Rust Project Guardrails

✓ Policy Beta Devex Build And Ci

Enforce Rust-specific project standards including Cargo manifest presence, lockfile requirements, edition and MSRV minimums, unsafe block limits, and clippy compliance.

Add rust to your lunar-config.yml:

uses: github://earthly/lunar-lib/policies/rust@v1.0.0

Get Started View on GitHub

Included Guardrails

This policy includes 6 guardrails that enforce standards for your devex build and ci.

Guardrail

`cargo-toml-exists`

Ensures the project has a Cargo.toml file for crate configuration. Required for all Rust projects.

Cargo.toml rust project crate manifest

View Guardrail

Guardrail

`cargo-lock-exists`

Ensures the project has a Cargo.lock file for dependency pinning. By default required for applications, skipped for libraries (following Cargo conventions). Configurable via lock_mode.

Cargo.lock dependencies reproducibility lockfile

View Guardrail

Guardrail

`min-rust-edition`

Ensures the project uses at least the minimum required Rust edition. Editions enable new language features while preserving backward compatibility.

rust edition 2021 2024 language features

View Guardrail

Guardrail

`min-rust-version-cicd`

Ensures the Rust toolchain version used in CI/CD commands meets the minimum required version. Helps maintain security and compatibility standards for build environments.

rust version ci/cd toolchain compatibility

View Guardrail

Guardrail

`clippy-clean`

Ensures clippy reports no warnings (or fewer than the configured threshold). Clippy catches common mistakes and enforces idiomatic Rust patterns.

clippy lint code quality idiomatic rust

View Guardrail

Guardrail

`max-unsafe-blocks`

Limits the number of unsafe blocks in the codebase. Unsafe code bypasses Rust's safety guarantees and should be minimized and carefully reviewed.

unsafe safety memory safety code review

View Guardrail

How Guardrails Fit into Lunar

Lunar guardrails define your engineering standards as code. They evaluate data collected by integrations and produce pass/fail checks with actionable feedback.

Policies support gradual enforcement—from silent scoring to blocking PRs or deployments—letting you roll out standards at your own pace without disrupting existing workflows.

Learn How Lunar Works →

↓ Integrations Gather Data

Collectors extract metadata from code, CI pipelines, tool outputs, and scans

{ } Centralized as JSON

All data merged into each component's unified metadata document

✓ Guardrails Enforce Standards This Policy

Real-time feedback in PRs and AI workflows

Required Integrations

This policy evaluates data gathered by one or more of the following integration(s). Make sure to enable them in your lunar-config.yml.

Collector LanguagesBuild Required

Rust Collector

Provides Rust project metadata

Configuration

Configure this policy in your lunar-config.yml.

Inputs

Input	Required	Default	Description
`lock_mode`	Optional	`auto`	Cargo.lock enforcement mode. The "auto" mode detects whether the crate is a library or application and applies the Cargo convention (required for apps, skipped for libs). - "auto": Require for applications, skip for libraries (default) - "required": Always require Cargo.lock - "forbidden": Fail if Cargo.lock exists - "none": Skip the check entirely
`min_rust_edition`	Optional	`2021`	Minimum required Rust edition (e.g., "2021", "2024")
`min_rust_version_cicd`	Optional	`1.75.0`	Minimum required Rust toolchain version for CI/CD (e.g., "1.75.0")
`max_clippy_warnings`	Optional	`0`	Maximum allowed clippy warnings (0 = must be clean)
`max_unsafe_blocks`	Optional	`0`	Maximum allowed unsafe blocks (0 = no unsafe allowed)

Documentation

View on GitHub

Rust Project Guardrails

Enforce Rust-specific project standards including Cargo manifest presence, lockfile requirements, edition and MSRV minimums, unsafe block limits, and clippy compliance.

Overview

This policy validates Rust projects against best practices for crate management, safety, and code quality. It ensures projects have proper Cargo.toml and Cargo.lock files, use a modern Rust edition, limit unsafe code, and pass clippy linting.

Policies

This plugin provides the following policies (use include to select a subset):

Policy	Description	Failure Meaning
`cargo-toml-exists`	Validates Cargo.toml exists	Project lacks crate manifest
`cargo-lock-exists`	Validates Cargo.lock for applications	Missing dependency lockfile
`min-rust-edition`	Ensures minimum Rust edition	Edition too old
`min-rust-version-cicd`	Ensures minimum Rust version in CI/CD	CI/CD Rust toolchain too old
`clippy-clean`	Ensures no clippy warnings	Clippy found code quality issues
`max-unsafe-blocks`	Limits unsafe block count	Too many unsafe blocks

Required Data

This policy reads from the following Component JSON paths:

Path	Type	Provided By
`.lang.rust`	object	`rust` collector
`.lang.rust.cargo_toml_exists`	boolean	`rust` collector
`.lang.rust.cargo_lock_exists`	boolean	`rust` collector
`.lang.rust.edition`	string	`rust` collector
`.lang.rust.is_application`	boolean	`rust` collector
`.lang.rust.is_library`	boolean	`rust` collector
`.lang.rust.unsafe_blocks`	object	`rust` collector
`.lang.rust.cicd.cmds`	array	`rust` collector
`.lang.rust.lint.warnings`	array	`rust` collector

Installation

Add to your lunar-config.yml:

policies:
  - uses: github://earthly/lunar-lib/policies/rust@main
    on: [rust]  # Or use tags like ["domain:backend"]
    enforcement: report-pr
    # include: [cargo-toml-exists, cargo-lock-exists]  # Only run specific checks
    with:
      lock_mode: "auto"             # "auto", "required", "forbidden", "none" (default: "auto")
      min_rust_edition: "2021"      # Minimum Rust edition (default: "2021")
      min_rust_version_cicd: "1.75.0"  # Minimum Rust version in CI (default: "1.75.0")
      max_clippy_warnings: "0"      # Maximum clippy warnings allowed (default: "0")
      max_unsafe_blocks: "0"        # Maximum unsafe blocks allowed (default: "0")

Examples

Passing Example

{
  "lang": {
    "rust": {
      "edition": "2021",
      "cargo_toml_exists": true,
      "cargo_lock_exists": true,
      "is_application": true,
      "is_library": false,
      "unsafe_blocks": {
        "count": 0,
        "locations": []
      },
      "lint": {
        "warnings": []
      },
      "cicd": {
        "cmds": [
          { "cmd": "cargo test", "version": "1.77.0" }
        ]
      }
    }
  }
}

Failing Example

{
  "lang": {
    "rust": {
      "edition": "2018",
      "cargo_toml_exists": true,
      "cargo_lock_exists": false,
      "is_application": true,
      "is_library": false,
      "unsafe_blocks": {
        "count": 5,
        "locations": [
          {"file": "src/main.rs", "line": 10},
          {"file": "src/ffi.rs", "line": 22},
          {"file": "src/ffi.rs", "line": 45},
          {"file": "src/ffi.rs", "line": 78},
          {"file": "src/lib.rs", "line": 100}
        ]
      },
      "lint": {
        "warnings": [
          { "file": "src/main.rs", "line": 5, "message": "unused variable: `x`", "lint": "unused_variables" }
        ]
      }
    }
  }
}

Failure messages:

"Cargo.lock not found. Applications should commit Cargo.lock for reproducible builds. Run 'cargo generate-lockfile' to create it."
"Rust edition 2018 is below minimum 2021. Update edition in Cargo.toml to '2021' or later."
"5 unsafe blocks found, maximum allowed is 0. Reduce unsafe usage or increase the max_unsafe_blocks threshold."
"1 clippy warning(s) found, maximum allowed is 0. Run 'cargo clippy' and fix all warnings."

Remediation

cargo-toml-exists

Run cargo init to create a Cargo.toml file
Or cargo new <project-name> for a new project

cargo-lock-exists

Run cargo generate-lockfile to create Cargo.lock
Commit it to version control (for applications)
For libraries, keep lock_mode: "auto" (default) — it already skips the check for library crates. Use lock_mode: "none" to disable the check entirely regardless of crate type

min-rust-edition

Update edition in Cargo.toml: edition = "2021"
Run cargo fix --edition to automatically migrate code
Test thoroughly after edition migration

min-rust-version-cicd

Update your CI/CD pipeline to use a newer Rust toolchain
For GitHub Actions: update toolchain in dtolnay/rust-toolchain
Update rust-toolchain.toml to pin the desired version

clippy-clean

Run cargo clippy to see all warnings
Fix issues or apply suggested fixes with cargo clippy --fix
For false positives, add #[allow(clippy::lint_name)] with a comment explaining why

max-unsafe-blocks

Review each unsafe block for necessity
Consider using safe abstractions or crates that encapsulate unsafe code
If unsafe is necessary, document the safety invariants with // SAFETY: comments
If more unsafe is needed, increase max_unsafe_blocks threshold with justification

Open Source

This policy is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.

View Repository

Common Use Cases

Explore how individual guardrails work with specific integrations.

Cargo Toml Exists + Rust Collector Ensures the project has a Cargo.toml file for crate configuration. Required for...

→

Cargo Lock Exists + Rust Collector Ensures the project has a Cargo.lock file for dependency pinning. By default...

→

Min Rust Edition + Rust Collector Ensures the project uses at least the minimum required Rust edition. Editions...

→

Min Rust Version Cicd + Rust Collector Ensures the Rust toolchain version used in CI/CD commands meets the minimum...

→

Clippy Clean + Rust Collector Ensures clippy reports no warnings (or fewer than the configured threshold)....

→

Max Unsafe Blocks + Rust Collector Limits the number of unsafe blocks in the codebase. Unsafe code bypasses Rust's...

→

Ready to Automate Your Standards?

See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process

Infrastructure conventions

Post-mortem action items

Security & compliance policies

Testing & quality requirements

Automate Now

Turn any process doc into guardrails

Book a Demo