actionbook/domain-web
skills/domain-web/SKILL.md
Use when building web services. Keywords: web server, HTTP, REST API, GraphQL, WebSocket, axum, actix, warp, rocket, tower, hyper, reqwest, middleware, router, handler, extractor, state management, authentication, authorization, JWT, session, cookie, CORS, rate limiting, web 开发, HTTP 服务, API 设计, 中间件, 路由
$ install --global
skillsauthnpx skillsauth add actionbook/rust-skills domain-webInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
70%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 24, 2026, 9:06 AM185.8s1 file scanned
SKILL.md
- name:
- domain-web
- description:
- Use when building web services. Keywords: web server, HTTP, REST API, GraphQL, WebSocket, axum, actix, warp, rocket, tower, hyper, reqwest, middleware, router, handler, extractor, state management, authentication, authorization, JWT, session, cookie, CORS, rate limiting, web 开发, HTTP 服务, API 设计, 中间件, 路由
- globs:
- ["**/Cargo.toml"]
- user-invocable:
- false
Web Domain
Layer 3: Domain Constraints
Domain Constraints → Design Implications
| Domain Rule | Design Constraint | Rust Implication | |-------------|-------------------|------------------| | Stateless HTTP | No request-local globals | State in extractors | | Concurrency | Handle many connections | Async, Send + Sync | | Latency SLA | Fast response | Efficient ownership | | Security | Input validation | Type-safe extractors | | Observability | Request tracing | tracing + tower layers |
Critical Constraints
Async by Default
RULE: Web handlers must not block
WHY: Block one task = block many requests
RUST: async/await, spawn_blocking for CPU work
State Management
RULE: Shared state must be thread-safe
WHY: Handlers run on any thread
RUST: Arc<T>, Arc<RwLock<T>> for mutable
Request Lifecycle
RULE: Resources live only for request duration
WHY: Memory management, no leaks
RUST: Extractors, proper ownership
Trace Down ↓
From constraints to design (Layer 2):
"Need shared application state"
↓ m07-concurrency: Use Arc for thread-safe sharing
↓ m02-resource: Arc<RwLock<T>> for mutable state
"Need request validation"
↓ m05-type-driven: Validated extractors
↓ m06-error-handling: IntoResponse for errors
"Need middleware stack"
↓ m12-lifecycle: Tower layers
↓ m04-zero-cost: Trait-based composition
Framework Comparison
| Framework | Style | Best For | |-----------|-------|----------| | axum | Functional, tower | Modern APIs | | actix-web | Actor-based | High performance | | warp | Filter composition | Composable APIs | | rocket | Macro-driven | Rapid development |
Key Crates
| Purpose | Crate | |---------|-------| | HTTP server | axum, actix-web | | HTTP client | reqwest | | JSON | serde_json | | Auth/JWT | jsonwebtoken | | Session | tower-sessions | | Database | sqlx, diesel | | Middleware | tower |
Design Patterns
| Pattern | Purpose | Implementation |
|---------|---------|----------------|
| Extractors | Request parsing | State(db), Json(payload) |
| Error response | Unified errors | impl IntoResponse |
| Middleware | Cross-cutting | Tower layers |
| Shared state | App config | Arc<AppState> |
Code Pattern: Axum Handler
async fn handler(
State(db): State<Arc<DbPool>>,
Json(payload): Json<CreateUser>,
) -> Result<Json<User>, AppError> {
let user = db.create_user(&payload).await?;
Ok(Json(user))
}
// Error handling
impl IntoResponse for AppError {
fn into_response(self) -> Response {
let (status, message) = match self {
Self::NotFound => (StatusCode::NOT_FOUND, "Not found"),
Self::Internal(_) => (StatusCode::INTERNAL_SERVER_ERROR, "Internal error"),
};
(status, Json(json!({"error": message}))).into_response()
}
}
Common Mistakes
| Mistake | Domain Violation | Fix | |---------|-----------------|-----| | Blocking in handler | Latency spike | spawn_blocking | | Rc in state | Not Send + Sync | Use Arc | | No validation | Security risk | Type-safe extractors | | No error response | Bad UX | IntoResponse impl |
Trace to Layer 1
| Constraint | Layer 2 Pattern | Layer 1 Implementation | |------------|-----------------|------------------------| | Async handlers | Async/await | tokio runtime | | Thread-safe state | Shared state | Arc<T>, Arc<RwLock<T>> | | Request lifecycle | Extractors | Ownership via From<Request> | | Middleware | Tower layers | Trait-based composition |
Related Skills
| When | See | |------|-----| | Async patterns | m07-concurrency | | State management | m02-resource | | Error handling | m06-error-handling | | Middleware design | m12-lifecycle |
Related Skills
actionbook/rust-router
development
VerifiedTrustedCommunity
CRITICAL: Use for ALL Rust questions including errors, design, and coding. HIGHEST PRIORITY for: 比较, 对比, compare, vs, versus, 区别, difference, 最佳实践, best practice, tokio vs, async-std vs, 比较 tokio, 比较 async, Triggers on: Rust, cargo, rustc, crate, Cargo.toml, 意图分析, 问题分析, 语义分析, analyze intent, question analysis, compile error, borrow error, lifetime error, ownership error, type error, trait error, value moved, cannot borrow, does not live long enough, mismatched types, not satisfied, E0382, E0597, E0277, E0308, E0499, E0502, E0596, async, await, Send, Sync, tokio, concurrency, error handling, 编译错误, compile error, 所有权, ownership, 借用, borrow, 生命周期, lifetime, 类型错误, type error, 异步, async, 并发, concurrency, 错误处理, error handling, 问题, problem, question, 怎么用, how to use, 如何, how to, 为什么, why, 什么是, what is, 帮我写, help me write, 实现, implement, 解释, explain
1,167SKILL.mdUpdated Mar 27, 2026
actionbook/core-fix-skill-docs
development
VerifiedTrustedCommunity
Internal maintenance support for checking and fixing generated Rust skill documentation references. Use only when explicitly invoked by /fix-skill-docs.
1,167SKILL.mdUpdated Mar 27, 2026
actionbook/core-dynamic-skills
development
VerifiedTrustedCommunity
Internal command support for dynamic Rust crate skill management. Use only when explicitly invoked by /sync-crate-skills, /clean-crate-skills, or /update-crate-skill.
1,167SKILL.mdUpdated Mar 27, 2026
actionbook/core-agent-browser
tools
VerifiedTrustedCommunity
Internal support skill for agent-browser CLI workflows used by rust-learner, docs-researcher, and crate-researcher. Use only when browser automation is explicitly required.
1,167SKILL.mdUpdated Mar 27, 2026