toml: new [features] s3 = [...] gating 4 optional deps:
  aws-sdk-s3 = 1.130.0
  aws-config = 1.8.16 (with behavior-version-latest)
  tokio = 1.52.1 (current-thread runtime, no multi-threaded bloat)
  bytes = 1 (S3 body passthrough)

s3_cloud/ module (4 files, Constructor Pattern):
  mod.rs (190 LOC) — S3CloudStore + MemoryStore trait impl
  client.rs (81 LOC) — aws-config builder, KEI_STORE_S3_ENDPOINT
    override for R2 / Wasabi / MinIO / any S3-compat
  keys.rs (60 LOC) — path-traversal guard + DJB2 hash helper
  tests.rs (63 LOC) — builder + prefix + key-guard unit tests

Factory routing (factory.rs):
  with 's3' feature + bucket URL → S3CloudStore (real network)
  without 's3' feature → S3Store stub (existing MVP, preserved)

Security posture:
  - Branch-prefix isolation rejects  traversal at keys.rs layer
  - aws-config default credential chain (env → ~/.aws → IMDS);
    no bespoke credential handling
  - rustls, not OpenSSL (matches existing crate tree)

Tests: 22 existing + 11 new (4 keys + 3 client + 5 mod + 5 smoke)
  cargo test -p kei-store (default features): 9 passed
  cargo test -p kei-store --features s3: 22 + 9 + 5 = 36 passed
  cargo clippy -p kei-store --features s3: clean

Real stdout verified for all verify criteria. No fabrication.

MANIFEST.toml [primitive.kei-store] deps updated to reflect feature
opt-in model.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-22 17:59:11 +08:00

integration.rs

fix(kei-store): path-traversal guard (F2 RELEASE BLOCKER) + S3 stub gate (F7) + GitHub RULE 0.1 guard (F8)

2026-04-22 13:36:17 +08:00

s3_smoke.rs

feat(v0.21): kei-store real S3 backend behind opt-in 's3' feature flag

2026-04-22 17:59:11 +08:00