flowbrigade 0.1.4

Rust bindings for FlowBrigade's C ABI.
# Security Policy

## Supported Versions

Security fixes are provided for the latest released version.

## Reporting a Vulnerability

Please report security issues privately before opening a public issue.

Until a dedicated security contact is published, open a GitHub security advisory
or contact the maintainer through the repository owner profile.

Please include:

- affected version or commit
- FlowBrigade core version or commit
- minimal reproduction
- expected impact
- whether the issue is exploitable remotely

## Security Scope

This crate provides Rust bindings for FlowBrigade's C ABI. It is not an
authentication, authorization, or access-control framework.

The binding is designed to avoid common FFI misuse risks:

- Nim runtime initialization is guarded with `Once`
- C status codes are converted into Rust `Result`
- Nim exceptions are expected to stop at the C ABI boundary
- caller-owned strings are passed as pointer plus length
- opaque handles are released with matching destroy functions through `Drop`
- public wrappers expose safe Rust types for the currently wrapped surface

## Operational Limits

The FlowBrigade C ABI is experimental. Wrapper stability follows the exported C
ABI, not every Nim API in the core package.

The crate links to a native `libflowbrigade` shared library. Applications are
responsible for installing and loading the intended library version. Do not load
native libraries from untrusted directories.

Opaque FlowBrigade handles are mutable and are not internally synchronized by
the C ABI. Do not share the same handle across threads without external
synchronization.

In-memory limiters are process-local. They do not enforce limits across
multiple processes, machines, or service replicas. Use a distributed store or
gateway when limits must be enforced globally.

Jitter uses non-cryptographic randomness. It is intended only to spread retry
timing and must not be used for security-sensitive randomness.

Timeout and deadline helpers track elapsed time. They do not cancel running
work by themselves.

## Denial-of-Service Considerations

For untrusted keys such as IP addresses, user agents, or request parameters,
use bounded keyed limiters and avoid raw unbounded request data. Prefer stable
identifiers such as a user id, API token hash, normalized route name, or trusted
client identity.

FlowBrigade can help with application-level flow control, but it is not a
complete DDoS protection layer. Volumetric attacks should be handled before
application code when possible.