readme.md for @push.rocks/smartrust A type-safe, production-ready bridge between TypeScript and Rust binaries — with support for stdio (child process) and socket (Unix socket / Windows named pipe) transports, request/response, streaming, and event patterns. Issue Reporting and Security For reporting bugs, issues, or security vulnerabilities, please visit community.foss.global/. This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a code.foss.global/ account to submit Pull Requests directly. Install 📦 npm install @push.rocks/smartrust # or pnpm install @push.rocks/smartrust Overview 🔭 @push.rocks/smartrust provides a complete bridge for TypeScript applications that need to communicate with Rust binaries. It handles the entire lifecycle — binary discovery, process spawning or socket connection, request/response correlation, streaming responses, event pub/sub, and graceful shutdown — so you can focus on your command definitions instead of IPC plumbing. Two Transport Modes 🔌 Mode Method Use Case Stdio bridge.spawn() Spawn the Rust binary as a child process. Communicate via stdin/stdout. Socket bridge.connect(path) Connect to an already-running Rust daemon via Unix socket or Windows named pipe. The JSON protocol is identical in both modes — only the transport layer changes. Socket mode enables use cases where the Rust binary runs as a privileged system service (e.g., a VPN daemon needing root for TUN devices, a network proxy binding to privileged ports) while the TypeScript app connects to it unprivileged. Why? 🤔 If you're integrating Rust into a Node.js project, you'll inevitably need: A way to find the compiled Rust binary across different environments (dev, CI, production, platform packages) A way to spawn it or connect to it and establish reliable two-way communication Type-safe request/response patterns with proper error handling Streaming responses for progressive data processing, log tailing, or chunked transfers Event streaming from Rust to TypeScript Graceful lifecycle management (ready detection, clean shutdown, auto-reconnection) smartrust wraps all of this into a clean API: RustBridge, RustBinaryLocator, StreamingResponse, and pluggable transports. Usage 🚀 The IPC Protocol smartrust uses a simple, newline-delimited JSON protocol: Direction Format Description TS → Rust (Request) {"id": "req_1", "method": "start", "params": {...}} Command with unique ID Rust → TS (Response) {"id": "req_1", "success": true, "result": {...}} Final response correlated by ID Rust → TS (Error) {"id": "req_1", "success": false, "error": "msg"} Error correlated by ID Rust → TS (Stream Chunk) {"id": "req_1", "stream": true, "data": {...}} Intermediate chunk (zero or more) Rust → TS (Event) {"event": "ready", "data": {...}} Unsolicited event (no ID) This protocol works identically over stdio and socket transports. Your Rust binary reads JSON lines from one end and writes JSON lines to the other. That's it. Defining Your Commands Start by defining a type map of commands your Rust binary supports: import { RustBridge } from '@push.rocks/smartrust'; // Define your command types type TMyCommands = { start: { params: { port: number; host: string }; result: { pid: number } }; stop: { params: {}; result: void }; getMetrics: { params: {}; result: { connections: number; uptime: number } }; reload: { params: { configPath: string }; result: void }; }; Stdio Mode — Spawn a Child Process This is the classic mode. The bridge spawns the Rust binary and communicates via stdin/stdout: const bridge = new RustBridge({ binaryName: 'my-rust-server', envVarName: 'MY_SERVER_BINARY', // optional: env var override platformPackagePrefix: '@myorg/my-server', // optional: platform npm packages }); // Spawn the binary and wait for it to signal readiness const ok = await bridge.spawn(); if (!ok) { console.error('Failed to start Rust binary'); process.exit(1); } // Send type-safe commands — params and return types are inferred! const { pid } = await bridge.sendCommand('start', { port: 8080, host: '0.0.0.0' }); console.log(`Server started with PID ${pid}`); const metrics = await bridge.sendCommand('getMetrics', {}); console.log(`Active connections: ${metrics.connections}`); // Listen for events from Rust bridge.on('management:configChanged', (data) => { console.log('Config was changed:', data); }); // Clean shutdown (SIGTERM → SIGKILL after 5s) bridge.kill(); Socket Mode — Connect to a Running Daemon 🔗 When the Rust binary runs as a system service (e.g., via systemd, launchd, or a Windows Service), use connect() to talk to it over a Unix socket or named pipe: const bridge = new RustBridge({ binaryName: 'my-daemon', // used for logging / error messages }); // Connect to the daemon's management socket const ok = await bridge.connect('/var/run/my-daemon.sock'); if (!ok) { console.error('Failed to connect to daemon'); process.exit(1); } // Same API as stdio mode — completely transparent! const { pid } = await bridge.sendCommand('start', { port: 8080, host: '0.0.0.0' }); const metrics = await bridge.sendCommand('getMetrics', {}); // kill() closes the socket — it does NOT kill the daemon bridge.kill(); Auto-Reconnect For long-running applications, enable automatic reconnection with exponential backoff: const ok = await bridge.connect('/var/run/my-daemon.sock', { autoReconnect: true, // reconnect on unexpected disconnect reconnectBaseDelayMs: 100, // initial retry delay (doubles each attempt) reconnectMaxDelayMs: 30000, // max retry delay cap maxReconnectAttempts: 10, // give up after 10 attempts }); // Listen for reconnection events bridge.on('reconnected', () => { console.log('Reconnected to daemon!'); }); Platform Notes Platform Socket Path Format Example Linux /var/run/.sock or $XDG_RUNTIME_DIR/.sock /var/run/my-daemon.sock macOS /var/run/.sock /var/run/my-daemon.sock Windows \\.\pipe\ \\.\pipe\my-daemon Node.js net.connect() handles all formats transparently — no platform-specific code needed. Streaming Commands 🌊 For commands where the Rust binary sends a series of chunks before a final result, use sendCommandStreaming. This is perfect for progressive data processing, log tailing, search results, or any scenario where you want incremental output. Defining Streaming Commands Add a chunk field to your command type definition to mark it as streamable: type TMyCommands = { // Regular command (request → response) ping: { params: {}; result: { pong: boolean } }; // Streaming command (request → chunks... → final result) processData: { params: { count: number }; chunk: { index: number; progress: number }; result: { totalProcessed: number } }; tailLogs: { params: { lines: number }; chunk: string; result: { linesRead: number } }; }; Consuming Streams // Returns a StreamingResponse immediately (does NOT block) const stream = bridge.sendCommandStreaming('processData', { count: 1000 }); // Consume chunks with for-await-of for await (const chunk of stream) { console.log(`Processing item ${chunk.index}, progress: ${chunk.progress}%`); } // Get the final result after all chunks are consumed const result = await stream.result; console.log(`Done! Processed ${result.totalProcessed} items`); Error Handling in Streams Errors propagate to both the iterator and the .result promise: const stream = bridge.sendCommandStreaming('processData', { count: 100 }); try { for await (const chunk of stream) { console.log(chunk); } } catch (err) { console.error('Stream failed:', err.message); } // .result also rejects on error try { await stream.result; } catch (err) { console.error('Same error here:', err.message); } Stream Timeout By default, streaming commands use the same timeout as regular commands ( requestTimeoutMs). The timeout resets on each chunk received, so it acts as an inactivity timeout rather than an absolute timeout. You can configure it separately: const bridge = new RustBridge({ binaryName: 'my-server', requestTimeoutMs: 30000, // regular command timeout: 30s streamTimeoutMs: 60000, // streaming inactivity timeout: 60s }); Implementing Streaming on the Rust Side Your Rust binary sends stream chunks by writing lines with "stream": true before the final response: // For each chunk: println!(r#"{{"id":"{}","stream":true,"data":{{"index":{},"progress":{}}}}}"#, req.id, i, pct); io::stdout().flush().unwrap(); // When done, send the final response (same as non-streaming): println!(r#"{{"id":"{}","success":true,"result":{{"totalProcessed":{}}}}}"#, req.id, total); io::stdout().flush().unwrap(); Binary Locator 🔍 The RustBinaryLocator searches for your binary using a priority-ordered strategy: Priority Source Description 1 binaryPath option Explicit path — skips all other search 2 Environment variable e.g. MY_SERVER_BINARY=/usr/local/bin/server 3 Platform npm package e.g. @myorg/my-server-linux-x64/my-rust-server 4 Local dev paths ./rust/target/release/ and ./rust/target/debug/ 5 System PATH Standard $PATH lookup You can also use the locator standalone: import { RustBinaryLocator } from '@push.rocks/smartrust'; const locator = new RustBinaryLocator({ binaryName: 'my-rust-server', envVarName: 'MY_SERVER_BINARY', localPaths: ['/opt/myapp/bin/server'], // custom search paths }); const binaryPath = await locator.findBinary(); // Result is cached — call clearCache() to force re-search Configuration Reference ⚙️ The RustBridge constructor accepts an IRustBridgeOptions object: const bridge = new RustBridge({ // --- Binary Locator Options --- binaryName: 'my-server', // required: name of the binary binaryPath: '/explicit/path/to/binary', // optional: skip search entirely envVarName: 'MY_SERVER_BINARY', // optional: env var for path override platformPackagePrefix: '@myorg/my-server', // optional: platform npm package prefix localPaths: ['./build/server'], // optional: custom local search paths searchSystemPath: true, // optional: search $PATH (default: true) // --- Bridge Options --- cliArgs: ['--management'], // optional: args passed to binary (default: ['--management']) requestTimeoutMs: 30000, // optional: per-request timeout (default: 30000) streamTimeoutMs: 30000, // optional: streaming inactivity timeout (default: requestTimeoutMs) readyTimeoutMs: 10000, // optional: ready event timeout (default: 10000) maxPayloadSize: 50 * 1024 * 1024, // optional: max message size in bytes (default: 50MB) env: { RUST_LOG: 'debug' }, // optional: extra env vars for the child process readyEventName: 'ready', // optional: name of the ready event (default: 'ready') logger: myLogger, // optional: logger implementing IRustBridgeLogger }); Socket connection options (passed to bridge.connect()): interface ISocketConnectOptions { autoReconnect?: boolean; // default: false reconnectBaseDelayMs?: number; // default: 100 reconnectMaxDelayMs?: number; // default: 30000 maxReconnectAttempts?: number; // default: 10 } Events 📡 RustBridge extends EventEmitter and emits the following events: Event Payload Description ready — Bridge connected and binary reported ready exit (code, signal) Transport closed (process exited or socket disconnected) stderr string A line from the binary's stderr (stdio mode only) reconnected — Socket transport reconnected after unexpected disconnect management: any Custom event from Rust (e.g. management:configChanged) Custom Logger 📝 Plug in your own logger by implementing the IRustBridgeLogger interface: import type { IRustBridgeLogger } from '@push.rocks/smartrust'; const logger: IRustBridgeLogger = { log(level: string, message: string, data?: Record) { console.log(`[${level}] ${message}`, data || ''); }, }; const bridge = new RustBridge({ binaryName: 'my-server', logger, }); Writing the Rust Side 🦀 Your Rust binary needs to implement a simple protocol. The transport (stdio or socket) doesn't change the message format — only how connections are established. Stdio Mode (Child Process) On startup, write a ready event to stdout: {"event":"ready","data":{"version":"1.0.0"}}\n Read JSON lines from stdin, parse each as {"id": "...", "method": "...", "params": {...}} Write JSON responses to stdout, each as {"id": "...", "success": true, "result": {...}}\n For streaming commands, write zero or more {"id": "...", "stream": true, "data": {...}}\n chunks before the final response Emit events anytime by writing {"event": "name", "data": {...}}\n to stdout Use stderr for logging — it won't interfere with the IPC protocol Socket Mode (Daemon) Listen on a Unix socket (e.g., /var/run/my-daemon.sock) or Windows named pipe On each new client connection, send the {"event":"ready","data":{...}}\n event Read/write JSON lines on the socket (same protocol as stdio) Support multiple concurrent clients — each connection is independent Here's a minimal Rust skeleton (stdio mode): use serde::{Deserialize, Serialize}; use std::io::{self, BufRead, Write}; #[derive(Deserialize)] struct Request { id: String, method: String, params: serde_json::Value, } #[derive(Serialize)] struct Response { id: String, success: bool, #[serde(skip_serializing_if = "Option::is_none")] result: Option, #[serde(skip_serializing_if = "Option::is_none")] error: Option, } #[derive(Serialize)] struct StreamChunk { id: String, stream: bool, data: serde_json::Value, } fn main() { // Signal ready println!(r#"{{"event":"ready","data":{{"version":"1.0.0"}}}}"#); io::stdout().flush().unwrap(); let stdin = io::stdin(); for line in stdin.lock().lines() { let line = line.unwrap(); let req: Request = serde_json::from_str(&line).unwrap(); match req.method.as_str() { "ping" => { let resp = Response { id: req.id, success: true, result: Some(serde_json::json!({"pong": true})), error: None, }; println!("{}", serde_json::to_string(&resp).unwrap()); io::stdout().flush().unwrap(); } "processData" => { let count = req.params["count"].as_u64().unwrap_or(0); // Send stream chunks for i in 0..count { let chunk = StreamChunk { id: req.id.clone(), stream: true, data: serde_json::json!({"index": i, "progress": ((i+1) * 100 / count)}), }; println!("{}", serde_json::to_string(&chunk).unwrap()); io::stdout().flush().unwrap(); } // Send final response let resp = Response { id: req.id, success: true, result: Some(serde_json::json!({"totalProcessed": count})), error: None, }; println!("{}", serde_json::to_string(&resp).unwrap()); io::stdout().flush().unwrap(); } _ => { let resp = Response { id: req.id, success: false, result: None, error: Some(format!("Unknown method: {}", req.method)), }; println!("{}", serde_json::to_string(&resp).unwrap()); io::stdout().flush().unwrap(); } } } } Architecture 🏗️ ┌──────────────────────────────────────────────────────┐ │ RustBridge │ │ (protocol layer: handleLine, sendCommand, events) │ ├──────────────┬───────────────────────────────────────┤ │ StdioTransport │ SocketTransport │ │ spawn() + │ net.connect() + auto-reconnect │ │ stdin/stdout │ Unix socket / named pipe │ ├──────────────┴───────────────────────────────────────┤ │ IRustTransport interface │ │ connect() / write() / disconnect() │ ├──────────────────────────────────────────────────────┤ │ LineScanner (shared newline scanner) │ ├──────────────────────────────────────────────────────┤ │ RustBinaryLocator │ │ (binary search — stdio mode only) │ └──────────────────────────────────────────────────────┘ RustBridge — The main class. Protocol-level logic (JSON parsing, request correlation, streaming, events) is transport-agnostic. StdioTransport — Spawns a child process, manages stdin/stdout/stderr, handles SIGTERM/SIGKILL. SocketTransport — Connects to an existing Unix socket or named pipe, with optional auto-reconnect and exponential backoff. LineScanner — Shared buffer-based newline scanner used by both transports for efficient message framing. RustBinaryLocator — Priority-ordered binary search (used by stdio mode only). API Reference 📖 RustBridge Method / Property Signature Description constructor new RustBridge(options: IRustBridgeOptions) Create a new bridge instance spawn() Promise Stdio mode: Spawn the binary and wait for ready; returns false on failure connect(socketPath, options?) Promise Socket mode: Connect to a running daemon; returns false on failure sendCommand(method, params) Promise Send a typed command and await the response sendCommandStreaming(method, params) StreamingResponse Send a streaming command; returns immediately kill() void Stdio: SIGTERM the process, SIGKILL after 5s. Socket: close the connection (daemon stays alive) running boolean Whether the bridge is currently connected and ready StreamingResponse Method / Property Type Description [Symbol.asyncIterator]() AsyncIterator Enables for await...of consumption of chunks result Promise Resolves with the final result after stream ends RustBinaryLocator Method / Property Signature Description constructor new RustBinaryLocator(options: IBinaryLocatorOptions, logger?) Create a locator instance findBinary() Promise Find the binary using the priority search; result is cached clearCache() void Clear the cached path to force a fresh search StdioTransport Method / Property Signature Description constructor new StdioTransport(options: IStdioTransportOptions) Create a stdio transport connect() Promise Spawn the child process write(data) Promise Write to stdin with backpressure handling disconnect() void Kill the process (SIGTERM → SIGKILL after 5s) connected boolean Whether the process is running SocketTransport Method / Property Signature Description constructor new SocketTransport(options: ISocketTransportOptions) Create a socket transport connect() Promise Connect to the Unix socket / named pipe write(data) Promise Write to socket with backpressure handling disconnect() void Close the socket (does not kill the daemon) connected boolean Whether the socket is connected LineScanner Method / Property Signature Description constructor new LineScanner(maxPayloadSize, logger) Create a line scanner push(chunk, onLine) void Feed a Buffer chunk; calls onLine for each complete line clear() void Reset the internal buffer Exported Interfaces & Types Interface / Type Description IRustBridgeOptions Full configuration for RustBridge IBinaryLocatorOptions Configuration for RustBinaryLocator ISocketConnectOptions Socket connection options (reconnect settings) IRustBridgeLogger Logger interface: { log(level, message, data?) } IRustTransport Transport interface (extends EventEmitter) IManagementRequest IPC request shape: { id, method, params } IManagementResponse IPC response shape: { id, success, result?, error? } IManagementEvent IPC event shape: { event, data } IManagementStreamChunk IPC stream chunk shape: { id, stream: true, data } ICommandDefinition Single command definition: { params, result } TCommandMap Record TStreamingCommandKeys Extracts keys from a command map that have a chunk field TExtractChunk Extracts the chunk type from a streaming command definition License and Legal Information This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the LICENSE file. Please note: The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. Trademarks This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar. Company Information Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany For any legal inquiries or further information, please contact us via email at hello@task.vc. By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.