Expand description
use arcly_http::prelude::*; brings in everything a user needs.
Re-exports§
pub use crate::app::App;pub use crate::app::LaunchConfig;
Modules§
- header
- Standard header-name constants:
header::CONTENT_TYPE,header::LOCATION,header::CONTENT_RANGE,header::CACHE_CONTROL,header::ACCEPT_RANGES, theheader::ACCESS_CONTROL_*family, and the rest of the IANA registry.
Structs§
- Accepted
202 Accepted— for async / queued work.- Arcly
DbPool - Primary + replicas for one logical database. Build at boot (plugin
on_init), register intoDataSourceRegistry<ArclyDbPool>, freeze. - Arcly
Observability Plugin - Drop-in observability plugin. Add to
App::launch_with_pluginsto get structured logs, Prometheus metrics, OTLP traces, and health endpoints with zero changes to handler code. - Arcly
Plugin Context - Audit
Pipeline - Lock-free front door for audit records.
- Audit
Record - One immutable audit entry.
prev_hashchains each record to its predecessor (SHA-256), so post-hoc tampering breaks the chain visibly. - BadRequest
- Body
- The body type used in axum requests and responses.
- Bulkhead
- Bytes
- A cheaply cloneable and sliceable chunk of contiguous memory.
- Cache
Interceptor - The interceptor itself — a unit struct so it can be referenced from a
staticin macro-generated code (seewrap_interceptorsin the macros crate). - Cache
Stats - Telemetry snapshot for the cache. Plugins / handlers can expose this.
- Conflict
- Consumer
Runtime - Drives one transport against the link-time handler registry.
- Cookie
Config - Configuration for
CookieService. Build once at startup. - Cookie
Service - Signs and verifies HTTP cookie values.
- Cors
Config - CORS policy, frozen at launch.
- Created
201 Createdwith an optionalLocationheader.- Crypto
Vault - Process-wide encryption service. Provide once via
ctx.provide(CryptoVault::bootstrap(source).await?), resolve anywhere withInject<CryptoVault>/ctx.inject::<CryptoVault>(). - Data
Error - Classified datasource failure — callers can finally distinguish “retry somewhere else” from “this will never work”, which retry policies, circuit breakers, and replica failover need.
- DataKey
- One unwrapped AES-256 DEK version. Material is zeroized on drop
(
secrecy) and never serialized. - Data
Source Registry - Frozen tenant→datasource map. Built once at boot, provided via DI, read lock-free on every request.
- DbHealth
Check - Readiness probe over every pool in a
DataSourceRegistry: pings each primary and reports the first failure asUnhealthynaming the pool. - Distributed
Lock const-constructible named lock. The backend comes from DI (Arc<dyn DLockBackend>), so the same static works across environments.- Distributed
Rate Limit - Cluster-wide limiter. Build as a
staticand call from handlers: - Dynamic
Route Table - Process-wide table of runtime-mounted routes. Automatically provided in
the DI container — resolve with
Inject<DynamicRouteTable>(orctx.inject::<DynamicRouteTable>()) and mount/unmount at any time. - Encrypted
Field - Self-describing ciphertext for one field:
enc:v1:<key_id>:<key_version>:<b64(nonce ‖ ciphertext ‖ tag)>. Records the key version so rotation never forces immediate re-encryption. - EnvAttributes
- Envelope
Response - Wrap successful JSON responses in
{ "data": ... }. Errors pass through untouched so RFC 7807 ProblemDetails reaches the client verbatim. - Event
Context - What an
#[EventPattern]handler receives — DI + payload + trace, no HTTP types anywhere. - Event
Handler Descriptor - Static descriptor emitted by the
#[EventPattern]expansion and collected at link time — the runtime freezes these into its dispatch map at start. - Field
Error - Forbidden
- Frozen
DiContainer - Immutable, lock-free DI container. Reads are O(1) and inlined.
- Gateway
Timeout - Header
Map - A specialized multimap for header names and values.
- Header
Name - Represents an HTTP header field name
- Header
Value - Represents an HTTP header field value.
- Health
Registry - Process-wide health-check registry. Accessible via
global(). - Http
Exception - Boxed
HttpError. Handlers returnResult<T, HttpException>;?works across any user-defined error via the blanketFrom<E: HttpError>impl. - Inbound
Message - One inbound message, transport-agnostic.
- Inject
- Constructor-style dependency injection wrapper. Resolved from the frozen DI container at request entry.
- Internal
- Json
- JSON response wrapper.
Json(body)writesContent-Type: application/jsonand serialisesbodywithserde_json. Same surface as axum’sJsonso the route macro’s return-type walker (Json<T> | Result<Json<T>, _>) keeps working without changes. - JwtAuth
Guard - Checks that the incoming request carried a valid JWT.
- JwtConfig
- JwtService
- Signs and validates JWTs. Provide this into the DI container so the framework
boundaries (
boundary.rs,ws.rs) can auto-populateRequestContext::claims()on every incoming request. - KeyId
- Identifies one DEK lineage. Conventional scopes:
tenant:<id>(tenant-wide) andsubject:<id>(per-person, shreddable). - Latency
Log - Log method + path + status + latency on each request.
- Lock
Guard - Live ownership of a distributed lock. Dropping it stops the heartbeat and releases the key (compare-and-delete — never deletes a successor’s lock).
- Mask
Rule - A field rule: where + how.
- Masker
- Hot-swappable redaction point. Provide via
ctx.provide(Masker::new(…)). - Masking
Policy - Versioned, immutable rule set (hot-swapped whole, like
PolicySet). - Method
- The Request Method (VERB)
- Migration
Report - Migration
Runner - Multipart
Form - A fully parsed
multipart/form-databody. - Next
Handler - Continuation handed to an interceptor. Calling
.run(ctx)invokes the next layer (or the handler itself if this is the innermost interceptor). - NoContent
204 No Content. Carries no body.- NotFound
- OAuth2
Service - Registry of OAuth2 providers keyed by
provider.name(). - OAuth2
User Info - Normalised user information returned by any OAuth2 provider.
- Open
ApiInfo - Top-level OpenAPI document configuration. Build at
main.rsand pass toApp::launch_with_info(in thearcly-httpfacade). - Outbox
Entry - One event enqueued in the same transaction as the business write.
- Outbox
Relay - Background poll → publish → ack loop. At-least-once: an entry is acked
only after a successful publish, so a crash between the two replays it —
consumers must dedupe on
idempotency_key. - Page
- A page of results plus the metadata a client needs to walk the rest.
- Page
Params - Query parameters for an offset-paginated list endpoint.
- Part
- One part of a parsed multipart body — a form field or an uploaded file.
- Plugin
Error - Policy
Engine - Hot-swappable decision point. Provide via
ctx.provide(PolicyEngine::new(…)). - Policy
Input - Everything a rule may inspect for one decision.
- Policy
Set - An immutable, versioned rule set. Default-deny: actions with no matching rule are denied — the zero-trust posture auditors expect.
- Problem
Details - Provenance
- Who/where/why for one unit of work — identical shape across transports.
- Rate
Limit - Per-instance fixed-window limiter. Zero locks: a
(window_start, count)pair is packed into a singleAtomicU64and updated via CAS. - Read
After Write Pin - Per-request replica-lag protection: once any
Writeis acquired through this pin, all subsequentReads are upgraded to the primary. - Request
Context - The one and only context passed to every handler.
- Request
Parts - Component parts of an HTTP
Request - Response
Builder - An HTTP response builder
- Role
Guard - Checks that the authenticated principal’s
"role"claim matches a required value. - Rotating
- Atomically swappable key material.
- Secret
Version - One fetched secret value plus a monotonically increasing version.
- Security
Config - Full security header configuration.
- Service
Unavailable - Session
- A single server-side session. Thread-safe via an interior
RwLock. - Session
Auth Guard - Passes if the request has a loaded server-side session.
- Session
Config - Configuration for
SessionManager. - Session
Manager - Orchestrates session lifecycle: cookie extraction, store lookup, creation, persistence, and deletion.
- Status
Code - An HTTP status code (
status-codein RFC 9110 et al.). - Telemetry
Log - Emit a structured log line for every request via the
tracingcrate. - Tenant
Config - Per-tenant static configuration.
- Tenant
Guard - Requires a resolved tenant AND cross-checks it against the JWT.
- Tenant
Id - Interned tenant identifier (no heap allocation for IDs ≤ 23 bytes).
- Tenant
Registry - Tenant registry with dynamic provisioning.
- TooMany
Requests - Trace
Interceptor - Full-stack observability interceptor: structured log + OTLP span + Prometheus.
- Unauthorized
- Uri
- The URI component of a request.
- Validated
- A payload
Tthat has been deserialized and validated. - Validation
Enums§
- Access
Intent - Whether the caller intends to read or mutate.
- ApiKey
In - Arcly
Transaction - One live driver transaction. Dropping without commit rolls back.
- Audit
Outcome - Crypto
Error - Data
Error Kind - Failure classes.
#[non_exhaustive]: match with a_arm. - DbDriver
- One concrete connection pool. Variants are feature-gated; constructors
live in
data::drivers::*. - Decision
- Error
- Failure
Policy - What to do when the backend is unreachable.
- Frame
Options - Controls what
X-Frame-Optionsheader is emitted. - Health
Status - Idempotency
Decision - Mask
Strategy - How a matched field is transformed.
- Owned
DbConn - An acquired handle, decoupled from the pool’s lifetime so it can be held
across
.awaitpoints and moved into transactions. - Plugin
Stage - Rate
Decision - Outcome of one counted hit against the shared limiter.
- Same
Site - Security
Scheme - HTTP authentication scheme exposed in
components.securitySchemes. - Tenant
Strategy - How the tenant identifier is carried on the wire.
Constants§
- DYNAMIC_
PREFIX - Namespace prefix for all dynamic routes.
Statics§
- JWT_
AUTH - Ready-to-use singleton for
JwtAuthGuard. Import and call: - SESSION_
AUTH - Ready-to-use singleton for
SessionAuthGuard. - TENANT
- Ready-to-use singleton.
Traits§
- Arcly
Plugin - Plugin lifecycle.
- Audit
Sink - Durable destination, implemented by the app. Must be append-only in production deployments — the framework never updates or deletes records.
- Boundary
Filter - Pre-body request filter, registered by plugins via
ArclyPluginContext::register_boundary_filter. - DLock
Backend - Storage backend (Redis in production). Implementations MUST make
try_acquireatomic (single Lua script / transaction). - Data
Source - One logical database: a primary plus optional read replicas.
- Encrypt
Record - Implemented by
#[EncryptFields(...)]on a DTO. The default methods are the whole write/read contract: - Health
Check - One named sub-system health probe.
- Http
Error - Every domain error type implements
HttpError. The framework converts to aProblemDetailsbody and the appropriate status code. - Idempotency
Store - App-provided storage (Redis
SET NX PXin production). - Interceptor
- One layer of the aspect chain.
- Into
Response - Convert a value into a
Response. - Json
Schema - A type which can be described as a JSON Schema document.
- KekSource
- Message
Transport - App-provided broker adapter (Kafka / AMQP / NATS / in-process bridge).
- Migration
- OAuth2
Provider - Implement this to add an OAuth2 provider to the application.
- Outbox
Publisher - Downstream event transport (Kafka, NATS, webhook fan-out, …).
- Outbox
Store - Committed-but-unpublished entries, fetched/acked by the relay.
- Outbox
Tx - A live database transaction that can also enqueue outbox entries.
- Policy
Source - External policy origin (rules file, OPA bundle endpoint, DB) — the app
implements it; a background watcher feeds
PolicyEngine::reload. - Rate
Limit Backend - Shared counting backend (Redis, Memcached, …). Object-safe via
BoxFuture, following the same pattern asSessionStoreandOAuth2Provider. - Secret
Source - External secret backend — Vault, AWS Secrets Manager, env (dev), …
- Session
Store - Backend store for sessions. Implement this to plug in Redis, Postgres, etc.
- Transactional
Data Source - A datasource that can open outbox-capable transactions.
- Validate
- This is the original trait that was implemented by deriving
Validate. It will still be implemented for struct validations that don’t take custom arguments. The call is being forwarded to theValidateArgs<'v_a>trait.
Functions§
- byte_
range - Serve a (possibly partial) byte range from a fully-buffered resource.
- bytes_
response - Build a
Responsefrom a status, content type, and raw bytes. - cache_
stats - check_
policies - Evaluate every
actionagainst the engine; all mustPermit. - configure_
security - Install a custom security configuration.
- in_
transaction truewhen running inside a#[Transactional]scope.- spawn_
secret_ watcher - Poll
sourceforkeyeveryinterval; when the version increases, invokeon_changewith the new secret. - with_
current_ tx - Run
workwith this request’s transaction (if#[Transactional]opened one). The transaction is moved out of the slot for the duration of the closure and put back afterwards, so the future staysSend. - with_
transaction - Run
workinside one transaction: commit onOk, roll back onErr.
Type Aliases§
- Response
- Type alias for
http::Responsewhose body type defaults toBody, the most common body type used with axum.
Attribute Macros§
- Audit
Log #[AuditLog(action = "…", resource = "…")]— emit one compliance audit record per invocation, keyed on the response status. Consumed by#[Controller]; pass-through marker on free fns.- Cache
Key #[CacheKey("template")]— custom key. Marker attribute; seeCacheTTL.- CacheTTL
#[CacheTTL(N)]— TTL in seconds. Marker attribute consumed by the route macro and stuffed intoRouteSpec.cache_ttl_secs. Pass-through here so the type system accepts it standalone.- Controller
#[Controller("/prefix", tags(..))]— declare an HTTP controller.- Delete
#[Delete("/path")]— map a method (or free function) to an HTTPDELETEroute.- Deprecated
#[Deprecated(sunset = "YYYY-MM-DD")]on a#[Controller]impl — adds RFC 8594Deprecation/Sunsetheaders to every response from this controller. Marker; consumed by#[Controller].- Encrypt
Fields #[EncryptFields(key = "tenant:acme", fields("ssn", "items.*.diagnosis"))]on aSerialize + Deserializestruct implementsEncryptRecord:record.seal(&vault)returns aserde_json::Valuewith the declared fields sealed (safe for any durable sink);T::unseal(value, &vault)reverses it. Useseal_with_key/KeyId::subject(...)for per-subject keys minted at runtime (crypto-shredding granularity).- Event
Consumer #[EventConsumer]on an impl block — registers every#[EventPattern]method into the link-time event registry (the messaging analogue of#[Controller]). Methods takeEventContextand returnResult<(), String>.- Event
Pattern #[EventPattern("topic")]— marks a method inside an#[EventConsumer]impl as the handler for one topic. Marker; consumed by#[EventConsumer].- Gateway
#[Gateway("/path")]— declare a WebSocket gateway.- Get
#[Get("/path")]— map a method (or free function) to an HTTPGETroute.- Idempotent
#[Idempotent(ttl = "24h")]— Stripe-style Idempotency-Key handling: claim → run → store; retries replay the stored response; concurrent duplicates get 409. Consumed by#[Controller].- Injectable
#[Injectable]— turn a struct into a zero-lock DI provider.- Mask
Fields #[MaskFields("email", "card:last4")]— redact these JSON response fields (plus the global Masker rules) before any durable layer sees the body. Consumed by#[Controller].- Module
#[Module(controllers(..), providers(..), imports(..))]— declare a unit of the application DAG.- Multipart
#[Multipart(file("avatar"), text("alt"))]— declare that a handler consumes amultipart/form-databody, for the OpenAPI surface.- Patch
#[Patch("/path")]— map a method (or free function) to an HTTPPATCHroute.- Post
#[Post("/path")]— map a method (or free function) to an HTTPPOSTroute.- Put
#[Put("/path")]— map a method (or free function) to an HTTPPUTroute.- Require
Policies #[RequirePolicies("orders.refund", …)]— ABAC route gate: every listed action must Permit under the hot-reloadable PolicyEngine (default-deny). Consumed by#[Controller].- Subscribe
#[Subscribe("event::name")]— marker consumed by the enclosing#[Gateway]walker. Pass-through so it also type-checks if a tool resolves it directly.- Timeout
#[Timeout("2s")]— route deadline; 504 + future cancellation on expiry. Consumed by#[Controller]; pass-through marker on free fns.- Transactional
#[Transactional]— wrap the handler in a database transaction on the request-tenant’s pool: commit onOk, rollback onErr/cancellation. Consumed by#[Controller]; pass-through marker on free fns.- UseInterceptors
#[UseInterceptors(A, B)]on a free fn — wraps that handler’s thunk.- Version
#[Version("v1")]on a#[Controller]impl — mounts every route under/v1/...and records the version in each RouteSpec. Marker; consumed by#[Controller].- circuit_
breaker #[circuit_breaker(..)]— wrap a method in a circuit breaker.