Files
rust_imgapi/AGENTS.md
Beyhan Oğur dd72c6220d first commit
2026-04-26 22:32:52 +03:00

5.8 KiB

Copilot Rules for Rust Image Manipulation API

Project Overview

This project is a Rust-based API built with:

  • axum = "0.8.8"
  • sea-orm = { version = "1.1.20", features = ["sqlx-postgres", "runtime-tokio-native-tls", "macros"] }
  • tokio = { version = "1.51.1", features = ["full"] }
  • tower-http = { version = "0.6.8", features = ["trace"] }

The main purpose of the API is image manipulation with support for:

  • avif
  • png
  • jpg
  • jpeg
  • webp

The project already has an account system. Use it as-is unless explicitly asked to modify it.

Redis will be used for:

  • temporary/signed access tokens
  • time-based access control
  • caching image manipulation results if needed

General Coding Rules

  1. Prefer idiomatic Rust.
  2. Follow Axum patterns for handlers, extractors, routers, and state management.
  3. Keep business logic in services, not in controllers/handlers.
  4. Use SeaORM for database access.
  5. Use async/await everywhere I/O is involved.
  6. Avoid blocking operations on the Tokio runtime.
  7. Write small, composable functions.
  8. Prefer strong types over raw strings for domain concepts.
  9. Handle errors explicitly and return structured API errors.
  10. Do not introduce unnecessary dependencies.

Architecture Rules

Use the following structure for new image-related code:

  • images/model
  • images/controller
  • images/service
  • images/repository
  • images/dto
  • images/processor

If auth/token logic is needed for image access:

  • keep verification in middleware or a dedicated auth/token service
  • keep Redis interaction isolated in a repository or cache layer

Layer Responsibilities

  • controller/handler: HTTP request parsing, response formatting
  • service: business rules, token validation flow, image transformation orchestration
  • repository: DB/Redis access
  • processor: actual image resize/crop/convert operations
  • model: entities and domain types
  • dto: request/response payloads

Image Manipulation Rules

  1. Support these output formats:

    • avif
    • png
    • jpg
    • jpeg
    • webp
  2. Accept image manipulation parameters such as:

    • width / w
    • height / h
    • format
    • quality
    • crop
  3. Support crop modes like:

    • cover
    • contain
    • fill
    • center
    • top
    • bottom
    • left
    • right
    • smart if implemented later
  4. Validate all manipulation inputs:

    • width and height must be positive
    • quality must be within a valid range
    • format must be one of the supported formats
    • crop mode must be recognized
  5. Never trust query parameters directly without validation.

  6. Preserve aspect ratio when required by crop mode.

  7. If a requested format is unsupported, return a clear API error.

  8. If the image cannot be decoded or converted, return a meaningful error response.


Token Access Rules

  1. Image manipulation must be accessible through time-limited tokens.
  2. Tokens may be stored or validated through Redis.
  3. Token validation must occur before image processing.
  4. Token expiration must be enforced.
  5. Do not expose raw internal storage paths through public APIs.
  6. Tokens should be treated as opaque values from the client perspective.
  7. If token is invalid or expired, return 401 Unauthorized or 403 Forbidden as appropriate.

Redis Rules

  1. Use Redis for short-lived access control data.
  2. Keep Redis keys namespaced, for example:
    • image:token:{token}
    • image:cache:{hash}
  3. Set TTL explicitly for temporary tokens.
  4. Prefer cache-aside patterns if storing processed image results.
  5. Redis access code must be isolated and reusable.

SeaORM Rules

  1. Use entities generated or structured consistently with SeaORM conventions.
  2. Keep DB operations in repository layer.
  3. Avoid mixing query building into handlers.
  4. Return repository-level errors as domain errors or application errors.
  5. Use migrations for schema changes.
  6. Do not hardcode SQL unless necessary.

Axum Rules

  1. Use Router cleanly and split routes by module.
  2. Prefer typed extractors for shared state.
  3. Use State<AppState> for database/Redis/shared services.
  4. Use middleware only for cross-cutting concerns like auth, logging, rate limiting.
  5. Return JSON responses with consistent shape.
  6. Use tower_http::trace::TraceLayer for request tracing.

Error Handling Rules

  1. Define a unified error type for the API.
  2. Convert infrastructure errors into application errors.
  3. Return consistent error response payloads.
  4. Do not panic in request handlers.
  5. Log errors where useful, but avoid leaking secrets.

Naming Rules

  1. Use clear module names:
    • account
    • images
    • auth
    • shared
    • config
  2. Name functions by behavior, not implementation.
  3. Prefer create_*, get_*, update_*, delete_*, process_*, validate_*.
  4. Keep DTO names explicit, for example:
    • CreateTokenRequest
    • ManipulateImageRequest
    • ImageResponse

When Generating Code

Copilot should:

  • follow existing project style
  • reuse existing account/auth infrastructure
  • avoid changing unrelated modules
  • prefer minimal, targeted changes
  • keep code ready for testing
  • add comments only when they add clarity

What Copilot Should Not Do

  • Do not rewrite the whole project unless explicitly asked.
  • Do not replace SeaORM with another ORM.
  • Do not introduce framework changes away from Axum.
  • Do not hardcode credentials or secrets.
  • Do not store tokens insecurely.
  • Do not bypass validation for convenience.

  • Default output format: webp unless user requests otherwise.
  • Default crop mode: cover
  • Default quality: 80
  • Default dimension behavior: preserve aspect ratio when only one side is provided
  • Default access: token required for protected image processing routes