chore: initial scaffold — workspace, docs, blueprint

Sets up the PiCloud monorepo as a Cargo workspace organised around the three-service architecture (manager / orchestrator / executor), each backed by a *-core library crate so the same logic powers both the MVP all-in-one `picloud` binary and the future split-process cluster mode. * crates/shared, executor-core, orchestrator-core, manager-core define the library surface and trait seams between the three services (`ExecutorClient`, `ScriptResolver`, `ScriptRepository`). * crates/picloud is the MVP entrypoint; serves /healthz on 8080 (override via PICLOUD_BIND). * crates/picloud-{manager,orchestrator,executor} are skeleton binaries that keep the crate boundaries honest until cluster mode is built out in v1.3+. * docs/git-workflow.md defines the trunk-based workflow: short-lived branches, Conventional Commits, separate hotfix flow with mandatory reproduction tests. * CLAUDE.md captures the working rules for future Claude sessions. Workspace passes `cargo fmt`, `cargo clippy -D warnings` (with pedantic enabled), and `cargo test --workspace`. The all-in-one binary responds on `/healthz` and `/`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 23:16:32 +02:00
commit b8b544816d
36 changed files with 5843 additions and 0 deletions
--- a/crates/executor-core/src/sandbox.rs
+++ b/crates/executor-core/src/sandbox.rs
@@ -0,0 +1,37 @@
+/// Resource and capability limits applied to every script execution.
+///
+/// Defaults are conservative and safe to expose to untrusted Rhai sources.
+/// Per-script overrides (e.g. higher operation budgets) come from the
+/// `Script` config and are clamped against these as upper bounds.
+#[derive(Debug, Clone, Copy)]
+pub struct Limits {
+    /// Hard cap on Rhai operations executed per invocation.
+    /// Doubles as a CPU-time proxy without needing real timers.
+    pub max_operations: u64,
+
+    /// Max length of any single string the script constructs.
+    pub max_string_size: usize,
+
+    /// Max number of elements in any array.
+    pub max_array_size: usize,
+
+    /// Max number of properties in any object/map.
+    pub max_map_size: usize,
+
+    /// Max call/expression nesting depth.
+    pub max_call_levels: usize,
+    pub max_expr_depth: usize,
+}
+
+impl Default for Limits {
+    fn default() -> Self {
+        Self {
+            max_operations: 1_000_000,
+            max_string_size: 64 * 1024,
+            max_array_size: 10_000,
+            max_map_size: 10_000,
+            max_call_levels: 64,
+            max_expr_depth: 64,
+        }
+    }
+}