4f044e7b81
Brings the MVP feature set online: upload a Rhai script, get an HTTP
endpoint that runs it sandboxed in-process, list/update/delete it, and
have invalid sources rejected at upload time. Verified live through
Caddy with a full lifecycle (`create → list → get → execute → update
→ delete`) plus error paths (syntax error, duplicate name, deleted).
Layout — every concern lands behind the trait seam its layer owns, so
cluster-mode in v1.3+ is a swap of two impls, not a rewrite:
* shared::ScriptValidator — manager calls into validation without
a hard dep on executor-core; executor-core impls the trait on
`Engine`. Pinned in shared so neither crate has to know about
the other.
* executor-core::Engine — real Rhai engine: sandbox limits (max
operations / string size / map size / call depth), disabled
`print`, blocked `import` (DummyModuleResolver), `log::trace
/info/warn/error` registered as a static module with shared
log-capture buffer (no `log::debug` because `debug` is a Rhai
reserved keyword — `log::trace` covers the same need).
- `ctx` is pushed as a Scope constant exposing
execution_id, script_id, script_name, request_id,
invocation_type, request.{path,headers,body}.
- Response convention: a Map with `statusCode` is the
structured shape (`{statusCode, headers?, body}`); any
other return value is a 200 with the value as the body.
- Engine::execute is now synchronous (pure compute); the
async wrapper + wall-clock timeout live in
LocalExecutorClient, which spawns_blocking and applies a
300s hard ceiling regardless of per-script config.
- 10 unit tests cover validate, exec, structured response,
ctx exposure, log capture, op-budget enforcement, runtime
errors, blocked imports, JSON round-tripping.
* manager-core::repo — full sqlx CRUD over the `scripts` table,
with proper unique-violation handling for duplicate names.
Embedded migrations via `sqlx::migrate!` (one initial
`0001_init.sql` for pgcrypto + scripts + execution_logs).
* manager-core::api — `admin_router` mounts `/scripts` and
`/scripts/{id}`. Create + Update validate source through the
injected `ScriptValidator` before persistence. Returns proper
422/409/404 status codes via `ApiError::IntoResponse`.
* orchestrator-core::api — `data_plane_router` mounts
`/execute/{id}`: resolves the script through `ScriptResolver`,
constructs the `ExecRequest` from headers+body, awaits
`ExecutorClient::execute(..., timeout)`, translates the
`ExecResponse` to an axum `Response` with header passthrough.
Maps `ExecError` variants to 422/504/502/507.
* picloud all-in-one — opens the pool, runs migrations, builds
one engine, nests both routers under `/api/admin` and `/api`,
enables structured JSON tracing and graceful shutdown on
SIGTERM. Single `PostgresScriptRepository` Arc is shared by
the admin router (writes) and the resolver (reads).
Other changes:
* Workspace axum bump 0.7 → 0.8 for the `{id}` path syntax
matching the route definitions.
* Workspace clippy: allow `needless_pass_by_value` and
`boxed_local` to keep API ergonomics over pedantic noise.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
86 lines
2.2 KiB
TOML
86 lines
2.2 KiB
TOML
[workspace]
|
|
resolver = "2"
|
|
members = [
|
|
"crates/shared",
|
|
"crates/executor-core",
|
|
"crates/orchestrator-core",
|
|
"crates/manager-core",
|
|
"crates/picloud",
|
|
"crates/picloud-manager",
|
|
"crates/picloud-orchestrator",
|
|
"crates/picloud-executor",
|
|
]
|
|
|
|
[workspace.package]
|
|
edition = "2021"
|
|
rust-version = "1.92"
|
|
license = "MIT OR Apache-2.0"
|
|
authors = ["PiCloud contributors"]
|
|
repository = "https://github.com/fhamm/picloud"
|
|
|
|
[workspace.dependencies]
|
|
# Internal crates
|
|
picloud-shared = { path = "crates/shared" }
|
|
picloud-executor-core = { path = "crates/executor-core" }
|
|
picloud-orchestrator-core = { path = "crates/orchestrator-core" }
|
|
picloud-manager-core = { path = "crates/manager-core" }
|
|
|
|
# Async + HTTP
|
|
tokio = { version = "1.40", features = ["full"] }
|
|
axum = "0.8"
|
|
tower = "0.5"
|
|
tower-http = { version = "0.6", features = ["trace", "cors"] }
|
|
hyper = "1"
|
|
|
|
# Serialization
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
|
|
# Errors + logging
|
|
thiserror = "1"
|
|
anyhow = "1"
|
|
tracing = "0.1"
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
|
|
|
|
# IDs + time
|
|
uuid = { version = "1", features = ["v4", "serde"] }
|
|
chrono = { version = "0.4", features = ["serde"] }
|
|
|
|
# Async traits
|
|
async-trait = "0.1"
|
|
|
|
# Rhai scripting
|
|
rhai = { version = "1.19", features = ["sync", "serde"] }
|
|
|
|
# Postgres (manager-core only — others stay DB-free)
|
|
sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "postgres", "uuid", "chrono", "json", "macros", "migrate"] }
|
|
|
|
# Config
|
|
figment = { version = "0.10", features = ["toml", "env"] }
|
|
|
|
# HTTP client (for RemoteExecutorClient later)
|
|
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
|
|
|
|
[workspace.lints.rust]
|
|
unsafe_code = "forbid"
|
|
|
|
[workspace.lints.clippy]
|
|
all = { level = "warn", priority = -1 }
|
|
pedantic = { level = "warn", priority = -1 }
|
|
module_name_repetitions = "allow"
|
|
missing_errors_doc = "allow"
|
|
missing_panics_doc = "allow"
|
|
doc_markdown = "allow"
|
|
# API ergonomics: we deliberately take values by ownership for owned
|
|
# inputs (e.g. ExecRequest) and accept Rhai's Box<EvalAltResult> as-is.
|
|
needless_pass_by_value = "allow"
|
|
boxed_local = "allow"
|
|
|
|
[profile.release]
|
|
lto = "thin"
|
|
codegen-units = 1
|
|
strip = "symbols"
|
|
|
|
[profile.dev]
|
|
debug = 1
|