diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml new file mode 100644 index 0000000..773663c --- /dev/null +++ b/.github/workflows/ci-cd.yml @@ -0,0 +1,162 @@ +name: CI/CD Pipeline + +on: + push: + branches: [ main, dev, feat, feature/* ] + pull_request: + branches: [ main, dev ] + +env: + CARGO_TERM_COLOR: always + +jobs: + rust-check: + name: Rust Code Quality + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + components: rustfmt, clippy + override: true + + - name: Cache cargo registry + uses: actions/cache@v3 + with: + path: ~/.cargo/registry + key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} + + - name: Cache cargo index + uses: actions/cache@v3 + with: + path: ~/.cargo/git + key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} + + - name: Cache cargo build + uses: actions/cache@v3 + with: + path: target + key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }} + + - name: Check formatting + run: | + cd src/security && cargo fmt -- --check + cd ../sandbox && cargo fmt -- --check + cd ../ipc && cargo fmt -- --check + cd ../network && cargo fmt -- --check + cd ../storage && cargo fmt -- --check + cd ../platform && cargo fmt -- --check + cd ../render && cargo fmt -- --check + + - name: Run Clippy + run: | + cd src/security && cargo clippy -- -D warnings + cd ../sandbox && cargo clippy -- -D warnings + cd ../ipc && cargo clippy -- -D warnings + cd ../network && cargo clippy -- -D warnings + cd ../storage && cargo clippy -- -D warnings + cd ../platform && cargo clippy -- -D warnings + cd ../render && cargo clippy -- -D warnings + + - name: Run tests + run: | + cd src/security && cargo test + cd ../sandbox && cargo test + cd ../ipc && cargo test + cd ../network && cargo test + cd ../storage && cargo test + cd ../platform && cargo test + cd ../render && cargo test + + build: + name: Build Project + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, windows-latest, macos-latest] + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust (Unix) + if: runner.os != 'Windows' + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + override: true + + - name: Install Rust (Windows) + if: runner.os == 'Windows' + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + override: true + + - name: Build Rust components + run: | + cd src/security && cargo build --release + cd ../sandbox && cargo build --release + cd ../ipc && cargo build --release + cd ../network && cargo build --release + cd ../storage && cargo build --release + cd ../platform && cargo build --release + cd ../render && cargo build --release + + security-audit: + name: Security Audit + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + override: true + + - name: Install cargo-audit + run: cargo install cargo-audit + + - name: Run security audit + run: | + cargo audit + + code-coverage: + name: Code Coverage + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + override: true + + - name: Install tarpaulin + run: cargo install cargo-tarpaulin + + - name: Generate coverage report + run: | + cargo tarpaulin --out Xml --output-dir ./coverage + + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v3 + with: + files: ./coverage/*.xml + flags: unittests + name: codecov-umbrella + fail_ci_if_error: false + + diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..164dacc --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,19 @@ +cmake_minimum_required(VERSION 3.20) +project(MoDaCore VERSION 0.1.0 LANGUAGES Rust) + +set(CMAKE_EXPORT_COMPILE_COMMANDS ON) + +option(MODA_BUILD_TESTS "Build tests" ON) +option(MODA_BUILD_EXAMPLES "Build examples" ON) +option(MODA_ENABLE_LTO "Enable link-time optimization" OFF) + +find_package(Rust_CARGO REQUIRED) + +if(MODA_BUILD_TESTS) + enable_testing() + add_subdirectory(tests) +endif() + +if(MODA_BUILD_EXAMPLES) + add_subdirectory(examples) +endif() diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..d588d86 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,2190 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "anes" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" + +[[package]] +name = "anstyle" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000" + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "base64" +version = "0.21.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" + +[[package]] +name = "bincode" +version = "1.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +dependencies = [ + "serde", +] + +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "bitflags" +version = "2.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" + +[[package]] +name = "bumpalo" +version = "3.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" + +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" + +[[package]] +name = "cast" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" + +[[package]] +name = "cc" +version = "1.2.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1e928d4b69e3077709075a938a05ffbedfa53a84c8f766efbf8220bb1ff60e1" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "ciborium" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e" +dependencies = [ + "ciborium-io", + "ciborium-ll", + "serde", +] + +[[package]] +name = "ciborium-io" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757" + +[[package]] +name = "ciborium-ll" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9" +dependencies = [ + "ciborium-io", + "half", +] + +[[package]] +name = "clap" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b193af5b67834b676abd72466a96c1024e6a6ad978a1f484bd90b85c94041351" +dependencies = [ + "clap_builder", +] + +[[package]] +name = "clap_builder" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f" +dependencies = [ + "anstyle", + "clap_lex", +] + +[[package]] +name = "clap_lex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9" + +[[package]] +name = "core-foundation" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "criterion" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2b12d017a929603d80db1831cd3a24082f8137ce19c69e6447f54f5fc8d692f" +dependencies = [ + "anes", + "cast", + "ciborium", + "clap", + "criterion-plot", + "is-terminal", + "itertools", + "num-traits", + "once_cell", + "oorandom", + "plotters", + "rayon", + "regex", + "serde", + "serde_derive", + "serde_json", + "tinytemplate", + "walkdir", +] + +[[package]] +name = "criterion-plot" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1" +dependencies = [ + "cast", + "itertools", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + +[[package]] +name = "crunchy" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" + +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "encoding_rs" +version = "0.8.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "fastrand" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "fnv" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" + +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", + "slab", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "getrandom" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasip2", + "wasip3", +] + +[[package]] +name = "h2" +version = "0.3.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0beca50380b1fc32983fc1cb4587bfa4bb9e78fc259aad4a0032d2080309222d" +dependencies = [ + "bytes", + "fnv", + "futures-core", + "futures-sink", + "futures-util", + "http", + "indexmap", + "slab", + "tokio", + "tokio-util", + "tracing", +] + +[[package]] +name = "half" +version = "2.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ea2d84b969582b4b1864a92dc5d27cd2b77b622a8d79306834f1be5ba20d84b" +dependencies = [ + "cfg-if", + "crunchy", + "zerocopy", +] + +[[package]] +name = "hashbrown" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" +dependencies = [ + "foldhash", +] + +[[package]] +name = "hashbrown" +version = "0.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hermit-abi" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c" + +[[package]] +name = "http" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" +dependencies = [ + "bytes", + "fnv", + "itoa", +] + +[[package]] +name = "http-body" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" +dependencies = [ + "bytes", + "http", + "pin-project-lite", +] + +[[package]] +name = "httparse" +version = "1.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" + +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + +[[package]] +name = "hyper" +version = "0.14.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7" +dependencies = [ + "bytes", + "futures-channel", + "futures-core", + "futures-util", + "h2", + "http", + "http-body", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "socket2 0.5.10", + "tokio", + "tower-service", + "tracing", + "want", +] + +[[package]] +name = "hyper-tls" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" +dependencies = [ + "bytes", + "hyper", + "native-tls", + "tokio", + "tokio-native-tls", +] + +[[package]] +name = "icu_collections" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c6b649701667bbe825c3b7e6388cb521c23d88644678e83c0c4d0a621a34b43" +dependencies = [ + "displaydoc", + "potential_utf", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locale_core" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edba7861004dd3714265b4db54a3c390e880ab658fec5f7db895fae2046b5bb6" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_normalizer" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f6c8828b67bf8908d82127b2054ea1b4427ff0230ee9141c54251934ab1b599" +dependencies = [ + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a" + +[[package]] +name = "icu_properties" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" +dependencies = [ + "icu_collections", + "icu_locale_core", + "icu_properties_data", + "icu_provider", + "zerotrie", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" + +[[package]] +name = "icu_provider" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85962cf0ce02e1e0a629cc34e7ca3e373ce20dda4c4d7294bbd0bf1fdb59e614" +dependencies = [ + "displaydoc", + "icu_locale_core", + "writeable", + "yoke", + "zerofrom", + "zerotrie", + "zerovec", +] + +[[package]] +name = "id-arena" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "idna" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "indexmap" +version = "2.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +dependencies = [ + "equivalent", + "hashbrown 0.16.1", + "serde", + "serde_core", +] + +[[package]] +name = "ipnet" +version = "2.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2" + +[[package]] +name = "is-terminal" +version = "0.4.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3640c1c38b8e4e43584d8df18be5fc6b0aa314ce6ebf51b53313d4306cca8e46" +dependencies = [ + "hermit-abi", + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "itertools" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "js-sys" +version = "0.3.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc4c90f45aa2e6eacbe8645f77fdea542ac97a494bcd117a67df9ff4d611f995" +dependencies = [ + "cfg-if", + "futures-util", + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + +[[package]] +name = "libc" +version = "0.2.183" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" + +[[package]] +name = "linux-raw-sys" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53" + +[[package]] +name = "litemap" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6373607a59f0be73a39b6fe456b8192fcc3585f602af20751600e974dd455e77" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "memoffset" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a" +dependencies = [ + "autocfg", +] + +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + +[[package]] +name = "mio" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.61.2", +] + +[[package]] +name = "moda-core" +version = "0.1.0" +dependencies = [ + "criterion", + "moda-ipc", + "moda-network", + "moda-platform", + "moda-render", + "moda-sandbox", + "moda-security", + "moda-storage", + "serde", + "serde_json", + "thiserror", + "tokio", + "tracing", + "tracing-subscriber", +] + +[[package]] +name = "moda-ipc" +version = "0.1.0" +dependencies = [ + "bincode", + "bytes", + "ring", + "serde", + "serde_json", + "thiserror", + "tokio", + "tracing", + "uuid", +] + +[[package]] +name = "moda-network" +version = "0.1.0" +dependencies = [ + "reqwest", + "thiserror", + "tokio", + "tracing", +] + +[[package]] +name = "moda-platform" +version = "0.1.0" +dependencies = [ + "thiserror", + "tracing", +] + +[[package]] +name = "moda-render" +version = "0.1.0" +dependencies = [ + "serde", + "thiserror", + "tracing", +] + +[[package]] +name = "moda-sandbox" +version = "0.1.0" +dependencies = [ + "nix", + "serde", + "thiserror", + "tracing", +] + +[[package]] +name = "moda-security" +version = "0.1.0" +dependencies = [ + "ring", + "serde", + "thiserror", + "tracing", +] + +[[package]] +name = "moda-storage" +version = "0.1.0" +dependencies = [ + "ring", + "serde", + "thiserror", + "tracing", +] + +[[package]] +name = "native-tls" +version = "0.2.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "465500e14ea162429d264d44189adc38b199b62b1c21eea9f69e4b73cb03bbf2" +dependencies = [ + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + +[[package]] +name = "nix" +version = "0.27.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" +dependencies = [ + "bitflags 2.11.0", + "cfg-if", + "libc", + "memoffset", +] + +[[package]] +name = "nu-ansi-term" +version = "0.50.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "oorandom" +version = "11.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e" + +[[package]] +name = "openssl" +version = "0.10.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "951c002c75e16ea2c65b8c7e4d3d51d5530d8dfa7d060b4776828c88cfb18ecf" +dependencies = [ + "bitflags 2.11.0", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "openssl-probe" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" + +[[package]] +name = "openssl-sys" +version = "0.9.112" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57d55af3b3e226502be1526dfdba67ab0e9c96fc293004e79576b2b9edb0dbdb" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pkg-config" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" + +[[package]] +name = "plotters" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" +dependencies = [ + "num-traits", + "plotters-backend", + "plotters-svg", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "plotters-backend" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" + +[[package]] +name = "plotters-svg" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670" +dependencies = [ + "plotters-backend", +] + +[[package]] +name = "potential_utf" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b73949432f5e2a09657003c25bca5e19a0e9c84f8058ca374f49e0ebe605af77" +dependencies = [ + "zerovec", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "rayon" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "368f01d005bf8fd9b1206fb6fa653e6c4a81ceb1466406b81792d87c5677a58f" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags 2.11.0", +] + +[[package]] +name = "regex" +version = "1.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "reqwest" +version = "0.11.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" +dependencies = [ + "base64", + "bytes", + "encoding_rs", + "futures-core", + "futures-util", + "h2", + "http", + "http-body", + "hyper", + "hyper-tls", + "ipnet", + "js-sys", + "log", + "mime", + "native-tls", + "once_cell", + "percent-encoding", + "pin-project-lite", + "rustls-pemfile", + "serde", + "serde_json", + "serde_urlencoded", + "sync_wrapper", + "system-configuration", + "tokio", + "tokio-native-tls", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", + "winreg", +] + +[[package]] +name = "ring" +version = "0.17.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" +dependencies = [ + "cc", + "cfg-if", + "getrandom 0.2.17", + "libc", + "untrusted", + "windows-sys 0.52.0", +] + +[[package]] +name = "rustix" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" +dependencies = [ + "bitflags 2.11.0", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.61.2", +] + +[[package]] +name = "rustls-pemfile" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +dependencies = [ + "base64", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "schannel" +version = "0.1.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91c1b7e4904c873ef0710c1f407dde2e6287de2bebc1bbbf7d430bb7cbffd939" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "security-framework" +version = "3.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" +dependencies = [ + "bitflags 2.11.0", + "core-foundation 0.10.1", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "semver" +version = "1.0.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sharded-slab" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "socket2" +version = "0.5.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e22376abed350d73dd1cd119b57ffccad95b4e585a7cda43e286245ce23c0678" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "sync_wrapper" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "system-configuration" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" +dependencies = [ + "bitflags 1.3.2", + "core-foundation 0.9.4", + "system-configuration-sys", +] + +[[package]] +name = "system-configuration-sys" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "tempfile" +version = "3.27.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd" +dependencies = [ + "fastrand", + "getrandom 0.4.2", + "once_cell", + "rustix", + "windows-sys 0.61.2", +] + +[[package]] +name = "thiserror" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thread_local" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "tinystr" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinytemplate" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc" +dependencies = [ + "serde", + "serde_json", +] + +[[package]] +name = "tokio" +version = "1.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d" +dependencies = [ + "bytes", + "libc", + "mio", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2 0.6.3", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c55a2eff8b69ce66c84f85e1da1c233edc36ceb85a2058d11b0d6a3c7e7569c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-native-tls" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +dependencies = [ + "native-tls", + "tokio", +] + +[[package]] +name = "tokio-util" +version = "0.7.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "tower-service" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", + "valuable", +] + +[[package]] +name = "tracing-log" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" +dependencies = [ + "log", + "once_cell", + "tracing-core", +] + +[[package]] +name = "tracing-subscriber" +version = "0.3.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319" +dependencies = [ + "nu-ansi-term", + "sharded-slab", + "smallvec", + "thread_local", + "tracing-core", + "tracing-log", +] + +[[package]] +name = "try-lock" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "url" +version = "2.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", + "serde", +] + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + +[[package]] +name = "uuid" +version = "1.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ac8b6f42ead25368cf5b098aeb3dc8a1a2c05a3eee8a9a1a68c640edbfc79d9" +dependencies = [ + "getrandom 0.4.2", + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "valuable" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "want" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" +dependencies = [ + "try-lock", +] + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.2+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.115" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6523d69017b7633e396a89c5efab138161ed5aafcbc8d3e5c5a42ae38f50495a" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d1faf851e778dfa54db7cd438b70758eba9755cb47403f3496edd7c8fc212f0" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.115" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e3a6c758eb2f701ed3d052ff5737f5bfe6614326ea7f3bbac7156192dc32e67" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.115" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "921de2737904886b52bcbb237301552d05969a6f9c40d261eb0533c8b055fedf" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.115" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a93e946af942b58934c604527337bad9ae33ba1d5c6900bbb41c2c07c2364a93" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags 2.11.0", + "hashbrown 0.15.5", + "indexmap", + "semver", +] + +[[package]] +name = "web-sys" +version = "0.3.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "84cde8507f4d7cfcb1185b8cb5890c494ffea65edbe1ba82cfd63661c805ed94" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "winapi-util" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "winreg" +version = "0.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" +dependencies = [ + "cfg-if", + "windows-sys 0.48.0", +] + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap", + "prettyplease", + "syn", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", + "bitflags 2.11.0", + "indexmap", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", +] + +[[package]] +name = "writeable" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9edde0db4769d2dc68579893f2306b26c6ecfbe0ef499b013d731b7b9247e0b9" + +[[package]] +name = "yoke" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72d6e5c6afb84d73944e5cedb052c4680d5657337201555f9f2a16b7406d4954" +dependencies = [ + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerocopy" +version = "0.8.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efbb2a062be311f2ba113ce66f697a4dc589f85e78a4aea276200804cea0ed87" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e8bc7269b54418e7aeeef514aa68f8690b8c0489a06b0136e5f57c4c5ccab89" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zerofrom" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50cc42e0333e05660c3587f3bf9d0478688e15d870fab3346451ce7f8c9fbea5" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerotrie" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a59c17a5562d507e4b54960e8569ebee33bee890c70aa3fe7b97e85a9fd7851" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", +] + +[[package]] +name = "zerovec" +version = "0.11.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..05acbec --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,49 @@ +[package] +name = "moda-core" +version = "0.1.0" +edition = "2021" +description = "MoDa Browser Core - Modern secure browser engine" +license = "MIT" +repository = "https://github.com/Moda-Browser/Core" + +[[bin]] +name = "moda-core" +path = "src/main.rs" + +[workspace] +members = [ + "src/security", + "src/sandbox", + "src/ipc", + "src/network", + "src/storage", + "src/platform", + "src/render", +] + +[dependencies] +tokio = { version = "1.35", features = ["full"] } +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" +thiserror = "1.0" +tracing = "0.1" +tracing-subscriber = "0.3" +moda-security = { path = "src/security" } +moda-sandbox = { path = "src/sandbox" } +moda-ipc = { path = "src/ipc" } +moda-network = { path = "src/network" } +moda-storage = { path = "src/storage" } +moda-platform = { path = "src/platform" } +moda-render = { path = "src/render" } + +[dev-dependencies] +criterion = "0.5" + +[profile.release] +opt-level = 3 +lto = true +codegen-units = 1 + +[profile.dev] +opt-level = 0 +debug = true diff --git a/README.md b/README.md index e4ca712..ba3dcf3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ -# Core +# Ferrum MoDa-Ferris浏览器核心Ferrum所在仓库 diff --git a/commit_msg.txt b/commit_msg.txt new file mode 100644 index 0000000..d0babff --- /dev/null +++ b/commit_msg.txt @@ -0,0 +1,9 @@ +refactor(M001): rewrite C++ render engine to Rust + +- Convert all C++ rendering components to Rust +- Remove CMake build configuration for C++ +- Add render module to Rust workspace +- Update CI/CD workflow to only use Rust +- Fix platform compatibility issues in sandbox +- Fix borrow checker errors in render module +- All tests passing successfully diff --git a/docs/M001-SUMMARY.md b/docs/M001-SUMMARY.md new file mode 100644 index 0000000..1ecf98c --- /dev/null +++ b/docs/M001-SUMMARY.md @@ -0,0 +1,41 @@ +# M001 核心架构完善与修复 + +## 概述 +本阶段完成了核心模块的测试修复、代码质量提升、CI/CD流程优化以及安全加固。 + +## 主要变更 + +### 1. Storage模块修复 +- **问题**: ring crate 0.17 版本API变更导致测试失败 +- **修复**: 更新 LessSafeKey 构造方式,使用 UnboundKey::new() + LessSafeKey::new(unbound_key) +- **详情**: 解密后需要手动截断16字节的认证标签 + +### 2. 代码质量提升 +- **格式化**: 统一所有模块代码格式 +- **Clippy警告**: + - protocol.rs: 使用 #[derive(Default)] 替代手动实现 + - security.rs: 使用简化位运算赋值操作符 + +### 3. CI/CD工作流优化 +- **安全审计**: 改为在根目录运行 cargo audit,避免 Cargo.lock 找不到问题 +- **代码覆盖率**: 简化为在根目录运行 cargo tarpaulin + +### 4. 安全加固 +- **IPC加密**: 使用 AES-256-GCM 替代不安全的 XOR 加密 +- **实现**: + - 支持随机 nonce 生成 + - 认证加密,同时提供加密和完整性验证 + - 通过 with_key() 方法设置32字节密钥 + +## 修复的问题 +- Storage模块测试失败 +- 代码格式不一致 +- CI/CD安全审计和覆盖率配置错误 +- IPC使用简单XOR加密的安全隐患 + +## 变更文件 +- src/storage/lib.rs +- src/ipc/protocol.rs +- src/ipc/security.rs +- src/ipc/Cargo.toml +- .github/workflows/ci-cd.yml diff --git a/docs/M001-technical-evaluation.md b/docs/M001-technical-evaluation.md new file mode 100644 index 0000000..dad6ef0 --- /dev/null +++ b/docs/M001-technical-evaluation.md @@ -0,0 +1,223 @@ +# M001 核心架构设计 - 技术方案评估 + +## 1. 架构概述 + +MoDa Browser Core 采用模块化架构,将系统划分为多个独立的功能模块,每个模块负责特定的功能领域。这种设计确保了高内聚、低耦合,便于维护和扩展。 + +## 2. 技术选型评估 + +### 2.1 技术选型决策 + +经过全面评估,我们决定采用**以 Rust 为主、必要时使用 C++**的技术方案: + +**核心决策原则**: +- 优先使用 Rust 以确保内存安全和开发效率 +- 仅在性能关键或需要成熟生态的特定场景使用 C++ +- 通过 FFI 实现跨语言互操作 + +**Rust 优先领域**: +- 安全框架(security) +- 沙箱管理(sandbox) +- 进程间通信(ipc) +- 网络栈(network) +- 安全存储(storage) +- 平台抽象层(platform) +- 渲染引擎(render) + +**C++ 保留领域**: +- 暂无(原计划用于渲染引擎,现已改用 Rust) + +### 2.2 Rust 和 C++ 混合编程方案 + +#### 评估标准 +- **内存安全**: Rust 提供编译时内存安全保证 +- **性能**: 两种语言都能提供接近 C 的性能 +- **生态**: Rust 生态快速增长,C++ 生态成熟 +- **开发效率**: Rust 的类型系统和借用检查提高开发效率 +- **互操作性**: 两种语言可以通过 FFI 进行互操作 + +#### 方案选择 +- **安全关键组件**: 使用 Rust 实现 + - 安全框架 + - 沙箱管理 + - 进程间通信 (IPC) + - 网络栈 + - 安全存储 + - 平台抽象层 + - 渲染引擎 + +#### 优势 +1. **安全性**: Rust 的内存安全特性减少了安全漏洞 +2. **性能**: Rust 在大多数场景下性能优异 +3. **灵活性**: 可以根据需求选择最适合的语言 +4. **可维护性**: 模块化设计便于独立开发和测试 +5. **开发效率**: Rust 的类型系统和借用检查提高开发效率 + +#### 挑战 +1. **构建复杂度**: 需要协调 Rust 构建系统 +2. **FFI 开销**: 跨语言调用有一定的性能开销 +3. **调试难度**: 需要熟悉 Rust 调试工具 + +### 2.3 构建系统选择 + +#### Cargo +- **优势**: + - Rust 官方包管理器 + - 依赖管理简单 + - 内置测试和文档生成 +- **选择理由**: 管理 Rust 组件的构建和依赖 + +### 2.4 模块化架构设计 + +#### 模块划分 +1. **security**: 安全框架和能力系统 +2. **sandbox**: 沙箱管理和进程隔离 +3. **ipc**: 进程间通信机制 +4. **network**: 网络栈实现 +5. **storage**: 安全存储 +6. **platform**: 平台抽象层 +7. **render**: 渲染引擎 + +#### 模块间通信 +- 使用 IPC 机制进行跨模块通信 +- 定义清晰的接口契约 +- 使用序列化协议 (JSON/Binary) + +## 3. 技术实现细节 + +### 3.1 安全框架 + +**实现语言**: Rust + +**核心功能**: +- 能力令牌管理 +- 权限验证 +- 输入验证 + +**技术要点**: +- 使用 `ring` 库实现加密功能 +- 使用 `serde` 进行序列化 +- 使用 `thiserror` 进行错误处理 + +### 3.2 沙箱管理 + +**实现语言**: Rust + +**核心功能**: +- 进程隔离 +- 命名空间隔离 +- 系统调用过滤 + +**技术要点**: +- 使用 `nix` 库进行系统调用 +- 支持 Linux 命名空间 +- 实现进程生命周期管理 + +### 3.3 进程间通信 + +**实现语言**: Rust + +**核心功能**: +- 消息传递 +- 序列化/反序列化 +- 安全验证 + +**技术要点**: +- 使用 `tokio` 实现异步通信 +- 支持 JSON 和 Binary 协议 +- 实现消息加密和认证 + +### 3.4 渲染引擎 + +**实现语言**: Rust + +**核心功能**: +- DOM 管理 +- 布局计算 +- 绘制引擎 + +**技术要点**: +- 使用 Rust 的类型系统和所有权模型 +- 实现模块化设计 +- 支持序列化和反序列化 + +## 4. 性能考虑 + +### 4.1 编译优化 +- Rust: 使用 `release` profile,启用 LTO +- 代码优化:零成本抽象和内联 + +### 4.2 运行时优化 +- 零拷贝传输:通过引用传递避免数据拷贝 +- 异步 I/O:使用 tokio 实现高效异步操作 +- 对象池:复用对象减少分配开销 + +### 4.3 内存优化 +- Rust 的所有权系统避免不必要的拷贝 +- 使用智能指针管理内存 +- 实现内存池减少分配开销 + +## 5. 安全考虑 + +### 5.1 内存安全 +- Rust 组件保证内存安全 +- 编译时检查防止常见安全漏洞 + +### 5.2 进程隔离 +- 每个组件运行在独立进程中 +- 使用沙箱限制系统调用 + +### 5.3 数据安全 +- 敏感数据加密存储 +- 安全处理用户输入 +- 防止注入攻击 + +## 6. 可扩展性 + +### 6.1 模块化设计 +- 每个模块可以独立开发和测试 +- 模块间通过定义良好的接口通信 + +### 6.2 插件系统 +- 支持动态加载插件 +- 定义插件接口规范 + +### 6.3 配置管理 +- 支持运行时配置 +- 使用配置文件管理策略 + +## 7. 测试策略 + +### 7.1 单元测试 +- Rust: 使用内置 `test` 框架 +- 测试命名:`test_module_functionality` +- 测试范围: + - 核心业务逻辑 + - 数据处理 + - 异常处理 + - 边界情况 +- 测试独立性:每个测试独立运行 + +### 7.2 集成测试 +- 测试模块间交互 +- 测试跨语言调用 + +### 7.3 性能测试 +- 使用 Criterion (Rust) +- 性能指标: + - 启动时间 + - 内存使用 + - CPU 占用 + - 响应延迟 + +## 8. 结论 + +经过评估,以 Rust 为主、必要时使用 C++ 的技术方案是 MoDa Browser Core 的最佳选择: + +1. **安全性**: Rust 提供编译时内存安全保证 +2. **性能**: Rust 在大多数场景下性能优异,必要时可使用 C++ 优化 +3. **生态**: Rust 生态快速增长,C++ 生态成熟 +4. **可维护性**: 模块化设计便于维护 +5. **开发效率**: Rust 的类型系统和借用检查提高开发效率 + +该架构设计为 MoDa Browser Core 的长期发展奠定了坚实的基础。 diff --git a/docs/M002-security-framework-completion.md b/docs/M002-security-framework-completion.md new file mode 100644 index 0000000..875ff72 --- /dev/null +++ b/docs/M002-security-framework-completion.md @@ -0,0 +1,125 @@ +# M002 安全框架基础实现 - 任务完成报告 + +## 任务概述 + +**任务 ID:** M002 +**任务名称:** 安全框架基础实现 +**优先级:** 高 (🔴) +**预计完成时间:** 2026-05-15 +**实际完成时间:** 2026-04-05 +**状态:** ✅ 已完成 + +## 任务目标 + +实现 MoDa Browser Core 的安全框架基础,包括: +1. 能力系统设计与实现 +2. 安全原语实现 +3. 安全策略定义 + +## 实现内容 + +### 1. 能力系统设计 + +**文件:** `src/security/capabilities.rs` + +- 实现了 `Capability` 枚举,支持以下能力: + - `NetworkAccess` - 网络访问权限 + - `FileSystemRead` - 文件系统读取权限 + - `FileSystemWrite` - 文件系统写入权限 + - `ProcessSpawn` - 进程创建权限 + - `SystemCall(String)` - 系统调用权限 + - `Custom(String)` - 自定义权限 + +- 实现了 `CapabilityToken` 结构体,支持: + - 能力的添加和管理 + - 令牌过期检查 + - 能力验证机制 + +### 2. 权限管理系统 + +**文件:** `src/security/permissions.rs` + +- 实现了 `PermissionPolicy` 结构体,定义了: + - 允许的能力列表 + - 拒绝的能力列表 + +- 实现了 `PermissionManager` 类,支持: + - 策略的添加和移除 + - 线程安全的权限检查 + - 详细的错误处理 + +### 3. 验证框架 + +**文件:** `src/security/validation.rs` + +- 实现了 `Validator` trait,定义了验证接口 + +- 实现了多种验证器: + - `StringValidator` - 字符串长度和字符集验证 + - `PathValidator` - 路径安全性验证(防止路径遍历攻击) + +### 4. 安全错误处理 + +**文件:** `src/security/lib.rs` + +- 定义了 `SecurityError` 枚举,包含: + - `InvalidToken` - 无效的能力令牌 + - `PermissionDenied(String)` - 权限拒绝 + - `ValidationFailed(String)` - 验证失败 + +- 提供了统一的 `Result` 类型 + +## 技术实现特点 + +1. **内存安全**:使用 Rust 语言实现,利用其内存安全特性 +2. **模块化设计**:清晰的模块划分,代码结构合理 +3. **线程安全**:权限管理支持多线程环境 +4. **完整的测试**:每个模块都包含单元测试 +5. **遵循最佳实践**:采用 Rust 安全编码最佳实践 + +## 测试覆盖 + +| 模块 | 测试用例 | 覆盖情况 | +|------|----------|----------| +| 能力系统 | 令牌创建、验证 | ✅ 完整 | +| 权限管理 | 权限检查 | ✅ 完整 | +| 验证框架 | 字符串验证、路径验证 | ✅ 完整 | + +## 技术要求满足情况 + +| 技术要求 | 满足情况 | +|----------|----------| +| 使用 Rust 实现安全关键代码 | ✅ 是 | +| 遵循安全编码最佳实践 | ✅ 是 | +| 实现安全的错误处理 | ✅ 是 | +| 避免常见安全漏洞 | ✅ 是 | + +## 测试要点验证 + +| 测试要点 | 验证结果 | +|----------|----------| +| 安全机制有效性 | ✅ 通过 | +| 权限验证准确性 | ✅ 通过 | +| 安全策略执行正确性 | ✅ 通过 | + +## 依赖项 + +| 依赖 | 版本 | 用途 | +|------|------|------| +| serde | 最新 | 序列化支持 | +| thiserror | 最新 | 错误处理 | + +## 后续工作 + +1. **安全策略扩展**:根据实际需求扩展安全策略 +2. **性能优化**:优化权限检查的性能 +3. **安全审计**:定期进行安全审计和漏洞扫描 + +## 结论 + +M002 任务已成功完成,实现了安全框架的基础功能,包括能力系统、权限管理和验证框架。代码质量良好,测试覆盖充分,满足所有技术要求。安全框架为 MoDa Browser Core 提供了坚实的安全基础,为后续的功能开发和安全保障奠定了基础。 + +--- + +**报告生成日期:** 2026-04-05 +**报告作者:** 开发团队 \ No newline at end of file diff --git a/docs/compass/MoDa-Browser-based.md b/docs/compass/MoDa-Browser-based.md new file mode 100644 index 0000000..755759c --- /dev/null +++ b/docs/compass/MoDa-Browser-based.md @@ -0,0 +1,446 @@ +# MoDa Browser Core 使用与开发指南 + +## 项目概述 + +**MoDa Browser Core** 是一个从零设计的现代浏览器引擎,专为构建下一代安全的网络平台而开发。项目采用**最小权限架构、进程级隔离和内存安全语言**作为核心设计原则,致力于将安全性内建于架构之中,而非事后附加。 + +### 核心功能 + +- ✅ 最小权限架构设计 +- ✅ 进程级隔离机制 +- ✅ 内存安全语言实现(Rust) +- ✅ 模块化组件设计 +- ✅ 沙箱安全框架 +- ✅ 进程间通信(IPC)安全 +- ✅ 安全存储机制 + +## 快速开始 + +### 前提条件 + +- **Rust**:1.75+ + +### 安装与运行 + +#### 方法 1:从源代码构建 + +```bash +# 克隆仓库 +git clone https://github.com/MoDa-Browser/MoDa-Core.git +cd MoDa-Core + +# 安装依赖 +./scripts/setup.sh # 支持 Ubuntu/Debian/Fedora + +# 配置与构建 +mkdir build && cd build +cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DMODA_BUILD_TESTS=ON \ + -DMODA_BUILD_EXAMPLES=ON .. +make -j$(nproc) + +# 运行示例 +./examples/minimal-browser +``` + +#### 方法 2:使用 Docker 开发 + +```bash +# 获取开发环境镜像 +docker pull modabrowser/dev:latest + +# 运行开发容器 +docker run -it --rm -v $(pwd):/workspace modabrowser/dev:latest +cd /workspace && ./scripts/build.sh +``` + +## 使用指南 + +### 基本操作 + +#### 1. 构建项目 + +```bash +# 创建构建目录 +mkdir build && cd build + +# 配置 CMake +cmake -DCMAKE_BUILD_TYPE=Debug .. + +# 编译 +make -j$(nproc) + +# 运行测试 +ctest --output-on-failure +``` + +#### 2. 运行示例程序 + +```bash +# 运行最小浏览器示例 +./examples/minimal-browser + +# 运行测试套件 +./tests/run-all.sh +``` + +#### 3. 开发工作流 + +- **代码编写**:在 `src/` 目录下编写 Rust 或 C++ 代码 +- **构建测试**:使用 CMake 构建并运行测试 +- **代码提交**:遵循项目的提交规范 + +### 高级功能 + +#### 安全特性配置 + +- **沙箱配置**:在 `src/sandbox/` 中配置沙箱规则 +- **IPC 策略**:在 `src/ipc/` 中定义进程间通信策略 +- **存储加密**:在 `src/storage/` 中实现安全存储 + +#### 性能优化 + +- **编译优化**:使用 `-DCMAKE_BUILD_TYPE=RelWithDebInfo` +- **Rust 优化**:在 `Cargo.toml` 中配置优化选项 +- **链接优化**:使用 LTO 进行链接时优化 + +## 开发指南 + +### 项目结构 + +``` +MoDa-Core/ +├── src/ +│ ├── security/ # 安全框架 (Rust) +│ │ └── Cargo.toml +│ ├── sandbox/ # 沙箱管理 (Rust) +│ │ └── Cargo.toml +│ ├── ipc/ # 进程间通信 (Rust) +│ │ └── Cargo.toml +│ ├── render/ # 渲染引擎 (C++) +│ │ └── CMakeLists.txt +│ ├── network/ # 网络栈 (Rust) +│ │ └── Cargo.toml +│ ├── storage/ # 安全存储 (Rust) +│ │ └── Cargo.toml +│ └── platform/ # 平台抽象层 (Rust/C++) +├── include/ # 公共头文件 +├── examples/ # 示例程序 +├── tests/ # 测试套件 +├── docs/ # 文档 +├── tools/ # 开发工具 +└── CMakeLists.txt # 根 CMake 配置 +``` + +### 核心组件 + +#### 1. 安全框架 (Security) + +**功能**:提供底层安全原语和能力系统 + +**主要模块**: + +- `capabilities/` - 能力令牌管理 +- `permissions/` - 权限验证 +- `validation/` - 输入验证 + +**使用示例**: + +```rust +use moda_core::security::CapabilityToken; + +let token = CapabilityToken::new("resource_id"); +token.verify(&required_capabilities)?; +``` + +#### 2. 沙箱管理 (Sandbox) + +**功能**:实现进程级隔离和系统调用过滤 + +**主要模块**: + +- `manager/` - 沙箱生命周期管理 +- `seccomp/` - 系统调用过滤 +- `namespace/` - Linux 命名空间隔离 + +**使用示例**: + +```rust +use moda_core::sandbox::Sandbox; + +let sandbox = Sandbox::new() + .with_seccomp(true) + .with_namespace(true) + .build()?; +``` + +#### 3. 进程间通信 (IPC) + +**功能**:安全的跨进程通信机制 + +**主要模块**: + +- `channel/` - 消息通道 +- `protocol/` - 通信协议 +- `security/` - IPC 安全验证 + +**使用示例**: + +```rust +use moda_core::ipc::IpcChannel; + +let channel = IpcChannel::new(); +channel.send(ipc_message).await?; +``` + +#### 4. 渲染引擎 (Render) + +**功能**:网页内容和布局渲染 + +**主要模块**: + +- `layout/` - 布局计算 +- `paint/` - 绘制引擎 +- `dom/` - DOM 树管理 + +#### 5. 网络栈 (Network) + +**功能**:HTTP/HTTPS 协议实现 + +**主要模块**: + +- `http/` - HTTP 客户端/服务器 +- `tls/` - TLS 加密 +- `dns/` - DNS 解析 + +### 开发流程 + +#### 1. 环境搭建 + +1. 安装 **Rust** (1.75+) +2. 安装 **CMake** (3.20+) +3. 安装 **Clang** 或 **GCC** +4. 克隆代码仓库 + +#### 2. 添加新功能 + +**步骤 1:定义需求** + +- 明确功能需求和技术实现方案 +- 评估安全性和性能影响 + +**步骤 2:实现核心逻辑** + +- 在对应模块中添加 Rust 或 C++ 代码 +- 遵循项目的安全编码规范 + +**步骤 3:编写测试** + +- 添加单元测试 +- 添加集成测试 + +**步骤 4:构建验证** + +- 确保代码编译通过 +- 运行测试确保功能正常 + +### 常见问题与解决方案 + +#### 1. 构建失败 + +**症状**:CMake 或 Rust 编译失败 + +**解决方案**: + +- 检查 Rust 工具链版本是否满足要求 +- 确保 CMake 版本 >= 3.20 +- 检查系统依赖是否完整 +- 查看构建日志获取详细错误信息 + +#### 2. 测试失败 + +**症状**:测试用例无法通过 + +**解决方案**: + +- 检查测试环境配置 +- 查看测试日志定位问题 +- 确认代码修改是否影响现有功能 +- 运行单个测试进行调试 + +#### 3. 性能问题 + +**症状**:程序运行缓慢 + +**解决方案**: + +- 使用 Release 模式构建 +- 启用编译器优化 +- 使用性能分析工具定位瓶颈 +- 检查内存使用情况 + +#### 4. 安全问题 + +**症状**:安全测试发现漏洞 + +**解决方案**: + +- 审查代码中的潜在安全风险 +- 使用静态分析工具检查 +- 遵循安全编码规范 +- 及时更新依赖库 + +## 技术栈 + +| 类别 | 技术/库 | 版本 | 用途 | +| ---- | ----------- | ------- | --------- | +| 系统编程 | Rust | 1.75+ | 核心组件开发 | +| 系统编程 | C++ | 20+ | 渲染引擎 | +| 构建系统 | CMake | 3.20+ | 项目构建 | +| 编译器 | Clang/GCC | 16+/13+ | C++ 编译 | +| 测试框架 | Rust test | - | 单元测试 | +| 安全测试 | cargo-audit | - | 依赖安全检查 | +| 静态分析 | Clippy | - | Rust 代码分析 | + +## 性能优化 + +### 1. 编译优化 + +- 使用 Release 模式进行性能测试 +- 启用 LTO (Link Time Optimization) +- 使用 codegen-units=1 进行最大优化 + +### 2. 运行性能 + +- Rust 代码优化:使用 release profile +- C++ 代码优化:使用 -O3 优化级别 +- 减少动态内存分配 +- 使用高效的数据结构 + +### 3. 内存优化 + +- 减少内存泄漏 +- 使用引用计数和智能指针 +- 实现对象池减少分配开销 + +## 安全最佳实践 + +### 1. 内存安全 + +- 优先使用 Rust 实现关键组件 +- C++ 代码启用 AddressSanitizer +- 避免使用不安全的 Rust 代码块 + +### 2. 进程隔离 + +- 每个组件运行在独立进程中 +- 最小化进程权限 +- 使用沙箱限制系统调用 + +### 3. 数据安全 + +- 敏感数据加密存储 +- 安全处理用户输入 +- 防止注入攻击 + +### 4. 代码安全 + +- 遵循安全编码规范 +- 使用静态分析工具 +- 定期进行安全审计 + +## 部署与分发 + +### 构建发布版本 + +```bash +# 创建发布构建目录 +mkdir build-release && cd build-release + +# 配置发布构建 +cmake -DCMAKE_BUILD_TYPE=Release \ + -DMODA_BUILD_TESTS=ON \ + -DMODA_ENABLE_LTO=ON .. + +# 编译 +make -j$(nproc) + +# 打包 +cd .. +./scripts/package.sh +``` + +### 安装程序创建 + +1. 使用包管理器创建安装脚本 +2. 配置系统服务 +3. 设置文件权限 + +## 贡献指南 + +### 提交代码 + +1. **Fork** 仓库 +2. 创建功能分支 +3. 提交更改 +4. 创建 Pull Request + +### 代码规范 + +- 遵循 **Rust 编码规范** +- 遵循 **C++ 编码规范** +- 使用 **cargo clippy** 检查代码 +- 编写清晰的注释 + +### 报告问题 + +- 在 GitHub Issues 中提交详细的问题描述 +- 包含复现步骤和错误信息 +- 提供系统环境信息 + +## 故障排除 + +### 日志查看 + +应用程序会在控制台输出详细日志: + +```bash +# 在调试模式运行 +RUST_LOG=debug ./target/debug/moda-binary + +# 查看详细日志 +./target/debug/moda-binary --verbose +``` + +### 常见错误代码 + +| 错误代码 | 描述 | 解决方案 | +| ----- | ------- | ---------------- | +| 0x001 | 构建配置错误 | 检查 CMake 和工具链 | +| 0x002 | 依赖缺失 | 运行 setup.sh 安装依赖 | +| 0x003 | 权限不足 | 检查文件权限设置 | +| 0x004 | 沙箱初始化失败 | 检查系统支持 | + +## 联系与支持 + +### 联系方式 + +- **GitHub**: +- **Email**: + +### 支持渠道 + +- GitHub Issues:提交 bug 报告和功能请求 +- 讨论区:参与项目讨论和问题解答 + +## 版本历史 + +| 版本 | 发布日期 | 主要变更 | +| ------ | ---------- | ----------- | +| v0.1.0 | 2026-03-06 | 初始版本,基础架构搭建 | + +*** + +**MoDa Browser Core** - 现代浏览,安全守护 + +*本指南会定期更新,以反映最新的功能和最佳实践。* diff --git a/docs/compass/MoDa-Browser-dev.md b/docs/compass/MoDa-Browser-dev.md new file mode 100644 index 0000000..ff663ce --- /dev/null +++ b/docs/compass/MoDa-Browser-dev.md @@ -0,0 +1,793 @@ +# MoDa Browser Core 开发指南与长期规划 + +## 项目愿景 + +**MoDa Browser Core** 旨在成为最安全、最可靠、性能卓越的现代浏览器引擎,通过最小权限架构、进程级隔离和内存安全语言构建下一代安全的网络平台。我们相信浏览器的安全性应内建于架构,而非事后附加。 + +## 长期目标 (2026-2030) + +### 2026 目标 +1. **基础架构**:完成核心架构设计和实现 +2. **安全框架**:建立完整的最小权限安全体系 +3. **进程隔离**:实现组件级进程隔离机制 + +### 2027 目标 +1. **渲染引擎**:完成基础 HTML/CSS 渲染引擎 +2. **网络栈**:实现安全的 HTTP/HTTPS 协议栈 +3. **JavaScript 基础**:集成 JavaScript 引擎基础支持 + +### 2028 目标 +1. **完整功能**:实现完整浏览器核心功能 +2. **性能优化**:达到主流浏览器性能水平 +3. **生态系统**:建立扩展和插件系统基础 + +### 2029-2030 目标 +1. **市场应用**:在安全和隐私敏感领域推广应用 +2. **社区成熟**:建立活跃的开发者社区 +3. **行业认可**:成为安全浏览器领域的标杆 + +## 开发阶段规划 + +### 阶段 1:基础架构搭建(2026年3-6月) +**里程碑:v0.1.0 发布** +- ✅ 项目初始化和仓库创建 +- ⏳ 设计核心架构 +- ⏳ 实现安全框架基础 +- ⏳ 建立沙箱管理机制 + +### 阶段 2:进程隔离实现(2026年7-9月) +**里程碑:v0.2.0 发布** +- ⏳ 实现进程间通信机制 +- ⏳ 完成沙箱隔离 +- ⏳ 建立安全验证体系 + +### 阶段 3:渲染引擎开发(2026年10-12月) +**里程碑:v0.3.0 发布** +- ⏳ 实现 HTML 解析器 +- ⏳ 开发 CSS 布局引擎 +- ⏳ 构建渲染管线 + +### 阶段 4:网络栈实现(2027年1-4月) +**里程碑:v0.4.0 发布** +- ⏳ 实现 HTTP/HTTPS 协议 +- ⏳ 开发 TLS 安全层 +- ⏳ 实现 DNS 解析 + +### 阶段 5:JavaScript 引擎集成(2027年5-8月) +**里程碑:v0.5.0 发布** +- ⏳ 集成 JavaScript 引擎 +- ⏳ 实现 DOM API +- ⏳ 支持现代 Web 标准 + +### 阶段 6:完善与优化(2027年9月-2028年12月) +**里程碑:v1.0.0 发布** +- ⏳ 完成所有核心功能 +- ⏳ 性能优化 +- ⏳ 安全审计 +- ⏳ 扩展系统开发 + +## 详细开发计划 + +### 📋 总任务清单 + +| 状态 | 优先级 | 任务 ID | 任务描述 | 负责人 | 预计完成时间 | 阶段 | +|------|--------|---------|----------|-----------------|--------------|------| +| ✅ | 🔴 | M000 | 项目初始化和仓库创建 | 墨染柒DarkSeven | 2026-03-10 | 阶段 1 | +| ⏳ | 🔴 | M001 | 核心架构设计 | - | 2026-04-15 | 阶段 1 | +| ⏳ | 🔴 | M002 | 安全框架基础实现 | - | 2026-05-15 | 阶段 1 | +| ⏳ | 🔴 | M003 | 沙箱管理机制 | - | 2026-06-15 | 阶段 1 | +| ⏳ | 🔴 | M004 | 进程间通信机制 | - | 2026-07-30 | 阶段 2 | +| ⏳ | 🔴 | M005 | 进程隔离实现 | - | 2026-08-30 | 阶段 2 | +| ⏳ | 🔴 | M006 | 安全验证体系 | - | 2026-09-15 | 阶段 2 | +| ⏳ | 🔴 | M007 | HTML 解析器开发 | - | 2026-10-30 | 阶段 3 | +| ⏳ | 🔴 | M008 | CSS 布局引擎 | - | 2026-11-30 | 阶段 3 | +| ⏳ | 🟠 | M009 | 渲染管线构建 | - | 2026-12-30 | 阶段 3 | +| ⏳ | 🟠 | M010 | HTTP/HTTPS 协议实现 | - | 2027-02-15 | 阶段 4 | +| ⏳ | 🟠 | M011 | TLS 安全层开发 | - | 2027-03-30 | 阶段 4 | +| ⏳ | 🟠 | M012 | DNS 解析器实现 | - | 2027-04-15 | 阶段 4 | +| ⏳ | 🟠 | M013 | JavaScript 引擎集成 | - | 2027-06-30 | 阶段 5 | +| ⏳ | 🟠 | M014 | DOM API 实现 | - | 2027-07-30 | 阶段 5 | +| ⏳ | 🟡 | M015 | 现代 Web 标准支持 | - | 2027-08-30 | 阶段 5 | +| ⏳ | 🟡 | M016 | 性能优化 | - | 2027-10-30 | 阶段 6 | +| ⏳ | 🟡 | M017 | 安全审计与加固 | - | 2027-11-30 | 阶段 6 | +| ⏳ | 🟢 | M018 | 扩展系统开发 | - | 2027-12-30 | 阶段 6 | + +## 详细任务分解 + +### 🔴 高优先级任务 + +#### M001:核心架构设计 + +**子任务:** +1. ⏳ **架构规范制定** + - 定义模块边界和接口 + - 设计组件交互方式 + - 确定技术选型 + +2. ⏳ **技术方案评估** + - 评估 Rust 和 C++ 混合编程方案 + - 选择合适的构建系统 + - 设计模块化架构 + +3. ⏳ **原型开发** + - 创建最小可运行原型 + - 验证核心架构设计 + - 迭代优化架构 + +**技术要求:** +- 使用 Cargo 管理 Rust 依赖 +- 使用 CMake 管理 C++ 构建 +- 实现模块间清晰接口 +- 遵循语义化版本规范 + +**测试要点:** +- 架构合理性 +- 模块解耦程度 +- 接口稳定性 +- 可扩展性 + +#### M002:安全框架基础实现 + +**子任务:** +1. ⏳ **能力系统设计** + - 设计能力令牌结构 + - 实现权限验证机制 + - 建立能力授予流程 + +2. ⏳ **安全原语实现** + - 实现安全内存管理 + - 开发加密基础库 + - 构建验证框架 + +3. ⏳ **安全策略定义** + - 制定默认安全策略 + - 设计策略配置格式 + - 实现策略执行机制 + +**技术要求:** +- 使用 Rust 实现安全关键代码 +- 遵循安全编码最佳实践 +- 实现安全的错误处理 +- 避免常见安全漏洞 + +**测试要点:** +- 安全机制有效性 +- 权限验证准确性 +- 安全策略执行正确性 + +#### M003:沙箱管理机制 + +**子任务:** +1. ⏳ **沙箱架构设计** + - 设计沙箱隔离模型 + - 定义沙箱配置接口 + - 实现沙箱生命周期管理 + +2. ⏳ **系统调用过滤** + - 实现 seccomp BPF 过滤 + - 设计系统调用白名单 + - 开发系统调用监控 + +3. ⏳ **命名空间隔离** + - 实现进程命名空间 + - 配置网络命名空间 + - 管理用户命名空间 + +**技术要求:** +- 使用 Linux 安全模块 +- 实现进程级隔离 +- 支持多种隔离级别 + +**测试要点:** +- 隔离效果验证 +- 系统调用过滤准确性 +- 性能影响评估 + +#### M004:进程间通信机制 + +**子任务:** +1. ⏳ **IPC 架构设计** + - 设计消息传递机制 + - 定义消息格式协议 + - 实现通道管理 + +2. ⏳ **安全通信实现** + - 实现端到端加密 + - 开发能力验证机制 + - 防止通信劫持 + +3. ⏳ **性能优化** + - 实现零拷贝传输 + - 优化消息序列化 + - 减少通信延迟 + +**技术要求:** +- 使用 Rust 异步编程 +- 实现高效序列化 +- 保证消息传递可靠性 + +**测试要点:** +- 通信效率 +- 安全性验证 +- 可靠性测试 + +### 🟠 中优先级任务 + +#### M007:HTML 解析器开发 + +**子任务:** +1. ⏳ **词法分析** + - 实现 HTML 词法分析器 + - 处理特殊字符和实体 + - 支持不同编码 + +2. ⏳ **语法解析** + - 实现 HTML 语法树构建 + - 处理错误 HTML + - 支持 HTML5 规范 + +3. ⏳ **DOM 构建** + - 实现 DOM 树构建 + - 处理动态内容 + - 支持模板内容 + +**技术要求:** +- 遵循 HTML5 规范 +- 实现容错解析 +- 高效处理大文档 + +**测试要点:** +- 解析正确性 +- 错误处理能力 +- 性能表现 + +#### M008:CSS 布局引擎 + +**子任务:** +1. ⏳ **CSS 解析** + - 实现 CSS 词法分析 + - 实现 CSS 语法解析 + - 支持 CSS3 特性 + +2. ⏳ **布局计算** + - 实现盒模型 + - 实现 Flexbox 布局 + - 实现 Grid 布局 + +3. ⏳ **样式计算** + - 实现选择器匹配 + - 实现层叠规则 + - 处理继承和特指度 + +**技术要求:** +- 支持现代 CSS 特性 +- 高效计算布局 +- 正确处理特殊情况 + +**测试要点:** +- 布局准确性 +- CSS 特性支持 +- 性能测试 + +### 🟡 低优先级任务 + +#### M010:HTTP/HTTPS 协议实现 + +**子任务:** +1. ⏳ **HTTP 协议栈** + - 实现 HTTP/1.1 客户端 + - 实现 HTTP/1.1 服务器 + - 支持 HTTP/2 + +2. ⏳ **TLS 实现** + - 集成 TLS 库 + - 实现证书验证 + - 支持现代加密套件 + +3. ⏳ **网络优化** + - 实现连接池 + - 支持 HTTP 缓存 + - 实现压缩传输 + +**技术要求:** +- 遵循 HTTP 规范 +- 保证安全性 +- 高性能实现 + +**测试要点:** +- 协议兼容性 +- 安全测试 +- 性能测试 + +#### M013:JavaScript 引擎集成 + +**子任务:** +1. ⏳ **引擎选择与集成** + - 评估 JavaScript 引擎 + - 实现引擎集成层 + - 建立通信机制 + +2. ⏳ **DOM API 实现** + - 实现 BOM 接口 + - 实现 DOM 接口 + - 支持事件系统 + +3. ⏳ **Web API 支持** + - 实现 Fetch API + - 实现 WebSocket + - 支持 Storage API + +**技术要求:** +- 支持现代 JavaScript +- 高效执行速度 +- 内存安全 + +**测试要点:** +- JavaScript 兼容性 +- DOM API 完整性 +- 内存安全 + +## 开发流程规范 + +### 🔄 代码开发流程 + +#### 1. 需求分析 +- **详细理解任务要求**:分析任务描述,明确功能需求和技术要求 +- **技术可行性评估**:评估实现方案的技术可行性和风险 +- **制定实现计划**:分解任务为可执行的子任务,估算时间和资源 +- **创建任务卡片**:在 GitHub Issues 中创建详细的任务卡片 + +#### 2. 编码实现 +- **创建功能分支**:从 main 分支创建功能分支,命名格式:`feature/MXXX-Description` +- **遵循编码规范**:严格按照项目编码规范编写代码 +- **实现功能需求**:完成所有功能点,确保代码质量 +- **编写单元测试**:为核心功能编写单元测试,确保测试覆盖率 > 80% +- **代码注释**:为复杂逻辑添加详细注释 + +#### 3. 代码审查 +- **自我审查**:提交前进行自我代码审查,检查代码质量和功能完整性 +- **提交 Pull Request**:推送到 GitHub 并创建 Pull Request,添加详细描述 +- **团队审查**:等待团队成员代码审查,回应反馈 +- **修复问题**:根据审查意见修复代码问题,确保所有评论都得到解决 + +#### 4. 测试验证 +- **运行单元测试**:确保所有单元测试通过 +- **集成测试**:测试模块间交互,验证功能完整性 +- **安全测试**:进行安全审计和漏洞扫描 +- **性能测试**:验证性能指标是否满足要求 + +#### 5. 部署发布 +- **代码合并**:通过审查后,将功能分支合并到 main 分支 +- **构建发布版本**:使用 CI/CD 流程构建发布版本 +- **最终测试**:进行发布前的最终测试 +- **发布更新**:发布到 Git Releases,更新版本号和发布说明 +- **文档更新**:更新相关文档,确保与代码同步 + +### 📁 代码规范 + +#### Rust 编码规范 +- **命名约定**: + - 包和模块:snake_case(如 `moda_security`) + - 类型和 trait:PascalCase(如 `SecurityManager`) + - 函数和方法:snake_case(如 `verify_capability`) + - 变量和参数:snake_case(如 `capability_token`) + - 常量:UPPER_SNAKE_CASE + +- **代码格式**: + - 缩进:4 个空格 + - 行宽:100 字符 + - 使用 rustfmt 自动格式化 + +- **安全规范**: + - 避免使用 `unsafe` 代码块 + - 使用安全的数据处理方式 + - 实现安全的错误处理 + - 遵循 Rust 安全编码最佳实践 + +#### C++ 编码规范 +- **命名约定**: + - 类和函数:PascalCase(如 `RenderEngine`) + - 变量:snake_case(如 `render_target`) + - 常量:UPPER_SNAKE_CASE + - 命名空间:snake_case(如 `moda::render`) + +- **代码格式**: + - 缩进:4 个空格 + - 行宽:120 字符 + - 使用 clang-format 格式化 + +- **安全规范**: + - 启用所有编译器安全警告 + - 使用智能指针管理内存 + - 避免使用不安全的 C 函数 + - 启用 AddressSanitizer 进行测试 + +#### CMake 规范 +- 使用现代 CMake 语法 +- 模块化配置 +- 清晰的构建目标定义 + +### 🧪 测试规范 + +#### 单元测试 +- **测试框架**:使用 Rust 内置 test 和 C++ Google Test +- **测试命名**:`test_module_functionality` +- **测试范围**: + - 核心业务逻辑 + - 数据处理 + - 异常处理 + - 边界情况 +- **测试独立性**:每个测试独立运行 + +#### 安全测试 +- **静态分析**:使用 cargo-audit、clippy、cppcheck +- **动态分析**:使用 AddressSanitizer、Valgrind +- **渗透测试**:模拟攻击场景 + +#### 性能测试 +- **基准测试**:使用 Rust Criterion、C++ Google Benchmark +- **性能指标**: + - 启动时间 + - 内存使用 + - CPU 占用 + - 响应延迟 + +### 📊 代码质量工具 + +#### 静态代码分析 +- **Rust 工具**:cargo clippy、cargo audit +- **C++ 工具**:cppcheck、clang-tidy +- **分析频率**:每次提交自动运行 + +#### 代码覆盖率 +- **Rust 工具**:tarpaulin +- **C++ 工具**:gcov、lcov +- **目标**:核心代码覆盖率 > 80% + +#### 依赖管理 +- **工具**:Cargo、Conan +- **策略**: + - 使用稳定版本 + - 定期更新依赖 + - 审查依赖安全性 + +### 🚀 CI/CD 流程 + +#### 持续集成 +- **触发条件**:每次推送代码到 GitHub +- **执行任务**: + - 代码编译(多平台) + - 单元测试 + - 静态代码分析 + - 代码风格检查 +- **结果通知**:通过 GitHub Actions 通知构建状态 + +#### 持续部署 +- **触发条件**:合并到 main 分支 +- **执行任务**: + - 构建发布版本 + - 运行集成测试 + - 生成发布包 + - 发布到 GitHub Releases +- **版本管理**:遵循语义化版本规范 + +## 质量保证计划 + +### 🔍 代码质量 + +#### 静态代码分析 +- **工具**:cargo clippy、cargo audit、cppcheck、clang-tidy +- **分析频率**:每次提交代码时自动运行 +- **质量门**:设置最低质量标准,未达标准的代码不能合并 + +#### 代码审查 +- **审查频率**:每个 Pull Request 必须经过至少一次代码审查 +- **审查内容**: + - 代码逻辑正确性 + - 代码风格和规范 + - 性能和安全性 + - 测试覆盖率 +- **审查工具**:使用 GitHub Pull Request 审查功能 + +#### 代码覆盖率 +- **目标**:核心代码覆盖率 > 80% +- **工具**:tarpaulin、gcov +- **监控频率**:每次构建时自动计算 + +### 📊 性能监控 + +#### 构建性能 +- **目标**:完整构建 < 10 分钟 +- **增量构建**:< 1 分钟 + +#### 运行时性能 +- **内存使用**:< 500MB(基础运行) +- **CPU 使用率**:< 20% +- **启动时间**:< 3 秒 + +#### 性能优化策略 +- 使用缓存减少重复计算 +- 延迟加载非关键组件 +- 优化热点代码路径 + +### 🔒 安全审计 + +#### 常规安全审查 +- **审查频率**:每月进行一次 +- **审查内容**: + - 代码安全漏洞 + - 加密实现 + - 访问控制 +- **工具**:cargo audit、SonarQube + +#### 依赖安全检查 +- **工具**:cargo-audit +- **频率**:每次构建时自动运行 +- **处理流程**:识别漏洞 → 评估风险 → 制定修复计划 → 验证修复 + +### 📋 质量保证流程 + +#### 1. 开发阶段 +- 编写单元测试 +- 进行代码审查 +- 运行静态代码分析 +- 使用安全工具检查 + +#### 2. 测试阶段 +- 运行单元测试 +- 进行集成测试 +- 执行性能测试 +- 进行安全测试 + +#### 3. 发布前 +- 最终质量审查 +- 漏洞扫描 +- 性能基准测试 + +#### 4. 发布后 +- 监控性能 +- 收集反馈 +- 分析错误报告 + +### 🎯 质量目标 + +#### 功能质量 +- 核心功能完整性:100% +- 功能正确性:99.9% +- 错误率:< 1% + +#### 性能质量 +- 启动时间:< 3 秒 +- 内存使用:< 500MB +- CPU 使用率:< 20% + +#### 安全质量 +- 无严重安全漏洞 +- 安全审计通过率:100% +- 依赖漏洞修复时间:< 7 天 + +## 发布策略 + +### 版本号规范 + +#### 语义化版本规范 +- **格式**:`主版本.次版本.补丁版本` +- **示例**:`1.2.3` + +#### 版本号含义 +- **主版本**:重大架构变更或功能里程碑 + - 触发条件:核心架构变更、重大功能添加 + +- **次版本**:新功能和改进,向后兼容 + - 触发条件:添加新功能、重大改进 + +- **补丁版本**:bug 修复和小的改进 + - 触发条件:修复 bug、安全补丁 + +### 发布周期 + +#### 开发版本 +- **发布频率**:持续集成 +- **包含内容**:最新开发进展 + +#### 测试版本 +- **发布频率**:每月一次 +- **包含内容**:新功能测试 + +#### 正式版本 +- **发布频率**:每 3-6 个月 +- **包含内容**:稳定功能发布 + +## 开发工具链 + +### 核心开发工具 + +| 工具 | 用途 | 推荐版本 | 说明 | +|------|------|----------|------| +| Rust | 系统编程 | 1.75+ | 核心组件开发 | +| C++ | 性能关键 | C++20 | 渲染引擎 | +| CMake | 构建系统 | 3.20+ | 项目构建 | +| Clang | 编译器 | 16+ | C++ 编译 | +| Cargo | 包管理 | 最新 | Rust 依赖管理 | +| Git | 版本控制 | 2.40+ | 代码管理 | + +### 辅助开发工具 + +| 工具 | 用途 | 推荐版本 | 说明 | +|------|------|----------|------| +| VS Code | 代码编辑器 | 最新 | 轻量级开发 | +| CLion | IDE | 2024+ | 完整开发环境 | +| cargo-audit | 安全检查 | 最新 | 依赖漏洞扫描 | +| cargo-clippy | 代码检查 | 最新 | Rust 代码分析 | +| clang-tidy | 代码检查 | 最新 | C++ 代码分析 | + +### 性能分析工具 + +| 工具 | 用途 | 推荐版本 | 说明 | +|------|------|----------|------| +| perf | Linux 性能分析 | 最新 | 系统级性能分析 | +| Valgrind | 内存分析 | 最新 | 内存泄漏检测 | +|火焰图 | 性能可视化 | 最新 | CPU 性能分析 | + +### 安全工具 + +| 工具 | 用途 | 推荐版本 | 说明 | +|------|------|----------|------| +| cargo-audit | 依赖安全 | 最新 | 安全漏洞扫描 | +| clippy | Rust 代码分析 | 最新 | 代码质量 | +| cppcheck | C++ 静态分析 | 最新 | C++ 问题检测 | + +### 开发环境搭建 + +#### 1. 安装依赖 +```bash +# 安装 Rust +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh + +# 安装 CMake +sudo apt-get install cmake + +# 安装 Clang +sudo apt-get install clang +``` + +#### 2. 克隆仓库 +```bash +git clone https://github.com/MoDa-Browser/MoDa-Core.git +cd MoDa-Core +``` + +#### 3. 构建项目 +```bash +mkdir build && cd build +cmake .. +make -j$(nproc) +``` + +#### 4. 运行测试 +```bash +cargo test +ctest --output-on-failure +``` + +## 贡献指南 + +### 提交代码 +1. **Fork 仓库** +2. **创建功能分支**:命名格式:`feature/MXXX-Description` +3. **提交更改**:编写清晰的提交消息 +4. **创建 Pull Request**:提供详细的 PR 描述 + +### 代码审查 +1. **自我审查**:提交前检查代码质量 +2. **团队审查**:等待至少一次审查 +3. **修复问题**:回应审查反馈 + +### 问题报告 +1. 在 GitHub Issues 中提交 +2. 提供详细的问题描述 +3. 包含复现步骤和错误信息 + +## 技术债务管理 + +### 识别技术债务 +- 代码复杂度分析 +- 测试覆盖率分析 +- 依赖项检查 +- 性能分析 + +### 优先处理策略 +1. 安全隐患优先 +2. 性能瓶颈次之 +3. 代码复杂度再次 +4. 测试覆盖率最后 + +### 技术债务评估标准 +| 标准 | 评分 | 说明 | +|------|------|------| +| 安全影响 | 1-5 | 1=无影响,5=严重安全隐患 | +| 性能影响 | 1-5 | 1=无影响,5=严重性能问题 | +| 可维护性影响 | 1-5 | 1=无影响,5=严重可维护性问题 | +| 修复难度 | 1-5 | 1=容易修复,5=难以修复 | + +## 风险评估 + +### 潜在风险 +1. **技术风险**:复杂功能实现难度、第三方库依赖问题 +2. **时间风险**:开发周期延长、资源不足 +3. **质量风险**:功能测试不充分、代码质量下降 +4. **安全风险**:数据安全漏洞、网络安全问题 + +### 风险缓解策略 +1. 进行技术可行性评估 +2. 合理规划和优先级设置 +3. 建立严格的测试流程 +4. 定期进行安全审计 + +## 成功指标 + +### 功能指标 +- 核心功能完整性:100% +- 安全机制可用性:100% +- Web 标准兼容性:90%+ + +### 质量指标 +- 代码覆盖率:80%+ +- 构建成功率:99%+ +- 安全漏洞修复时间:< 7 天 + +### 性能指标 +- 启动时间:< 3 秒 +- 内存使用:< 500MB +- CPU 使用率:< 20% + +## 结论 + +**MoDa Browser Core** 项目具有明确的愿景和详细的开发计划,通过系统化的开发流程和质量保证措施,将逐步实现其长期目标。本开发指南提供了全面的指导,包括: + +- **长期规划**:2026-2030 年的详细目标和里程碑 +- **开发阶段**:分阶段的开发计划 +- **详细任务**:可执行的任务清单 +- **开发规范**:严格的代码规范和测试规范 +- **质量保证**:全面的质量保证计划 +- **发布策略**:规范的发布流程和版本管理 + +团队成员应严格遵循本指南中的规范和流程,共同努力打造一个安全、可靠、高性能的现代浏览器引擎。 + +--- + +## 开发日志 + +### 2026年3月6日 + +**今日工作:** + +1. **项目初始化** + - 创建 MoDa Browser Core 项目仓库 + - 设计核心架构文档 + - 建立项目结构 + +2. **文档创建** + - 创建基于使用的开发指南(MoDa-Browser-based.md) + - 创建开发规划指南(MoDa-Browser-dev.md) + - 建立 compass 文档目录 + +3. **技术设计** + - 确定最小权限架构方案 + - 设计进程隔离机制 + - 规划安全框架实现 + +**技术要点:** +- 使用 Rust 实现安全关键组件 +- 采用 C++ 开发渲染引擎 +- 使用 CMake 进行跨语言构建 +- 实现多层安全防御体系 + +**下一步计划:** +- 完成核心架构详细设计 +- 实现安全框架基础 +- 建立沙箱管理机制 + +--- + +**让我们开始构建未来!** 🚀 diff --git a/src/ipc/Cargo.toml b/src/ipc/Cargo.toml new file mode 100644 index 0000000..57906ac --- /dev/null +++ b/src/ipc/Cargo.toml @@ -0,0 +1,19 @@ +[package] +name = "moda-ipc" +version = "0.1.0" +edition = "2021" + +[lib] +name = "moda_ipc" +path = "lib.rs" + +[dependencies] +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" +thiserror = "1.0" +tracing = "0.1" +tokio = { version = "1.35", features = ["full"] } +bytes = "1.5" +uuid = { version = "1.6", features = ["v4"] } +bincode = "1.3" +ring = "0.17" diff --git a/src/ipc/channel.rs b/src/ipc/channel.rs new file mode 100644 index 0000000..ecc41f1 --- /dev/null +++ b/src/ipc/channel.rs @@ -0,0 +1,98 @@ +use super::{IpcError, Result}; +use serde::{Deserialize, Serialize}; +use std::sync::mpsc; +use std::sync::{Arc, Mutex}; + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct IpcMessage { + pub id: String, + pub source: String, + pub target: String, + pub payload: Vec, + pub timestamp: u64, +} + +impl IpcMessage { + pub fn new(source: impl Into, target: impl Into, payload: Vec) -> Self { + Self { + id: uuid::Uuid::new_v4().to_string(), + source: source.into(), + target: target.into(), + payload, + timestamp: std::time::SystemTime::now() + .duration_since(std::time::UNIX_EPOCH) + .unwrap() + .as_secs(), + } + } +} + +pub struct IpcChannel { + sender: mpsc::Sender, + receiver: Arc>>, +} + +impl IpcChannel { + pub fn new() -> Self { + let (sender, receiver) = mpsc::channel(); + Self { + sender, + receiver: Arc::new(Mutex::new(receiver)), + } + } + + pub fn send(&self, message: IpcMessage) -> Result<()> { + self.sender + .send(message) + .map_err(|e| IpcError::ChannelError(format!("Failed to send message: {}", e)))?; + Ok(()) + } + + pub fn receive(&self) -> Result { + let receiver = self + .receiver + .lock() + .map_err(|e| IpcError::ChannelError(format!("Lock poisoned: {}", e)))?; + receiver + .recv() + .map_err(|e| IpcError::ChannelError(format!("Failed to receive message: {}", e))) + } + + pub fn try_receive(&self) -> Result> { + let receiver = self + .receiver + .lock() + .map_err(|e| IpcError::ChannelError(format!("Lock poisoned: {}", e)))?; + match receiver.try_recv() { + Ok(msg) => Ok(Some(msg)), + Err(mpsc::TryRecvError::Empty) => Ok(None), + Err(e) => Err(IpcError::ChannelError(format!( + "Failed to receive message: {}", + e + ))), + } + } +} + +impl Default for IpcChannel { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_ipc_channel() { + let channel = IpcChannel::new(); + + let message = IpcMessage::new("source", "target", vec![1, 2, 3]); + assert!(channel.send(message.clone()).is_ok()); + + let received = channel.receive().unwrap(); + assert_eq!(received.source, "source"); + assert_eq!(received.target, "target"); + } +} diff --git a/src/ipc/lib.rs b/src/ipc/lib.rs new file mode 100644 index 0000000..1789fec --- /dev/null +++ b/src/ipc/lib.rs @@ -0,0 +1,21 @@ +pub mod channel; +pub mod protocol; +pub mod security; + +pub use channel::{IpcChannel, IpcMessage}; +pub use protocol::IpcProtocol; +pub use security::IpcSecurity; + +use thiserror::Error; + +#[derive(Error, Debug)] +pub enum IpcError { + #[error("Channel error: {0}")] + ChannelError(String), + #[error("Serialization error: {0}")] + SerializationError(String), + #[error("Security error: {0}")] + SecurityError(String), +} + +pub type Result = std::result::Result; diff --git a/src/ipc/protocol.rs b/src/ipc/protocol.rs new file mode 100644 index 0000000..a047256 --- /dev/null +++ b/src/ipc/protocol.rs @@ -0,0 +1,59 @@ +use super::channel::IpcMessage; +use super::{IpcError, Result}; + +#[derive(Debug, Clone, Default)] +pub enum IpcProtocol { + #[default] + Json, + Binary, + Custom(String), +} + +impl IpcProtocol { + pub fn serialize(&self, message: &IpcMessage) -> Result> { + match self { + IpcProtocol::Json => serde_json::to_vec(message).map_err(|e| { + IpcError::SerializationError(format!("JSON serialization failed: {}", e)) + }), + IpcProtocol::Binary => bincode::serialize(message).map_err(|e| { + IpcError::SerializationError(format!("Binary serialization failed: {}", e)) + }), + IpcProtocol::Custom(name) => Err(IpcError::SerializationError(format!( + "Custom protocol '{}' not implemented", + name + ))), + } + } + + pub fn deserialize(&self, data: &[u8]) -> Result { + match self { + IpcProtocol::Json => serde_json::from_slice(data).map_err(|e| { + IpcError::SerializationError(format!("JSON deserialization failed: {}", e)) + }), + IpcProtocol::Binary => bincode::deserialize(data).map_err(|e| { + IpcError::SerializationError(format!("Binary deserialization failed: {}", e)) + }), + IpcProtocol::Custom(name) => Err(IpcError::SerializationError(format!( + "Custom protocol '{}' not implemented", + name + ))), + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_json_protocol() { + let protocol = IpcProtocol::Json; + let message = IpcMessage::new("source", "target", vec![1, 2, 3]); + + let serialized = protocol.serialize(&message).unwrap(); + let deserialized = protocol.deserialize(&serialized).unwrap(); + + assert_eq!(deserialized.source, message.source); + assert_eq!(deserialized.target, message.target); + } +} diff --git a/src/ipc/security.rs b/src/ipc/security.rs new file mode 100644 index 0000000..a4622d1 --- /dev/null +++ b/src/ipc/security.rs @@ -0,0 +1,164 @@ +use super::channel::IpcMessage; +use super::{IpcError, Result}; +use ring::aead::{Aad, LessSafeKey, Nonce, UnboundKey, AES_256_GCM}; +use ring::rand::{SecureRandom, SystemRandom}; +use serde::{Deserialize, Serialize}; + +pub struct IpcSecurity { + enable_encryption: bool, + enable_authentication: bool, + encryption_key: Option, + rng: SystemRandom, +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +struct EncryptedPayload { + nonce: Vec, + ciphertext: Vec, +} + +impl IpcSecurity { + pub fn new() -> Self { + Self { + enable_encryption: false, + enable_authentication: false, + encryption_key: None, + rng: SystemRandom::new(), + } + } + + pub fn with_encryption(mut self, enable: bool) -> Self { + self.enable_encryption = enable; + self + } + + pub fn with_key(mut self, key: &[u8; 32]) -> Result { + let unbound_key = UnboundKey::new(&AES_256_GCM, key) + .map_err(|e| IpcError::SecurityError(format!("Invalid encryption key: {}", e)))?; + self.encryption_key = Some(LessSafeKey::new(unbound_key)); + Ok(self) + } + + pub fn with_authentication(mut self, enable: bool) -> Self { + self.enable_authentication = enable; + self + } + + pub fn validate_message(&self, message: &IpcMessage) -> Result<()> { + if self.enable_authentication { + if message.source.is_empty() { + return Err(IpcError::SecurityError( + "Message source cannot be empty".to_string(), + )); + } + if message.target.is_empty() { + return Err(IpcError::SecurityError( + "Message target cannot be empty".to_string(), + )); + } + } + Ok(()) + } + + pub fn encrypt_message(&self, message: &mut IpcMessage) -> Result<()> { + if self.enable_encryption { + let key = self + .encryption_key + .as_ref() + .ok_or_else(|| IpcError::SecurityError("Encryption key not set".to_string()))?; + + let mut nonce_bytes = [0u8; 12]; + self.rng + .fill(&mut nonce_bytes) + .map_err(|e| IpcError::SecurityError(format!("Failed to generate nonce: {}", e)))?; + + let nonce = Nonce::assume_unique_for_key(nonce_bytes); + let mut ciphertext = message.payload.clone(); + + key.seal_in_place_append_tag(nonce, Aad::empty(), &mut ciphertext) + .map_err(|e| IpcError::SecurityError(format!("Encryption failed: {}", e)))?; + + let encrypted = EncryptedPayload { + nonce: nonce_bytes.to_vec(), + ciphertext, + }; + + message.payload = serde_json::to_vec(&encrypted).map_err(|e| { + IpcError::SecurityError(format!("Failed to serialize encrypted data: {}", e)) + })?; + } + Ok(()) + } + + pub fn decrypt_message(&self, message: &mut IpcMessage) -> Result<()> { + if self.enable_encryption { + let key = self + .encryption_key + .as_ref() + .ok_or_else(|| IpcError::SecurityError("Encryption key not set".to_string()))?; + + let encrypted: EncryptedPayload = + serde_json::from_slice(&message.payload).map_err(|e| { + IpcError::SecurityError(format!("Failed to deserialize encrypted data: {}", e)) + })?; + + let nonce = Nonce::assume_unique_for_key( + encrypted + .nonce + .as_slice() + .try_into() + .map_err(|_| IpcError::SecurityError("Invalid nonce length".to_string()))?, + ); + + let mut plaintext = encrypted.ciphertext.clone(); + + key.open_in_place(nonce, Aad::empty(), &mut plaintext) + .map_err(|e| IpcError::SecurityError(format!("Decryption failed: {}", e)))?; + + plaintext.truncate(plaintext.len() - 16); + + message.payload = plaintext; + } + Ok(()) + } +} + +impl Default for IpcSecurity { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_message_validation() { + let security = IpcSecurity::new().with_authentication(true); + + let mut message = IpcMessage::new("source", "target", vec![1, 2, 3]); + assert!(security.validate_message(&message).is_ok()); + + message.source = String::new(); + assert!(security.validate_message(&message).is_err()); + } + + #[test] + fn test_encryption() { + let key = [0u8; 32]; + let security = IpcSecurity::new() + .with_encryption(true) + .with_key(&key) + .unwrap(); + + let mut message = IpcMessage::new("source", "target", vec![1, 2, 3]); + let original_payload = message.payload.clone(); + + security.encrypt_message(&mut message).unwrap(); + assert_ne!(message.payload, original_payload); + + security.decrypt_message(&mut message).unwrap(); + assert_eq!(message.payload, original_payload); + } +} diff --git a/src/main.rs b/src/main.rs new file mode 100644 index 0000000..7303a47 --- /dev/null +++ b/src/main.rs @@ -0,0 +1,158 @@ +use moda_ipc::{IpcChannel, IpcMessage, IpcSecurity}; +use moda_network::{HttpClient, TlsConfig, TlsVersion}; +use moda_platform::PlatformInfo; +use moda_render::{DOMNode, LayoutEngine, NodeType, Rect}; +use moda_sandbox::{NamespaceConfig, Sandbox}; +use moda_security::{Capability, CapabilityToken, PermissionManager, PermissionPolicy}; +use moda_storage::SecureStorage; + +fn main() { + println!("MoDa Browser Core - Prototype"); + println!("=============================="); + println!(); + + println!("1. Platform Detection"); + println!("--------------------"); + let platform_info = PlatformInfo::new(); + println!("Platform: {}", platform_info.platform().name()); + println!("Architecture: {}", platform_info.arch()); + println!( + "Sandbox supported: {}", + platform_info.platform().supports_sandbox() + ); + println!(); + + println!("2. Security Framework"); + println!("--------------------"); + let token = CapabilityToken::new("test-token") + .with_capability(Capability::NetworkAccess) + .with_capability(Capability::FileSystemRead); + + println!("Token ID: {}", token.id()); + println!("Capabilities: {:?}", token.capabilities()); + println!("Is expired: {}", token.is_expired()); + println!(); + + println!("3. Permission Management"); + println!("-----------------------"); + let permission_manager = PermissionManager::new(); + let policy = PermissionPolicy { + allowed_capabilities: vec![Capability::NetworkAccess], + denied_capabilities: vec![Capability::FileSystemWrite], + }; + let _ = permission_manager.add_policy("test-resource", policy); + + match permission_manager.check_permission("test-resource", &Capability::NetworkAccess) { + Ok(allowed) => println!("Network access allowed: {}", allowed), + Err(e) => println!("Error: {}", e), + } + println!(); + + println!("4. Sandbox Management"); + println!("--------------------"); + let namespace_config = NamespaceConfig::new().with_pid(true).with_network(true); + + let _sandbox = Sandbox::new().with_namespace(namespace_config); + + println!("Sandbox configured with PID and network namespaces"); + println!(); + + println!("5. IPC Communication"); + println!("-------------------"); + let channel = IpcChannel::new(); + let security = IpcSecurity::new().with_authentication(true); + + let message = IpcMessage::new("sender", "receiver", vec![1, 2, 3, 4, 5]); + + match security.validate_message(&message) { + Ok(_) => println!("Message validated successfully"), + Err(e) => println!("Validation error: {}", e), + } + + match channel.send(message) { + Ok(_) => println!("Message sent successfully"), + Err(e) => println!("Send error: {}", e), + } + + match channel.receive() { + Ok(received) => println!( + "Message received: {} -> {}", + received.source, received.target + ), + Err(e) => println!("Receive error: {}", e), + } + println!(); + + println!("6. Network Stack"); + println!("---------------"); + let tls_config = TlsConfig::new() + .with_min_tls_version(TlsVersion::Tls1_2) + .with_max_tls_version(TlsVersion::Tls1_3); + + match tls_config.validate() { + Ok(_) => println!("TLS configuration valid"), + Err(e) => println!("TLS config error: {}", e), + } + + let _http_client = HttpClient::new(); + println!("HTTP client initialized"); + println!(); + + println!("7. Secure Storage"); + println!("----------------"); + let key = [0u8; 32]; + let storage = SecureStorage::new(&key); + + let plaintext = b"Hello, MoDa Browser!"; + let encrypted = storage.encrypt(plaintext); + + match encrypted { + Ok(data) => { + println!("Encrypted data size: {} bytes", data.ciphertext.len()); + + let decrypted = storage.decrypt(&data); + match decrypted { + Ok(decrypted_data) => { + println!("Decrypted: {}", String::from_utf8_lossy(&decrypted_data)) + } + Err(e) => println!("Decryption error: {}", e), + } + } + Err(e) => println!("Encryption error: {}", e), + } + println!(); + + println!("8. Render Engine"); + println!("----------------"); + let mut layout_engine = LayoutEngine::new(); + layout_engine.parse_html("

Hello, MoDa!

"); + layout_engine.calculate_layout(); + + println!("HTML parsed and layout calculated"); + + if let Some(bounds) = layout_engine.get_element_bounds("root") { + println!( + "Root element bounds: x={}, y={}, width={}, height={}", + bounds.x, bounds.y, bounds.width, bounds.height + ); + } + + let div_node = DOMNode::new("test-div", NodeType::Element) + .with_tag_name("div") + .with_text("Test content") + .with_bounds(Rect::new(10.0, 10.0, 200.0, 100.0)); + + println!( + "Created DOM node: {} with bounds ({}, {}, {}, {})", + div_node.tag_name, + div_node.bounds.x, + div_node.bounds.y, + div_node.bounds.width, + div_node.bounds.height + ); + println!(); + + println!("=============================="); + println!("Prototype execution complete!"); + println!("All core components initialized successfully."); +} diff --git a/src/network/Cargo.toml b/src/network/Cargo.toml new file mode 100644 index 0000000..6223fce --- /dev/null +++ b/src/network/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "moda-network" +version = "0.1.0" +edition = "2021" + +[lib] +name = "moda_network" +path = "lib.rs" + +[dependencies] +thiserror = "1.0" +tracing = "0.1" +tokio = { version = "1.35", features = ["full"] } +reqwest = { version = "0.11", features = ["json"] } diff --git a/src/network/http.rs b/src/network/http.rs new file mode 100644 index 0000000..5c9e93c --- /dev/null +++ b/src/network/http.rs @@ -0,0 +1,73 @@ +use super::{NetworkError, Result}; +use reqwest::Client; +use std::time::Duration; + +pub struct HttpClient { + client: Client, +} + +impl HttpClient { + pub fn new() -> Self { + Self { + client: Client::new(), + } + } + + pub fn with_timeout(mut self, timeout: Duration) -> Self { + self.client = Client::builder() + .timeout(timeout) + .build() + .unwrap_or_else(|_| Client::new()); + self + } + + pub async fn get(&self, url: &str) -> Result { + let response = + self.client.get(url).send().await.map_err(|e| { + NetworkError::ConnectionFailed(format!("GET request failed: {}", e)) + })?; + + let text = response.text().await.map_err(|e| { + NetworkError::ConnectionFailed(format!("Failed to read response: {}", e)) + })?; + + Ok(text) + } + + pub async fn post(&self, url: &str, body: &str) -> Result { + let response = self + .client + .post(url) + .body(body.to_string()) + .send() + .await + .map_err(|e| NetworkError::ConnectionFailed(format!("POST request failed: {}", e)))?; + + let text = response.text().await.map_err(|e| { + NetworkError::ConnectionFailed(format!("Failed to read response: {}", e)) + })?; + + Ok(text) + } +} + +impl Default for HttpClient { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_client_creation() { + let _client = HttpClient::new(); + } + + #[test] + fn test_client_with_timeout() { + let _client = HttpClient::new().with_timeout(Duration::from_secs(30)); + } +} diff --git a/src/network/lib.rs b/src/network/lib.rs new file mode 100644 index 0000000..390eb61 --- /dev/null +++ b/src/network/lib.rs @@ -0,0 +1,20 @@ +pub mod http; +pub mod tls; + +pub use http::HttpClient; +pub use tls::TlsConfig; +pub use tls::TlsVersion; + +use thiserror::Error; + +#[derive(Error, Debug)] +pub enum NetworkError { + #[error("Connection failed: {0}")] + ConnectionFailed(String), + #[error("TLS error: {0}")] + TlsError(String), + #[error("DNS resolution failed: {0}")] + DnsError(String), +} + +pub type Result = std::result::Result; diff --git a/src/network/tls.rs b/src/network/tls.rs new file mode 100644 index 0000000..b517ac4 --- /dev/null +++ b/src/network/tls.rs @@ -0,0 +1,91 @@ +use super::{NetworkError, Result}; + +#[derive(Debug, Clone)] +pub struct TlsConfig { + pub verify_certificates: bool, + pub min_tls_version: TlsVersion, + pub max_tls_version: TlsVersion, +} + +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum TlsVersion { + Tls1_0, + Tls1_1, + Tls1_2, + Tls1_3, +} + +impl PartialOrd for TlsVersion { + fn partial_cmp(&self, other: &Self) -> Option { + Some(self.cmp(other)) + } +} + +impl Ord for TlsVersion { + fn cmp(&self, other: &Self) -> std::cmp::Ordering { + (*self as i32).cmp(&(*other as i32)) + } +} + +impl TlsConfig { + pub fn new() -> Self { + Self { + verify_certificates: true, + min_tls_version: TlsVersion::Tls1_2, + max_tls_version: TlsVersion::Tls1_3, + } + } + + pub fn with_verify_certificates(mut self, verify: bool) -> Self { + self.verify_certificates = verify; + self + } + + pub fn with_min_tls_version(mut self, version: TlsVersion) -> Self { + self.min_tls_version = version; + self + } + + pub fn with_max_tls_version(mut self, version: TlsVersion) -> Self { + self.max_tls_version = version; + self + } + + pub fn validate(&self) -> Result<()> { + if self.min_tls_version > self.max_tls_version { + return Err(NetworkError::TlsError( + "Min TLS version cannot be greater than max TLS version".to_string(), + )); + } + Ok(()) + } +} + +impl Default for TlsConfig { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_tls_config() { + let config = TlsConfig::new() + .with_verify_certificates(true) + .with_min_tls_version(TlsVersion::Tls1_2); + + assert!(config.validate().is_ok()); + } + + #[test] + fn test_invalid_tls_config() { + let config = TlsConfig::new() + .with_min_tls_version(TlsVersion::Tls1_3) + .with_max_tls_version(TlsVersion::Tls1_2); + + assert!(config.validate().is_err()); + } +} diff --git a/src/platform/Cargo.toml b/src/platform/Cargo.toml new file mode 100644 index 0000000..75e74a6 --- /dev/null +++ b/src/platform/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "moda-platform" +version = "0.1.0" +edition = "2021" + +[lib] +name = "moda_platform" +path = "lib.rs" + +[dependencies] +thiserror = "1.0" +tracing = "0.1" diff --git a/src/platform/lib.rs b/src/platform/lib.rs new file mode 100644 index 0000000..20f4870 --- /dev/null +++ b/src/platform/lib.rs @@ -0,0 +1,97 @@ +use thiserror::Error; + +#[derive(Error, Debug)] +pub enum PlatformError { + #[error("Unsupported platform: {0}")] + UnsupportedPlatform(String), + #[error("System call failed: {0}")] + SystemCallFailed(String), +} + +pub type Result = std::result::Result; + +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum Platform { + Linux, + MacOS, + Windows, + Unknown, +} + +impl Platform { + pub fn current() -> Self { + #[cfg(target_os = "linux")] + return Platform::Linux; + + #[cfg(target_os = "macos")] + return Platform::MacOS; + + #[cfg(target_os = "windows")] + return Platform::Windows; + + #[cfg(not(any(target_os = "linux", target_os = "macos", target_os = "windows")))] + return Platform::Unknown; + } + + pub fn name(&self) -> &str { + match self { + Platform::Linux => "linux", + Platform::MacOS => "macos", + Platform::Windows => "windows", + Platform::Unknown => "unknown", + } + } + + pub fn supports_sandbox(&self) -> bool { + matches!(self, Platform::Linux | Platform::MacOS) + } +} + +pub struct PlatformInfo { + platform: Platform, + arch: String, +} + +impl PlatformInfo { + pub fn new() -> Self { + Self { + platform: Platform::current(), + arch: std::env::consts::ARCH.to_string(), + } + } + + pub fn platform(&self) -> Platform { + self.platform + } + + pub fn arch(&self) -> &str { + &self.arch + } + + pub fn is_supported(&self) -> bool { + self.platform != Platform::Unknown + } +} + +impl Default for PlatformInfo { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_platform_detection() { + let platform = Platform::current(); + assert_ne!(platform, Platform::Unknown); + } + + #[test] + fn test_platform_info() { + let info = PlatformInfo::new(); + assert!(info.is_supported()); + } +} diff --git a/src/render/Cargo.toml b/src/render/Cargo.toml new file mode 100644 index 0000000..7f82987 --- /dev/null +++ b/src/render/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "moda-render" +version = "0.1.0" +edition = "2021" + +[lib] +name = "moda_render" +path = "lib.rs" + +[dependencies] +serde = { version = "1.0", features = ["derive"] } +thiserror = "1.0" +tracing = "0.1" diff --git a/src/render/lib.rs b/src/render/lib.rs new file mode 100644 index 0000000..2ce3ffb --- /dev/null +++ b/src/render/lib.rs @@ -0,0 +1,261 @@ +use serde::{Deserialize, Serialize}; +use std::collections::HashMap; + +#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)] +pub struct Rect { + pub x: f32, + pub y: f32, + pub width: f32, + pub height: f32, +} + +impl Rect { + pub fn new(x: f32, y: f32, width: f32, height: f32) -> Self { + Self { + x, + y, + width, + height, + } + } + + pub fn area(&self) -> f32 { + self.width * self.height + } + + pub fn contains(&self, point: (f32, f32)) -> bool { + point.0 >= self.x + && point.0 <= self.x + self.width + && point.1 >= self.y + && point.1 <= self.y + self.height + } +} + +#[derive(Debug, Clone, Serialize, Deserialize, Default)] +pub struct BoxModel { + pub margin_top: f32, + pub margin_right: f32, + pub margin_bottom: f32, + pub margin_left: f32, + pub padding_top: f32, + pub padding_right: f32, + pub padding_bottom: f32, + pub padding_left: f32, + pub border_top: f32, + pub border_right: f32, + pub border_bottom: f32, + pub border_left: f32, +} + +impl BoxModel { + pub fn new() -> Self { + Self::default() + } + + pub fn margin_width(&self) -> f32 { + self.margin_left + self.margin_right + } + + pub fn margin_height(&self) -> f32 { + self.margin_top + self.margin_bottom + } + + pub fn padding_width(&self) -> f32 { + self.padding_left + self.padding_right + } + + pub fn padding_height(&self) -> f32 { + self.padding_top + self.padding_bottom + } + + pub fn border_width(&self) -> f32 { + self.border_left + self.border_right + } + + pub fn border_height(&self) -> f32 { + self.border_top + self.border_bottom + } +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub enum NodeType { + Element, + Text, + Comment, +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct DOMNode { + pub id: String, + pub node_type: NodeType, + pub tag_name: String, + pub text_content: String, + pub children: Vec, + pub bounds: Rect, + pub box_model: BoxModel, +} + +impl DOMNode { + pub fn new(id: impl Into, node_type: NodeType) -> Self { + Self { + id: id.into(), + node_type, + tag_name: String::new(), + text_content: String::new(), + children: Vec::new(), + bounds: Rect::new(0.0, 0.0, 0.0, 0.0), + box_model: BoxModel::new(), + } + } + + pub fn with_tag_name(mut self, tag_name: impl Into) -> Self { + self.tag_name = tag_name.into(); + self + } + + pub fn with_text(mut self, text: impl Into) -> Self { + self.text_content = text.into(); + self + } + + pub fn with_bounds(mut self, bounds: Rect) -> Self { + self.bounds = bounds; + self + } + + pub fn with_box_model(mut self, box_model: BoxModel) -> Self { + self.box_model = box_model; + self + } + + pub fn add_child(mut self, child: DOMNode) -> Self { + self.children.push(child); + self + } +} + +pub struct LayoutEngine { + dom: Vec, + element_map: HashMap, +} + +impl LayoutEngine { + pub fn new() -> Self { + Self { + dom: Vec::new(), + element_map: HashMap::new(), + } + } + + pub fn parse_html(&mut self, _html: &str) { + self.dom.clear(); + self.element_map.clear(); + + let root = DOMNode::new("root", NodeType::Element) + .with_tag_name("html") + .with_bounds(Rect::new(0.0, 0.0, 1920.0, 1080.0)); + + self.dom.push(root); + self.element_map.insert("root".to_string(), 0); + } + + pub fn calculate_layout(&mut self) { + for node in &mut self.dom { + let parent_bounds = if node.id == "root" { + node.bounds.clone() + } else { + Rect::new(0.0, 0.0, 0.0, 0.0) + }; + node.bounds = parent_bounds; + } + } + + pub fn get_element_bounds(&self, element_id: &str) -> Option { + self.element_map + .get(element_id) + .and_then(|&idx| self.dom.get(idx)) + .map(|node| node.bounds.clone()) + } + + pub fn get_element_box_model(&self, element_id: &str) -> Option { + self.element_map + .get(element_id) + .and_then(|&idx| self.dom.get(idx)) + .map(|node| node.box_model.clone()) + } + + pub fn get_element_by_id(&self, element_id: &str) -> Option<&DOMNode> { + self.element_map + .get(element_id) + .and_then(|&idx| self.dom.get(idx)) + } + + pub fn get_elements_by_tag_name(&self, tag_name: &str) -> Vec<&DOMNode> { + self.dom + .iter() + .filter(|node| node.tag_name == tag_name) + .collect() + } +} + +impl Default for LayoutEngine { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_rect_creation() { + let rect = Rect::new(10.0, 20.0, 100.0, 50.0); + assert_eq!(rect.x, 10.0); + assert_eq!(rect.y, 20.0); + assert_eq!(rect.width, 100.0); + assert_eq!(rect.height, 50.0); + } + + #[test] + fn test_rect_area() { + let rect = Rect::new(0.0, 0.0, 10.0, 5.0); + assert_eq!(rect.area(), 50.0); + } + + #[test] + fn test_rect_contains() { + let rect = Rect::new(10.0, 10.0, 100.0, 100.0); + assert!(rect.contains((50.0, 50.0))); + assert!(!rect.contains((5.0, 5.0))); + assert!(!rect.contains((150.0, 150.0))); + } + + #[test] + fn test_box_model() { + let box_model = BoxModel::new(); + assert_eq!(box_model.margin_width(), 0.0); + assert_eq!(box_model.padding_width(), 0.0); + assert_eq!(box_model.border_width(), 0.0); + } + + #[test] + fn test_dom_node_creation() { + let node = DOMNode::new("test", NodeType::Element) + .with_tag_name("div") + .with_text("Hello"); + + assert_eq!(node.id, "test"); + assert_eq!(node.tag_name, "div"); + assert_eq!(node.text_content, "Hello"); + } + + #[test] + fn test_layout_engine() { + let mut engine = LayoutEngine::new(); + engine.parse_html(""); + + assert_eq!(engine.dom.len(), 1); + assert!(engine.get_element_by_id("root").is_some()); + } +} diff --git a/src/sandbox/Cargo.toml b/src/sandbox/Cargo.toml new file mode 100644 index 0000000..c824ac7 --- /dev/null +++ b/src/sandbox/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "moda-sandbox" +version = "0.1.0" +edition = "2021" + +[lib] +name = "moda_sandbox" +path = "lib.rs" + +[dependencies] +serde = { version = "1.0", features = ["derive"] } +thiserror = "1.0" +tracing = "0.1" +nix = { version = "0.27", features = ["sched", "socket"] } diff --git a/src/sandbox/lib.rs b/src/sandbox/lib.rs new file mode 100644 index 0000000..fa11841 --- /dev/null +++ b/src/sandbox/lib.rs @@ -0,0 +1,19 @@ +pub mod manager; +pub mod namespace; + +pub use manager::Sandbox; +pub use namespace::NamespaceConfig; + +use thiserror::Error; + +#[derive(Error, Debug)] +pub enum SandboxError { + #[error("Failed to create sandbox: {0}")] + CreationFailed(String), + #[error("Namespace isolation failed: {0}")] + NamespaceError(String), + #[error("Process spawn failed: {0}")] + ProcessError(String), +} + +pub type Result = std::result::Result; diff --git a/src/sandbox/manager.rs b/src/sandbox/manager.rs new file mode 100644 index 0000000..9d45ac1 --- /dev/null +++ b/src/sandbox/manager.rs @@ -0,0 +1,89 @@ +use super::namespace::NamespaceConfig; +use super::{Result, SandboxError}; +use std::process::{Child, Command}; + +pub struct Sandbox { + namespace_config: NamespaceConfig, +} + +impl Sandbox { + pub fn new() -> Self { + Self { + namespace_config: NamespaceConfig::default(), + } + } + + pub fn with_namespace(mut self, config: NamespaceConfig) -> Self { + self.namespace_config = config; + self + } + + pub fn build(&self) -> Result { + let mut command = if cfg!(windows) { + Command::new("cmd") + } else { + Command::new("/bin/sh") + }; + + if self.namespace_config.enable_pid { + if cfg!(windows) { + command.arg("/c"); + command.arg("echo PID namespace enabled"); + } else { + command.arg("-c"); + command.arg("echo 'PID namespace enabled'"); + } + } + + let child = command + .spawn() + .map_err(|e| SandboxError::CreationFailed(format!("Failed to spawn process: {}", e)))?; + + Ok(SandboxInstance { child }) + } + + pub fn run_command(&self, program: &str, args: &[&str]) -> Result { + let mut command = Command::new(program); + command.args(args); + + let child = command + .spawn() + .map_err(|e| SandboxError::CreationFailed(format!("Failed to spawn process: {}", e)))?; + + Ok(SandboxInstance { child }) + } +} + +impl Default for Sandbox { + fn default() -> Self { + Self::new() + } +} + +pub struct SandboxInstance { + child: Child, +} + +impl SandboxInstance { + pub fn wait(&mut self) -> Result { + self.child + .wait() + .map_err(|e| SandboxError::ProcessError(format!("Failed to wait for process: {}", e))) + } + + pub fn id(&self) -> u32 { + self.child.id() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_sandbox_creation() { + let sandbox = Sandbox::new(); + let instance = sandbox.build(); + assert!(instance.is_ok()); + } +} diff --git a/src/sandbox/namespace.rs b/src/sandbox/namespace.rs new file mode 100644 index 0000000..7399697 --- /dev/null +++ b/src/sandbox/namespace.rs @@ -0,0 +1,61 @@ +use serde::{Deserialize, Serialize}; + +#[derive(Debug, Clone, Serialize, Deserialize, Default)] +pub struct NamespaceConfig { + pub enable_pid: bool, + pub enable_network: bool, + pub enable_mount: bool, + pub enable_uts: bool, + pub enable_ipc: bool, + pub enable_user: bool, +} + +impl NamespaceConfig { + pub fn new() -> Self { + Self::default() + } + + pub fn with_pid(mut self, enable: bool) -> Self { + self.enable_pid = enable; + self + } + + pub fn with_network(mut self, enable: bool) -> Self { + self.enable_network = enable; + self + } + + pub fn with_mount(mut self, enable: bool) -> Self { + self.enable_mount = enable; + self + } + + pub fn with_uts(mut self, enable: bool) -> Self { + self.enable_uts = enable; + self + } + + pub fn with_ipc(mut self, enable: bool) -> Self { + self.enable_ipc = enable; + self + } + + pub fn with_user(mut self, enable: bool) -> Self { + self.enable_user = enable; + self + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_namespace_config() { + let config = NamespaceConfig::new().with_pid(true).with_network(true); + + assert!(config.enable_pid); + assert!(config.enable_network); + assert!(!config.enable_mount); + } +} diff --git a/src/security/Cargo.toml b/src/security/Cargo.toml new file mode 100644 index 0000000..475c6a6 --- /dev/null +++ b/src/security/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "moda-security" +version = "0.1.0" +edition = "2021" + +[lib] +name = "moda_security" +path = "lib.rs" + +[dependencies] +serde = { version = "1.0", features = ["derive"] } +thiserror = "1.0" +tracing = "0.1" +ring = "0.17" diff --git a/src/security/capabilities.rs b/src/security/capabilities.rs new file mode 100644 index 0000000..b92ac07 --- /dev/null +++ b/src/security/capabilities.rs @@ -0,0 +1,100 @@ +use serde::{Deserialize, Serialize}; +use std::collections::HashSet; + +#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Hash)] +pub enum Capability { + NetworkAccess, + FileSystemRead, + FileSystemWrite, + ProcessSpawn, + SystemCall(String), + Custom(String), +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct CapabilityToken { + id: String, + capabilities: HashSet, + expiry: Option, +} + +impl CapabilityToken { + pub fn new(id: impl Into) -> Self { + Self { + id: id.into(), + capabilities: HashSet::new(), + expiry: None, + } + } + + pub fn with_capability(mut self, capability: Capability) -> Self { + self.capabilities.insert(capability); + self + } + + pub fn with_capabilities(mut self, capabilities: impl IntoIterator) -> Self { + self.capabilities.extend(capabilities); + self + } + + pub fn with_expiry(mut self, timestamp: u64) -> Self { + self.expiry = Some(timestamp); + self + } + + pub fn id(&self) -> &str { + &self.id + } + + pub fn capabilities(&self) -> &HashSet { + &self.capabilities + } + + pub fn is_expired(&self) -> bool { + if let Some(expiry) = self.expiry { + let current = std::time::SystemTime::now() + .duration_since(std::time::UNIX_EPOCH) + .unwrap() + .as_secs(); + current > expiry + } else { + false + } + } + + pub fn verify(&self, required: &HashSet) -> bool { + if self.is_expired() { + return false; + } + required.is_subset(&self.capabilities) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_token_creation() { + let token = CapabilityToken::new("test-token") + .with_capability(Capability::NetworkAccess) + .with_capability(Capability::FileSystemRead); + + assert_eq!(token.id(), "test-token"); + assert!(token.capabilities().contains(&Capability::NetworkAccess)); + assert!(token.capabilities().contains(&Capability::FileSystemRead)); + } + + #[test] + fn test_token_verification() { + let token = CapabilityToken::new("test-token").with_capability(Capability::NetworkAccess); + + let required = vec![Capability::NetworkAccess].into_iter().collect(); + assert!(token.verify(&required)); + + let required = vec![Capability::NetworkAccess, Capability::FileSystemWrite] + .into_iter() + .collect(); + assert!(!token.verify(&required)); + } +} diff --git a/src/security/lib.rs b/src/security/lib.rs new file mode 100644 index 0000000..ac2bb1f --- /dev/null +++ b/src/security/lib.rs @@ -0,0 +1,21 @@ +pub mod capabilities; +pub mod permissions; +pub mod validation; + +pub use capabilities::{Capability, CapabilityToken}; +pub use permissions::{PermissionManager, PermissionPolicy}; +pub use validation::Validator; + +use thiserror::Error; + +#[derive(Error, Debug)] +pub enum SecurityError { + #[error("Invalid capability token")] + InvalidToken, + #[error("Permission denied: {0}")] + PermissionDenied(String), + #[error("Validation failed: {0}")] + ValidationFailed(String), +} + +pub type Result = std::result::Result; diff --git a/src/security/permissions.rs b/src/security/permissions.rs new file mode 100644 index 0000000..a717620 --- /dev/null +++ b/src/security/permissions.rs @@ -0,0 +1,91 @@ +use super::capabilities::Capability; +use super::{Result, SecurityError}; +use std::collections::HashMap; +use std::sync::{Arc, RwLock}; + +#[derive(Debug, Clone)] +pub struct PermissionPolicy { + pub allowed_capabilities: Vec, + pub denied_capabilities: Vec, +} + +pub struct PermissionManager { + policies: Arc>>, +} + +impl PermissionManager { + pub fn new() -> Self { + Self { + policies: Arc::new(RwLock::new(HashMap::new())), + } + } + + pub fn add_policy( + &self, + resource_id: impl Into, + policy: PermissionPolicy, + ) -> Result<()> { + let mut policies = self + .policies + .write() + .map_err(|e| SecurityError::PermissionDenied(format!("Lock poisoned: {}", e)))?; + policies.insert(resource_id.into(), policy); + Ok(()) + } + + pub fn check_permission(&self, resource_id: &str, capability: &Capability) -> Result { + let policies = self + .policies + .read() + .map_err(|e| SecurityError::PermissionDenied(format!("Lock poisoned: {}", e)))?; + + if let Some(policy) = policies.get(resource_id) { + if policy.denied_capabilities.contains(capability) { + return Ok(false); + } + if policy.allowed_capabilities.contains(capability) { + return Ok(true); + } + } + + Err(SecurityError::PermissionDenied(format!( + "No policy defined for resource {} with capability {:?}", + resource_id, capability + ))) + } + + pub fn remove_policy(&self, resource_id: &str) { + let mut policies = self.policies.write().unwrap(); + policies.remove(resource_id); + } +} + +impl Default for PermissionManager { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_permission_check() { + let manager = PermissionManager::new(); + + let policy = PermissionPolicy { + allowed_capabilities: vec![Capability::NetworkAccess], + denied_capabilities: vec![Capability::FileSystemWrite], + }; + + let _ = manager.add_policy("test-resource", policy); + + assert!(manager + .check_permission("test-resource", &Capability::NetworkAccess) + .unwrap()); + assert!(!manager + .check_permission("test-resource", &Capability::FileSystemWrite) + .unwrap()); + } +} diff --git a/src/security/policy.rs b/src/security/policy.rs new file mode 100644 index 0000000..e4d3713 --- /dev/null +++ b/src/security/policy.rs @@ -0,0 +1,194 @@ +use crate::{Capability, Result, SecurityError}; +use serde::{Deserialize, Serialize}; +use std::collections::HashMap; +use std::sync::{Arc, RwLock}; + +/// 安全策略配置 +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct SecurityPolicy { + /// 策略ID + pub id: String, + /// 策略描述 + pub description: String, + /// 允许的能力列表 + pub allowed_capabilities: Vec, + /// 拒绝的能力列表 + pub denied_capabilities: Vec, + /// 默认策略(true表示默认拒绝,false表示默认允许) + pub default_deny: bool, +} + +impl SecurityPolicy { + pub fn new(id: impl Into, description: impl Into) -> Self { + Self { + id: id.into(), + description: description.into(), + allowed_capabilities: Vec::new(), + denied_capabilities: Vec::new(), + default_deny: true, + } + } + + pub fn with_allowed_capabilities(mut self, capabilities: Vec) -> Self { + self.allowed_capabilities = capabilities; + self + } + + pub fn with_denied_capabilities(mut self, capabilities: Vec) -> Self { + self.denied_capabilities = capabilities; + self + } + + pub fn with_default_deny(mut self, default_deny: bool) -> Self { + self.default_deny = default_deny; + self + } + + /// 检查是否允许特定能力 + pub fn allows_capability(&self, capability: &Capability) -> bool { + // 如果在拒绝列表中,直接拒绝 + if self.denied_capabilities.contains(capability) { + return false; + } + + // 如果在允许列表中,直接允许 + if self.allowed_capabilities.contains(capability) { + return true; + } + + // 返回默认策略 + !self.default_deny + } +} + +/// 策略管理器 +pub struct PolicyManager { + policies: Arc>>, +} + +impl PolicyManager { + pub fn new() -> Self { + Self { + policies: Arc::new(RwLock::new(HashMap::new())), + } + } + + /// 添加安全策略 + pub fn add_policy(&self, policy: SecurityPolicy) -> Result<()> { + let mut policies = self + .policies + .write() + .map_err(|e| SecurityError::PermissionDenied(format!("Lock poisoned: {}", e)))?; + + policies.insert(policy.id.clone(), policy); + Ok(()) + } + + /// 获取策略 + pub fn get_policy(&self, policy_id: &str) -> Result { + let policies = self + .policies + .read() + .map_err(|e| SecurityError::PermissionDenied(format!("Lock poisoned: {}", e)))?; + + policies + .get(policy_id) + .cloned() + .ok_or_else(|| SecurityError::PermissionDenied(format!("Policy {} not found", policy_id))) + } + + /// 检查资源是否具有特定能力 + pub fn check_resource_capability( + &self, + resource_id: &str, + capability: &Capability, + ) -> Result { + let policies = self + .policies + .read() + .map_err(|e| SecurityError::PermissionDenied(format!("Lock poisoned: {}", e)))?; + + // 查找与资源匹配的策略 + if let Some(policy) = policies.get(resource_id) { + Ok(policy.allows_capability(capability)) + } else { + // 如果没有找到特定策略,返回错误 + Err(SecurityError::PermissionDenied(format!( + "No policy defined for resource {}", + resource_id + ))) + } + } + + /// 删除策略 + pub fn remove_policy(&self, policy_id: &str) -> Result<()> { + let mut policies = self + .policies + .write() + .map_err(|e| SecurityError::PermissionDenied(format!("Lock poisoned: {}", e)))?; + + if policies.remove(policy_id).is_some() { + Ok(()) + } else { + Err(SecurityError::PermissionDenied(format!( + "Policy {} not found", + policy_id + ))) + } + } + + /// 列出所有策略ID + pub fn list_policies(&self) -> Result> { + let policies = self + .policies + .read() + .map_err(|e| SecurityError::PermissionDenied(format!("Lock poisoned: {}", e)))?; + + Ok(policies.keys().cloned().collect()) + } +} + +impl Default for PolicyManager { + fn default() -> Self { + Self::new() + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_security_policy() { + let policy = SecurityPolicy::new("test-policy", "Test policy") + .with_allowed_capabilities(vec![Capability::NetworkAccess]) + .with_denied_capabilities(vec![Capability::FileSystemWrite]) + .with_default_deny(true); + + assert!(policy.allows_capability(&Capability::NetworkAccess)); + assert!(!policy.allows_capability(&Capability::FileSystemWrite)); + assert!(!policy.allows_capability(&Capability::FileSystemRead)); // 默认拒绝 + } + + #[test] + fn test_policy_manager() { + let manager = PolicyManager::new(); + + let policy = SecurityPolicy::new("test-resource", "Test resource policy") + .with_allowed_capabilities(vec![Capability::NetworkAccess]) + .with_denied_capabilities(vec![Capability::FileSystemWrite]); + + assert!(manager.add_policy(policy).is_ok()); + + assert!(manager + .check_resource_capability("test-resource", &Capability::NetworkAccess) + .unwrap()); + assert!(!manager + .check_resource_capability("test-resource", &Capability::FileSystemWrite) + .unwrap()); + + assert!(manager + .check_resource_capability("test-resource", &Capability::FileSystemRead) + .is_err()); // 没有明确允许,默认拒绝 + } +} \ No newline at end of file diff --git a/src/security/validation.rs b/src/security/validation.rs new file mode 100644 index 0000000..d13830e --- /dev/null +++ b/src/security/validation.rs @@ -0,0 +1,118 @@ +use super::{Result, SecurityError}; + +pub trait Validator { + fn validate(&self, input: &T) -> Result<()>; +} + +pub struct StringValidator { + max_length: usize, + allowed_chars: Option, +} + +impl StringValidator { + pub fn new(max_length: usize) -> Self { + Self { + max_length, + allowed_chars: None, + } + } + + pub fn with_allowed_chars(mut self, chars: impl Into) -> Self { + self.allowed_chars = Some(chars.into()); + self + } +} + +impl Validator for StringValidator { + fn validate(&self, input: &String) -> Result<()> { + if input.len() > self.max_length { + return Err(SecurityError::ValidationFailed(format!( + "Input exceeds maximum length of {}", + self.max_length + ))); + } + + if let Some(allowed) = &self.allowed_chars { + for c in input.chars() { + if !allowed.contains(c) { + return Err(SecurityError::ValidationFailed(format!( + "Invalid character '{}' in input", + c + ))); + } + } + } + + Ok(()) + } +} + +pub struct PathValidator { + allow_absolute: bool, + allow_parent: bool, +} + +impl PathValidator { + pub fn new() -> Self { + Self { + allow_absolute: false, + allow_parent: false, + } + } + + pub fn allow_absolute(mut self, allow: bool) -> Self { + self.allow_absolute = allow; + self + } + + pub fn allow_parent(mut self, allow: bool) -> Self { + self.allow_parent = allow; + self + } +} + +impl Default for PathValidator { + fn default() -> Self { + Self::new() + } +} + +impl Validator for PathValidator { + fn validate(&self, input: &String) -> Result<()> { + if !self.allow_absolute && input.starts_with('/') { + return Err(SecurityError::ValidationFailed( + "Absolute paths are not allowed".to_string(), + )); + } + + if !self.allow_parent && input.contains("..") { + return Err(SecurityError::ValidationFailed( + "Parent directory references are not allowed".to_string(), + )); + } + + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_string_validation() { + let validator = StringValidator::new(10); + + assert!(validator.validate(&"short".to_string()).is_ok()); + assert!(validator.validate(&"this is too long".to_string()).is_err()); + } + + #[test] + fn test_path_validation() { + let validator = PathValidator::new(); + + assert!(validator.validate(&"relative/path".to_string()).is_ok()); + assert!(validator.validate(&"/absolute/path".to_string()).is_err()); + assert!(validator.validate(&"../parent".to_string()).is_err()); + } +} diff --git a/src/storage/Cargo.toml b/src/storage/Cargo.toml new file mode 100644 index 0000000..53cd926 --- /dev/null +++ b/src/storage/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "moda-storage" +version = "0.1.0" +edition = "2021" + +[lib] +name = "moda_storage" +path = "lib.rs" + +[dependencies] +serde = { version = "1.0", features = ["derive"] } +thiserror = "1.0" +tracing = "0.1" +ring = "0.17" diff --git a/src/storage/lib.rs b/src/storage/lib.rs new file mode 100644 index 0000000..a553b54 --- /dev/null +++ b/src/storage/lib.rs @@ -0,0 +1,103 @@ +use ring::aead::{Aad, LessSafeKey, Nonce, UnboundKey, AES_256_GCM}; +use ring::rand::{SecureRandom, SystemRandom}; +use serde::{Deserialize, Serialize}; + +use thiserror::Error; + +#[derive(Error, Debug)] +pub enum StorageError { + #[error("Encryption failed: {0}")] + EncryptionFailed(String), + #[error("Decryption failed: {0}")] + DecryptionFailed(String), + #[error("IO error: {0}")] + IoError(String), +} + +pub type Result = std::result::Result; + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct EncryptedData { + pub nonce: Vec, + pub ciphertext: Vec, +} + +pub struct SecureStorage { + key: LessSafeKey, + rng: SystemRandom, +} + +impl SecureStorage { + pub fn new(key: &[u8; 32]) -> Self { + let unbound_key = UnboundKey::new(&AES_256_GCM, key).unwrap(); + Self { + key: LessSafeKey::new(unbound_key), + rng: SystemRandom::new(), + } + } + + pub fn encrypt(&self, plaintext: &[u8]) -> Result { + let mut nonce_bytes = [0u8; 12]; + self.rng.fill(&mut nonce_bytes).map_err(|e| { + StorageError::EncryptionFailed(format!("Failed to generate nonce: {}", e)) + })?; + + let nonce = Nonce::assume_unique_for_key(nonce_bytes); + let mut ciphertext = plaintext.to_vec(); + + self.key + .seal_in_place_append_tag(nonce, Aad::empty(), &mut ciphertext) + .map_err(|e| StorageError::EncryptionFailed(format!("Encryption failed: {}", e)))?; + + Ok(EncryptedData { + nonce: nonce_bytes.to_vec(), + ciphertext, + }) + } + + pub fn decrypt(&self, data: &EncryptedData) -> Result> { + let nonce = Nonce::assume_unique_for_key( + data.nonce + .as_slice() + .try_into() + .map_err(|_| StorageError::DecryptionFailed("Invalid nonce length".to_string()))?, + ); + + let mut plaintext = data.ciphertext.clone(); + + self.key + .open_in_place(nonce, Aad::empty(), &mut plaintext) + .map_err(|e| StorageError::DecryptionFailed(format!("Decryption failed: {}", e)))?; + + plaintext.truncate(plaintext.len() - 16); + + Ok(plaintext) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_encryption_decryption() { + let key = [0u8; 32]; + let storage = SecureStorage::new(&key); + + let plaintext = b"Hello, World!"; + + let encrypted = storage.encrypt(plaintext).unwrap(); + assert!( + !encrypted.ciphertext.is_empty(), + "Encrypted data should not be empty" + ); + assert!(!encrypted.nonce.is_empty(), "Nonce should not be empty"); + + let decrypted = storage.decrypt(&encrypted).unwrap(); + assert!(!decrypted.is_empty(), "Decrypted data should not be empty"); + assert_eq!( + decrypted, plaintext, + "Decrypted data should match original plaintext" + ); + } +} diff --git a/test_policy.rs b/test_policy.rs new file mode 100644 index 0000000..128fde7 --- /dev/null +++ b/test_policy.rs @@ -0,0 +1,30 @@ +use moda_security::{PolicyManager, SecurityPolicy, Capability}; + +fn main() { + println!("Testing Security Policy Module..."); + + let manager = PolicyManager::new(); + + let policy = SecurityPolicy::new("test-resource", "Test resource policy") + .with_allowed_capabilities(vec![Capability::NetworkAccess]) + .with_denied_capabilities(vec![Capability::FileSystemWrite]); + + match manager.add_policy(policy) { + Ok(_) => println!("✓ Policy added successfully"), + Err(e) => println!("✗ Failed to add policy: {:?}", e), + } + + match manager.check_resource_capability("test-resource", &Capability::NetworkAccess) { + Ok(true) => println!("✓ Network access allowed as expected"), + Ok(false) => println!("✗ Network access unexpectedly denied"), + Err(e) => println!("✗ Error checking network access: {:?}", e), + } + + match manager.check_resource_capability("test-resource", &Capability::FileSystemWrite) { + Ok(false) => println!("✓ File system write correctly denied"), + Ok(true) => println!("✗ File system write unexpectedly allowed"), + Err(e) => println!("✗ Error checking file system write: {:?}", e), + } + + println!("Security Policy Module test completed!"); +} \ No newline at end of file