-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathCargo.toml
More file actions
107 lines (92 loc) · 3.3 KB
/
Cargo.toml
File metadata and controls
107 lines (92 loc) · 3.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
[workspace]
resolver = "2"
members = [
"crates/server",
"crates/gateway",
"crates/mcp-gateway",
"crates/auth",
"crates/common",
"crates/test-support",
]
[workspace.package]
version = "0.1.0"
edition = "2024"
license = "BUSL-1.1"
[workspace.dependencies]
# Web framework
axum = { version = "0.8", features = ["macros", "ws"] }
tower = "0.5"
tower-http = { version = "0.6", features = [
"cors", "trace", "compression-gzip", "request-id",
"limit", "timeout", "catch-panic", "sensitive-headers", "set-header",
] }
tokio = { version = "1", features = ["rt-multi-thread", "macros", "net", "time", "sync", "io-util", "signal"] }
# Database
sqlx = { version = "0.8", features = ["runtime-tokio", "postgres", "uuid", "chrono", "json", "migrate", "rust_decimal"] }
rust_decimal = { version = "1", features = ["serde", "serde-with-str"] }
clickhouse = { version = "0.13", features = ["time", "chrono"] }
# Redis
fred = { version = "10", features = ["subscriber-client", "i-scripts"] }
# Auth
# Crypto-critical crates are pinned with `=` so a silent minor-release
# change (e.g. a JWT lib's validation-default flip) can't sneak in via
# `cargo update`. Bumps are deliberate and reviewed.
jsonwebtoken = { version = "=10.3.0", features = ["rust_crypto"] }
argon2 = "=0.5.3"
openidconnect = { version = "4", features = ["reqwest"] }
totp-rs = { version = "5", features = ["gen_secret", "otpauth"] }
data-encoding = "2"
# Serialization
serde = { version = "1", features = ["derive"] }
serde_json = "1"
# HTTP client (upstream proxy)
reqwest = { version = "0.13", features = ["stream", "json", "rustls"] }
hyper = { version = "1", features = ["full"] }
hyper-util = "0.1"
http-body-util = "0.1"
bytes = "1"
# Async
futures = "0.3"
tokio-stream = "0.1"
async-stream = "0.3"
# Crypto — pinned exact. See the auth section for the rationale.
aes-gcm = "=0.10.3"
sha2 = "=0.11.0"
sha1 = "=0.11.0"
hmac = "=0.13.0"
p256 = { version = "=0.13.2", features = ["ecdsa", "jwk"] }
ecdsa = { version = "=0.16.9", features = ["verifying"] }
rand = "0.10"
hex = "0.4"
subtle = "=2.6.1"
url = "2"
# Observability
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
metrics = "0.24"
metrics-exporter-prometheus = { version = "0.16", default-features = false }
# Config
dotenvy = "0.15"
# API documentation
utoipa = { version = "5", features = ["axum_extras", "uuid", "chrono"] }
utoipa-swagger-ui = { version = "9", features = ["axum"] }
# AWS (Bedrock)
# NOTE: "hardcoded-credentials" is the AWS SDK feature name for constructing
# Credentials from explicit access_key/secret_key values (as opposed to the
# default credential chain). This does NOT embed credentials in the binary —
# they are loaded at runtime from encrypted provider config in the database.
aws-sigv4 = "1"
aws-credential-types = { version = "1", features = ["hardcoded-credentials"] }
aws-smithy-eventstream = "0.60"
# Utils
arc-swap = "1"
xxhash-rust = { version = "0.8", features = ["xxh3"] }
uuid = { version = "1", features = ["v4", "serde"] }
chrono = { version = "0.4", features = ["serde"] }
thiserror = "2"
anyhow = "1"
# Workspace crates
think-watch-common = { path = "crates/common" }
think-watch-auth = { path = "crates/auth" }
think-watch-gateway = { path = "crates/gateway" }
think-watch-mcp-gateway = { path = "crates/mcp-gateway" }