Hamburger Cross Icon
Max Unsafe Blocks
+
Rust Collector

Max Unsafe Blocks + Rust Collector

Guardrail Collector Beta Devex Build And Ci

Enforce Max Unsafe Blocks using data collected by Rust Collector. Automatically check devex build and ci standards on every PR.

Guardrail: Limits the number of unsafe blocks in the codebase. Unsafe code bypasses Rust's safety guarantees and should be minimized and carefully reviewed.
Data Source: Analyze Rust projects to collect crate metadata, dependencies, unsafe block usage, test coverage, and clippy lint results. Supports Cargo workspaces.
Get Started View on GitHub

How Rust Collector Powers This Guardrail

The Rust Collector gathers metadata from your languages, build systems. This data flows into Lunar's Component JSON, where the Max Unsafe Blocks guardrail evaluates it against your standards.

When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement with actionable feedback.

1
Rust Collector Gathers Data Collector
Extracts metadata from code, configs, and tool outputs
2
{ } Component JSON
Data centralized in structured format for evaluation
3
Max Unsafe Blocks Checks Guardrail
Pass/fail result with actionable feedback in PRs

Quick Start Configuration

Add both the collector and policy to your lunar-config.yml to enable this guardrail.

📄 lunar-config.yml 
# Step 1: Enable the Rust Collector
collectors:
  - uses: github://earthly/lunar-lib/collectors/rust@v1.0.0
    # with: ...

# Step 2: Enable the Rust Project Guardrails
policies:
  - uses: github://earthly/lunar-lib/policies/rust@v1.0.0
    include: [max-unsafe-blocks]
    # with: ...

What Rust Collector Collects

This collector gathers the following data that the Max Unsafe Blocks guardrail evaluates.

Collector code

project

Analyzes Rust project structure by detecting Cargo.toml, Cargo.lock, rust-toolchain.toml, clippy and rustfmt configuration, workspace members, edition, MSRV, and crate type (library vs binary). Counts unsafe blocks and records their locations. Writes project metadata to .lang.rust.

Collector code

dependencies

Extracts direct, dev, and build dependencies from Cargo.toml. When Cargo.lock is present, also extracts resolved transitive dependency versions. Writes dependency data to .lang.rust.dependencies.

Collector code

clippy

Runs cargo clippy with JSON output and collects structured lint warnings. Parses each diagnostic into file, line, message, and lint name. Writes pass/fail status and normalized warnings to .lang.rust.lint.

Collector ci-before-command

cicd

Records every cargo command executed in CI pipelines along with the Rust toolchain version. Writes command strings and version info to .lang.rust.cicd for audit trails and build reproducibility analysis.

View all 5 collectors in Rust Collector

Example Data Flow

Here's an example of the data that Rust Collector writes to the Component JSON, which Max Unsafe Blocks then evaluates.

{ } component.json From Rust Collector 
{
  "lang": {
    "rust": {
      "edition": "2021",
      "version": "1.75.0",
      "msrv": "1.70.0",
      "build_systems": ["cargo"],
      "cargo_toml_exists": true,
      "cargo_lock_exists": true,
      "rust_toolchain_exists": true,
      "clippy_configured": true,
      "rustfmt_configured": true,
      "is_application": true,
      "is_library": false,
      "workspace": null,
      "unsafe_blocks": {
        "count": 2,
        "locations": [
          {"file": "src/ffi.rs", "line": 42},
          {"file": "src/ffi.rs", "line": 87}
        ]
      },
      "source": { "tool": "cargo", "integration": "code" },
      "cicd": {
        "cmds": [
          { "cmd": "cargo test --all-features", "version": "1.77.0" },
          { "cmd": "cargo build --release", "version": "1.77.0" }
        ],
        "source": { "tool": "cargo", "integration": "ci" }
      },
      "tests": {
        "coverage": {
          "percentage": 74.3,
          "source": { "tool": "cargo-tarpaulin", "integration": "ci" }
        }
      },
      "dependencies": {
        "direct": [
          { "path": "serde", "version": "1.0.197", "features": ["derive"] },
          { "path": "tokio", "version": "1.36.0", "features": ["full"] }
        ],
        "dev": [
          { "path": "criterion", "version": "0.5.1" }
        ],
        "build": [
          { "path": "prost-build", "version": "0.12.3" }
        ],
        "transitive": [
          { "path": "serde_derive", "version": "1.0.197" },
          { "path": "proc-macro2", "version": "1.0.78" }
        ],
        "source": { "tool": "cargo", "integration": "code" }
      },
      "lint": {
        "passed": true,
        "warnings": [
          { "file": "src/main.rs", "line": 15, "column": 5, "message": "unused variable: `x`", "lint": "unused_variables" }
        ],
        "linters": ["clippy"],
        "source": { "tool": "clippy", "integration": "code" }
      }
    }
  }
}

Configuration Options

Rust Collector Inputs

Input Required Default Description
clippy_args Required Additional arguments to pass to cargo clippy (e.g., "-- -W clippy::pedantic")

Rust Project Guardrails Inputs

Input Required Default Description
lock_mode Optional auto Cargo.lock enforcement mode. The "auto" mode detects whether the crate is a library or application and applies the Cargo convention (required for apps, skipped for libs). - "auto": Require for applications, skip for libraries (default) - "required": Always require Cargo.lock - "forbidden": Fail if Cargo.lock exists - "none": Skip the check entirely
min_rust_edition Optional 2021 Minimum required Rust edition (e.g., "2021", "2024")
min_rust_version_cicd Optional 1.75.0 Minimum required Rust toolchain version for CI/CD (e.g., "1.75.0")
max_clippy_warnings Optional 0 Maximum allowed clippy warnings (0 = must be clean)
max_unsafe_blocks Optional 0 Maximum allowed unsafe blocks (0 = no unsafe allowed)

Other Guardrails Using Rust Collector

Other guardrails in Rust Project Guardrails that use data from Rust Collector.

Guardrail + Rust
Cargo Toml Exists

Ensures the project has a Cargo.toml file for crate configuration. Required for all Rust projects.
Guardrail + Rust
Cargo Lock Exists

Ensures the project has a Cargo.lock file for dependency pinning. By default required for...
Guardrail + Rust
Min Rust Edition

Ensures the project uses at least the minimum required Rust edition. Editions enable new language...
Guardrail + Rust
Min Rust Version Cicd

Ensures the Rust toolchain version used in CI/CD commands meets the minimum required version. Helps...
View all 6 guardrails in Rust Project Guardrails

Learn More

Guardrail · Rust Project Guardrails Max Unsafe Blocks View all compatible integrations
Collector Rust Collector View full documentation

Ready to Automate Your Standards?

See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process
check Infrastructure conventions
check Post-mortem action items
check Security & compliance policies
check Testing & quality requirements
Automate Now
Turn any process doc into guardrails
Book a Demo