0be354a920
Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.
1.3 KiB
1.3 KiB
STACK — Rust HTTP server (axum + tokio + sqlx)
Default web stack — no language justification needed.
Versions: axum 0.7+, tokio 1.x (rt-multi-thread), sqlx 0.7+ (NOT diesel — async-first), tower 0.4+ for middleware.
App shape:
AppStatestruct →Arc<AppState>→Router::with_state(state). No globals.- Handlers take
State<Arc<AppState>>, extractors typed, returnResult<impl IntoResponse, AppError>. AppError= singlethiserrorenum withIntoResponseimpl → maps to HTTP status + JSON body.#[tokio::main]ONLY in the binary crate. Library crates never pin a runtime.
Middleware stack (order matters):
TraceLayer(tower-http) — request id + spanCorsLayer— explicit allow-list, neverAnyin prodTimeoutLayer— hard cap per routeCompressionLayer- Auth middleware (custom) — short-circuits on 401
Crypto: Ed25519 for signing (ed25519-dalek); never roll your own. Secrets from env at startup, never in code.
sqlx: queries use sqlx::query! / query_as! macros (compile-time checked against live DB). Migrations under migrations/ managed by sqlx-cli. NEVER string-concat SQL.
Forbidden: unwrap() in handler paths, sqlx::query() with runtime strings, blocking calls (std::fs::read) without spawn_blocking, #[tokio::main] in lib crates (caller chooses runtime).