[package] name = "botserver" version = "6.1.0" edition = "2021" authors = [ "Pragmatismo.com.br ", "General Bots Community ", "Alan Perdomo", "Ana Paula Gil", "Arenas.io", "Atylla L", "Christopher de Castilho", "Dario Junior", "David Lerner", "Experimentation Garage", "Flavio Andrade", "Heraldo Almeida", "Joao Parana", "Jonathas C", "J Ramos", "Lucas Picanco", "Marcos Velasco", "Matheus 39x", "Oerlabs Henrique", "Othon Lima", "PH Nascimento", "Phpussente", "Robson Dantas", "Rodrigo Rodriguez ", "Sarah Lourenco", "Thi Patriota", "Webgus", "Zuilho Se", ] description = "General Bots Server - Open-source bot platform by Pragmatismo.com.br" license = "AGPL-3.0" repository = "https://github.com/GeneralBots/BotServer" [features] # Default feature set for desktop applications with full UI default = ["desktop"] # Vector database integration for semantic search and AI capabilities # Security: Enables AI-powered threat detection and semantic analysis vectordb = ["qdrant-client"] # Email integration for IMAP/SMTP operations # Security: Handle with care - requires secure credential storage email = ["imap"] # Desktop UI components using Tauri # Security: Sandboxed desktop runtime with controlled system access desktop = ["dep:tauri", "dep:tauri-plugin-dialog", "dep:tauri-plugin-opener"] # Additional security-focused feature flags for enterprise deployments # Can be enabled with: cargo build --features "encryption,audit,rbac" # encryption = [] # AES-GCM encryption for data at rest (already included via aes-gcm) # audit = [] # Comprehensive audit logging for compliance # rbac = [] # Role-based access control with Zitadel integration # mfa = [] # Multi-factor authentication support # sso = [] # Single Sign-On with SAML/OIDC providers [dependencies] # === SECURITY DEPENDENCIES === # Encryption: AES-GCM for authenticated encryption of sensitive data aes-gcm = "0.10" # Error handling: Type-safe error propagation anyhow = "1.0" # Password hashing: Argon2 for secure password storage (memory-hard, resistant to GPU attacks) argon2 = "0.5" async-lock = "2.8.0" async-stream = "0.3" async-trait = "0.1" aws-config = "1.8.8" aws-sdk-s3 = { version = "1.109.0", features = ["behavior-version-latest"] } axum = { version = "0.8.7", features = ["ws", "multipart", "macros"] } base64 = "0.22" bytes = "1.8" chrono = { version = "0.4", features = ["serde"] } color-eyre = "0.6.5" cron = "0.15.0" crossterm = "0.29.0" csv = "1.3" diesel = { version = "2.1", features = ["postgres", "uuid", "chrono", "serde_json", "r2d2"] } diesel_migrations = "2.1.0" dotenvy = "0.15" downloader = "0.2" env_logger = "0.11" futures = "0.3" futures-util = "0.3" # HMAC: Message authentication codes for API security hmac = "0.12.1" hyper = { version = "1.8.1", features = ["full"] } imap = { version = "3.0.0-alpha.15", optional = true } include_dir = "0.7" indicatif = "0.18.0" lettre = { version = "0.11", features = ["smtp-transport", "builder", "tokio1", "tokio1-native-tls"] } lazy_static = "1.4" livekit = "0.7" log = "0.4" mime_guess = "2.0" mailparse = "0.15" mockito = "1.7.0" native-tls = "0.2" num-format = "0.4" once_cell = "1.18.0" pdf-extract = "0.10.0" qdrant-client = { version = "1.12", optional = true } r2d2 = "0.8.10" rand = "0.9.2" ratatui = "0.29.0" redis = { version = "0.27", features = ["tokio-comp"] } regex = "1.11" reqwest = { version = "0.12", features = ["json", "stream", "multipart"] } rhai = { git = "https://github.com/therealprof/rhai.git", branch = "features/use-web-time" } scopeguard = "1.2.0" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" # Cryptographic hashing: SHA-256 for integrity verification sha2 = "0.10.9" # Hex encoding: For secure token representation hex = "0.4" smartstring = "1.0" sysinfo = "0.37.2" tauri = { version = "2", features = ["unstable"], optional = true } tauri-plugin-dialog = { version = "2", optional = true } tauri-plugin-opener = { version = "2", optional = true } tempfile = "3" time = "0.3.44" tokio = { version = "1.41", features = ["full"] } tokio-stream = "0.1" tower = "0.5" tower-http = { version = "0.6", features = ["cors", "fs", "trace"] } tracing = "0.1" tracing-subscriber = { version = "0.3", features = ["fmt"] } ureq = "3.1.2" urlencoding = "2.1" uuid = { version = "1.11", features = ["serde", "v4"] } zip = "2.2" [build-dependencies] tauri-build = { version = "2", features = [] } # === SECURITY AND CODE QUALITY CONFIGURATION === # Enterprise-grade linting for security-conscious development [lints.rust] # Security: Remove unused code that could be attack surface unused_imports = "warn" # Keep import hygiene visible unused_variables = "warn" # Catch actual bugs unused_mut = "warn" # Maintain code quality # Additional security-focused lints unsafe_code = "deny" # Prevent unsafe operations missing_debug_implementations = "warn" # Ensure debuggability [lints.clippy] all = "warn" # Enable all clippy lints as warnings pedantic = "warn" # Pedantic lints for code quality nursery = "warn" # Experimental lints cargo = "warn" # Cargo-specific lints # Security-focused clippy lints unwrap_used = "warn" # Prevent panics in production expect_used = "warn" # Explicit error handling required panic = "warn" # No direct panics allowed todo = "warn" # No TODOs in production code unimplemented = "warn" # Complete implementation required [profile.release] # Security-hardened release profile lto = true # Link-time optimization for smaller attack surface opt-level = "z" # Optimize for size (reduces binary analysis surface) strip = true # Strip symbols (harder to reverse engineer) panic = "abort" # Immediate termination on panic (no unwinding) codegen-units = 1 # Single codegen unit (better optimization) overflow-checks = true # Integer overflow protection