#!/bin/bash # Batch create all HTTP client claims with dbpool naming alignment # Run from httpclient directory set -e cd "$(dirname "$0")" APHORIA="/home/jml/Workspace/stemedb/target/release/aphoria" echo "Creating HTTP client claims with dbpool naming alignment..." echo "================================================================" # TIMEOUT CLAIMS (aligned with dbpool connection_timeout pattern) echo "1/22: connect_timeout..." $APHORIA claims create \ --id "httpclient-connect-timeout-001" \ --concept-path "httpclient/connect_timeout" \ --predicate "max_value" \ --value "10" \ --provenance "Mozilla HTTP docs + Requests library (10s connect timeout)" \ --invariant "TCP connection timeout MUST NOT exceed 10 seconds" \ --consequence "Unresponsive endpoints block connection establishment" \ --tier expert \ --evidence "Mozilla HTTP guidelines, Requests library default" \ --category safety \ --by "aphoria-suggest" echo "2/22: request_timeout..." $APHORIA claims create \ --id "httpclient-request-timeout-001" \ --concept-path "httpclient/request_timeout" \ --predicate "max_value" \ --value "30" \ --provenance "Mozilla HTTP docs (30s recommended), aligned with dbpool timeout pattern" \ --invariant "HTTP request timeout MUST NOT exceed 30 seconds" \ --consequence "Slow external services block thread pool, cascade failures" \ --tier expert \ --evidence "Mozilla HTTP guidelines, RFC 7230" \ --category safety \ --by "aphoria-suggest" echo "3/22: read_timeout..." $APHORIA claims create \ --id "httpclient-read-timeout-001" \ --concept-path "httpclient/read_timeout" \ --predicate "max_value" \ --value "30" \ --provenance "Mozilla HTTP docs (15-30s for response body reading)" \ --invariant "Response body read timeout MUST NOT exceed 30 seconds" \ --consequence "Slow streaming responses block thread pool" \ --tier expert \ --evidence "Mozilla HTTP guidelines" \ --category safety \ --by "aphoria-suggest" echo "4/22: idle_timeout required..." $APHORIA claims create \ --id "httpclient-idle-timeout-001" \ --concept-path "httpclient/idle_timeout" \ --predicate "required" \ --value "true" \ --provenance "RFC 7230 Section 6.3 (persistent connections), reused from dbpool/idle_timeout pattern" \ --invariant "Idle connection timeout MUST be configured" \ --consequence "Stale connections accumulate, waste resources" \ --tier expert \ --evidence "RFC 7230 Section 6.3, dbpool pattern alignment" \ --category safety \ --by "aphoria-suggest" echo "5/22: idle_timeout default value..." $APHORIA claims create \ --id "httpclient-idle-timeout-default-001" \ --concept-path "httpclient/idle_timeout" \ --predicate "default_value" \ --value "60" \ --provenance "Mozilla HTTP docs + RFC 7230 (60s aligns with server keep-alive)" \ --invariant "Idle timeout default SHOULD be 60 seconds" \ --consequence "Too short closes connections prematurely, too long wastes resources" \ --tier community \ --evidence "Mozilla HTTP guidelines, RFC 7230" \ --category constants \ --by "aphoria-suggest" # TLS CLAIMS (tls/ prefix aligned with dbpool) echo "6/22: tls/certificate_validation..." $APHORIA claims create \ --id "httpclient-tls-cert-validation-001" \ --concept-path "httpclient/tls/certificate_validation" \ --predicate "required" \ --value "true" \ --provenance "OWASP A07:2021 + Mozilla Security Guidelines, reused from dbpool pattern" \ --invariant "HTTPS connections MUST validate server certificates" \ --consequence "Man-in-the-middle attacks, credential exposure" \ --tier expert \ --evidence "OWASP A07:2021, Mozilla HTTPS guidelines, Requests library default" \ --category security \ --by "aphoria-suggest" echo "7/22: tls/enabled..." $APHORIA claims create \ --id "httpclient-tls-enabled-001" \ --concept-path "httpclient/tls/enabled" \ --predicate "recommended" \ --value "true" \ --provenance "Security best practice, reused from dbpool pattern" \ --invariant "HTTPS SHOULD be enabled by default for all connections" \ --consequence "Unencrypted traffic exposes sensitive data (credentials, PII)" \ --tier community \ --evidence "Mozilla Security Guidelines, OWASP" \ --category security \ --by "aphoria-suggest" echo "8/22: tls/min_version..." $APHORIA claims create \ --id "httpclient-tls-min-version-001" \ --concept-path "httpclient/tls/min_version" \ --predicate "min_value" \ --value "1.2" \ --provenance "OWASP + Mozilla Security Guidelines (TLS 1.2 minimum as of 2023)" \ --invariant "TLS version MUST be >= 1.2 (TLS 1.0/1.1 deprecated)" \ --consequence "Vulnerable to protocol downgrade attacks (BEAST, POODLE)" \ --tier expert \ --evidence "OWASP TLS cheat sheet, Mozilla guidelines" \ --category security \ --by "aphoria-suggest" echo "9/22: tls/cipher_suites..." $APHORIA claims create \ --id "httpclient-tls-ciphers-001" \ --concept-path "httpclient/tls/cipher_suites" \ --predicate "recommended" \ --value "modern_only" \ --provenance "Mozilla Security Guidelines (ECDHE, AES-GCM preferred)" \ --invariant "TLS cipher suites SHOULD use modern ciphers only" \ --consequence "Weak ciphers (RC4, 3DES, MD5) enable decryption attacks" \ --tier community \ --evidence "Mozilla Security Guidelines" \ --category security \ --by "aphoria-suggest" # REDIRECT CLAIMS (bounded resource pattern like dbpool/max_connections) echo "10/22: max_redirects..." $APHORIA claims create \ --id "httpclient-max-redirects-001" \ --concept-path "httpclient/max_redirects" \ --predicate "max_value" \ --value "10" \ --provenance "RFC 7231 Section 6.4 (10 redirects recommended), pattern from dbpool/max_connections" \ --invariant "HTTP redirect limit MUST NOT exceed 10" \ --consequence "Infinite redirect loops exhaust client resources" \ --tier expert \ --evidence "RFC 7231 Section 6.4" \ --category safety \ --by "aphoria-suggest" echo "11/22: redirects/loop_detection..." $APHORIA claims create \ --id "httpclient-redirect-loop-001" \ --concept-path "httpclient/redirects/loop_detection" \ --predicate "required" \ --value "true" \ --provenance "Requests library pattern (TooManyRedirects exception)" \ --invariant "Redirect loop detection MUST be implemented" \ --consequence "Without detection, infinite loops exhaust resources" \ --tier expert \ --evidence "Requests library implementation, RFC 7231" \ --category safety \ --by "aphoria-suggest" # RETRY CLAIMS (retry/ prefix) echo "12/22: retry/max_attempts..." $APHORIA claims create \ --id "httpclient-retry-max-001" \ --concept-path "httpclient/retry/max_attempts" \ --predicate "max_value" \ --value "3" \ --provenance "Requests library default + Mozilla guidelines (3 retries max)" \ --invariant "Retry attempts MUST NOT exceed 3" \ --consequence "Unlimited retries cause retry storms, amplify cascading failures" \ --tier expert \ --evidence "Requests library default, Mozilla HTTP guidelines" \ --category safety \ --by "aphoria-suggest" echo "13/22: retry/backoff..." $APHORIA claims create \ --id "httpclient-retry-backoff-001" \ --concept-path "httpclient/retry/backoff" \ --predicate "required" \ --value "exponential" \ --provenance "Requests library pattern (exponential backoff 1s, 2s, 4s)" \ --invariant "Retry backoff MUST use exponential strategy" \ --consequence "Fixed-interval retries amplify load spikes during outages" \ --tier expert \ --evidence "Requests library urllib3.util.retry" \ --category safety \ --by "aphoria-suggest" echo "14/22: retry/idempotent_only..." $APHORIA claims create \ --id "httpclient-retry-idempotent-001" \ --concept-path "httpclient/retry/idempotent_only" \ --predicate "required" \ --value "true" \ --provenance "Mozilla HTTP docs + Requests library (only retry GET/PUT/DELETE)" \ --invariant "Retries MUST only apply to idempotent methods" \ --consequence "Retrying POST requests may cause duplicate operations (charges, bookings)" \ --tier expert \ --evidence "Mozilla HTTP guidelines, Requests library default" \ --category safety \ --by "aphoria-suggest" echo "15/22: retry/post_excluded..." $APHORIA claims create \ --id "httpclient-retry-post-excluded-001" \ --concept-path "httpclient/retry/post_excluded" \ --predicate "required" \ --value "true" \ --provenance "Requests library default (never retry POST by default)" \ --invariant "POST requests MUST be excluded from automatic retries" \ --consequence "Retrying POST can cause duplicate charges, bookings, state mutations" \ --tier expert \ --evidence "Requests library implementation" \ --category safety \ --by "aphoria-suggest" # METRICS CLAIMS (metrics/ prefix aligned with dbpool) echo "16/22: metrics/enabled..." $APHORIA claims create \ --id "httpclient-metrics-enabled-001" \ --concept-path "httpclient/metrics/enabled" \ --predicate "recommended" \ --value "true" \ --provenance "Observability best practice, reused from dbpool pattern" \ --invariant "Metrics collection SHOULD be enabled for production HTTP clients" \ --consequence "Cannot monitor client health, debug production issues, or detect cascades" \ --tier community \ --evidence "Prometheus best practices, SRE handbook, dbpool pattern" \ --category observability \ --by "aphoria-suggest" echo "17/22: metrics/exposed..." $APHORIA claims create \ --id "httpclient-metrics-exposed-001" \ --concept-path "httpclient/metrics/exposed" \ --predicate "required" \ --value "request_count,active_connections,latency_p99,error_rate" \ --provenance "RED method (Rate, Errors, Duration), adapted from dbpool/metrics/exposed" \ --invariant "Core HTTP metrics MUST be exposed: request_count, active_connections, latency_p99, error_rate" \ --consequence "Incomplete observability prevents production debugging and SLO tracking" \ --tier community \ --evidence "RED method (Prometheus), dbpool pattern alignment" \ --category observability \ --by "aphoria-suggest" # CONNECTION POOLING CLAIMS echo "18/22: pool_size recommended range..." $APHORIA claims create \ --id "httpclient-pool-size-001" \ --concept-path "httpclient/pool_size" \ --predicate "recommended_range" \ --value "50-100" \ --provenance "Mozilla HTTP docs (50-100 connections per host for production)" \ --invariant "Connection pool size SHOULD be 50-100 per host in production" \ --consequence "Too few limits throughput, too many causes resource exhaustion" \ --tier community \ --evidence "Mozilla HTTP guidelines" \ --category constants \ --by "aphoria-suggest" echo "19/22: pool/default_size..." $APHORIA claims create \ --id "httpclient-pool-default-size-001" \ --concept-path "httpclient/pool/default_size" \ --predicate "default_value" \ --value "10" \ --provenance "Requests library default (10 connections via urllib3)" \ --invariant "Default pool size SHOULD be 10 connections per host" \ --consequence "Default works for most cases, high-concurrency apps need tuning" \ --tier community \ --evidence "Requests library urllib3.poolmanager default" \ --category constants \ --by "aphoria-suggest" echo "20/22: sessions/connection_pooling..." $APHORIA claims create \ --id "httpclient-connection-pooling-001" \ --concept-path "httpclient/sessions/connection_pooling" \ --predicate "recommended" \ --value "true" \ --provenance "Requests library best practice (use Session() for connection reuse)" \ --invariant "Connection pooling SHOULD be enabled for multi-request scenarios" \ --consequence "Without pooling, every request pays TCP + TLS handshake cost" \ --tier community \ --evidence "Requests library Session documentation" \ --category architecture \ --by "aphoria-suggest" # HEADER CLAIMS echo "21/22: headers/user_agent..." $APHORIA claims create \ --id "httpclient-user-agent-001" \ --concept-path "httpclient/headers/user_agent" \ --predicate "required" \ --value "true" \ --provenance "Mozilla HTTP docs (always send User-Agent header)" \ --invariant "User-Agent header MUST be sent with all requests" \ --consequence "Servers may block or rate-limit requests without User-Agent" \ --tier community \ --evidence "Mozilla HTTP guidelines" \ --category architecture \ --by "aphoria-suggest" # ERROR HANDLING CLAIMS (aligned with dbpool pattern) echo "22/22: error_handling/request_failure..." $APHORIA claims create \ --id "httpclient-error-handling-001" \ --concept-path "httpclient/error_handling/request_failure" \ --predicate "must" \ --value "return_error_not_panic" \ --provenance "Robustness pattern, reused from dbpool/error_handling/connection_failure" \ --invariant "HTTP request failures MUST return Result, NEVER panic" \ --consequence "Unhandled panics crash the application" \ --tier expert \ --evidence "Rust error handling best practices, dbpool pattern" \ --category safety \ --by "aphoria-suggest" echo "" echo "================================================================" echo "✅ Created 22 HTTP client claims with dbpool naming alignment" echo "" echo "Naming alignment achieved:" echo " - Timeouts: connect_timeout, request_timeout (match dbpool pattern)" echo " - TLS: tls/* prefix (match dbpool: tls/certificate_validation, tls/enabled)" echo " - Metrics: metrics/* prefix (match dbpool: metrics/enabled, metrics/exposed)" echo " - Retry: retry/* prefix (new for HTTP)" echo " - Bounded resources: max_redirects (match dbpool max_connections pattern)" echo "" echo "Run: aphoria claims list --format table"