archy/.claude/rules/backend.md

---
globs:
  - "core/**/*.rs"
  - "core/**/Cargo.toml"
---

# Backend Rules (Archipelago — Rust)

- Backend binds `127.0.0.1` only — nginx handles external access
- Validate all input before path construction — reject `..`, `/`, null bytes
- Timeouts on all external operations (10s default, 30s for heavy like Bitcoin RPC)
- Use `anyhow::Result` for error propagation, not `.unwrap()` in handlers
- Log with `tracing`, never `println!` or `eprintln!` in production paths
- Container commands through `PodmanClient` (core/container/), never raw `Command::new("podman")`
fix: overhaul container lifecycle — recovery, health, uninstall, UI state Container recovery: - Health monitor: MAX_RESTART_ATTEMPTS 3→10, interval 60s→120s - Dependency-aware restarts: won't restart services before their deps - Reset dependent counters when a dependency recovers - Handle "created" state containers (were invisible to health monitor) - Added IndeedHub, mempool-api, mysql to tier system - Crash recovery: podman start timeout 30s→120s with retry - Podman client: socket timeout 5s→30s, added restart policy UI state representation: - Exit code 0 shows "stopped" (gray), not "crashed" (red) - Exit code 137 shows "killed (OOM)" - Non-zero exit shows "crashed" (red) - Added exit_code field to PackageDataEntry Install/uninstall fixes: - Install returns error when container doesn't start (was silent success) - Post-install hooks awaited instead of fire-and-forget tokio::spawn - Uninstall: graceful rm before force, volume prune, network cleanup - Uninstall returns error on partial failure (was 200 OK) Config consistency: - DB passwords read from /var/lib/archipelago/secrets/ (was hardcoded) - Bitcoin: added ZMQ ports 28332/28333 for LND block notifications - IndeedHub port 7777→8190 (was conflicting with strfry) - Marketplace versions: LND 0.17.4→0.18.4, Mempool 2.5.0→3.0.0 Performance: - Metrics collector interval 60s→300s (was duplicating health monitor) - Podman client: proper error propagation instead of unwrap_or_default Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-31 07:03:57 +01:00			`---`
			`globs:`
			`- "core/*/.rs"`
			`- "core/**/Cargo.toml"`
			`---`

			`# Backend Rules (Archipelago — Rust)`

			- Backend binds `127.0.0.1` only — nginx handles external access
			- Validate all input before path construction — reject `..`, `/`, null bytes
			`- Timeouts on all external operations (10s default, 30s for heavy like Bitcoin RPC)`
			- Use `anyhow::Result` for error propagation, not `.unwrap()` in handlers
			- Log with `tracing`, never `println!` or `eprintln!` in production paths
			- Container commands through `PodmanClient` (core/container/), never raw `Command::new("podman")`