docs: Add ADR-0032 documenting guard workflow architecture pattern

[EffortlessSteven]

Summary

This PR adds ADR-0032 documenting the architectural decision about guard workflow patterns in Rust-Template.

Key Decision

Maintain two complementary guard implementation patterns:

1. Rust-Template: GitHub Actions workflows + Rego policies (policy-as-code)

   • Purpose: Workflow orchestration, governance policies, advisory enforcement
   • Examples: ci-scope-guard.yml, policy/scope.rego

2. Guard Repos (depguard, diffguard, covguard): Multi-crate Rust workspaces

   • Purpose: Portable analysis tools with structured output (SARIF, JSON receipts)
   • Features: Multi-CI support, agentic-friendly, publishable to crates.io

Rationale

• Guard repos are already structured for library publishing
• Workflow-based guards are template-friendly and declarative
• Hybrid approach: Rust-Template workflows can invoke guard CLIs for enforcement
• Clear separation: governance policy (Rego) vs. analysis tooling (Rust)

Future Work

• Integrate guard CLIs into Rust-Template workflows
• Pin guard CLI versions for reproducibility
• Standardize output formats (SARIF, JSON receipts)

References

• Analysis performed by Cross-Repo Pattern Analyzer, 2026-03-23
• Related repos: EffortlessMetrics/depguard, diffguard, covguard

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 58 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6a9c3147-e49a-4287-a4d2-8b34726385e5

📥 Commits

Reviewing files that changed from the base of the PR and between 90fd4d1 and 3fd335e.

📒 Files selected for processing (2)

• docs/adr/0032-guard-workflow-architecture.md
• docs/adr/README.md

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/adr-guard-architecture

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request adds Architectural Decision Record (ADR) 0032 to the documentation, detailing the architectural approach for implementing guard workflows in the Rust-Template project. It formalizes the decision to use two distinct patterns for guard implementations, and outlines the rationale, consequences, and compliance measures associated with this decision.

Highlights

• Guard Workflow Architecture: This PR introduces ADR-0032, which documents the decision to maintain two complementary guard implementation patterns within the Rust-Template project.
• Implementation Patterns: The ADR outlines two patterns: GitHub Actions workflows with Rego policies for workflow orchestration and governance, and multi-crate Rust workspaces for portable analysis tools.
• Hybrid Architecture: The ADR proposes a future integration strategy where Rust-Template workflows will invoke guard CLIs, leveraging both declarative policies and Rust analysis tools.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces ADR-0032, which documents the architectural decision to maintain two complementary patterns for 'guard' workflows. The ADR is well-structured and clearly articulates the context, decision, and consequences. My review focuses on improving the consistency and accuracy of the code examples within the document to better align with its stated goals of reproducibility and clarity. Specifically, I've suggested changes to the cargo install examples to include version pinning and to ensure consistency across different examples.

[gemini-code-assist]

The 'Migration Path (Future)' section (line 196) and 'Future Work' section in the PR description both mention pinning CLI versions for reproducibility. To align this example with that goal, it would be clearer to demonstrate version pinning here. cargo install uses the --version flag for this. This also helps mitigate the 'Version drift' risk mentioned under 'Consequences'.

Suggested change

	cargo install depguard-cli
	cargo install depguard-cli --version 0.3.0

[gemini-code-assist]

This diffguard example appears to assume the CLI is already installed, which is inconsistent with the depguard example above that includes a cargo install step. For consistency and clarity, I suggest adding an installation step for diffguard as well. Pinning the version would also align with the reproducibility goals mentioned in this ADR.

Suggested change

	diffguard check --preset strict --output diffguard.json
	cargo install diffguard-cli --version 0.5.1
	diffguard check --preset strict --output diffguard.json

[gemini-code-assist]

The example syntax depguard-cli@0.3.0 is typically used by package managers like npm or yarn. For cargo install, the flag for specifying a version is --version. Using the correct syntax in the example will avoid confusion for developers.

Suggested change

	1. Pin guard CLI versions in workflows (e.g., `depguard-cli@0.3.0`)
	1. Pin guard CLI versions in workflows (e.g., `cargo install depguard-cli --version 0.3.0`)