queue-runtime 0.2.0

Multi-provider queue runtime for Queue-Keeper
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296

# Queue-Runtime Implementation Constraints


## Overview


This document defines the implementation rules and architectural boundaries that must be enforced when implementing the queue-runtime library. These constraints ensure provider-agnostic design, type safety, and consistent behavior across Azure Service Bus and AWS SQS implementations.

## Type System Constraints


### Branded Types


```rust
// All queue identifiers must use branded types
pub struct QueueName(String);
pub struct MessageId(String);
pub struct ReceiptHandle(String);
pub struct SessionId(String);

// Provider-specific IDs are hidden behind these abstractions
```

### Error Handling


- All queue operations MUST return `Result<T, QueueError>`
- Never use `panic!` in library code - all errors must be recoverable
- Provider-specific errors MUST be mapped to common `QueueError` variants
- Include full error context chains for debugging across provider boundaries

### Async Constraints


- All I/O operations MUST be async and cancellable via `CancellationToken`
- Use `tokio` as the async runtime (no `async-std` compatibility needed)
- All timeouts MUST be configurable and respect cancellation

## Module Boundary Constraints


### Dependency Rules


- **Core client modules** (`client.rs`, `message.rs`, `sessions.rs`) define traits and types, NEVER import provider implementations
- **Provider trait definitions** (`provider.rs`) define `QueueProvider` and `SessionProvider` traits, NEVER import specific providers
- **Provider implementations** (`providers/azure.rs`, `providers/aws.rs`, `providers/memory.rs`) implement traits, MAY import external SDKs or HTTP libraries
- **Error module** (`error.rs`) defines provider-agnostic errors, NO provider-specific types
- **Integration tests** MAY import from any module for testing purposes

## Provider Abstraction Constraints


### Configuration


- Each provider MUST implement `QueueProviderConfig` trait
- Configuration MUST be serializable via `serde`
- Sensitive values (connection strings) MUST be marked with `#[serde(skip)]`
- Provider selection MUST be runtime configurable

### Session Compatibility


```rust
// Session handling MUST gracefully degrade across providers
pub enum SessionSupport {
    Native,      // Provider has native sessions (Azure Service Bus)
    Emulated,    // Provider emulates sessions (AWS SQS via message groups)
    Unsupported, // Provider cannot support sessions (fail gracefully)
}
```

### Message Ordering


- FIFO ordering MUST be configurable per queue
- When FIFO is enabled:
  - Azure: Use session-enabled queues
  - AWS: Use FIFO queues with message groups
- When FIFO is disabled: Allow concurrent processing

## Performance Constraints


### Throughput


- Support minimum 1000 messages/second per queue instance
- Batch operations where provider supports it (Azure: 100 messages, AWS: 10 messages)
- Connection pooling MUST be implemented for providers that support it

### Resource Management


- Connection objects MUST be reusable and thread-safe
- Implement connection pooling with configurable min/max connections
- MUST support graceful shutdown with connection cleanup
- Memory usage MUST be bounded (no unbounded queues or caches)

### Timeouts


```rust
pub struct QueueTimeouts {
    pub connect_timeout: Duration,      // Default: 30s
    pub send_timeout: Duration,         // Default: 10s
    pub receive_timeout: Duration,      // Default: 30s
    pub visibility_timeout: Duration,   // Default: 5 minutes
}
```

## Security Constraints


### Credential Management


- Connection strings MUST be handled securely (no plaintext logging)
- Support Azure Managed Identity and AWS IAM roles where available
- Credential refresh MUST be handled automatically
- NEVER log or expose credentials in error messages

### Network Security


- MUST support TLS for all provider connections
- Certificate validation MUST be enabled by default
- Support corporate proxy configurations where needed

### Cryptography (NEW)


- All encryption keys MUST be zeroed from memory on drop (use `zeroize` crate)
- Keys MUST NEVER be logged, even in debug/trace mode
- Key IDs MAY be logged (non-sensitive identifiers)
- Debug implementations for key types MUST redact key material
- Use constant-time comparison for all cryptographic verification operations
- Default to AES-256-GCM (FIPS 140-2 approved cipher)
- Nonce generation MUST use cryptographically secure RNG
- Authentication tag verification MUST happen before plaintext is returned
- Support key rotation without service interruption (multi-key support)
- Timestamp-based freshness validation MUST be configurable
- Encrypted message format MUST include version field for future upgrades

**Crypto Configuration Constraints**:

```rust
pub struct CryptoConfig {
    pub enabled: bool,                   // Default: false (opt-in)
    pub max_message_age: Duration,       // Default: 5 minutes
    pub validate_freshness: bool,        // Default: true
    pub track_nonces: bool,              // Default: false (opt-in)
    pub nonce_cache_ttl: Duration,       // Default: 10 minutes
}
```

**Key Provider Interface**:

```rust
#[async_trait]

pub trait KeyProvider: Send + Sync {
    async fn get_key(&self, key_id: &EncryptionKeyId) 
        -> Result<EncryptionKey, CryptoError>;
    async fn current_key_id(&self) -> Result<EncryptionKeyId, CryptoError>;
    async fn valid_key_ids(&self) -> Result<Vec<EncryptionKeyId>, CryptoError>;
}
```

**Crypto Provider Interface**:

```rust
#[async_trait]

pub trait CryptoProvider: Send + Sync {
    async fn encrypt(&self, key_id: &EncryptionKeyId, plaintext: &[u8], 
                     associated_data: &[u8]) -> Result<EncryptedMessage, CryptoError>;
    async fn decrypt(&self, encrypted: &EncryptedMessage) 
        -> Result<Vec<u8>, CryptoError>;
}
```

**Security Properties**:
- Confidentiality: AES-256 encryption (industry standard)
- Integrity: 128-bit authentication tag (GCM mode)
- Authenticity: AEAD with associated data
- Freshness: Configurable timestamp validation
- Replay protection: Optional nonce tracking

See [cryptography module](./modules/cryptography.md) for complete specification.

## Testing Constraints


### Unit Testing


- Core domain MUST have 100% test coverage
- Use test doubles for all port interfaces
- Never test against real cloud services in unit tests

### Integration Testing


- Provider adapters MUST have integration tests against real services
- Use test containers or cloud service emulators where possible
- Integration tests MUST clean up resources after execution

### Contract Testing


- Each provider adapter MUST pass the same contract test suite
- Contract tests verify behavioral compatibility across providers
- Include failure scenario testing (network errors, timeouts, etc.)

## Observability Constraints


### Logging


- Use structured logging via `tracing` crate
- Log levels:
  - `ERROR`: Provider connection failures, unrecoverable errors
  - `WARN`: Retry attempts, degraded functionality
  - `INFO`: Queue creation, successful operations
  - `DEBUG`: Message details, timing information
  - `TRACE`: Provider-specific protocol details

### Metrics


- Expose metrics via `metrics` crate compatible interfaces
- Required metrics:
  - Messages sent/received per queue
  - Operation latency (send, receive, complete)
  - Connection pool statistics
  - Error rates by error type

### Tracing


- Support distributed tracing via OpenTelemetry
- Propagate trace context across async boundaries
- Include provider-specific span attributes for debugging

## Error Recovery Constraints


### Retry Policies


```rust
pub struct RetryPolicy {
    pub max_attempts: u32,           // Default: 3
    pub initial_delay: Duration,     // Default: 1s
    pub max_delay: Duration,         // Default: 30s
    pub backoff_multiplier: f64,     // Default: 2.0
}
```

### Circuit Breaker


- Implement circuit breaker for provider connections
- Circuit opens after 5 consecutive failures
- Half-open state after 30 seconds
- Full recovery after 3 successful operations

### Dead Letter Handling


- Support provider-native dead letter queues where available
- When provider doesn't support DLQ, implement client-side dead letter routing
- MUST preserve original message metadata and failure context

## Compatibility Constraints


### Rust Version


- Minimum Supported Rust Version (MSRV): 1.90
- Use edition = "2021"
- All public APIs MUST be `Send + Sync`

### Provider SDK Versions


- Azure Service Bus: Use latest stable `azure-service-bus` crate
- AWS SQS: Use latest stable `aws-sdk-sqs` crate
- Pin major version dependencies to prevent breaking changes

### Async Runtime


- Primary support: `tokio` 1.0+
- No `async-std` support required
- All timers and I/O MUST use tokio primitives

## Deployment Constraints


### Binary Size


- Library MUST compile with minimal feature flags for embedded use
- Provider adapters MUST be optional features:

  ```toml
  [features]
  azure = ["azure-service-bus"]
  aws = ["aws-sdk-sqs"]
  ```

### Memory Usage


- No global state or singleton patterns
- All configuration MUST be instance-based
- Support multiple concurrent queue clients in same process

## Documentation Constraints


### API Documentation


- All public APIs MUST have rustdoc comments with examples
- Include provider-specific behavior differences in documentation
- Document error conditions and recovery strategies

### Examples


- Provide working examples for each provider
- Include common usage patterns (send, receive, sessions)
- Show configuration examples for different deployment scenarios