fabi/PiCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
834c787ee121075fbfa91ad43085f61c0e4b6b28
PiCloud/Cargo.toml
MechaCat02 10b5f655d5 feat(v1.1.4): outbound HTTP SDK + cron triggers 
HTTP (`http::*`):
- `HttpService` trait (picloud-shared) + reqwest-backed `HttpServiceImpl`
  (manager-core), wired into the `Services` bundle.
- SSRF deny-list applied to the resolved IP via a custom reqwest
  `dns_resolver` (covers every redirect hop + defeats DNS rebinding) plus
  a literal-IP check at URL-parse time. Scheme/port restrictions, request
  + response body caps (stream-with-cap), layered timeout. Error reason is
  a CIDR category, never the IP. `PICLOUD_HTTP_ALLOW_PRIVATE` dev override
  (logs a startup warning).
- Rhai bridge with three-arg split `verb(url, body, opts)` (resolves the
  brief's body-vs-opts contradiction; unknown opt keys throw). Body
  dispatch by type; response `#{status,headers,body,body_raw}` with JSON
  auto-parse; non-2xx does not throw.
- `Capability::AppHttpRequest` → existing `script:write` scope (no new
  Scope variant). `SdkCallCx` gains `script_id` (attribution + User-Agent).

Cron triggers (4th trigger kind):
- Migration 0017 widens the kind/source_kind CHECKs and adds
  `cron_trigger_details`. `cron`/`chrono-tz` parse + validate 6-field
  schedules and IANA timezones.
- `spawn_cron_scheduler` polls due triggers and enqueues to the universal
  outbox; the dispatcher delivers them (one-line match-arm extension).
  Catch-up fires exactly once per trigger per tick, not once per missed
  window. `ctx.event.cron` for handlers.
- `POST /api/v1/admin/apps/{id}/triggers/cron` reuses the v1.1.3
  cross-app + kind!=module target check.
- Dashboard: admin-gated Triggers tab (cron create form + list).

Follow-ups: redact module backend errors at the resolver boundary (log
original at error level); pin `rhai = "=1.24"`; CHANGELOG incl. retroactive
v1.1.3 cross-app-trigger security note. Version bumps: workspace 1.1.4,
SDK 1.5, dashboard 0.10.0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-03 20:23:18 +02:00

113 lines
3.0 KiB
TOML
Raw Blame History

[workspace]
resolver = "2"
members = [
"crates/shared",
"crates/executor-core",
"crates/orchestrator-core",
"crates/manager-core",
"crates/picloud",
"crates/picloud-manager",
"crates/picloud-orchestrator",
"crates/picloud-executor",
"crates/picloud-cli",
]
[workspace.package]
version = "1.1.4"
edition = "2021"
rust-version = "1.92"
license = "MIT OR Apache-2.0"
authors = ["PiCloud contributors"]
repository = "https://github.com/fhamm/picloud"
[workspace.dependencies]
# Internal crates
picloud-shared = { path = "crates/shared" }
picloud-executor-core = { path = "crates/executor-core" }
picloud-orchestrator-core = { path = "crates/orchestrator-core" }
picloud-manager-core = { path = "crates/manager-core" }
# Async + HTTP
tokio = { version = "1.40", features = ["full"] }
axum = "0.8"
tower = "0.5"
tower-http = { version = "0.6", features = ["trace", "cors"] }
hyper = "1"
# Serialization
serde = { version = "1", features = ["derive"] }
serde_json = "1"
# Errors + logging
thiserror = "1"
anyhow = "1"
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
# IDs + time
uuid = { version = "1", features = ["v4", "serde"] }
chrono = { version = "0.4", features = ["serde"] }
# Cron schedule parsing (v1.1.4 cron triggers) + IANA timezone resolution.
chrono-tz = "0.9"
cron = "0.12"
# Async traits
async-trait = "0.1"
# Rhai scripting. Pinned exactly (`=1.24`) because the `internals`
# feature surface is not semver-stable — future bumps must be deliberate.
rhai = { version = "=1.24", features = ["sync", "serde"] }
# Postgres (manager-core only — others stay DB-free)
sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "postgres", "uuid", "chrono", "json", "macros", "migrate"] }
# Config
figment = { version = "0.10", features = ["toml", "env"] }
# HTTP client (for RemoteExecutorClient later)
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
# URL parsing (for match-preview admin endpoint)
url = "2"
urlencoding = "2"
# Auth (admin users + sessions + API keys)
argon2 = "0.5"
rand = { version = "0.8", features = ["getrandom"] }
sha2 = "0.10"
base64 = "0.22"
data-encoding = "2.6"
# Stdlib utility crates (v1.1.0 stdlib PR — registered into the
# Rhai engine as the regex::/random::/etc. namespaces)
regex = "1"
hex = "0.4"
percent-encoding = "2"
# LRU caches (v1.1.3 — top-level script AST cache in orchestrator-core +
# per-module compiled-module cache in executor-core).
lru = "0.12"
[workspace.lints.rust]
unsafe_code = "forbid"
[workspace.lints.clippy]
all = { level = "warn", priority = -1 }
pedantic = { level = "warn", priority = -1 }
module_name_repetitions = "allow"
missing_errors_doc = "allow"
missing_panics_doc = "allow"
doc_markdown = "allow"
# API ergonomics: we deliberately take values by ownership for owned
# inputs (e.g. ExecRequest) and accept Rhai's Box<EvalAltResult> as-is.
needless_pass_by_value = "allow"
boxed_local = "allow"
[profile.release]
lto = "thin"
codegen-units = 1
strip = "symbols"
[profile.dev]
debug = 1
Reference in New Issue View Git Blame Copy Permalink