## π‘οΈ Bulwark
**Bulwark** is a lightweight, extensible security middleware framework for Rust APIs.
It provides a **deterministic inspection β decision β execution pipeline** that helps you analyze and control incoming requests **before** they reach your application logic.
Bulwark is designed to be:
- simple
- composable
- framework-agnostic
- explicit by default
> π **Status:** API Frozen (v0.3.0)
> Core APIs are considered stable. See **API Stability** below.
---
## β¨ Features
- π Request inspection via pluggable inspectors
- π§ Centralized, deterministic decision engine
- π‘οΈ Severity-based escalation model
- π¦ Written in pure Rust (no `unsafe`)
- β‘ Lightweight with minimal dependencies
- 𧩠Easy to extend with custom inspectors
---
## π API Stability (v0.3.0)
Starting from **v0.3.0**, the following APIs are **frozen** and guaranteed stable:
### - `RequestContext`
### - `Inspector` trait
### - `InspectorFinding`
### - `FindingSeverity`
### - `DecisionEngine`
### - `Server` execution behavior
The meaning and behavior of these components will not change without a **major version bump**.
### Not part of the public API
The following are **explicitly not stable** and may change at any time:
- Error message strings
- Logging format and implementation
- Internal inspector heuristics
---
## π¦ Installation
Bulwark is **not published on crates.io yet**.
You can depend on it directly from GitHub:
```toml
[dependencies]
bulwark = { git = "https://github.com/haqqimuazzam1-hue/Bulwark", version = "0.3" }
```
## π Quick Example
```Rust
use bulwark::request::context::{RequestContext, Method};
fn main() {
let ctx = RequestContext::new(Method::POST, "/login");
println!("Method: {:?}", ctx.method);
println!("Path: {}", ctx.path);
}
```
## π§ Core Concepts
RequestContext
Represents a normalized incoming request:
β’ HTTP method
β’ request path
β’ headers, query parameters, body (optional)
Passed immutably to all inspectors and the decision engine.
## Inspector
Inspectors analyze requests and report findings.
β’ Inspectors do not make decisions
β’ Inspectors are side-effect free
β’ Each inspector reports a FindingSeverity
## FindingSeverity
Represents the severity of an inspector finding:
β’ High β request must be blocked
β’ Medium β request is allowed but logged
β’ Low β informational, no effect
## DecisionEngine
The central engine that:
β’ collects inspector findings
β’ evaluates severity deterministically
β’ produces a final decision (Allow, Log, Block)
## Server
The executor layer that:
β’ applies the final security decision
β’ contains no inspection logic
β’ acts as the enforcement boundary
It does not claim to protect against all attacks or vulnerabilities.
π§ͺ Development
Format code:
```bash
cargo fmt
```
Run lint checks:
```bash
cargo clippy
```
Run test:
```bash
cargo test
```
## π€ Contributing
Contributions are welcome π
β’ Bug reports
β’ Feature requests
β’ Documentation improvements
β’ New Inspectors
Please read CONTRIBUTING.md before submitting a pull request.
## πΊοΈ Roadmap
β’ [x] Stable core API (v0.3.0)
β’ [] More built-in inspectors
β’ [] Better documentation & examples
β’ [] Publish to creates.io
β’ [] v1.0.0 release
## π License
MIT License Β© 2026 Bulwark Project