reverse-proxy/tasks/setup/project-init.md at 309878c561a57c465bbad29e6b2475d14fdc0d59

Files

glm-5.1 309878c561 Decompose architecture into 23 atomic tasks across 7 parallel generations

Task graph covers all Phase 1 concerns: config system, TLS termination,
proxy handler, operations (rate limiting, logging, health check, admin
socket, signals, shutdown, body size limit), deployment artifacts, and
two review checkpoints.

No circular dependencies. Critical path length of 7. Risk distribution:
3 high-risk (ACME, TLS listener setup, startup orchestration), 7 medium,
11 low, 2 trivial.

2026-06-11 11:21:10 +00:00

3.7 KiB

Raw Blame History

id, name, status, depends_on, scope, risk, impact, level

name

status

depends_on

scope

risk

impact

level

setup/project-init

Initialize Rust project with Cargo, dependencies, and module skeleton

pending

moderate

low

project

implementation

Description

Initialize the Rust project from scratch. The repo currently has only docs/ and .git/. Set up a single-binary Rust project with all core dependencies per the architecture spec (overview.md), and create the module skeleton that subsequent tasks will fill in.

This is a single-binary project — there are no library exports. The product is the reverse-proxy binary.

Core Dependencies

Crate	Purpose
`axum` 0.8	HTTP framework, routing, middleware, extractors
`tokio` 1 (full)	Async runtime
`hyper` 1	HTTP protocol, proxy `Client`
`tower` 0.5	Middleware ecosystem, Service trait
`rustls` 0.23	TLS implementation, `aws_lc_rs` crypto provider
`tokio-rustls` 0.26	Async TLS I/O
`rustls-acme` 0.12	ACME client for Let's Encrypt
`serde` 1	Serialization
`toml` 0.8	Config format
`arc-swap` 1	Atomic config swap for DynamicConfig
`tracing` 0.1	Structured logging
`tracing-subscriber` 0.3	Log output (file + stdout)
`rustls-pemfile` 2	PEM parsing for manual cert loading
`rustls-pki-types` 1	TLS types (CertificateDer, PrivateKeyDer)
`clap` 4	CLI arguments
`signal-hook` 0.3	SIGTERM/SIGINT/SIGHUP handling

Pin exact versions in Cargo.toml per standard Rust practice.

Module Skeleton

src/
├── main.rs           — entry point, CLI parsing, startup orchestration
├── config/
│   ├── mod.rs         — config module, re-exports
│   ├── static_config.rs — StaticConfig, ListenerConfig, TlsConfig, LoggingConfig
│   ├── dynamic_config.rs — DynamicConfig, SiteConfig, RateLimitConfig
│   └── validation.rs  — config validation logic
├── proxy/
│   ├── mod.rs         — proxy module, re-exports
│   ├── handler.rs     — reverse proxy handler
│   ├── headers.rs     — proxy header injection
│   └── error.rs       — error response types
├── tls/
│   ├── mod.rs         — TLS module, re-exports
│   ├── acceptor.rs    — TLS acceptor construction (manual + ACME)
│   └── redirect.rs    — HTTP → HTTPS redirect handler
├── rate_limit/
│   ├── mod.rs         — rate limit module
│   └── bucket.rs      — token bucket implementation
├── logging/
│   ├── mod.rs         — logging module
│   └── format.rs      — custom structured log format
├── admin/
│   ├── mod.rs         — admin socket module
│   └── socket.rs      — Unix domain socket handler
├── health.rs          — health check endpoint
└── shutdown.rs        — graceful shutdown logic

Acceptance Criteria

Cargo.toml with all dependencies listed in overview.md, exact versions pinned
src/main.rs with minimal fn main() that compiles
All module files exist with mod.rs re-exports and skeleton content
cargo check succeeds with no errors
cargo clippy succeeds with no warnings
Binary name is reverse-proxy in Cargo.toml
.gitignore covers target/
Dual licensing: MIT OR Apache-2.0 in Cargo.toml

References

docs/architecture/overview.md — crate dependencies, exports
docs/architecture/config.md — config structure
docs/architecture/proxy.md — proxy handler architecture
docs/architecture/tls.md — TLS architecture
docs/architecture/operations.md — rate limiting, logging, health check, shutdown

Notes

To be filled by implementation agent

Summary

To be filled on completion

3.7 KiB Raw Blame History