Skip to content

add State<T> + nested #[secret] design spec#305

Closed
aram356 wants to merge 36 commits into
mainfrom
worktree-state-nested-secrets-spec-review
Closed

add State<T> + nested #[secret] design spec#305
aram356 wants to merge 36 commits into
mainfrom
worktree-state-nested-secrets-spec-review

Conversation

@aram356

@aram356 aram356 commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

Changes

Crate / File Change
docs/superpowers/specs/2026-07-02-edgezero-state-and-nested-secrets-design.md New design spec + review appendix

Review findings folded into §8

Both workstreams reviewed against the real code and found implementable, no blockers. Corrections captured in the appendix:

  • A: use the crate::http facade (not bare http::Extensions) in the router plumbing; the "re-export State in lib.rs" step is unnecessary (edgezero_core::extractor::State is reachable once pub); #[action] needs zero change since it already emits <Ty as FromRequest>::from_request(..).
  • B: validate_excluding_secrets was missing from the consumer list and needs nested-ValidationErrors navigation for nested secrets (not a .name.path rename); §4.3 "guards along the path" reworded to per-struct self-enforcement via the #[app_config(nested)] opt-in + AppConfigRoot bound; B-3 const→fn secret_fields() is effectively forced (cross-crate const concat of prefixed &'static slices is not expressible); §4.5 pointed at the real reflection helpers (run_adapter_typed_checks / typed_secret_checks).

Baseline note

Local main (b298bc1) is a broken divergent tip (deletes config.rs while leaving mod config;, doesn't compile, not an ancestor of origin/main). This PR is branched from origin/main (42843b1), against which all spec claims were verified.

Closes

Part of #304 (spec only; implementation PRs will close it).

Test plan

  • Docs-only change — no code touched; nothing to build or test.
  • Docs build: cd docs && npm run lint && npm run format && npm run build

Checklist

aram356 added 30 commits July 1, 2026 19:50
…nfig/app-demo test coverage, workspace commands
…dy-mode rename, Internal->500, scaffold CI checks
Match the edgezero-cli precedent and the workspace-dependency
convention. Adds quote to [workspace.dependencies].
…veat

- emit `include_bytes!` const in app! output so edits to edgezero.toml
  trigger a Cargo rebuild without requiring a .rs change
- strengthen middleware_sees_introspection_data to assert manifest_json
  presence and non-empty route list, mirroring dispatch test
- add content-type assertion to routes_lists_registered_routes
- add security caveat to routing.md Introspection Routes section noting
  endpoints are unauthenticated and environment.variables values are emitted
… atomic #[action(manifest|routes)] TDD tasks
…lity inject); fix plan single-filter cmd + probe response
Design spec for two upstream edgezero-core/edgezero-macros primitives:
- State<T> extractor + RouterBuilder::with_state for app-owned shared state
- nested/array #[secret] support via path-qualified SecretField metadata

Filed under docs/superpowers/specs/. Includes a maintainer-review appendix
(§8) verifying every current-mechanics claim against origin/main @ 42843b1
and folding in the corrections found: http-facade use in the router plumbing,
the inaccurate lib.rs re-export step, the omitted validate_excluding_secrets
consumer (needs nested-ValidationErrors navigation, not a rename), the
per-struct guard-enforcement rewording, and B-3 being forced to the
secret_fields() fn lowering.
@aram356 aram356 changed the title docs: add State<T> + nested #[secret] design spec add State<T> + nested #[secret] design spec Jul 2, 2026
Adds the blockers a follow-up review found (verified against origin/main
@ 42843b1) and a Go/No-Go split:
- nested-AppConfig CI guard (check_no_nested_app_config.rs) must be inverted
- optional-secret metadata (optional: bool) is missing from SecretField
- path model must commit to owned segments (Vec/Cow), not &'static
- register the app_config helper attribute in the derive
- TypedSecretEntry.field_name must be owned for dotted/array paths
- enforce container rename_all on nested-only parents
- settle array scope before implementing
Workstream A is plan-ready now; B waits on the above.
@aram356

aram356 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #306, which uses the correct stacked base (worktree-feature+introspection-routes, PR #300) and carries the implemented State work. This branch is the shared head for both; closing this one to avoid duplicate PRs.

@aram356 aram356 closed this Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Implement State<T> + nested/array #[secret] + Fastly dispatch fidelity (P0-C) + app! app-state (P0-D)

1 participant