bulwark-security 0.3.0

A security-first decision engine framework for inspecting and controlling requests
Documentation
  • Coverage
  • 54.17%
    39 out of 72 items documented0 out of 33 items with examples
  • Size
  • Source code size: 33.33 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 5.47 MB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 15s Average build duration of successful builds.
  • all releases: 18s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • haqqimuazzam1-hue/Bulwark
    1 0 2
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • haqqimuazzam1-hue

Rust Version License CI

πŸ›‘οΈ Bulwark

Bulwark is a lightweight, extensible security middleware framework for Rust APIs.

It provides a deterministic inspection β†’ decision β†’ execution pipeline that helps you analyze and control incoming requests before they reach your application logic.

Bulwark is designed to be:

  • simple
  • composable
  • framework-agnostic
  • explicit by default

πŸ”’ Status: API Frozen (v0.3.0)
Core APIs are considered stable. See API Stability below.

✨ Features

  • πŸ” Request inspection via pluggable inspectors
  • 🧠 Centralized, deterministic decision engine
  • πŸ›‘οΈ Severity-based escalation model
  • πŸ¦€ Written in pure Rust (no unsafe)
  • ⚑ Lightweight with minimal dependencies
  • 🧩 Easy to extend with custom inspectors

πŸ”’ API Stability (v0.3.0)

Starting from v0.3.0, the following APIs are frozen and guaranteed stable:

- RequestContext

- Inspector trait

- InspectorFinding

- FindingSeverity

- DecisionEngine

- Server execution behavior

The meaning and behavior of these components will not change without a major version bump.

Not part of the public API

The following are explicitly not stable and may change at any time:

  • Error message strings
  • Logging format and implementation
  • Internal inspector heuristics

πŸ“¦ Installation

Bulwark is not published on crates.io yet.

You can depend on it directly from GitHub:

[dependencies]
bulwark = { git = "https://github.com/haqqimuazzam1-hue/Bulwark", version = "0.3" }

πŸš€ Quick Example

use bulwark::request::context::{RequestContext, Method};

fn main() {
    let ctx = RequestContext::new(Method::POST, "/login");

    println!("Method: {:?}", ctx.method);
    println!("Path: {}", ctx.path);
}

🧠 Core Concepts

RequestContext

Represents a normalized incoming request:

β€’ HTTP method β€’ request path β€’ headers, query parameters, body (optional)

Passed immutably to all inspectors and the decision engine.

Inspector

Inspectors analyze requests and report findings.

β€’ Inspectors do not make decisions β€’ Inspectors are side-effect free β€’ Each inspector reports a FindingSeverity

FindingSeverity

Represents the severity of an inspector finding:

β€’ High β†’ request must be blocked β€’ Medium β†’ request is allowed but logged β€’ Low β†’ informational, no effect

DecisionEngine

The central engine that:

β€’ collects inspector findings β€’ evaluates severity deterministically β€’ produces a final decision (Allow, Log, Block)

Server

The executor layer that:

β€’ applies the final security decision
β€’ contains no inspection logic
β€’ acts as the enforcement boundary

It does not claim to protect against all attacks or vulnerabilities.

πŸ§ͺ Development

Format code:

cargo fmt

Run lint checks:

cargo clippy

Run test:

cargo test

🀝 Contributing

Contributions are welcome πŸŽ‰

β€’ Bug reports β€’ Feature requests β€’ Documentation improvements β€’ New Inspectors

Please read CONTRIBUTING.md before submitting a pull request.

πŸ—ΊοΈ Roadmap

β€’ [x] Stable core API (v0.3.0) β€’ [] More built-in inspectors β€’ [] Better documentation & examples β€’ [] Publish to creates.io β€’ [] v1.0.0 release

πŸ“„ License

MIT License Β© 2026 Bulwark Project