[project]
name = "httpclient"
version = "0.1.0"

[episteme]
mode = "persistent"
db_path = "/tmp/aphoria-httpclient.db"

[corpus]
enabled = true
authority_sources = ["dbpool"]  # Reuse dbpool patterns

[thresholds]
use_legacy_thresholds = false

# Declarative Extractors for HTTP Client Violations

# VIOLATION 1: Unbounded max_redirects
[[extractors.declarative]]
name = "httpclient_max_redirects_none"
description = "Detects max_redirects set to None (unbounded)"
languages = ["rust"]
pattern = 'max_redirects:\s*None'
claim.subject = "httpclient/max_redirects"
claim.predicate = "configured"
claim.value = false
confidence = 1.0

# VIOLATION 2: Excessive request timeout
[[extractors.declarative]]
name = "httpclient_request_timeout_value"
description = "Extracts request_timeout Duration value"
languages = ["rust"]
pattern = 'request_timeout.*Duration::from_secs\((\d+)\)'
claim.subject = "httpclient/request_timeout"
claim.predicate = "max_value"
claim.value_from_match = true
confidence = 1.0

# VIOLATION 3: Excessive connection timeout
[[extractors.declarative]]
name = "httpclient_connect_timeout_value"
description = "Extracts connect_timeout Duration value"
languages = ["rust"]
pattern = 'connect_timeout.*Duration::from_secs\((\d+)\)'
claim.subject = "httpclient/connect_timeout"
claim.predicate = "max_value"
claim.value_from_match = true
confidence = 1.0

# VIOLATION 4: Missing idle timeout
[[extractors.declarative]]
name = "httpclient_idle_timeout_missing"
description = "Detects missing idle_timeout (Option<Duration>)"
languages = ["rust"]
pattern = 'idle_timeout:\s*Option<Duration>'
claim.subject = "httpclient/idle_timeout"
claim.predicate = "required"
claim.value = false
confidence = 0.9

# VIOLATION 5: TLS verification disabled
[[extractors.declarative]]
name = "httpclient_verify_tls_disabled"
description = "Detects TLS certificate verification disabled"
languages = ["rust"]
pattern = 'verify_tls:\s*false'
claim.subject = "httpclient/tls/certificate_validation"
claim.predicate = "required"
claim.value = false
confidence = 1.0

# VIOLATION 6: TLS version too low (1.0)
[[extractors.declarative]]
name = "httpclient_tls_version_1_0"
description = "Detects TLS 1.0 usage"
languages = ["rust"]
pattern = 'min_tls_version:\s*TlsVersion::Tls10'
claim.subject = "httpclient/tls/min_version"
claim.predicate = "min_value"
claim.value = "1.0"
confidence = 1.0

# VIOLATION 7: Unbounded max_retries
[[extractors.declarative]]
name = "httpclient_max_retries_none"
description = "Detects max_retries set to None (unbounded)"
languages = ["rust"]
pattern = 'max_retries:\s*None'
claim.subject = "httpclient/retry/max_attempts"
claim.predicate = "configured"
claim.value = false
confidence = 1.0