# ============================================================================= # Rustelo Framework Integrity Manifest # ============================================================================= # This file defines the protected boundaries of the Rustelo framework and # the rules that implementations must follow to remain compatible with updates. [framework] name = "rustelo" version = "0.1.0" integrity_version = "1.0" compatibility_level = "stable" description = "Modular, feature-based Rust web framework built on Leptos and Axum" # ============================================================================= # PROTECTED PATHS - Framework core that cannot be directly modified # ============================================================================= [[protected_paths]] path = "crates/foundation/crates/core-lib/src/lib.rs" reason = "Core framework interface and module exports" alternatives = [ "Implement traits in your own crates", "Use extension points for customization", "Create component overrides in approved locations" ] [[protected_paths]] path = "crates/foundation/crates/core-lib/src/routing/" reason = "Core routing system and engine" alternatives = [ "Use route configuration in config/routes/*.toml", "Create custom route handlers via trait implementations", "Override routing behavior through layered configuration" ] [[protected_paths]] path = "crates/foundation/crates/core-lib/src/layered_override.rs" reason = "Layered override system implementation" alternatives = [ "Use layered override system for customization", "Create local overrides in config/local/", "Add feature-specific overrides in config/features/" ] [[protected_paths]] path = "crates/foundation/crates/core-lib/src/integrity.rs" reason = "Framework integrity protection system" alternatives = [ "Report integrity issues to framework maintainers", "Use approved extension points for validation customization" ] [[protected_paths]] path = "templates/shared/" reason = "Core template system used for project generation" alternatives = [ "Create local template overrides in config/local/", "Add feature-specific templates in features/*/templates/", "Use layered override system for template customization" ] [[protected_paths]] path = "crates/templates/rustelo-cli/src/" reason = "Core CLI functionality for framework management" alternatives = [ "Request new CLI features through framework issues", "Create custom CLI extensions as separate crates", "Use CLI hooks and plugins for customization" ] # ============================================================================= # REQUIRED TRAIT IMPLEMENTATIONS - Must be implemented for compatibility # ============================================================================= [[required_traits]] trait_name = "ContentLoader" implementation_path = "src/content/loader.rs" required_methods = ["load", "validate", "cache_key"] compatibility_version = "1.0" description = "Content loading and validation interface" [[required_traits]] trait_name = "RouteHandler" implementation_path = "src/routing/handlers.rs" required_methods = ["handle_request", "supports_route"] compatibility_version = "1.0" description = "Request handling interface for routing system" [[required_traits]] trait_name = "ConfigResolver" implementation_path = "src/config/resolver.rs" required_methods = ["resolve", "validate"] compatibility_version = "1.0" description = "Configuration resolution interface" [[required_traits]] trait_name = "ComponentRenderer" implementation_path = "src/components/renderer.rs" required_methods = ["render", "supports_component"] compatibility_version = "1.0" description = "Component rendering interface" # ============================================================================= # SAFE EXTENSION POINTS - Approved locations for customization # ============================================================================= [[extension_points]] name = "custom_components" location = "src/components/custom/" allowed_modifications = ["create", "modify", "delete"] description = "Custom UI components that don't conflict with framework components" [[extension_points]] name = "content_processors" location = "src/content/processors/" allowed_modifications = ["create", "extend"] description = "Custom content processing logic and transformations" [[extension_points]] name = "local_configuration" location = "config/local/" allowed_modifications = ["create", "modify"] description = "Local configuration overrides with highest precedence" [[extension_points]] name = "feature_extensions" location = "src/features/" allowed_modifications = ["create", "extend"] description = "Feature-specific implementations and extensions" [[extension_points]] name = "custom_middleware" location = "src/middleware/" allowed_modifications = ["create", "register"] description = "Custom middleware for request/response processing" [[extension_points]] name = "custom_templates" location = "templates/custom/" allowed_modifications = ["create", "modify"] description = "Custom templates for code generation and scaffolding" [[extension_points]] name = "asset_processors" location = "src/assets/processors/" allowed_modifications = ["create", "extend"] description = "Custom asset processing and optimization logic" # ============================================================================= # FORBIDDEN PATTERNS - Patterns that break framework compatibility # ============================================================================= [[forbidden_patterns]] pattern = '''hardcoded_routes\s*=\s*\[''' reason = "Hardcoded routes bypass the configuration-driven routing system" suggested_alternative = "Use route configuration in config/routes/*.toml files" severity = "Critical" [[forbidden_patterns]] pattern = '''pub\s+mod\s+core_lib\s*\{''' reason = "Direct framework core modification breaks update compatibility" suggested_alternative = "Implement traits and use extension points instead" severity = "Critical" [[forbidden_patterns]] pattern = '''unsafe\s*\{''' reason = "Unsafe code bypasses framework safety guarantees and may break updates" suggested_alternative = "Use safe alternatives or request framework extension" severity = "High" [[forbidden_patterns]] pattern = '''include_str!\s*\(\s*"\.\.\/''' reason = "Relative includes bypass the framework asset and resource systems" suggested_alternative = "Use framework asset loading APIs and environment variables" severity = "Medium" [[forbidden_patterns]] pattern = '''use\s+rustelo_core::(?!.*pub)''' reason = "Direct internal imports may break when framework internals change" suggested_alternative = "Use public APIs through the main crate interface" severity = "Medium" [[forbidden_patterns]] pattern = '''\.unwrap\s*\(\s*\)''' reason = "Unwrap calls can cause panics and break application stability" suggested_alternative = "Use proper error handling with Result and ? operator" severity = "Medium" [[forbidden_patterns]] pattern = '''panic!\s*\(''' reason = "Explicit panics should be avoided in production code" suggested_alternative = "Return errors through Result types for proper handling" severity = "Low" [[forbidden_patterns]] pattern = '''/[^/\s"]+/[^/\s"]+''' reason = "Hardcoded paths should use configuration or environment variables" suggested_alternative = "Use config files or environment variables for paths" severity = "Medium" # ============================================================================= # UPDATE COMPATIBILITY INFORMATION # ============================================================================= [update_compatibility] breaking_changes_policy = "semantic_versioning" migration_assistance = true automated_migration = [ "configuration", "dependencies", "template_updates", "deprecated_api_updates" ] manual_migration = [ "trait_signature_changes", "major_api_redesigns", "architectural_changes", "security_model_updates" ] # ============================================================================= # VALIDATION RULES AND THRESHOLDS # ============================================================================= [validation_rules] # Minimum compatibility score (0.0-1.0) required for safe updates max_compatibility_score = 0.8 # Maximum number of violations allowed by severity critical_violations_allowed = 0 high_violations_threshold = 3 medium_violations_threshold = 10 low_violations_threshold = 50 # File scanning configuration scan_extensions = ["rs", "toml", "json", "yaml", "md"] exclude_directories = [ "target", "node_modules", ".git", "dist", "build" ] # Performance limits for validation max_files_to_scan = 10000 max_file_size_mb = 10 validation_timeout_seconds = 300 # ============================================================================= # FRAMEWORK FEATURES AND CAPABILITIES # ============================================================================= [framework_capabilities] # Core framework features that implementations can rely on core_features = [ "layered_override_system", "configuration_driven_routing", "component_system", "content_management", "i18n_support", "theme_system", "hot_reload", "build_optimization" ] # Optional features that can be enabled/disabled optional_features = [ "analytics", "smart_build", "debugging_tools", "auth", "content_db", "email", "tls", "metrics" ] # Experimental features (subject to change) experimental_features = [ "advanced_routing", "ui_components", "navigation_testing", "dev_dashboard", "page_generator" ] # ============================================================================= # SECURITY AND COMPLIANCE # ============================================================================= [security] # Security patterns that must not be violated require_csrf_protection = true require_input_validation = true require_secure_headers = true forbid_sql_injection_patterns = true require_encrypted_sensitive_data = true # Compliance requirements audit_trail_required = true security_headers_required = true vulnerability_scanning_required = true # ============================================================================= # QUALITY STANDARDS # ============================================================================= [quality] # Code quality requirements min_test_coverage = 80.0 require_documentation = true require_error_handling = true forbid_deprecated_apis = true require_semantic_versioning = true # Performance requirements max_build_time_seconds = 300 max_memory_usage_mb = 1024 min_lighthouse_score = 90 # Rust-specific quality standards require_clippy_compliance = true require_rustfmt_compliance = true forbid_unsafe_without_justification = true require_comprehensive_error_types = true # ============================================================================= # REPORTING AND MONITORING # ============================================================================= [reporting] # Report formats supported supported_formats = ["human", "json", "junit", "sarif"] default_format = "human" # Report detail levels detail_levels = ["summary", "standard", "detailed", "comprehensive"] default_detail_level = "standard" # Monitoring and alerting enable_continuous_monitoring = true alert_on_critical_violations = true track_compatibility_score_trends = true # ============================================================================= # MIGRATION AND UPGRADE SUPPORT # ============================================================================= [migration] # Migration script locations migration_scripts_path = "scripts/migration/" backup_before_migration = true validate_after_migration = true # Rollback support enable_automatic_rollback = true rollback_on_validation_failure = true keep_migration_backups_days = 30 # Migration assistance provide_migration_guide = true automatic_dependency_updates = true automatic_config_migration = true manual_review_required_for = [ "breaking_changes", "security_updates", "architectural_changes" ]