-
Notifications
You must be signed in to change notification settings - Fork 0
how to contribute patterns and conventions
The codebase keeps product logic in the Rust core, desktop access in Tauri, and interaction state in React hooks. A good change usually follows those boundaries instead of duplicating detection, selection, or file-access policy in the UI.
| Rule | Why it matters | Source |
|---|---|---|
| Put anonymization behavior in the core crate. |
crates/csv-anonymizer-core is reused by both the Tauri app and CLI harness. |
crates/csv-anonymizer-core/src/lib.rs, crates/csv-anonymizer-app/src/cli.rs
|
| Keep Tauri commands thin. | Commands validate desktop access, offload blocking work, and call the core service. |
src-tauri/src/commands/csv.rs, src-tauri/src/commands/shared.rs
|
| Keep React wrappers typed. |
frontend/src/tauri.ts is the single frontend surface for invoking commands. |
frontend/src/tauri.ts |
| Mirror Rust and TypeScript DTOs deliberately. | The repo uses checked manual contracts rather than generated bindings. |
crates/csv-anonymizer-core/src/types.rs, frontend/src/types.ts, scripts/check-contracts.mjs
|
| Treat release packaging as product code. | Installers, icons, Linux metadata, and signing checks are validated in CI. |
scripts/check-release-metadata.mjs, .github/workflows/release.yml
|
Rust core errors use AnonymizerError in crates/csv-anonymizer-core/src/error.rs. Tauri commands convert errors to strings before they cross the invoke boundary, for example in src-tauri/src/commands/csv.rs. Frontend display paths should sanitize unknown values through frontend/src/utils/errors.ts before showing them to users.
When adding a failure mode:
- Add the source error close to the invariant it protects.
- Preserve enough context for the UI to tell the user what to fix.
- Avoid logging or returning source data values unless the user already supplied them in the visible UI.
Some code looks verbose because it protects privacy or data loss:
-
src-tauri/src/path_access.rscanonicalizes granted input files and normalizes output files. -
src-tauri/src/commands/shared.rsvalidates output suffixes and confirms file access when paths are typed manually. -
crates/csv-anonymizer-core/src/csv_io.rsvalidates CSV inputs, handles ragged rows, and neutralizes spreadsheet formula prefixes. -
crates/csv-anonymizer-core/src/smart.rsrejects unsafe or incomplete Smart replacement responses before storing them inSmartReplacementMap.
Do not simplify these paths without adding tests for the exact invariant.
React workflow state is organized around hooks:
-
frontend/src/hooks/useAnonymizerWorkflow.tscomposes CSV workflow state. -
frontend/src/hooks/useCsvAnalysis.tsloads and analyzes the selected CSV. -
frontend/src/hooks/useColumnSelection.tsowns selected columns and strategy controls. -
frontend/src/hooks/usePreviewWorkflow.tsowns preview calls. -
frontend/src/hooks/useAnonymizeJob.tsstarts and polls background jobs. -
frontend/src/hooks/usePersistentSettings.tsloads, sanitizes, and saves settings.
Prefer adding a small hook or helper near the owning workflow over expanding frontend/src/App.tsx.
Detection is staged in crates/csv-anonymizer-core/src/detection.rs: header rules and strong validators run before generic numeric/name/enum fallbacks. Transformation dispatch lives in crates/csv-anonymizer-core/src/strategies/mod.rs, while in-run consistency and reporting live in crates/csv-anonymizer-core/src/strategies/state.rs.
When changing detector behavior, update the relevant tests under crates/csv-anonymizer-core/src/detection/tests and consider the maintained taxonomy in crates/csv-anonymizer-core/src/detection/header_taxonomy.json.
The root checks in package.json are the canonical gates. Unit tests live next to frontend components and Rust modules. Browser workflow and accessibility tests live under frontend/e2e, and release/package smoke tests live under scripts.
See Testing for exact commands and Tooling for release and audit scripts.