github-bot-sdk 0.2.0

A comprehensive Rust SDK for GitHub App integration with authentication, webhooks, and API client
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302

# GitHub Bot SDK - System Overview


## Purpose


The `github-bot-sdk` is a Rust library that provides a comprehensive foundation for building GitHub Apps and bots. It abstracts the complexity of GitHub App authentication, webhook validation, API interactions, and event processing into a clean, type-safe interface suitable for production deployments.

## Target Users


- **Bot Developers**: Building GitHub Apps for automation, CI/CD, project management
- **Platform Engineers**: Deploying reliable, scalable GitHub integration infrastructure
- **Security Teams**: Requiring type-safe, auditable GitHub API interactions

## System Context


```mermaid
graph TB
    subgraph "Bot Application"
        BOT[Bot Logic]
    end

    subgraph "github-bot-sdk"
        AUTH[Authentication Module]
        CLIENT[GitHub Client]
        EVENTS[Event Processing]
        WEBHOOK[Webhook Validation]
        ERRORS[Error Handling]
    end

    subgraph "External Services"
        GH[GitHub API]
        SECRETS[Secret Management<br/>KeyVault/AWS/Env]
        TRACE[Distributed Tracing]
    end

    BOT --> AUTH
    BOT --> CLIENT
    BOT --> EVENTS
    BOT --> WEBHOOK

    AUTH --> SECRETS
    AUTH --> CLIENT
    CLIENT --> GH
    EVENTS --> CLIENT
    WEBHOOK --> EVENTS

    CLIENT --> TRACE
    EVENTS --> TRACE

    classDef sdk fill:#e3f2fd
    classDef external fill:#f3e5f5
    classDef bot fill:#e8f5e8

    class AUTH,CLIENT,EVENTS,WEBHOOK,ERRORS sdk
    class GH,SECRETS,TRACE external
    class BOT bot
```

## Core Stakeholders


### Bot Application Developers


**Needs**:

- Simple, type-safe API for GitHub operations
- Automatic authentication and token management
- Clear error handling and recovery
- Comprehensive documentation and examples

**Provided**:

- High-level client abstractions
- Automatic token refresh and caching
- Structured error types with context
- Testing utilities for mocking

### Infrastructure Operators


**Needs**:

- Observable, debuggable system
- Configuration management
- Deployment flexibility
- Operational metrics

**Provided**:

- Structured logging integration
- Distributed tracing support
- Multiple deployment patterns (serverless, long-running, worker)
- Health and readiness indicators

### Security Teams


**Needs**:

- Secure credential handling
- Webhook signature validation
- Audit trail for API operations
- No credential leakage in logs

**Provided**:

- Secure token storage with memory zeroing
- Mandatory webhook signature validation
- Redacted logging for sensitive data
- Integration with enterprise secret management

## Design Principles


### 1. Type Safety


Leverage Rust's type system to prevent integration errors at compile time:

- Branded types for identifiers (AppId, InstallationId, RepositoryId)
- Explicit error types with recovery information
- No `unsafe` code in library core
- Validated configuration types

### 2. Security by Default


Security constraints are enforced, not optional:

- Webhook signatures always validated
- Tokens never logged or exposed in errors
- Constant-time comparison for cryptographic operations
- Minimal permissions principle in API operations

### 3. Reliability First


Designed for production workloads with high availability requirements:

- Proactive token refresh prevents expiration failures
- Automatic retry with exponential backoff
- Circuit breakers for cascading failure prevention
- Rate limiting respects GitHub's infrastructure

### 4. Observable Operations


Built for operational visibility and debugging:

- Structured logging with correlation IDs
- Distributed tracing integration (OpenTelemetry compatible)
- Rich error context for troubleshooting
- Metrics for authentication, API calls, and webhooks

### 5. Testable Architecture


Clean abstractions enable comprehensive testing:

- Trait-based dependency injection
- Mock implementations for unit testing
- Test doubles for integration testing
- No hidden external dependencies

### 6. Async-First


Designed for high-throughput, concurrent operations:

- Fully async API using tokio runtime
- Non-blocking I/O throughout
- Cancellation token support
- Connection pooling and reuse

## Key Capabilities


### Authentication Management


- **GitHub App Authentication**: JWT generation with RSA signing
- **Installation Token Management**: Automatic exchange and refresh
- **Token Caching**: Performance optimization with security safeguards
- **Multi-Installation Support**: Handle multiple installations per app
- **Secret Provider Abstraction**: Azure Key Vault, AWS Secrets Manager, environment variables

### GitHub API Client


- **Authenticated Requests**: Automatic token injection
- **Operation Types**: Repository, issue, pull request, project, workflow, release
- **Rate Limiting**: Proactive throttling with margin-based protection
- **Retry Logic**: Exponential backoff for transient failures
- **Pagination Support**: Automatic handling of multi-page responses
- **App and Installation Context**: Support for both authentication levels

### Webhook Processing


- **Signature Validation**: HMAC-SHA256 verification with constant-time comparison
- **Event Parsing**: Type-safe parsing of GitHub webhook payloads
- **Event Envelope**: Normalized format with metadata and correlation
- **Session Management**: Ordered processing for related events
- **Idempotency**: Duplicate detection and handling

### Error Handling


- **Structured Errors**: Typed errors with recovery information
- **Transient vs Permanent**: Classification for retry decisions
- **Error Context**: Rich debugging information without sensitive data
- **Error Propagation**: Clean error chains using `thiserror`

## Non-Goals


This SDK explicitly does **not** provide:

- **GitHub Actions Runtime**: This is for GitHub Apps, not Actions
- **Git Operations**: No local git repository manipulation
- **GraphQL Client**: REST API only in current version
- **Event Storage**: No built-in event persistence or replay
- **Business Logic**: No opinionated workflows or automation logic
- **UI Components**: Backend library only

## Scope Boundaries


### In Scope


- GitHub App authentication and authorization
- GitHub REST API client operations
- Webhook signature validation and parsing
- Common GitHub entities (repos, issues, PRs, projects)
- Error handling and retry logic
- Rate limiting and throttling
- Testing utilities

### Out of Scope


- GitHub Actions-specific features
- Git protocol operations (clone, fetch, push)
- GraphQL API (future consideration)
- Webhook delivery infrastructure
- Long-term event storage
- Specific bot business logic
- GitHub Enterprise Server-specific features (current version)

### Future Considerations


- GraphQL API support for complex queries
- GitHub Enterprise Server specific features
- Advanced caching strategies (Redis, distributed)
- Webhook delivery retry infrastructure
- Pre-built bot workflow patterns
- Event streaming and replay capabilities

## Quality Attributes


### Performance Targets


- **Webhook Processing**: <500ms p95 end-to-end latency
- **JWT Generation**: <10ms p95
- **Installation Token Exchange**: <200ms p95
- **API Request Latency**: <1000ms p95 (GitHub dependent)
- **Token Cache Hit Rate**: >90% under normal load

### Reliability Targets


- **Library Stability**: No panics in normal operation
- **Error Recovery**: Automatic retry for transient failures
- **Token Availability**: >99.9% (with proactive refresh)
- **Rate Limit Compliance**: 100% adherence to GitHub limits

### Security Requirements


- **Credential Protection**: Zero credential exposure in logs/errors
- **Webhook Validation**: 100% signature verification
- **Timing Attack Prevention**: Constant-time cryptographic comparisons
- **Audit Trail**: Complete logging of authentication and API operations

### Maintainability Goals


- **Test Coverage**: >80% line coverage
- **Documentation**: 100% public API documented
- **Type Safety**: Zero `unsafe` in library code
- **Dependency Hygiene**: Minimal, audited dependencies

## Architecture Summary


The SDK follows a **clean architecture** with dependency inversion:

1. **Core Domain Layer**: Authentication, API operations, event processing (business logic)
2. **Abstraction Layer**: Traits defining contracts for external dependencies
3. **Adapter Layer**: Concrete implementations for HTTP, secrets, tracing
4. **Application Layer**: Public API surface and facades

**Key Principle**: Core domain depends only on abstractions, never on concrete external implementations.

See [architecture.md](architecture.md) for detailed architectural documentation.

## Getting Started Path


1. **Read Vocabulary**: Understand GitHub App concepts ([vocabulary.md](vocabulary.md))
2. **Review Constraints**: Learn implementation rules ([constraints.md](constraints.md))
3. **Check Assertions**: See behavioral requirements ([assertions.md](assertions.md))
4. **Study Architecture**: Understand boundaries and dependencies ([architecture.md](architecture.md))
5. **Review Interfaces**: Examine concrete API ([interfaces/README.md](interfaces/README.md))
6. **Read Operations**: Learn deployment patterns ([operations.md](operations.md))

## Success Metrics


The SDK is successful when:

- Bot developers can implement GitHub integration in hours, not days
- Production deployments have zero credential exposure incidents
- Token refresh failures are eliminated through proactive refresh
- Rate limiting is automatic and transparent to bot logic
- Testing requires no real GitHub API access
- Operations teams have full visibility into GitHub interactions