Rustelo/framework_manifest.toml

# =============================================================================
# Rustelo Framework Integrity Manifest
# =============================================================================
# This file defines the protected boundaries of the Rustelo framework and
# the rules that implementations must follow to remain compatible with updates.

[framework]
name = "rustelo"
version = "0.1.0"
integrity_version = "1.0"
compatibility_level = "stable"
description = "Modular, feature-based Rust web framework built on Leptos and Axum"

# =============================================================================
# PROTECTED PATHS - Framework core that cannot be directly modified
# =============================================================================

[[protected_paths]]
path = "crates/foundation/crates/core-lib/src/lib.rs"
reason = "Core framework interface and module exports"
alternatives = [
    "Implement traits in your own crates",
    "Use extension points for customization",
    "Create component overrides in approved locations"
]

[[protected_paths]]
path = "crates/foundation/crates/core-lib/src/routing/"
reason = "Core routing system and engine"
alternatives = [
    "Use route configuration in config/routes/*.toml",
    "Create custom route handlers via trait implementations",
    "Override routing behavior through layered configuration"
]

[[protected_paths]]
path = "crates/foundation/crates/core-lib/src/layered_override.rs"
reason = "Layered override system implementation"
alternatives = [
    "Use layered override system for customization",
    "Create local overrides in config/local/",
    "Add feature-specific overrides in config/features/"
]

[[protected_paths]]
path = "crates/foundation/crates/core-lib/src/integrity.rs"
reason = "Framework integrity protection system"
alternatives = [
    "Report integrity issues to framework maintainers",
    "Use approved extension points for validation customization"
]

[[protected_paths]]
path = "templates/shared/"
reason = "Core template system used for project generation"
alternatives = [
    "Create local template overrides in config/local/",
    "Add feature-specific templates in features/*/templates/",
    "Use layered override system for template customization"
]

[[protected_paths]]
path = "crates/templates/rustelo-cli/src/"
reason = "Core CLI functionality for framework management"
alternatives = [
    "Request new CLI features through framework issues",
    "Create custom CLI extensions as separate crates",
    "Use CLI hooks and plugins for customization"
]

# =============================================================================
# REQUIRED TRAIT IMPLEMENTATIONS - Must be implemented for compatibility
# =============================================================================

[[required_traits]]
trait_name = "ContentLoader"
implementation_path = "src/content/loader.rs"
required_methods = ["load", "validate", "cache_key"]
compatibility_version = "1.0"
description = "Content loading and validation interface"

[[required_traits]]
trait_name = "RouteHandler"
implementation_path = "src/routing/handlers.rs"
required_methods = ["handle_request", "supports_route"]
compatibility_version = "1.0"
description = "Request handling interface for routing system"

[[required_traits]]
trait_name = "ConfigResolver"
implementation_path = "src/config/resolver.rs"
required_methods = ["resolve", "validate"]
compatibility_version = "1.0"
description = "Configuration resolution interface"

[[required_traits]]
trait_name = "ComponentRenderer"
implementation_path = "src/components/renderer.rs"
required_methods = ["render", "supports_component"]
compatibility_version = "1.0"
description = "Component rendering interface"

# =============================================================================
# SAFE EXTENSION POINTS - Approved locations for customization
# =============================================================================

[[extension_points]]
name = "custom_components"
location = "src/components/custom/"
allowed_modifications = ["create", "modify", "delete"]
description = "Custom UI components that don't conflict with framework components"

[[extension_points]]
name = "content_processors"
location = "src/content/processors/"
allowed_modifications = ["create", "extend"]
description = "Custom content processing logic and transformations"

[[extension_points]]
name = "local_configuration"
location = "config/local/"
allowed_modifications = ["create", "modify"]
description = "Local configuration overrides with highest precedence"

[[extension_points]]
name = "feature_extensions"
location = "src/features/"
allowed_modifications = ["create", "extend"]
description = "Feature-specific implementations and extensions"

[[extension_points]]
name = "custom_middleware"
location = "src/middleware/"
allowed_modifications = ["create", "register"]
description = "Custom middleware for request/response processing"

[[extension_points]]
name = "custom_templates"
location = "templates/custom/"
allowed_modifications = ["create", "modify"]
description = "Custom templates for code generation and scaffolding"

[[extension_points]]
name = "asset_processors"
location = "src/assets/processors/"
allowed_modifications = ["create", "extend"]
description = "Custom asset processing and optimization logic"

# =============================================================================
# FORBIDDEN PATTERNS - Patterns that break framework compatibility
# =============================================================================

[[forbidden_patterns]]
pattern = '''hardcoded_routes\s*=\s*\['''
reason = "Hardcoded routes bypass the configuration-driven routing system"
suggested_alternative = "Use route configuration in config/routes/*.toml files"
severity = "Critical"

[[forbidden_patterns]]
pattern = '''pub\s+mod\s+core_lib\s*\{'''
reason = "Direct framework core modification breaks update compatibility"
suggested_alternative = "Implement traits and use extension points instead"
severity = "Critical"

[[forbidden_patterns]]
pattern = '''unsafe\s*\{'''
reason = "Unsafe code bypasses framework safety guarantees and may break updates"
suggested_alternative = "Use safe alternatives or request framework extension"
severity = "High"

[[forbidden_patterns]]
pattern = '''include_str!\s*\(\s*"\.\.\/'''
reason = "Relative includes bypass the framework asset and resource systems"
suggested_alternative = "Use framework asset loading APIs and environment variables"
severity = "Medium"

[[forbidden_patterns]]
pattern = '''use\s+rustelo_core::(?!.*pub)'''
reason = "Direct internal imports may break when framework internals change"
suggested_alternative = "Use public APIs through the main crate interface"
severity = "Medium"

[[forbidden_patterns]]
pattern = '''\.unwrap\s*\(\s*\)'''
reason = "Unwrap calls can cause panics and break application stability"
suggested_alternative = "Use proper error handling with Result<T, E> and ? operator"
severity = "Medium"

[[forbidden_patterns]]
pattern = '''panic!\s*\('''
reason = "Explicit panics should be avoided in production code"
suggested_alternative = "Return errors through Result types for proper handling"
severity = "Low"

[[forbidden_patterns]]
pattern = '''/[^/\s"]+/[^/\s"]+'''
reason = "Hardcoded paths should use configuration or environment variables"
suggested_alternative = "Use config files or environment variables for paths"
severity = "Medium"

# =============================================================================
# UPDATE COMPATIBILITY INFORMATION
# =============================================================================

[update_compatibility]
breaking_changes_policy = "semantic_versioning"
migration_assistance = true
automated_migration = [
    "configuration",
    "dependencies",
    "template_updates",
    "deprecated_api_updates"
]
manual_migration = [
    "trait_signature_changes",
    "major_api_redesigns",
    "architectural_changes",
    "security_model_updates"
]

# =============================================================================
# VALIDATION RULES AND THRESHOLDS
# =============================================================================

[validation_rules]
# Minimum compatibility score (0.0-1.0) required for safe updates
max_compatibility_score = 0.8

# Maximum number of violations allowed by severity
critical_violations_allowed = 0
high_violations_threshold = 3
medium_violations_threshold = 10
low_violations_threshold = 50

# File scanning configuration
scan_extensions = ["rs", "toml", "json", "yaml", "md"]
exclude_directories = [
    "target",
    "node_modules",
    ".git",
    "dist",
    "build"
]

# Performance limits for validation
max_files_to_scan = 10000
max_file_size_mb = 10
validation_timeout_seconds = 300

# =============================================================================
# FRAMEWORK FEATURES AND CAPABILITIES
# =============================================================================

[framework_capabilities]
# Core framework features that implementations can rely on
core_features = [
    "layered_override_system",
    "configuration_driven_routing",
    "component_system",
    "content_management",
    "i18n_support",
    "theme_system",
    "hot_reload",
    "build_optimization"
]

# Optional features that can be enabled/disabled
optional_features = [
    "analytics",
    "smart_build",
    "debugging_tools",
    "auth",
    "content_db",
    "email",
    "tls",
    "metrics"
]

# Experimental features (subject to change)
experimental_features = [
    "advanced_routing",
    "ui_components",
    "navigation_testing",
    "dev_dashboard",
    "page_generator"
]

# =============================================================================
# SECURITY AND COMPLIANCE
# =============================================================================

[security]
# Security patterns that must not be violated
require_csrf_protection = true
require_input_validation = true
require_secure_headers = true
forbid_sql_injection_patterns = true
require_encrypted_sensitive_data = true

# Compliance requirements
audit_trail_required = true
security_headers_required = true
vulnerability_scanning_required = true

# =============================================================================
# QUALITY STANDARDS
# =============================================================================

[quality]
# Code quality requirements
min_test_coverage = 80.0
require_documentation = true
require_error_handling = true
forbid_deprecated_apis = true
require_semantic_versioning = true

# Performance requirements
max_build_time_seconds = 300
max_memory_usage_mb = 1024
min_lighthouse_score = 90

# Rust-specific quality standards
require_clippy_compliance = true
require_rustfmt_compliance = true
forbid_unsafe_without_justification = true
require_comprehensive_error_types = true

# =============================================================================
# REPORTING AND MONITORING
# =============================================================================

[reporting]
# Report formats supported
supported_formats = ["human", "json", "junit", "sarif"]
default_format = "human"

# Report detail levels
detail_levels = ["summary", "standard", "detailed", "comprehensive"]
default_detail_level = "standard"

# Monitoring and alerting
enable_continuous_monitoring = true
alert_on_critical_violations = true
track_compatibility_score_trends = true

# =============================================================================
# MIGRATION AND UPGRADE SUPPORT
# =============================================================================

[migration]
# Migration script locations
migration_scripts_path = "scripts/migration/"
backup_before_migration = true
validate_after_migration = true

# Rollback support
enable_automatic_rollback = true
rollback_on_validation_failure = true
keep_migration_backups_days = 30

# Migration assistance
provide_migration_guide = true
automatic_dependency_updates = true
automatic_config_migration = true
manual_review_required_for = [
    "breaking_changes",
    "security_updates",
    "architectural_changes"
]