waddling-errors 0.7.3

Structured, secure-by-default diagnostic codes for distributed systems with no_std and role-based documentation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368

//! Authentication Metadata - Manual DiagnosticRuntime Creation
//!
//! This module demonstrates how to manually create `DiagnosticRuntime` structures.
//! This is the EXACT structure that the proc-macros generate automatically.
//!
//! ## Why This Matters
//!
//! Understanding `DiagnosticRuntime` is crucial because:
//! - It shows what happens "under the hood" when using macros
//! - Allows manual control when macros aren't suitable
//! - Demonstrates the const-compatible diagnostic pattern
//! - Shows the separation between runtime and compile-time metadata
//!
//! ## DiagnosticRuntime vs Code<C, P>
//!
//! - `Code<C, P>`: Type-safe, generic, compile-time checked
//! - `DiagnosticRuntime`: String-based, runtime-friendly, macro output
//!
//! Both represent the same error codes, just different representations.

use waddling_errors::Severity;
use waddling_errors::metadata::DiagnosticRuntime;

// ============================================================================
// Manual DiagnosticRuntime Creation
// ============================================================================

/// JWT token missing - Manual DiagnosticRuntime definition
///
/// This is EXACTLY what the `#[diagnostic]` macro generates.
/// Compare this verbose manual definition with the clean macro syntax.
pub const ERR_TOKEN_MISSING_METADATA: DiagnosticRuntime = DiagnosticRuntime {
    severity: Severity::Error,
    namespace: None,
    namespace_hash: None,
    component: "Auth",
    primary: "Token",
    sequence: "MISSING",
    sequence_value: 1,
    code: "E.Auth.Token.001",
    message: "Authentication token is missing from the Authorization header",
    fields: &[],
    pii_fields: &[],
    contains_pii: false,
    role: Some("Public"),
    tags: &["security", "authentication", "http"],
    tags_gated: &[],
    related_codes: &["E.Auth.Token.003", "E.Auth.Token.017"],
    related_codes_gated: &[],
    hints_runtime: &[
        "Include the Authorization header with a valid JWT token",
        "Check that your authentication middleware is properly configured",
    ],
    hints_runtime_gated: &[],
    hints_both: &[
        "Ensure the client includes: Authorization: Bearer <token>",
        "Verify token is not being stripped by proxies or load balancers",
    ],
    hints_both_gated: &[],
    hash: "xxxxx", // Placeholder - actual hash computed by macro
};

/// JWT token invalid - Demonstrating Developer role
pub const ERR_TOKEN_INVALID_METADATA: DiagnosticRuntime = DiagnosticRuntime {
    severity: Severity::Error,
    namespace: None,
    namespace_hash: None,
    component: "Auth",
    primary: "Token",
    sequence: "INVALID",
    sequence_value: 3,
    code: "E.Auth.Token.003",
    message: "JWT token signature validation failed",
    fields: &[],
    pii_fields: &[],
    contains_pii: false,
    role: Some("Developer"),
    tags: &["security", "authentication", "cryptography", "jwt"],
    tags_gated: &[],
    related_codes: &["E.Auth.Token.001", "E.Auth.Token.017"],
    related_codes_gated: &[],
    hints_runtime: &[
        "Verify the JWT_SECRET environment variable matches between services",
        "Check that the token hasn't been modified in transit",
    ],
    hints_runtime_gated: &[],
    hints_both: &[
        "Use a consistent signing algorithm (HS256, RS256, etc.)",
        "Ensure clock synchronization between auth server and validators",
    ],
    hints_both_gated: &[],
    hash: "xxxxx", // Placeholder - actual hash computed by macro
};

/// JWT token expired - Demonstrating timeout sequence
pub const ERR_TOKEN_EXPIRED_METADATA: DiagnosticRuntime = DiagnosticRuntime {
    severity: Severity::Error,
    namespace: None,
    namespace_hash: None,
    component: "Auth",
    primary: "Token",
    sequence: "TIMEOUT",
    sequence_value: 17,
    code: "E.Auth.Token.017",
    message: "JWT token has expired and requires refresh",
    fields: &[],
    pii_fields: &[],
    contains_pii: false,
    role: Some("Public"),
    tags: &["security", "authentication", "session"],
    tags_gated: &[],
    related_codes: &["E.Auth.Token.001", "E.Auth.Token.003"],
    related_codes_gated: &[],
    hints_runtime: &[
        "Use the refresh token endpoint to obtain a new access token",
        "Implement automatic token refresh in your client application",
    ],
    hints_runtime_gated: &[],
    hints_both: &[
        "Check token expiration time (exp claim) before making requests",
        "Configure appropriate token lifetimes (e.g., 15 minutes for access tokens)",
    ],
    hints_both_gated: &[],
    hash: "xxxxx", // Placeholder - actual hash computed by macro
};

/// Permission denied - Demonstrating authorization error
pub const ERR_PERMISSION_DENIED_METADATA: DiagnosticRuntime = DiagnosticRuntime {
    severity: Severity::Error,
    namespace: None,
    namespace_hash: None,
    component: "Auth",
    primary: "Permission",
    sequence: "DENIED",
    sequence_value: 8,
    code: "E.Auth.Permission.008",
    message: "User lacks required permissions for this operation",
    fields: &[],
    pii_fields: &[],
    contains_pii: false,
    role: Some("Public"),
    tags: &["authorization", "rbac", "permissions"],
    tags_gated: &[],
    related_codes: &["W.Auth.Permission.008"],
    related_codes_gated: &[],
    hints_runtime: &[
        "Check that the user has the required role assigned",
        "Request elevated permissions from your administrator",
    ],
    hints_runtime_gated: &[],
    hints_both: &[
        "Review the resource's access control list (ACL)",
        "Verify role-based access control (RBAC) configuration",
    ],
    hints_both_gated: &[],
    hash: "xxxxx", // Placeholder - actual hash computed by macro
};

/// Limited permissions - Warning variant
pub const WARN_PERMISSION_LIMITED_METADATA: DiagnosticRuntime = DiagnosticRuntime {
    severity: Severity::Warning,
    namespace: None,
    namespace_hash: None,
    component: "Auth",
    primary: "Permission",
    sequence: "DENIED",
    sequence_value: 8,
    code: "W.Auth.Permission.008",
    message: "User has limited permissions - some features unavailable",
    fields: &[],
    pii_fields: &[],
    contains_pii: false,
    role: Some("Public"),
    tags: &["authorization", "account", "limits"],
    tags_gated: &[],
    related_codes: &["E.Auth.Permission.008"],
    related_codes_gated: &[],
    hints_runtime: &[
        "Upgrade your account tier for full feature access",
        "Contact support to request additional permissions",
    ],
    hints_runtime_gated: &[],
    hints_both: &[
        "Check your subscription plan details",
        "Review available features for your current tier",
    ],
    hints_both_gated: &[],
    hash: "xxxxx", // Placeholder - actual hash computed by macro
};

/// Deprecated token malformed error - Demonstrating Internal role
pub const ERR_TOKEN_MALFORMED_METADATA: DiagnosticRuntime = DiagnosticRuntime {
    severity: Severity::Error,
    namespace: None,
    namespace_hash: None,
    component: "Auth",
    primary: "Token",
    sequence: "MALFORMED",
    sequence_value: 4,
    code: "E.Auth.Token.004",
    message: "JWT token is malformed (DEPRECATED - use E.Auth.Token.003)",
    fields: &[],
    pii_fields: &[],
    contains_pii: false,
    role: Some("Internal"),
    tags: &["authentication", "deprecated", "legacy"],
    tags_gated: &[],
    related_codes: &["E.Auth.Token.003"],
    related_codes_gated: &[],
    hints_runtime: &[],
    hints_runtime_gated: &[],
    hints_both: &[
        "Migrate to E.Auth.Token.003 for new code",
        "This error code is maintained for backward compatibility only",
    ],
    hints_both_gated: &[],
    hash: "xxxxx", // Placeholder - actual hash computed by macro
};

// ============================================================================
// Demonstration Functions
// ============================================================================

/// Print all metadata examples
pub fn demo_metadata() {
    println!("📋 DiagnosticRuntime Manual Creation Demo\n");
    println!("This demonstrates what proc-macros generate automatically.\n");

    println!("1️⃣  ERR_TOKEN_MISSING (Public role):");
    print_diagnostic(&ERR_TOKEN_MISSING_METADATA);
    println!();

    println!("2️⃣  ERR_TOKEN_INVALID (Developer role):");
    print_diagnostic(&ERR_TOKEN_INVALID_METADATA);
    println!();

    println!("3️⃣  ERR_TOKEN_EXPIRED (Timeout sequence .017):");
    print_diagnostic(&ERR_TOKEN_EXPIRED_METADATA);
    println!();

    println!("4️⃣  ERR_PERMISSION_DENIED (Authorization):");
    print_diagnostic(&ERR_PERMISSION_DENIED_METADATA);
    println!();

    println!("5️⃣  WARN_PERMISSION_LIMITED (Warning severity):");
    print_diagnostic(&WARN_PERMISSION_LIMITED_METADATA);
    println!();

    println!("6️⃣  ERR_TOKEN_MALFORMED (Internal role, deprecated):");
    print_diagnostic(&ERR_TOKEN_MALFORMED_METADATA);
    println!();
}

/// Pretty-print a DiagnosticRuntime
fn print_diagnostic(diag: &DiagnosticRuntime) {
    println!("   Code:     {}", diag.code);
    println!("   Severity: {:?}", diag.severity);
    println!("   Message:  {}", diag.message);
    println!("   Role:     {:?}", diag.role);
    println!("   Tags:     {:?}", diag.tags);
    if !diag.related_codes.is_empty() {
        println!("   Related:  {:?}", diag.related_codes);
    }
    if !diag.hints_runtime.is_empty() {
        println!("   Hints:    {:?}", diag.hints_runtime);
    }
}

// ============================================================================
// Registry Integration
// ============================================================================

#[cfg(feature = "doc-gen")]
pub fn register_metadata_errors(generator: &mut waddling_errors::doc_generator::DocRegistry) {
    use waddling_errors::Role;

    // You can register DiagnosticRuntime structures directly
    // This shows that Code<C, P> and DiagnosticRuntime are interoperable

    println!("   ℹ️  Registering metadata-based diagnostics...");

    // Register each diagnostic by code string (extracted from DiagnosticRuntime)
    let _ = generator.register(
        ERR_TOKEN_MISSING_METADATA.code,
        ERR_TOKEN_MISSING_METADATA.message,
        ERR_TOKEN_MISSING_METADATA.hints_both,
        ERR_TOKEN_MISSING_METADATA.tags,
    );

    let _ = generator.register(
        ERR_TOKEN_INVALID_METADATA.code,
        ERR_TOKEN_INVALID_METADATA.message,
        ERR_TOKEN_INVALID_METADATA.hints_both,
        ERR_TOKEN_INVALID_METADATA.tags,
    );

    let _ = generator.register(
        ERR_TOKEN_EXPIRED_METADATA.code,
        ERR_TOKEN_EXPIRED_METADATA.message,
        ERR_TOKEN_EXPIRED_METADATA.hints_both,
        ERR_TOKEN_EXPIRED_METADATA.tags,
    );

    let _ = generator.register(
        ERR_PERMISSION_DENIED_METADATA.code,
        ERR_PERMISSION_DENIED_METADATA.message,
        ERR_PERMISSION_DENIED_METADATA.hints_both,
        ERR_PERMISSION_DENIED_METADATA.tags,
    );

    let _ = generator.register(
        WARN_PERMISSION_LIMITED_METADATA.code,
        WARN_PERMISSION_LIMITED_METADATA.message,
        WARN_PERMISSION_LIMITED_METADATA.hints_both,
        WARN_PERMISSION_LIMITED_METADATA.tags,
    );

    let _ = generator.register(
        ERR_TOKEN_MALFORMED_METADATA.code,
        ERR_TOKEN_MALFORMED_METADATA.message,
        ERR_TOKEN_MALFORMED_METADATA.hints_both,
        ERR_TOKEN_MALFORMED_METADATA.tags,
    );
}

// ============================================================================
// Comparison: Manual vs Macro
// ============================================================================

#[cfg(doc)]
/// # Manual vs Macro Comparison
///
/// ## Manual (this file):
///
/// ```rust,ignore
/// pub const ERR_TOKEN_MISSING_METADATA: DiagnosticRuntime = DiagnosticRuntime {
///     severity: Severity::Error,
///     component: "Auth",
///     primary: "Token",
///     sequence: "MISSING",
///     sequence_value: 1,
///     code: "E.Auth.Token.001",
///     message: "Authentication token is missing",
///     fields: &[],
///     role: Some("Public"),
///     tags: &["security", "authentication"],
///     related_codes: &[],
///     hints_runtime: &["Include Authorization header"],
///     hints_both: &[],
/// };
/// ```
///
/// ## With Macro (hypothetical - macros generate the above):
///
/// ```rust,ignore
/// #[diagnostic(
///     component = AUTH,
///     primary = TOKEN,
///     sequence = MISSING,
///     role = Public,
///     tags = ["security", "authentication"],
/// )]
/// pub const ERR_TOKEN_MISSING: Diagnostic =
///     error!("Authentication token is missing");
/// ```
///
/// The macro is 90% less code but generates the exact same `DiagnosticRuntime` structure!
const _COMPARISON_DOC: () = ();