openalice-axum-common
**⚠️ FROZEN 2026-07-06: adapter-only. No new code lands here.**
Architecture rating
Clean AST (0 dead imports, 0 cycles, 0 complexity flags), valid manifest, passing CI, deny.toml present; but 7 declared-unused env vars show config drift, and frozen status with features=20/100 indicates the crate stopped evolving before conventions fully landed.
Provides JWT (jsonwebtoken) and reqwest plumbing but no evidence of SSRF guards, rate-limit middleware, or security-header defaults; cargo deny.toml present for supply-chain audit which is a positive signal; 7 declared-but-unused env vars (INTERNAL_SECRET, SSO_COOKIE_DOMAIN, etc.) suggest dead auth config paths.
README exists but is a one-line frozen notice; AGENTS.md present; manifest valid with summary; no @feature annotations, no in-code architecture docs, no usage examples for consumers; roadmap 30/100 from Atlas confirms thin documentation.
No visible timeout wrappers, retry policies, or structured error types exported for consumers; as a shared reqwest/axum adapter library these would be high-value; 1 star import is cosmetic; frozen status means no active reliability hardening.
No tables owned, no migrations, no schema — entirely N/A by design as a pure library crate, but the axis is therefore absent, not satisfied.
No tracing layer, no metrics export, no health-probe helper exposed; library provides no observability primitives for downstream services to inherit — a missed opportunity for a shared substrate crate.
No tests directory in repo structure; zero test files visible; for a shared auth/JWT/reqwest library this is a critical gap — any regression here cascades across all downstream services.
source · auto-grader-2026-07-18
Ecosystem manifest
.atlas-deps.ymlShared axum + jsonwebtoken + reqwest plumbing every OpenAlice Rust service uses.
- SSO_COOKIE_DOMAIN
- ACCESS_COOKIE_TTL_SECS
- REFRESH_COOKIE_TTL_SECS
- CORS_ORIGINS
- TENANTS_INTERNAL_URL
- INTERNAL_BROADCAST_SECRET
- INTERNAL_SECRET
- cargo_crate: openalice-axum-common
Atlas grepped the repo's source for env reads (rust env::var · ts process.env · py os.environ · shell $VAR) and diffed against the manifest's consumes_env. Two lists below: stale declarations and undeclared reads.
- ACCESS_COOKIE_TTL_SECS
- CORS_ORIGINS
- INTERNAL_BROADCAST_SECRET
- INTERNAL_SECRET
- REFRESH_COOKIE_TTL_SECS
- SSO_COOKIE_DOMAIN
- TENANTS_INTERNAL_URL
Code composition
tokei · loc- TOML98.1%
- Rust1.9%
- TOML98.1%
- Rust1.9%
- TOML98.1%· 53
- Rust1.9%· 1
| Language | % code | code | comments | blanks | files |
|---|---|---|---|---|---|
| TOML | 98.1% | 53 | 54 | 7 | 2 |
| Rust | 1.9% | 1 | 0 | 0 | 1 |
| Markdown | 0.0% | 0 | 25 | 7 | 2 |
Telemetry ribbon · last 90 days
22 eventsNo @feature annotations recorded in this repo yet.