rainy-sdk 0.3.0

Official Rust SDK for Rainy API by Enosis Labs v0.3.0 - Full OpenAI compatibility with unified interface for multiple AI providers, intelligent retry, metadata tracking, and comprehensive error handling
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

# Security Policy


## Supported Versions


We take security seriously and actively maintain the following versions with security updates:

| Version | Supported          |
| ------- | ------------------ |
| 0.1.x   | :white_check_mark: |
| < 0.1.0 | :x:                |

## Reporting a Vulnerability


If you discover a security vulnerability in the Rainy SDK, please help us by reporting it responsibly.

### How to Report


**Please do NOT report security vulnerabilities through public GitHub issues.**

Instead, please report security vulnerabilities by emailing:

- **Email**: <security@enosislabs.com>
- **Subject**: `[SECURITY] Vulnerability Report - Rainy SDK`

### What to Include


When reporting a security vulnerability, please include:

1. **Description**: A clear description of the vulnerability
2. **Impact**: What an attacker could achieve by exploiting this vulnerability
3. **Steps to Reproduce**: Detailed steps to reproduce the issue
4. **Proof of Concept**: If possible, include a proof of concept
5. **Environment**: Your environment details (OS, Rust version, etc.)
6. **Contact Information**: How we can reach you for follow-up questions

### Our Response Process


1. **Acknowledgment**: We'll acknowledge receipt of your report within 48 hours
2. **Investigation**: We'll investigate the issue and determine its severity
3. **Updates**: We'll provide regular updates on our progress (at least weekly)
4. **Fix**: We'll develop and test a fix
5. **Disclosure**: We'll coordinate disclosure with you
6. **Public Release**: We'll release the fix and publish a security advisory

### Security Updates


Security updates will be released as patch versions (e.g., 0.1.1, 0.1.2) with:

- A security advisory on GitHub
- Release notes describing the vulnerability and fix
- Updated dependencies if applicable

### Responsible Disclosure


We kindly ask that you:

- Give us reasonable time to fix the issue before public disclosure
- Avoid accessing or modifying user data
- Avoid disrupting our services
- Respect the privacy of our users

### Recognition


We appreciate security researchers who help keep our users safe. With your permission, we'll acknowledge your contribution in our security advisory.

## Security Best Practices


When using the Rainy SDK, follow these security best practices:

### API Key Management


- **Never commit API keys** to version control
- **Use environment variables** for API key storage
- **Rotate keys regularly** for production applications
- **Use the minimum required permissions** for your use case

### Authentication


```rust
// Secure authentication example
use rainy_sdk::{RainyClient, AuthConfig};
use std::env;

let client = RainyClient::new(
    AuthConfig::new()
        .with_api_key(env::var("RAINY_API_KEY")?)
        .with_base_url("https://api.enosislabs.com")
)?;
```

### Network Security


- **Use HTTPS** for all API communications
- **Validate SSL certificates** in production
- **Implement rate limiting** in your application
- **Monitor API usage** for suspicious activity

### Error Handling


```rust
// Secure error handling example
match client.create_chat_completion(request).await {
    Ok(response) => {
        // Handle success
        println!("Response: {}", response.choices[0].message.content);
    }
    Err(e) => {
        // Log error securely (never expose sensitive information)
        log::error!("Chat completion failed: {}", e);
        // Return generic error to user
        return Err("Request failed. Please try again later.".into());
    }
}
```

## Known Security Considerations


### Current Limitations


- **API Key Storage**: API keys are stored in memory during client lifetime
- **Network Interception**: HTTPS traffic could be intercepted with compromised certificates
- **Rate Limiting**: Client-side rate limiting may not prevent all abuse scenarios

### Future Security Enhancements


We're continuously working to improve security:

- **Token-based authentication** support
- **OAuth 2.0 integration** for enhanced security
- **Client-side encryption** for sensitive data
- **Security audit reports** and compliance certifications

## Contact


For security-related questions or concerns:

- **Security Issues**: <security@enosislabs.com>
- **General Support**: <hello@enosislabs.com>
- **Documentation**: [docs.rs/rainy-sdk](https://docs.rs/rainy-sdk/0.2.1/rainy_sdk/)

Thank you for helping keep the Rainy SDK and its users secure! 🔒