@cubis/foundry 0.3.71 → 0.3.73

package/workflows/powers/ruby-pro/references/ruby-concurrency-and-testing.md

@@ -0,0 +1,190 @@
+# Ruby Concurrency and Testing
+
+## Ractor patterns (Ruby 3.0+)
+
+### Basic Ractor usage
+
+```ruby
+# CPU-bound parallel computation
+ractors = 4.times.map do |i|
+  Ractor.new(i) do |id|
+    # Each Ractor has its own isolated memory
+    heavy_computation(id)
+  end
+end
+
+results = ractors.map(&:take) # Collect results
+```
+
+- Ractors provide true parallelism by isolating memory between execution contexts.
+- Only shareable objects can be sent between Ractors: frozen objects, `Ractor.make_shareable(obj)`.
+- Use `Ractor.yield` / `Ractor.receive` for message-passing between Ractors.
+
+### Ractor constraints
+
+| Allowed                          | Not allowed                                   |
+| -------------------------------- | --------------------------------------------- |
+| Frozen strings, numbers, symbols | Mutable strings, arrays, hashes               |
+| `Ractor.make_shareable(obj)`     | Class variables shared across Ractors         |
+| `Ractor::MovedObject` transfer   | Global variables (`$stdout` is special-cased) |
+
+- Most gems are NOT Ractor-safe. Test thoroughly before using Ractors with external libraries.
+- Prefer Ractors for compute-heavy, isolated work (parsing, image processing, data transformation).
+
+## Fiber and Async patterns
+
+### Fiber-based concurrency
+
+```ruby
+require 'async'
+
+Async do |task|
+  # I/O-bound concurrent operations
+  response1 = task.async { HTTP.get("https://api.example.com/users") }
+  response2 = task.async { HTTP.get("https://api.example.com/posts") }
+
+  users = response1.wait
+  posts = response2.wait
+end
+```
+
+- Fibers run on a single thread — no thread-safety concerns for shared state.
+- Use the `async` gem for production fiber-based I/O concurrency.
+- Ideal for I/O-bound work: HTTP requests, database queries, file operations.
+- Not suitable for CPU-bound work — use Ractors or process-based parallelism instead.
+
+### Thread safety primitives
+
+```ruby
+mutex = Mutex.new
+counter = 0
+
+threads = 10.times.map do
+  Thread.new do
+    mutex.synchronize { counter += 1 }
+  end
+end
+threads.each(&:join)
+```
+
+- Use `Mutex#synchronize` for critical sections. Never call `lock`/`unlock` manually.
+- Use `Queue` for thread-safe producer/consumer patterns.
+- Use `Monitor` when you need reentrant locking (same thread can re-acquire the lock).
+- Prefer `Concurrent::Map` (from concurrent-ruby) over `Hash` with manual locking.
+
+## Background job patterns
+
+### Sidekiq best practices
+
+```ruby
+class UserNotificationJob
+  include Sidekiq::Job
+  sidekiq_options queue: :default, retry: 3
+
+  def perform(user_id, event_type)
+    user = User.find(user_id)
+    NotificationService.new(user).send(event_type)
+  end
+end
+```
+
+- Pass only primitive arguments (IDs, strings). Never pass ActiveRecord objects — they can't be serialized safely.
+- Set explicit retry counts. Use dead-letter queues for permanently failed jobs.
+- Keep jobs idempotent — they may run more than once due to retries.
+- Use separate queues for different priority levels (`:critical`, `:default`, `:low`).
+
+## Testing strategy
+
+### RSpec structure
+
+```ruby
+RSpec.describe UserService do
+  describe "#create" do
+    subject(:result) { described_class.new(repo:).create(params) }
+
+    let(:repo) { instance_double(UserRepository) }
+    let(:params) { { name: "Alice", email: "alice@example.com" } }
+
+    context "with valid params" do
+      before { allow(repo).to receive(:save).and_return(user) }
+      let(:user) { build(:user, **params) }
+
+      it { is_expected.to be_success }
+      it { expect(result.value).to have_attributes(name: "Alice") }
+    end
+
+    context "with duplicate email" do
+      before { allow(repo).to receive(:save).and_raise(UniqueViolation) }
+
+      it { is_expected.to be_failure }
+      it { expect(result.error).to include("already exists") }
+    end
+  end
+end
+```
+
+- Use `describe` for the class/method, `context` for scenarios, `it` for assertions.
+- Use `instance_double` for strict mocking — fails if the mocked method doesn't exist.
+- Use `let` for lazy setup, `let!` for eager setup, `before` for side effects.
+
+### Factory patterns
+
+```ruby
+FactoryBot.define do
+  factory :user do
+    name { Faker::Name.name }
+    email { Faker::Internet.email }
+    role { :member }
+
+    trait :admin do
+      role { :admin }
+    end
+
+    trait :with_posts do
+      after(:create) do |user|
+        create_list(:post, 3, author: user)
+      end
+    end
+  end
+end
+```
+
+- Use traits for variations instead of separate factories.
+- Prefer `build` (in-memory) over `create` (persisted) in unit tests for speed.
+- Use `build_stubbed` for the fastest option when persistence behavior isn't under test.
+
+## Gem dependency audit
+
+### Bundler security workflow
+
+```bash
+# Check for known vulnerabilities
+bundle audit check --update
+
+# List outdated gems (direct dependencies only)
+bundle outdated --only-explicit
+
+# Generate dependency graph
+bundle viz --format=svg
+```
+
+- Run `bundle audit` in CI. Block deploys on critical findings.
+- Update gems in small batches: `bundle update gem_name` + run full test suite.
+- Review changelogs before major version bumps — breaking changes often affect behavior silently.
+- Use `Gemfile` groups (`:development`, `:test`) to keep production dependencies minimal.
+
+### Type checking with Sorbet
+
+```ruby
+# typed: strict
+extend T::Sig
+
+sig { params(name: String, age: Integer).returns(User) }
+def create_user(name, age)
+  User.new(name:, age:)
+end
+```
+
+- Use `typed: strict` for new files, `typed: true` as a minimum for existing files.
+- Generate RBI files for gems: `tapioca gem` for type stubs.
+- Run `srb tc` in CI alongside tests.

package/workflows/powers/ruby-pro/references/testing-and-rspec.md

@@ -0,0 +1,236 @@
+# Testing and RSpec Patterns
+
+## RSpec Structure
+
+```ruby
+# spec/services/create_order_spec.rb
+RSpec.describe CreateOrder do
+  subject(:service) { described_class.new(order_repo:, pricing:, notifier:) }
+
+  let(:order_repo) { instance_double(OrderRepository) }
+  let(:pricing) { instance_double(PricingService) }
+  let(:notifier) { instance_double(EmailNotifier) }
+
+  before do
+    allow(order_repo).to receive(:save)
+    allow(notifier).to receive(:order_created)
+  end
+
+  describe "#call" do
+    context "with valid items" do
+      let(:items) { [build(:line_item, quantity: 2)] }
+
+      before do
+        allow(pricing).to receive(:calculate).and_return(Money.new(amount: 1999, currency: "USD"))
+      end
+
+      it "creates an order" do
+        result = service.call(customer: build(:user), items:)
+
+        expect(result).to be_success
+        expect(result.value).to be_a(Order)
+        expect(result.value.total.amount).to eq(1999)
+      end
+
+      it "saves to repository" do
+        service.call(customer: build(:user), items:)
+        expect(order_repo).to have_received(:save).once
+      end
+
+      it "notifies customer" do
+        service.call(customer: build(:user), items:)
+        expect(notifier).to have_received(:order_created).once
+      end
+    end
+
+    context "with empty items" do
+      it "returns failure" do
+        result = service.call(customer: build(:user), items: [])
+        expect(result).to be_failure
+        expect(result.error).to include("empty")
+      end
+    end
+  end
+end
+```
+
+## Shared Examples
+
+```ruby
+# spec/support/shared_examples/authenticatable.rb
+RSpec.shared_examples "authenticatable" do
+  describe "#authenticate" do
+    it "returns true for correct password" do
+      subject.password = "secret123"
+      expect(subject.authenticate("secret123")).to be true
+    end
+
+    it "returns false for wrong password" do
+      subject.password = "secret123"
+      expect(subject.authenticate("wrong")).to be false
+    end
+  end
+end
+
+# Usage in specs
+RSpec.describe User do
+  subject { build(:user) }
+  it_behaves_like "authenticatable"
+end
+
+RSpec.describe AdminUser do
+  subject { build(:admin_user) }
+  it_behaves_like "authenticatable"
+end
+```
+
+## Request Specs (API Testing)
+
+```ruby
+RSpec.describe "Orders API", type: :request do
+  let(:user) { create(:user) }
+  let(:headers) { { "Authorization" => "Bearer #{user.auth_token}" } }
+
+  describe "POST /api/orders" do
+    let(:valid_params) do
+      {
+        order: {
+          items: [{ product_id: create(:product).id, quantity: 2 }],
+        },
+      }
+    end
+
+    context "with valid params" do
+      it "creates order and returns 201" do
+        post "/api/orders", params: valid_params, headers:, as: :json
+
+        expect(response).to have_http_status(:created)
+        expect(json_response["order"]["id"]).to be_present
+        expect(Order.count).to eq(1)
+      end
+    end
+
+    context "without auth" do
+      it "returns 401" do
+        post "/api/orders", params: valid_params, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context "with invalid params" do
+      it "returns 422 with errors" do
+        post "/api/orders", params: { order: { items: [] } }, headers:, as: :json
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(json_response["errors"]).to include("items")
+      end
+    end
+  end
+end
+
+# Helper
+def json_response
+  JSON.parse(response.body)
+end
+```
+
+## FactoryBot Strategies
+
+```ruby
+# spec/factories/users.rb
+FactoryBot.define do
+  factory :user do
+    sequence(:email) { |n| "user#{n}@example.com" }
+    name { Faker::Name.name }
+    role { :viewer }
+    password { "password123" }
+
+    trait :admin do
+      role { :admin }
+    end
+
+    trait :with_orders do
+      transient do
+        order_count { 3 }
+      end
+
+      after(:create) do |user, evaluator|
+        create_list(:order, evaluator.order_count, customer: user)
+      end
+    end
+  end
+end
+
+# Usage
+build(:user)                          # in-memory, no DB
+create(:user, :admin)                 # persisted admin
+create(:user, :with_orders, order_count: 5)  # with associated orders
+attributes_for(:user)                 # hash of attributes
+```
+
+## Test Doubles
+
+```ruby
+# instance_double — verifies methods exist on the real class
+repo = instance_double(OrderRepository)
+allow(repo).to receive(:find_by_id).with(1).and_return(order)
+allow(repo).to receive(:save).and_return(true)
+
+# class_double
+api_class = class_double(ExternalApi, fetch: response)
+
+# spy — record calls, verify after
+notifier = spy("notifier")
+service.call(notifier:)
+expect(notifier).to have_received(:notify).with(hash_including(type: :order_created))
+
+# Stub chain
+allow(User).to receive_message_chain(:active, :where, :order).and_return(users)
+# Prefer extracting a query object over long stub chains
+```
+
+## SimpleCov Configuration
+
+```ruby
+# spec/spec_helper.rb (must be at the very top)
+require "simplecov"
+
+SimpleCov.start do
+  add_filter "/spec/"
+  add_filter "/config/"
+  add_filter "/vendor/"
+
+  add_group "Services", "app/services"
+  add_group "Models", "app/models"
+  add_group "Controllers", "app/controllers"
+
+  minimum_coverage 80
+  minimum_coverage_by_file 50
+end
+
+# CI integration
+if ENV["CI"]
+  require "simplecov-cobertura"
+  SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
+end
+```
+
+## CI Test Pipeline
+
+```bash
+# Gemfile
+group :test do
+  gem "rspec-rails"
+  gem "factory_bot_rails"
+  gem "faker"
+  gem "simplecov"
+  gem "webmock"        # stub external HTTP
+  gem "vcr"            # record/replay HTTP
+  gem "rubocop-rspec"  # RSpec-specific linting
+end
+
+# CI script
+bundle exec rubocop --parallel           # lint
+bundle exec rspec --format documentation # tests
+bundle audit check                       # vulnerability scan
+```

package/workflows/powers/rust-pro/POWER.md

@@ -2,51 +2,65 @@
 ---
 inclusion: manual
 name: "rust-pro"
-description: "Use for modern Rust systems/services with stable 1.91-era patterns, async correctness, and performance-focused design."
+description: "Use for modern Rust systems/services with stable 1.94-era patterns, async correctness, and performance-focused design."
 license: MIT
 metadata:
-  version: "2.0.0"
-  domain: "language"
-  role: "specialist"
-  stack: "rust"
-  baseline: "Rust stable 1.91"
+  author: cubis-foundry
+  version: "2.0"
+compatibility: Claude Code, Codex, GitHub Copilot
 ---
 
 # Rust Pro
 
-## When to use
+## Purpose
 
-- Building high-reliability services, CLIs, and systems components.
-- Solving ownership/lifetime design problems.
+Expert-level guidance for modern Rust development covering high-reliability services, CLIs, and systems components. Focuses on ownership and lifetime design, async correctness with cancellation safety, explicit error modeling, and performance optimization through profiling discipline.
+
+## When to Use
+
+- Building high-reliability services, CLIs, and systems components in Rust.
+- Solving ownership, lifetime, and borrowing design problems.
 - Optimizing memory safety and runtime performance together.
 
-## Core workflow
+## Instructions
+
+1. **Define ownership and error model first** — design data flow so each value has one clear owner. Clone only when shared ownership is genuinely required. Keep borrow scopes tight. Use `Cow<'_, T>` when a function sometimes needs to allocate and sometimes can borrow. Avoid lifetime annotations in public APIs unless the caller truly controls the borrowed data's scope.
+
+2. **Choose async runtime and crates intentionally** — use `tokio` as the default async runtime. Pin to a specific runtime version in `Cargo.lock`. Make every async function cancellation-safe: dropping a future must not corrupt state. Use `tokio::select!` with care because the unselected branch is dropped and state mutations before `.await` are lost.
+
+3. **Model errors as enums with context** — use `thiserror` for library error enums exposed in public APIs; `anyhow` for application-level error propagation. Use `?` for propagation with `.context()` / `.with_context()` at layer boundaries. Map foreign errors into domain types at crate boundaries. Do not use `.unwrap()` or `.expect()` outside tests and provably-infallible paths because they cause panics in production. Do not leak dependency error types across crate boundaries because it couples consumers to transitive dependencies.
+
+4. **Design traits and types for the problem** — model closed variant sets with enums and exhaustive `match`. Use trait objects (`dyn Trait`) only at plugin or boundary points. Implement `From`/`Into` for natural conversions, `TryFrom`/`TryInto` for fallible ones. Keep trait surfaces small. Use newtype wrappers (`struct UserId(u64)`) to prevent primitive type confusion.
+
+5. **Implement in small composable modules** — use `tokio`/`axum`/`tower` patterns for service work. Use `tower` middleware for timeouts, rate limits, and retries at the service boundary. Separate transport DTOs from domain types. Keep `Send + Sync` bounds explicit in trait objects and spawned tasks.
+
+6. **Keep `unsafe` minimal and documented** — document invariants for every `unsafe` block. Prefer safe abstractions. Do not use premature `unsafe` optimization because the compiler and optimizer handle most cases.
+
+7. **Verify with tests, clippy, and formatting** — maintain `rustfmt` + `clippy` clean in CI. Use `cargo test` and targeted benchmarks. Make task cancellation, retries, and error chains visible in `tracing` instrumentation. Prefer iterator/trait composition over macro-heavy complexity.
+
+8. **Profile before low-level optimization** — measure allocations, lock contention, and tail latency before unsafe or low-level tuning. Bound work queues and connection pools explicitly. Do not use unbounded `tokio::spawn` fan-out without backpressure because it exhausts resources. Do not use `Arc<Mutex<T>>` when a channel-based ownership transfer would be clearer because it adds unnecessary contention. Do not use global mutable state for request data because it creates race conditions.
+
+## Output Format
 
-1. Define ownership and error model first.
-2. Choose async/runtime crates intentionally.
-3. Implement small composable modules.
-4. Verify with tests, clippy, and formatting.
-5. Profile before low-level optimization.
+Produces Rust code with explicit ownership design, structured error enums, cancellation-safe async patterns, and bounded concurrency. Includes trait-based abstractions and newtype wrappers where applicable.
 
-## Baseline standards
+## References
 
-- `rustfmt` + `clippy` clean in CI.
-- Use explicit error types (`thiserror`/`anyhow` by layer).
-- Keep `unsafe` minimal and documented with invariants.
-- Prefer iterator/trait composition over macro-heavy complexity.
-- Make concurrency cancellation-safe and backpressure-aware.
+| File                                    | Load when                                                                                                  |
+| --------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
+| `references/ownership-and-borrowing.md` | Ownership transfer, borrow scope design, lifetime annotations, or `Cow`/`Arc` tradeoffs need detail.       |
+| `references/async-safety-patterns.md`   | Cancellation safety, `select!` pitfalls, structured concurrency, or runtime configuration need detail.     |
+| `references/error-handling-design.md`   | Error enum design, `thiserror`/`anyhow` layering, context chains, or foreign error mapping need detail.    |
+| `references/trait-design-patterns.md`   | Trait object vs enum dispatch, newtype patterns, `From`/`Into` design, or generic constraints need detail. |
+| `references/unsafe-and-ffi-guide.md`    | Unsafe blocks, FFI boundaries, raw pointer invariants, or soundness documentation need detail.             |
 
-## Implementation guidance
+## Scripts
 
-- Use `tokio`/`axum`/`tower` patterns for service work.
-- Model domain states with enums and exhaustive matching.
-- Use `Arc` + interior mutability only when ownership alternatives fail.
-- Keep borrow scopes tight to improve readability and compile times.
-- Separate transport DTOs from domain types.
+No helper scripts are required for this skill right now. Keep execution in `SKILL.md` and `references/` unless repeated automation becomes necessary.
 
-## Avoid
+## Examples
 
-- Premature `unsafe` optimization.
-- Silent `unwrap`/`expect` in non-test code paths.
-- Global mutable state for request data.
+- "Design the error type hierarchy for this multi-crate workspace with thiserror for libraries and anyhow at the application layer."
+- "Refactor this async handler to be cancellation-safe when using tokio::select! with shared state."
+- "Implement a bounded worker pool with backpressure using tokio channels and a semaphore."
 ````

package/workflows/powers/rust-pro/SKILL.md

@@ -1,49 +1,63 @@
 ---
 name: "rust-pro"
-description: "Use for modern Rust systems/services with stable 1.91-era patterns, async correctness, and performance-focused design."
+description: "Use for modern Rust systems/services with stable 1.94-era patterns, async correctness, and performance-focused design."
 license: MIT
 metadata:
-  version: "2.0.0"
-  domain: "language"
-  role: "specialist"
-  stack: "rust"
-  baseline: "Rust stable 1.91"
+  author: cubis-foundry
+  version: "2.0"
+compatibility: Claude Code, Codex, GitHub Copilot
 ---
 
 # Rust Pro
 
-## When to use
+## Purpose
 
-- Building high-reliability services, CLIs, and systems components.
-- Solving ownership/lifetime design problems.
+Expert-level guidance for modern Rust development covering high-reliability services, CLIs, and systems components. Focuses on ownership and lifetime design, async correctness with cancellation safety, explicit error modeling, and performance optimization through profiling discipline.
+
+## When to Use
+
+- Building high-reliability services, CLIs, and systems components in Rust.
+- Solving ownership, lifetime, and borrowing design problems.
 - Optimizing memory safety and runtime performance together.
 
-## Core workflow
+## Instructions
+
+1. **Define ownership and error model first** — design data flow so each value has one clear owner. Clone only when shared ownership is genuinely required. Keep borrow scopes tight. Use `Cow<'_, T>` when a function sometimes needs to allocate and sometimes can borrow. Avoid lifetime annotations in public APIs unless the caller truly controls the borrowed data's scope.
+
+2. **Choose async runtime and crates intentionally** — use `tokio` as the default async runtime. Pin to a specific runtime version in `Cargo.lock`. Make every async function cancellation-safe: dropping a future must not corrupt state. Use `tokio::select!` with care because the unselected branch is dropped and state mutations before `.await` are lost.
+
+3. **Model errors as enums with context** — use `thiserror` for library error enums exposed in public APIs; `anyhow` for application-level error propagation. Use `?` for propagation with `.context()` / `.with_context()` at layer boundaries. Map foreign errors into domain types at crate boundaries. Do not use `.unwrap()` or `.expect()` outside tests and provably-infallible paths because they cause panics in production. Do not leak dependency error types across crate boundaries because it couples consumers to transitive dependencies.
+
+4. **Design traits and types for the problem** — model closed variant sets with enums and exhaustive `match`. Use trait objects (`dyn Trait`) only at plugin or boundary points. Implement `From`/`Into` for natural conversions, `TryFrom`/`TryInto` for fallible ones. Keep trait surfaces small. Use newtype wrappers (`struct UserId(u64)`) to prevent primitive type confusion.
+
+5. **Implement in small composable modules** — use `tokio`/`axum`/`tower` patterns for service work. Use `tower` middleware for timeouts, rate limits, and retries at the service boundary. Separate transport DTOs from domain types. Keep `Send + Sync` bounds explicit in trait objects and spawned tasks.
+
+6. **Keep `unsafe` minimal and documented** — document invariants for every `unsafe` block. Prefer safe abstractions. Do not use premature `unsafe` optimization because the compiler and optimizer handle most cases.
+
+7. **Verify with tests, clippy, and formatting** — maintain `rustfmt` + `clippy` clean in CI. Use `cargo test` and targeted benchmarks. Make task cancellation, retries, and error chains visible in `tracing` instrumentation. Prefer iterator/trait composition over macro-heavy complexity.
+
+8. **Profile before low-level optimization** — measure allocations, lock contention, and tail latency before unsafe or low-level tuning. Bound work queues and connection pools explicitly. Do not use unbounded `tokio::spawn` fan-out without backpressure because it exhausts resources. Do not use `Arc<Mutex<T>>` when a channel-based ownership transfer would be clearer because it adds unnecessary contention. Do not use global mutable state for request data because it creates race conditions.
+
+## Output Format
 
-1. Define ownership and error model first.
-2. Choose async/runtime crates intentionally.
-3. Implement small composable modules.
-4. Verify with tests, clippy, and formatting.
-5. Profile before low-level optimization.
+Produces Rust code with explicit ownership design, structured error enums, cancellation-safe async patterns, and bounded concurrency. Includes trait-based abstractions and newtype wrappers where applicable.
 
-## Baseline standards
+## References
 
-- `rustfmt` + `clippy` clean in CI.
-- Use explicit error types (`thiserror`/`anyhow` by layer).
-- Keep `unsafe` minimal and documented with invariants.
-- Prefer iterator/trait composition over macro-heavy complexity.
-- Make concurrency cancellation-safe and backpressure-aware.
+| File                                    | Load when                                                                                                  |
+| --------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
+| `references/ownership-and-borrowing.md` | Ownership transfer, borrow scope design, lifetime annotations, or `Cow`/`Arc` tradeoffs need detail.       |
+| `references/async-safety-patterns.md`   | Cancellation safety, `select!` pitfalls, structured concurrency, or runtime configuration need detail.     |
+| `references/error-handling-design.md`   | Error enum design, `thiserror`/`anyhow` layering, context chains, or foreign error mapping need detail.    |
+| `references/trait-design-patterns.md`   | Trait object vs enum dispatch, newtype patterns, `From`/`Into` design, or generic constraints need detail. |
+| `references/unsafe-and-ffi-guide.md`    | Unsafe blocks, FFI boundaries, raw pointer invariants, or soundness documentation need detail.             |
 
-## Implementation guidance
+## Scripts
 
-- Use `tokio`/`axum`/`tower` patterns for service work.
-- Model domain states with enums and exhaustive matching.
-- Use `Arc` + interior mutability only when ownership alternatives fail.
-- Keep borrow scopes tight to improve readability and compile times.
-- Separate transport DTOs from domain types.
+No helper scripts are required for this skill right now. Keep execution in `SKILL.md` and `references/` unless repeated automation becomes necessary.
 
-## Avoid
+## Examples
 
-- Premature `unsafe` optimization.
-- Silent `unwrap`/`expect` in non-test code paths.
-- Global mutable state for request data.
+- "Design the error type hierarchy for this multi-crate workspace with thiserror for libraries and anyhow at the application layer."
+- "Refactor this async handler to be cancellation-safe when using tokio::select! with shared state."
+- "Implement a bounded worker pool with backpressure using tokio channels and a semaphore."