tovuk 0.1.49 → 0.1.50

package/README.md

@@ -12,8 +12,8 @@ npx tovuk deploy --wait --json
 `npx tovuk` is the public npm command.
 
 Rust backends expect `Cargo.toml`, `Cargo.lock`, and `tovuk.toml`. They must
-pass `cargo fmt --all --check`, locked Cargo checks, listen on
-`0.0.0.0:$PORT`, and expose the configured health endpoint.
+pass `cargo fmt --all --check`, locked release-mode check/test/Clippy gates,
+listen on `0.0.0.0:$PORT`, and expose the configured health endpoint.
 
 Static frontends must use TypeScript browser source, stable native type-aware
 TypeScript checks, native linting such as `oxlint`, `biome check`, or

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tovuk",
-  "version": "0.1.49",
+  "version": "0.1.50",
   "description": "Deploy Rust backends, static frontends, and fullstack apps to Tovuk.",
   "type": "module",
   "bin": {

package/src/internal/config-validation.ts

@@ -1,4 +1,4 @@
-import { JAVASCRIPT_BACKEND_RUNTIMES, PROJECT_KINDS } from './constants.ts'
+import { JAVASCRIPT_BACKEND_RUNTIMES, PROJECT_KINDS, RUST_STRICT_CLIPPY_DENY_LINTS } from './constants.ts'
 import { commandTokens, hasFrontendInstallCommand, hasFrontendScriptRun, usesJavascriptLinter } from './frontend-policy.ts'
 import { isSafeRelativePath } from './project.ts'
 import type { ProjectKind, TovukConfig } from './types.ts'
@@ -108,11 +108,16 @@ function validateOutput(value: string | undefined, field: string): void {
 }
 
 function validateResourceConfig(config: TovukConfig): void {
-  if (!/^\d+\s*(mb|mib|gb|gib)$/iu.test(config.resources.memory)) {
-    throw new Error('[resources].memory must look like 512mb or 1gb')
+  const memoryMib = memoryToMib(config.resources.memory)
+  if (memoryMib < 128 || memoryMib > 2048) {
+    throw new Error('[resources].memory must be between 128mb and 2gb; use the smallest working value')
   }
-  if (!/^\d+(?:\.\d{1,3})?$/u.test(config.resources.cpu)) {
-    throw new Error('[resources].cpu must look like 0.25, 0.5, 1, or 2')
+  const cpuMillis = cpuToMillis(config.resources.cpu)
+  if (cpuMillis < 50 || cpuMillis > 2000) {
+    throw new Error('[resources].cpu must be between 0.05 and 2; use the smallest working value')
+  }
+  if (!Number.isInteger(config.resources.idle_timeout_minutes) || config.resources.idle_timeout_minutes < 1 || config.resources.idle_timeout_minutes > 60) {
+    throw new Error('[resources].idle_timeout_minutes must be between 1 and 60')
   }
 }
 
@@ -126,11 +131,18 @@ function validateCheckCommand(kind: ProjectKind, command: string): void {
 }
 
 function validateRustCheckCommand(command: string): void {
-  const required = ['cargo fmt --all --check', 'cargo check --locked', 'cargo clippy --locked', '--all-targets', '--all-features', '-D warnings']
+  const required = [
+    'cargo fmt --all --check',
+    'cargo check --locked --release --all-targets --all-features',
+    'cargo test --locked --release --all-targets --all-features',
+    'cargo clippy --locked --release --all-targets --all-features',
+    '-D warnings',
+    ...RUST_STRICT_CLIPPY_DENY_LINTS.map((lint) => `-D ${lint}`)
+  ]
   if (required.every((fragment) => command.includes(fragment))) {
     return
   }
-  throw new Error('[build].check must include cargo fmt --all --check, cargo check --locked, and cargo clippy --locked --all-targets --all-features -- -D warnings')
+  throw new Error('[build].check must run rustfmt, locked release-mode cargo check, locked release-mode tests, and strict Clippy resource lints')
 }
 
 function validateRustBuildCommand(command: string): void {
@@ -190,4 +202,20 @@ function commandNameFromToken(token: string): string {
   return token.split('/').pop() ?? ''
 }
 
+function memoryToMib(value: string): number {
+  const match = value.trim().toLowerCase().match(/^(\d+)\s*(mb|mib|gb|gib)$/u)
+  if (!match) {
+    throw new Error('[resources].memory must look like 256mb, 512mb, or 1gb')
+  }
+  const amount = Number.parseInt(match[1] ?? '', 10)
+  return amount * ((match[2] ?? '').startsWith('g') ? 1024 : 1)
+}
+
+function cpuToMillis(value: string): number {
+  if (!/^\d+(?:\.\d{1,3})?$/u.test(value.trim())) {
+    throw new Error('[resources].cpu must look like 0.25, 0.5, 1, or 2')
+  }
+  return Math.round(Number.parseFloat(value) * 1000)
+}
+
 export { validateConfig }

package/src/internal/constants.ts

@@ -15,7 +15,30 @@ export const SESSION_ACCOUNT: string = 'session-token'
 export const SESSION_LABEL: string = 'Tovuk session'
 export const DEFAULT_LOGIN_EXPIRES_SECONDS: number = 600
 export const DEFAULT_LOGIN_INTERVAL_SECONDS: number = 5
-export const DEFAULT_RUST_CHECK_COMMAND: string = 'cargo fmt --all --check && cargo check --locked && cargo clippy --locked --all-targets --all-features -- -D warnings'
+export const RUST_STRICT_CLIPPY_DENY_LINTS: readonly string[] = [
+  'clippy::all',
+  'clippy::pedantic',
+  'clippy::dbg_macro',
+  'clippy::todo',
+  'clippy::unimplemented',
+  'clippy::panic',
+  'clippy::unwrap_used',
+  'clippy::expect_used',
+  'clippy::large_futures',
+  'clippy::large_include_file',
+  'clippy::large_stack_frames',
+  'clippy::mem_forget',
+  'clippy::rc_buffer',
+  'clippy::rc_mutex',
+  'clippy::redundant_clone',
+  'clippy::clone_on_ref_ptr'
+]
+export const DEFAULT_RUST_CHECK_COMMAND: string = [
+  'cargo fmt --all --check',
+  'cargo check --locked --release --all-targets --all-features',
+  'cargo test --locked --release --all-targets --all-features',
+  `cargo clippy --locked --release --all-targets --all-features -- -D warnings ${RUST_STRICT_CLIPPY_DENY_LINTS.map((lint) => `-D ${lint}`).join(' ')}`
+].join(' && ')
 export const DEFAULT_NPM_FRONTEND_CHECK_COMMAND: string = 'npm ci --prefer-offline --no-audit --fund=false && npm run typecheck && npm run lint'
 export const DEFAULT_BUN_FRONTEND_CHECK_COMMAND: string = 'bun ci && bun run typecheck && bun run lint'
 export const PROJECT_KINDS: ReadonlySet<string> = new Set(['fullstack', 'rust_backend', 'static_frontend'])
@@ -127,7 +150,7 @@ Usage:
 
 Agent contract:
   - Fullstack apps set kind = "fullstack", keep backend and frontend roots in one tovuk.toml, serve the frontend at /, and serve the Rust API under /api.
-  - Rust backends keep Cargo.lock committed, pass rustfmt, listen on 0.0.0.0:$PORT, and return HTTP 200 from health.
+  - Rust backends keep Cargo.lock committed, pass rustfmt plus locked release-mode check/test/Clippy gates, listen on 0.0.0.0:$PORT, and return HTTP 200 from health.
   - Static frontends set kind = "static_frontend", keep TypeScript source, a package lockfile, stable native typecheck, native lint, and Fallow quality gates.
   - Plain static HTML/CSS/JS frontends may use kind = "static_frontend" with check = ":", command = ":", and output = ".".
   - JavaScript and TypeScript are frontend-only on Tovuk; backend build and runtime commands must be Cargo release builds and Rust release binaries.
@@ -138,6 +161,7 @@ Agent contract:
   - Create support tickets only with command output, app id, build id, deploy id, and the first actionable log line.
   - Resolve support tickets after the issue is fixed so later agents do not duplicate work.
   - Keep direct unsafe out of Rust source.
+  - Keep Rust backend resources small: 128mb-2gb memory, 0.05-2 CPU, and 1-60 minute idle timeout.
 `
 
 function packageVersion(): string {

package/src/internal/rust-doctor.ts

@@ -1,6 +1,7 @@
 import { spawnSync } from 'node:child_process'
 import { readFileSync } from 'node:fs'
 import path from 'node:path'
+import { RUST_STRICT_CLIPPY_DENY_LINTS } from './constants.ts'
 import { walkProjectFiles } from './project.ts'
 import type { DoctorCheck } from './types.ts'
 
@@ -14,7 +15,7 @@ interface CargoCheckSpec {
 function rustDoctorChecks(projectDir: string, configValid: boolean): DoctorCheck[] {
   const checks = [cargoLints(projectDir), unsafeCheck(projectDir)]
   if (configValid) {
-    checks.push(cargoFmt(projectDir), cargoCheck(projectDir), cargoClippy(projectDir))
+    checks.push(cargoFmt(projectDir), cargoCheck(projectDir), cargoTest(projectDir), cargoClippy(projectDir))
   }
   return checks
 }
@@ -46,9 +47,18 @@ function scanUnsafe(projectDir: string): string[] {
 function cargoCheck(projectDir: string): DoctorCheck {
   return cargoCommandCheck(projectDir, {
     name: 'cargo check',
-    args: ['check', '--locked', '--quiet'],
-    missing: 'Install Rust and Cargo, then run `cargo check --locked` locally before deploying.',
-    failed: 'Run `cargo check --locked`, fix every compiler error and warning, then redeploy.'
+    args: ['check', '--locked', '--release', '--all-targets', '--all-features', '--quiet'],
+    missing: 'Install Rust and Cargo, then run `cargo check --locked --release --all-targets --all-features` locally before deploying.',
+    failed: 'Run `cargo check --locked --release --all-targets --all-features`, fix every compiler error and warning, then redeploy.'
+  })
+}
+
+function cargoTest(projectDir: string): DoctorCheck {
+  return cargoCommandCheck(projectDir, {
+    name: 'cargo test',
+    args: ['test', '--locked', '--release', '--all-targets', '--all-features', '--quiet'],
+    missing: 'Install Rust and Cargo, then run `cargo test --locked --release --all-targets --all-features` locally before deploying.',
+    failed: 'Run `cargo test --locked --release --all-targets --all-features`, fix every failed test, then redeploy.'
   })
 }
 
@@ -64,9 +74,9 @@ function cargoFmt(projectDir: string): DoctorCheck {
 function cargoClippy(projectDir: string): DoctorCheck {
   return cargoCommandCheck(projectDir, {
     name: 'cargo clippy',
-    args: ['clippy', '--locked', '--all-targets', '--all-features', '--quiet', '--', '-D', 'warnings'],
-    missing: 'Install Rust clippy, then run `cargo clippy --locked --all-targets --all-features -- -D warnings` before deploying.',
-    failed: 'Run `cargo clippy --locked --all-targets --all-features -- -D warnings`, fix every warning, then redeploy.'
+    args: ['clippy', '--locked', '--release', '--all-targets', '--all-features', '--quiet', '--', '-D', 'warnings', ...RUST_STRICT_CLIPPY_DENY_LINTS.flatMap((lint) => ['-D', lint])],
+    missing: 'Install Rust clippy, then run Tovuk strict Clippy checks before deploying.',
+    failed: 'Run the strict Tovuk Clippy command from tovuk.toml, fix every warning, panic/unwrap issue, and resource lint, then redeploy.'
   })
 }
 
@@ -110,17 +120,19 @@ function cargoLints(projectDir: string): DoctorCheck {
     }
   }
 
-  const ok = cargoLintLevel(source, 'unsafe_code') === 'forbid' &&
-    cargoLintLevel(source, 'warnings') === 'deny'
+  const requiredClippyLints = RUST_STRICT_CLIPPY_DENY_LINTS.map((lint) => lint.replace(/^clippy::/u, ''))
+  const ok = cargoLintLevel(source, 'rust', 'unsafe_code') === 'forbid' &&
+    cargoLintLevel(source, 'rust', 'warnings') === 'deny' &&
+    requiredClippyLints.every((lint) => cargoLintLevel(source, 'clippy', lint) === 'deny')
   return {
     name: 'cargo lints',
     ok,
-    message: ok ? 'strict' : 'missing unsafe_code=forbid or warnings=deny',
-    agent_instruction: ok ? null : 'Add `[lints.rust]` with `unsafe_code = "forbid"` and `warnings = "deny"`, then retry.'
+    message: ok ? 'strict' : 'missing strict Rust or Clippy resource lints',
+    agent_instruction: ok ? null : 'Add `[lints.rust]` with `unsafe_code = "forbid"` and `warnings = "deny"`, plus `[lints.clippy]` deny entries for all, pedantic, panic/unwrap bans, and resource lints, then retry.'
   }
 }
 
-function cargoLintLevel(source: string, lintName: string): string {
+function cargoLintLevel(source: string, lintGroup: 'clippy' | 'rust', lintName: string): string {
   let section = ''
   for (const rawLine of source.split(/\r?\n/u)) {
     const line = rawLine.replace(/#.*/u, '').trim()
@@ -129,7 +141,7 @@ function cargoLintLevel(source: string, lintName: string): string {
       section = nextSection
       continue
     }
-    if (!isRustLintSection(section)) {
+    if (!isLintSection(section, lintGroup)) {
       continue
     }
     const level = lintAssignmentLevel(line, lintName)
@@ -145,8 +157,8 @@ function tomlSection(line: string): string | null {
   return line.match(/^\[([^\]]+)\]$/u)?.[1] ?? null
 }
 
-function isRustLintSection(section: string): boolean {
-  return section === 'lints.rust' || section === 'workspace.lints.rust'
+function isLintSection(section: string, lintGroup: 'clippy' | 'rust'): boolean {
+  return section === `lints.${lintGroup}` || section === `workspace.lints.${lintGroup}`
 }
 
 function lintAssignmentLevel(line: string, lintName: string): string {

package/src/internal/templates.ts

@@ -67,6 +67,24 @@ publish = false
 [lints.rust]
 unsafe_code = "forbid"
 warnings = "deny"
+
+[lints.clippy]
+all = { level = "deny", priority = -1 }
+pedantic = { level = "deny", priority = -1 }
+dbg_macro = "deny"
+todo = "deny"
+unimplemented = "deny"
+panic = "deny"
+unwrap_used = "deny"
+expect_used = "deny"
+large_futures = "deny"
+large_include_file = "deny"
+large_stack_frames = "deny"
+mem_forget = "deny"
+rc_buffer = "deny"
+rc_mutex = "deny"
+redundant_clone = "deny"
+clone_on_ref_ptr = "deny"
 `],
     ['Cargo.lock', `# This file is automatically @generated by Cargo.
 version = 4