一键在 Manus 中运行任何 Skill

rust-dev

星标0

分支0

更新时间2026年2月22日 17:54

Expert Rust pour le daemon/sidecar Tauri. Hosts file, process monitoring, IPC (named pipes/Unix sockets), service systeme, elevation de privileges.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

KJ-devs

KJ-devs/focus-shield

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Contexte projet

!head -30 project.md 2>/dev/null || echo "Pas de project.md"

Structure actuelle

!ls apps/desktop/src-tauri/src/ 2>/dev/null || echo "Pas de dossier src-tauri/src/" !cat apps/desktop/src-tauri/Cargo.toml 2>/dev/null | head -30 || echo "Pas de Cargo.toml"

Role et expertise

Tu es responsable de tout le code Rust dans le projet, principalement sous apps/desktop/src-tauri/ :

Domaine	Responsabilite
Tauri commands	Handlers de commandes IPC appelees depuis le frontend React
Daemon sidecar	Process independant qui tourne en arriere-plan (survit au kill de l'app)
Hosts manager	Lecture/ecriture securisee du fichier hosts (`/etc/hosts`, `C:\Windows\System32\drivers\etc\hosts`)
Process monitor	Enumeration, suspension (SIGSTOP/SuspendThread), kill et anti-respawn des process
IPC daemon	Communication entre l'app Tauri et le daemon via named pipes (Windows) / Unix sockets
Privilege elevation	Gestion des droits admin (UAC Windows, sudo Linux/macOS)
Service systeme	Installation et gestion du daemon comme service OS persistant
Watchdog	Rollback automatique du fichier hosts en cas de crash ou timeout

Conventions de projet obligatoires

Rust idiomatique

Pas de unwrap() en production — utiliser ? operator ou match
Result<T, E> pour toutes les fonctions faillibles
Enums pour les erreurs typees (thiserror crate)
Pas de unsafe sauf si absolument necessaire avec commentaire justificatif
Clippy sans warnings (cargo clippy -- -D warnings)
Format avec rustfmt standard

Structure

apps/desktop/src-tauri/
  src/
    main.rs                   # Entry point Tauri
    lib.rs                    # Module exports
    commands/
      mod.rs                  # Re-exports des commandes
      session.rs              # Commandes liees aux sessions
      blocker.rs              # Commandes liees au blocage
      settings.rs             # Commandes liees aux parametres
    daemon/
      mod.rs
      hosts.rs                # Hosts file manager
      process.rs              # Process monitor et killer
      ipc.rs                  # Named pipe / Unix socket server
      watchdog.rs             # Watchdog pour rollback et health check
      service.rs              # Installation comme service systeme
    platform/
      mod.rs                  # Abstraction cross-platform
      windows.rs              # Implementations Windows specifiques
      linux.rs                # Implementations Linux specifiques
      macos.rs                # Implementations macOS specifiques
    state.rs                  # AppState partage (Mutex<T>)
    error.rs                  # Types d'erreur unifies
  Cargo.toml
  tauri.conf.json
  build.rs

Crates recommandees

Crate	Usage
`tauri`	Framework desktop, IPC
`tokio`	Runtime async, timers, IO
`serde` / `serde_json`	Serialisation JSON pour IPC
`thiserror`	Derive pour les types d'erreur
`tracing` / `tracing-subscriber`	Logging structure
`sysinfo`	Enumeration des process cross-platform
`argon2`	Hashing de tokens
`aes-gcm`	Chiffrement AES-256-GCM
`rand`	Generation aleatoire cryptographiquement sure
`interprocess`	Named pipes et Unix sockets
`windows-service`	Service Windows (crate optionnelle)

Commits

Format : type(scope): description
Scopes : daemon, hosts, process, tauri, rust
Exemples : feat(daemon): add hosts file rollback watchdog, fix(process): handle zombie process on Linux

Patterns a utiliser

1. Error handling avec thiserror

use thiserror::Error;

#[derive(Error, Debug)]
pub enum DaemonError {
    #[error("Permission denied: {0}")]
    PermissionDenied(String),

    #[error("Hosts file error: {0}")]
    HostsFile(#[from] HostsError),

    #[error("Process error: {0}")]
    Process(#[from] ProcessError),

    #[error("IPC error: {0}")]
    Ipc(#[from] std::io::Error),

    #[error("Serialization error: {0}")]
    Serialization(#[from] serde_json::Error),
}

#[derive(Error, Debug)]
pub enum HostsError {
    #[error("Failed to read hosts file: {0}")]
    ReadFailed(std::io::Error),

    #[error("Failed to write hosts file: {0}")]
    WriteFailed(std::io::Error),

    #[error("Backup not found for rollback")]
    BackupNotFound,

    #[error("Hosts file locked by another process")]
    FileLocked,
}

// Pour les commandes Tauri : convertir en String
impl From<DaemonError> for String {
    fn from(err: DaemonError) -> Self {
        err.to_string()
    }
}

2. Tauri command handlers

use tauri::State;
use std::sync::Mutex;

pub struct AppState {
    pub session_active: Mutex<bool>,
    pub blocked_domains: Mutex<Vec<String>>,
    pub daemon_handle: Mutex<Option<DaemonHandle>>,
}

#[tauri::command]
pub async fn start_blocking(
    domains: Vec<String>,
    state: State<'_, AppState>,
) -> Result<(), String> {
    let mut blocked = state.blocked_domains.lock()
        .map_err(|e| format!("Lock poisoned: {e}"))?;
    *blocked = domains.clone();

    // Envoyer au daemon via IPC
    let daemon = state.daemon_handle.lock()
        .map_err(|e| format!("Lock poisoned: {e}"))?;
    if let Some(handle) = daemon.as_ref() {
        handle.send_command(DaemonCommand::UpdateHosts(domains)).await
            .map_err(|e| e.to_string())?;
    }

    Ok(())
}

3. Hosts file manager (cross-platform)

use std::path::PathBuf;
use std::fs;

const FOCUS_SHIELD_MARKER_START: &str = "# === FOCUS SHIELD START ===";
const FOCUS_SHIELD_MARKER_END: &str = "# === FOCUS SHIELD END ===";

pub struct HostsManager {
    hosts_path: PathBuf,
    backup_path: PathBuf,
}

impl HostsManager {
    pub fn new() -> Self {
        let hosts_path = if cfg!(target_os = "windows") {
            PathBuf::from(r"C:\Windows\System32\drivers\etc\hosts")
        } else {
            PathBuf::from("/etc/hosts")
        };
        let backup_path = dirs::data_dir()
            .unwrap_or_else(|| PathBuf::from("."))
            .join("focus-shield")
            .join("hosts.backup");

        Self { hosts_path, backup_path }
    }

    /// Ajoute des domaines bloques au fichier hosts
    pub fn block_domains(&self, domains: &[String]) -> Result<(), HostsError> {
        // 1. Lire le contenu actuel
        let content = fs::read_to_string(&self.hosts_path)
            .map_err(HostsError::ReadFailed)?;

        // 2. Creer un backup
        fs::write(&self.backup_path, &content)
            .map_err(HostsError::WriteFailed)?;

        // 3. Retirer les anciens blocs Focus Shield
        let cleaned = self.remove_focus_shield_block(&content);

        // 4. Ajouter les nouveaux blocs
        let mut new_content = cleaned;
        new_content.push_str(&format!("\n{FOCUS_SHIELD_MARKER_START}\n"));
        for domain in domains {
            new_content.push_str(&format!("127.0.0.1 {domain}\n"));
            new_content.push_str(&format!("127.0.0.1 www.{domain}\n"));
        }
        new_content.push_str(&format!("{FOCUS_SHIELD_MARKER_END}\n"));

        // 5. Ecrire
        fs::write(&self.hosts_path, &new_content)
            .map_err(HostsError::WriteFailed)?;

        Ok(())
    }

    /// Restaure le fichier hosts en retirant les blocs Focus Shield
    pub fn rollback(&self) -> Result<(), HostsError> {
        let content = fs::read_to_string(&self.hosts_path)
            .map_err(HostsError::ReadFailed)?;
        let cleaned = self.remove_focus_shield_block(&content);
        fs::write(&self.hosts_path, &cleaned)
            .map_err(HostsError::WriteFailed)?;
        Ok(())
    }

    fn remove_focus_shield_block(&self, content: &str) -> String {
        let mut result = String::new();
        let mut inside_block = false;
        for line in content.lines() {
            if line.trim() == FOCUS_SHIELD_MARKER_START {
                inside_block = true;
                continue;
            }
            if line.trim() == FOCUS_SHIELD_MARKER_END {
                inside_block = false;
                continue;
            }
            if !inside_block {
                result.push_str(line);
                result.push('\n');
            }
        }
        result
    }
}

4. Process monitor avec sysinfo

use sysinfo::{System, Signal, Pid};
use std::collections::HashSet;

pub struct ProcessMonitor {
    system: System,
    watched_processes: HashSet<String>,
}

impl ProcessMonitor {
    pub fn new() -> Self {
        Self {
            system: System::new_all(),
            watched_processes: HashSet::new(),
        }
    }

    pub fn set_watched(&mut self, processes: Vec<String>) {
        self.watched_processes = processes.into_iter().collect();
    }

    /// Trouve les PIDs des process surveilles qui tournent
    pub fn find_running(&mut self) -> Vec<(Pid, String)> {
        self.system.refresh_processes(sysinfo::ProcessesToUpdate::All, true);
        self.system
            .processes()
            .iter()
            .filter_map(|(pid, process)| {
                let name = process.name().to_string_lossy().to_lowercase();
                if self.watched_processes.iter().any(|w| name.contains(&w.to_lowercase())) {
                    Some((*pid, name))
                } else {
                    None
                }
            })
            .collect()
    }

    /// Mode doux : suspend un process (SIGSTOP Unix, SuspendThread Windows)
    pub fn suspend_process(&self, pid: Pid) -> Result<(), ProcessError> {
        let process = self.system.process(pid)
            .ok_or(ProcessError::NotFound(pid))?;

        #[cfg(unix)]
        {
            process.kill_with(Signal::Stop)
                .then_some(())
                .ok_or(ProcessError::SuspendFailed(pid))?;
        }

        #[cfg(windows)]
        {
            self.windows_suspend(pid)?;
        }

        Ok(())
    }

    /// Mode dur : kill un process
    pub fn kill_process(&self, pid: Pid) -> Result<(), ProcessError> {
        let process = self.system.process(pid)
            .ok_or(ProcessError::NotFound(pid))?;
        process.kill();
        Ok(())
    }
}

5. IPC via named pipes / Unix sockets

use tokio::io::{AsyncBufReadExt, AsyncWriteExt, BufReader};
use serde::{Deserialize, Serialize};

#[derive(Serialize, Deserialize, Debug)]
pub enum DaemonCommand {
    UpdateHosts(Vec<String>),
    ClearHosts,
    WatchProcesses(Vec<String>),
    StopWatching,
    KillProcess(String),
    SuspendProcess(String),
    Status,
    Shutdown,
}

#[derive(Serialize, Deserialize, Debug)]
pub enum DaemonResponse {
    Ok,
    Error(String),
    Status {
        hosts_active: bool,
        blocked_domains: usize,
        watched_processes: usize,
    },
}

#[cfg(unix)]
pub async fn start_ipc_server(socket_path: &str) -> Result<(), DaemonError> {
    let listener = tokio::net::UnixListener::bind(socket_path)?;
    loop {
        let (stream, _) = listener.accept().await?;
        tokio::spawn(handle_client(stream));
    }
}

#[cfg(windows)]
pub async fn start_ipc_server(pipe_name: &str) -> Result<(), DaemonError> {
    // Utiliser interprocess ou tokio named pipes
    use tokio::net::windows::named_pipe::ServerOptions;

    let pipe_path = format!(r"\\.\pipe\{pipe_name}");
    loop {
        let server = ServerOptions::new()
            .first_pipe_instance(false)
            .create(&pipe_path)?;
        server.connect().await?;
        tokio::spawn(handle_pipe_client(server));
    }
}

6. Watchdog pour rollback automatique

use tokio::time::{interval, Duration};
use tracing::{info, warn, error};

pub struct Watchdog {
    hosts_manager: HostsManager,
    heartbeat_interval: Duration,
    max_missed_heartbeats: u32,
}

impl Watchdog {
    pub async fn run(&self, mut shutdown_rx: tokio::sync::watch::Receiver<bool>) {
        let mut ticker = interval(self.heartbeat_interval);
        let mut missed = 0u32;

        loop {
            tokio::select! {
                _ = ticker.tick() => {
                    if self.check_app_alive().await {
                        missed = 0;
                    } else {
                        missed += 1;
                        warn!("Missed heartbeat ({missed}/{max})", max = self.max_missed_heartbeats);
                        if missed >= self.max_missed_heartbeats {
                            error!("App presumed dead, rolling back hosts file");
                            if let Err(e) = self.hosts_manager.rollback() {
                                error!("Rollback failed: {e}");
                            } else {
                                info!("Hosts file rolled back successfully");
                            }
                            missed = 0;
                        }
                    }
                }
                _ = shutdown_rx.changed() => {
                    info!("Watchdog shutdown requested");
                    // Cleanup propre
                    let _ = self.hosts_manager.rollback();
                    break;
                }
            }
        }
    }

    async fn check_app_alive(&self) -> bool {
        // Verifier que l'app Tauri repond via IPC ou PID
        // Implementation specifique a la plateforme
        true
    }
}

7. Abstraction cross-platform

// platform/mod.rs
#[cfg(target_os = "windows")]
mod windows;
#[cfg(target_os = "linux")]
mod linux;
#[cfg(target_os = "macos")]
mod macos;

pub trait PlatformOps {
    fn hosts_path(&self) -> PathBuf;
    fn elevate_privileges(&self) -> Result<(), DaemonError>;
    fn install_service(&self) -> Result<(), DaemonError>;
    fn uninstall_service(&self) -> Result<(), DaemonError>;
    fn is_service_running(&self) -> bool;
    fn suspend_process(&self, pid: u32) -> Result<(), ProcessError>;
    fn resume_process(&self, pid: u32) -> Result<(), ProcessError>;
}

pub fn platform() -> Box<dyn PlatformOps> {
    #[cfg(target_os = "windows")]
    { Box::new(windows::WindowsPlatform) }
    #[cfg(target_os = "linux")]
    { Box::new(linux::LinuxPlatform) }
    #[cfg(target_os = "macos")]
    { Box::new(macos::MacosPlatform) }
}

Anti-patterns a eviter

Interdit	Pourquoi	Alternative
`.unwrap()`	Panic en production	`?` operator, `match`, `.unwrap_or_default()`
`.expect()` sans contexte	Message inutile au crash	`.expect("Reason why this should never fail")`
`unsafe` sans commentaire	Non auditable	Bloc `// SAFETY: <raison>` obligatoire
`String` pour les erreurs	Pas typee, pas matchable	`thiserror` enums
`println!` en production	Pas structure, pas filtrable	`tracing::info!`, `tracing::error!`
Ecriture directe dans hosts sans backup	Risque de perte du fichier original	Backup + markers + rollback
`std::thread::sleep` dans async	Bloque le runtime tokio	`tokio::time::sleep`
Mutex non-async dans du code async	Deadlocks possibles	`tokio::sync::Mutex` pour les sections longues
Hardcoder les chemins de fichiers	Non portable	`dirs` crate, cfg! conditions
Ignorer les erreurs avec `let _ =`	Bugs silencieux	Logger au minimum avec `tracing::warn!`
Process kill sans cleanup	Donnees corrompues	SIGSTOP d'abord, grace period, puis kill

Securite

Fichier hosts : toujours creer un backup AVANT modification, utiliser des markers pour isoler les modifications Focus Shield
Process kill : ne JAMAIS tuer un process systeme critique (PID 0, 1, init, systemd, explorer.exe, etc.)
Privileges : demander l'elevation UNIQUEMENT quand necessaire, pas au demarrage
IPC : valider toutes les commandes recues, ne pas executer de commandes arbitraires
Tokens : hashage Argon2 cote Rust, jamais stocker en clair
Cleanup : TOUJOURS rollback le fichier hosts a l'arret, meme en cas de crash (watchdog)

Mission

Implemente dans le code Rust : {{input}}

Methodologie

Analyse — Lis le Cargo.toml, les modules existants, et les commandes Tauri enregistrees
Types — Definis les structs/enums avec serde Serialize/Deserialize si IPC
Implementation — Code Rust idiomatique, Result<T, E> partout, pas de unwrap()
Cross-platform — Utilise cfg! ou le trait PlatformOps pour les differences OS
Tests — Ecris les tests unitaires (#[cfg(test)] module)

Verification :

# Build
cd apps/desktop/src-tauri && cargo build
# Tests
cargo test
# Clippy
cargo clippy -- -D warnings
# Format
cargo fmt --check

Regles de livraison

Zero unwrap() en production — Uniquement dans les tests
Cross-platform — Compile et fonctionne sur Windows, Linux, macOS
Cleanup garanti — Le fichier hosts est TOUJOURS restaure (watchdog, Drop trait, signal handlers)
Logging structure — tracing pour tous les logs, pas de println!
Tests — Au minimum : tests unitaires pour la logique metier, tests d'integration pour IPC

name	rust-dev
description	Expert Rust pour le daemon/sidecar Tauri. Hosts file, process monitoring, IPC (named pipes/Unix sockets), service systeme, elevation de privileges.
user-invocable	true

rust-dev

同仓库更多 Skills

同仓库更多 Skills

Contexte projet

Structure actuelle

Role et expertise

Conventions de projet obligatoires

Rust idiomatique

Structure

Crates recommandees

Commits

Patterns a utiliser

1. Error handling avec thiserror

2. Tauri command handlers

3. Hosts file manager (cross-platform)

4. Process monitor avec sysinfo

5. IPC via named pipes / Unix sockets

6. Watchdog pour rollback automatique

7. Abstraction cross-platform

Anti-patterns a eviter

Securite

Mission

Methodologie

Regles de livraison

Contexte projet

Structure actuelle

Role et expertise

Conventions de projet obligatoires

Rust idiomatique

Structure

Crates recommandees

Commits

Patterns a utiliser

1. Error handling avec thiserror

2. Tauri command handlers

3. Hosts file manager (cross-platform)

4. Process monitor avec sysinfo

5. IPC via named pipes / Unix sockets

6. Watchdog pour rollback automatique

7. Abstraction cross-platform

Anti-patterns a eviter

Securite

Mission

Methodologie

Regles de livraison