Efficient, secure, performant concurrent systems programming that compiles to machine code on multiple platforms
This page is NOT about the Rust game and Rustops.org
This is about installing and using the infrastructure around the Rust programming language – the quickest way to use AI to building production-quality practical applications while learning the Rust language.
This references my github.com/bomonike/rustlang-samples repo and
bomonike.github.io/rustlang website.
NOTE: Content here are my personal opinions, and not intended to represent any employer (past or present). “PROTIP:” here highlight information I haven’t seen elsewhere on the internet because it is hard-won, little-know but significant facts based on my personal research and experience.
Click on this link to pop-up a full-screen image of this diagram, or
click here for a gradual-reveal video

with narrative that logically explains how the various websites, folders, and files relate to each other within the sequence of work to create and run custom Rust programs. The narration below will soon be added to the video:
IDE: VSCode is commonly installed to edit files, assisted by extensions to display code with colored prompts.
When the bin folder path is made part of the $PATH variable by start-up scripts, executables in it become visible system-wide, cargo executable files become available on any folder in the CLI.
.gitconfig ???
Thus, cargo commands are typically issued from the module folder
The “.rs” file type suffix says that it’s processed by the Rust compiler, cargo build.
Additional custom .rs files can be added.
Each day, changes in the crates.io website are reflected in the lib.rs website which provides advanced filtering and categories. There are also additional libraries not in crates.io.
rustfmt.toml file.
Optimized executables can be added to the public crates.io registry of libraries. obtainable from shared registry are downloaded.
Translation to different languages
CONTRIBUTING.md
CHANGELOG at the root. A CHANGELOG is not a dump of your Git commit history, but chronologically summarizee, in plain English, notable impacts. https://keepachangelog.com/en/1.1.0/ provides an example of the categories: Added, Changed, Deprecated, Removed, Fixed, Security.
##
cargo-capsec crate performs a static capability audit, reporting which functions in your code can perform actions like filesystem access or network connections.
rust-sanitize scrubs sensitive data from logs and configs before sharing them, rather than scanning a codebase.
Type Count Severity Description Sensitive file extensions 2,053 Medium .pem, .key, .p12 files Connection strings 1,146 High Credentials in URLs Backup files 412 Low Editor or config backups Private key headers 233 Critical Actual private keys Database URLs 184 Critical Exposed DB credentials AWS access keys 20 Critical AWS API keys GitHub tokens 7 Critical Access tokens Stripe keys 4 Critical Payment API keys
AI today (in 2026) is not only able to respond to questions based on its vast accumulated knowledge but now also can analyze error messages and automatically fix many issues, even across layers of architecture. Example response:
Build succeeds now. Fixed a type mismatch at main.rs:110 — check_url_virustotal expects &str but api_key was a String; passed it by reference.
This makes use of recent advances in “Chain-of-thought” which directs the LLM to reason sequentially through problems. Prompt chaining breaks complex analysis into discrete, verifiable pipeline stages.
To leverage creativity, developers are defining objectives and let the AI vary prompt text to iterative try then evaluate responses (adopting a TDD approach). Some call this “Iterative refinement”.
To work around being blocked when token credits ran out, Ollama (and its nomic-embed-text) is used with open-source models (from NVIDIA, Google, and China). OpenAI’s API supports the widest number of model providers. An example of messages about that:
The model is loaded and running (93% GPU), so it's not stuck loading — it's actively working but very slow (26GB model, mostly CPU-bound at only 7%/93% split suggests limited GPU offload). Since it's genuinely in-progress and not hung, let's just wait longer.
By “robust enterprise-worthy production code”, “easy to extend”, “performant”, and other nice objectives are achieved not by empty promises but the extent that these features are implemented.
GUI Interactive GUI in the Autonomous Age of AI is for “Human In the Loop” to approve rather than initiate actions.
Add logging, locally and with RFC 3339 timestamps (Such as 2026-07-05T11:19:24.356999Z) and OTel (OpenTelemetry) via Prometheus.
Issue alert to a SOC SIEM about security-relevant events and conditions defined in the MITRE ATT&CK framework or standard compliance controls (like PCI-DSS, HIPAA, or NIST). A SIEM (Security Information and Event Management) system is designed to cut through the noise of millions of mundane log entries to find the signals that indicate a threat, a breach, or a compliance violation. Such as failed access attempt, a malicious URL, email found.
tracing library to log structured spans that follow execution history through an app
Token usage tracking
Use the EmailRep.io and AlienVault API to determine Email Reputation - whether email addresses were reported as being used to distribute malware, phishing, or spam. There’s also IPQualityScore for a Threat Intelligence - where the domain is newly registered (a sign of malicious intent).
Phone numbers not reported to be spam-related
actix-web-prometheus crate to easily add a metrics middleware.
Timeout handling
Use uom (unit of measure) crate so the Rust compiler will not allow conversion errors between metric & imperial. The API’s raw f64 elevation is wrapped immediately via Length::new::
proptest library to make property-based tests
Interaction to change storage backends by changing “aws” to “gcp”, “azure”, or “fs” (filesystem) as needed (AWS S3, Google Cloud Storage, Azure Blob Storage, local filesystem, etc.) object_store = { version = “0.10”, features = [“aws”]
{
"email": "test@test.com",
"reputation": "high",
"suspicious": false,
"malicious": false,
"credentials_leaked": true,
"data_breaches": ["LinkedIn", "Adobe"],
"first_seen": "2015-01-01",
"last_seen": "2023-10-24"
}
WhoCalled.us: One of the oldest and most straightforward databases. Just type in the number to see comments from other people who received calls from it.
800Notes.com: Highly active forum-style site. You type in the number and read a thread of comments from other users detailing exactly what the scammer said or wanted.
ShouldIAnswer.com: Originally a popular app, their website (shouldianswer.com) allows you to search numbers and see a “trust rating” based on community feedback.
RoboKiller Lookup: RoboKiller is a major spam-blocking app, but they have a free web lookup tool where you can type in a number to see if it’s in their scam database.
We look for secrets leaking at EACH step in the development process:
Within the IDE, anomalies are instantly highlighted by extensions installed:
creates
For a fast, simple pre-commit hook to prevent committing secret keys into source code.
ripsecrets is known for being extremely fast (reportedly 95 times faster than other tools). It detects secrets by looking for variable assignments with names like “token”, “secret”, or “password” that contain random-looking strings.
security-harness-kit: A Rust CLI that scans for secrets, PII, and sensitive data. It can scan project paths and Git-staged files across many file types, including source code, Markdown, and even Office documents.
On MCP agents:
leakferret: An MCP-native secret scanner written in Rust. A key feature is that it can call the provider to verify which detected secrets are actually live and can rewrite the leak in your code to read from an environment variable instead.
On git push, more comprehensive scans:
SecretScout: A “blazingly fast, memory-safe CLI tool” for detecting secrets in git repositories. It’s a complete Rust rewrite of the popular gitleaks project, offering 10x faster performance with 60% less memory usage.
Kingfisher: An open-source secret scanner built in Rust by MongoDB. It features live secret validation and ships with over 950 built-in rules to detect and triage leaked credentials.
In the background, use advanced techniques that take longer:
argus: A high-performance security scanner that uses Shannon entropy analysis and multi-pattern matching to identify both known and unknown credentials.
Unless otherwise noted, crates mentioned above have signs of quality:
increasing downloads over time (are gaining in popularity)
updates within the last 6 months (has not been abandoned)
multiple maintainers
Please connect with me to join our code explaination and refactoring sessions.
– https://linkedin.com/in/wilsonmar
RANT: I think it’s a terrible idea to spend time writing another editor or operating system using Rust. Here I showcase creation of enterprise-worthy apps rather than basic/toy examples on the internet.
We are working on integrating here other code examples from GitHub.com:
Examples in Python:
https://github.com/arunprabusamy/course-explainer-app/tree/starter-template
https://www.youtube.com/watch?v=EUmK2tFAQfE = The Simplest AI Coding CLI in Pure Rust 50 Lines
grafana/augurs = Time series analysis for Rust, with bindings to Python and Javascript
https://github.com/RustScan/RustScan = Rust Scan - finds all open ports faster than Nmap.
https://github.com/dani-garcia/vaultwarden/ = Vaultwarden - unofficial Bitwarden compatible server written in Rust.
https://github.com/starship/starship = Starship - the cross-shell prompt written in Rust.
https://github.com/rustybuilder/rust-faces = Face Detection in Rust with Python Bindings
sudo rm -rf /Library/Developer/CommandLineTools
sudo xcode-select --install
brew trust --formula vectordotdev/brew/vector
brew tap vectordotdev/brew && brew install vector
Incredibly fast, low memory footprint, and handles both collection, parsing (transform), and routing logs. Recommended over Fluent Bit written in C and Filebeat written in Go. Vector does not block your application’s main thread. Instead of your app waiting for a network round-trip to the central server, your app writes logs to a local buffer (e.g., stdout, a local file, or a Unix socket). Vector reads from these local sources asynchronously. The app continues processing requests while Vector handles the network I/O in the background.
This may be a popular trivia question that everyone may not know:
VIDEO Rust cannot handle double-linked lists, aka self-referential structs and cyclic graphs.
The workaround is the Arena Pattern which has a 36% performance penalty to maintain the sequence number.
PROTIP: Add to startup .bash_profile/.zshrc to update Rust utilities so have the latest version of the installer when you open a Terminal. This takes a few seconds.
REMEMBER: If you used Homebrew to install rustup, instead of rustup command to upgrade itself, use:
brew upgrade rustup-init
Read rustup.rs
You don’t need to rememeber that “toml” means (Tom’s Obvious Minimal Language).
Inside the file, version=”0.1.0” is updated manually to semver.org (Semantic Versioning).
The edition=”2024” is described at https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
cargo info backup
The response at time of this writing:
Updating crates.io index
Downloaded backup v0.1.0
Downloaded 1 crate (85.6KiB) in 0.39s
backup #backup #cli #restore
create encrypted backups
version: 0.1.0
license: BSD-3-Clause
rust-version: unknown
documentation: https://github.com/nbari/backup
homepage: https://github.com/nbari/backup
repository: https://github.com/nbari/backup
crates.io: https://crates.io/crates/backup/0.1.0
For code completions, documentation on hover, etc.
VS Code is the most widely used editor for Rust.
VSCode users: install rust-analyzer (not “rust-lang.rust”). https://code.visualstudio.com/docs/languages/rust
IDEs are visual frontends for underlying debuggers like LLDB (on macOS/Linux) or GDB (on Linux) or the MSVC debugger (on Windows).
To enable breakpoints in VSCode, install the CodeLLDB extension by Vadim Chugunov by clicking this, then “Install”, “Continue”, “Allow”, “Trust publisher”:
https://marketplace.visualstudio.com/items?itemName=vadimcn.vscode-lldb
https://github.com/vadimcn/vscode-lldb
To set a breakpoint, click in the gutter (the empty space to the left of the line numbers) to place a red dot (your stop point). Then you press F5 (or go to Run -> Start Debugging). It will compile your code and stop execution exactly at that line, allowing you to inspect variables, view the call stack, and step through code line-by-line.
Dynamic Linking (Default):
By default, Rust dynamically links to your system’s C library (usually glibc on Linux). If you compile a binary on Ubuntu 22.04, it might refuse to run on an older server running CentOS 7 because the older server is missing the newer glibc version. (Low binary portability).
Static Linking (musl): You can tell Rust to compile against musl libc (e.g., cargo build –target x86_64-unknown-linux-musl). This bakes the C library directly into your executable. The resulting binary is a single file that will run on almost any Linux distribution from the last 15 years. (High binary portability)
Windows Binaries: By default, Rust statically links the Microsoft Visual C++ runtime into Windows executables. This means a Rust .exe is highly portable across different Windows versions and usually doesn’t require the user to install “VCRedist” packages.
git clone https://github.com/bomonike/rustlang-samples --depth 1
cd rustlang-samples
This repo currently has code for these sample Rust (.rs) program source packages:
useful-rust at https://github.com/bomonike/rustlang-samples/blob/main/src/useful-rust/src/main.rs
nato-phonetic-audio is designed to be submitted to crates.io
openai-chat between a front-end client talking with a chat bot.
started around Nov 2022
I created it with Claude’s help.
Its Rust code is within a lib.rs file because the package is structured for upload to crates.io as a library for use by others.
cargo run --example speak_sentence -- "KLQ9" -v
The example file .rs name is auto-discovered.
Observe that the letters have a note to ensure proper pronounciation.
cd src/useful-rust
pwd
ls -al
At that folder, read the README.md for running useful-rust.
REMEMBER: Unlike Python and other languages, your working folder with Rust is a folder up from the main.rs file which is what all Rust code files are named.
Edit the Cargo.toml file for its sample settings.
PROTIP: Many enterprise teams host sample files like in this repo to provide the team a consistent starting point, which reduces endless discussions when new people join the team.
cargo update
cargo clean
cargo build
pwd
Example:
/Users/johndoe/bomonike/rustlang-samples/src/useful-rust
cargo run --release
The Rust compiler aggressively optimizes the code – rearrange lines, inline functions, and remove unused variables, making it impossible for the debugger to map your stop points to the actual executing machine code.
cargo build
Success means a message such as:
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.24s
RUST_LOG=debug cargo run -- -v -s
Parameters for each program should be defined in the program’s README
RUST_LOG=debug makes use of coding in the program to do logging. It can be removed.
Alternately, with JSON logs:
RUST_LOG=info cargo run 2>&1 | jq
2>&1 routes STDERR to screen.
cargo install cargo-udeps
cargo udeps
cargo install cargo-outdated
cargo outdated --aggressive --offline
Specify “–root-deps-only” instead of “–aggressive”.
Exclude “–offline” if you’re not offline.
Expect to see a table listing your dependencies, their current version, the latest compatible version, and the absolute latest version:
cargo audit
At time of running, it displayed “Vulnerable crates found!” within openai-client calling async-openai transitively calling backoff calling instant:
Version: 0.4.0
Warning: unmaintained
Title: `backoff` is unmaintained.
Date: 2025-03-04
ID: RUSTSEC-2025-0012
URL: https://rustsec.org/advisories/RUSTSEC-2025-0012
Dependency tree:
backoff 0.4.0
└── async-openai 0.24.1
└── openai-client 0.1.0
Crate: instant
Version: 0.1.13
Warning: unmaintained
Title: `instant` is unmaintained
Date: 2024-09-01
ID: RUSTSEC-2024-0384
URL: https://rustsec.org/advisories/RUSTSEC-2024-0384
Dependency tree:
instant 0.1.13
└── backoff 0.4.0
└── async-openai 0.24.1
└── openai-client 0.1.0
REMEMBER: As they say, “with Rust, you get the hangover before”. Use Clippy whinning as learning opportunities to write safer code.
├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0012 ├ The [backoff](https://crates.io/crates/backoff) crate is no longer actively maintained. For exponential backoffs/retrying, you can use the [backon](https://crates.io/crates/backon) crate. ├ Announcement: https://github.com/ihrwein/backoff/issues/66 ├ Solution: No safe upgrade is available!
cargo deny
Migrate backoff to backon https://github.com/divviup/janus/pull/3769 shows a resolution on Apr 14, 2025
I asked AI “how to fix this” and got back:
The most sustainable solution is to update async-openai to a version that no longer depends on backoff. The latest version (0.41.1) still lists backoff as a dependency, but the maintainers may address this in a future release.
cargo update async-openai --verbose
cargo clippy --manifest-path Cargo.toml 2>&1 | grep -E "warning:|error:|Finished" | sort -u
TODO: Define the commands above as aliases so you can invoke the command easily and frequently. See my https://github.com/wilsonmar/mac-setup/main/blob/aliases.sh
PROTIP: In the command above, “grep” creates a summary of one line per message. The “sort -u” presents only unique lines:
warning: called map(<f>).unwrap_or_else(<g>) on an Option value
warning: called map(<f>).unwrap_or(false) on an Option value
warning: non-binding let on an expression with #[must_use] type
warning: variables can be used directly in the format! string
</pre>
If you’d rather be a pro than a mindless poser, do the work now to reap rewards in the years to come.
timestamp=$(date "+%Y%m%d_%H%M%S");clear;cargo clippy --manifest-path Cargo.toml --all -- -D warnings 2>"clippy-$timestamp.txt"
code "clippy-run-$timestamp.txt"
PROTIP: A clear command would enable you to quickly reach the top of a long output by pressing command+up arrow.
PROTIP: 2>”clippy_$timestamp.txt” sends the output to a file named with a ISO8601 UTC date/time stamp.
REMEMBER: Bookmark the link to Rust error codes
Each error has both bad example and good example code.
REMEMBER: To view on a browser from a Terminal app, hold down command to click on Clippy Lints for each of 809+ messages, such as:
https://rust-lang.github.io/rust-clippy/rust-1.96.0/index.html#collapsible_if
rustc --explain E0502
Press q to exit to the CLI prompt.
explain errors
Then:
explain fixes
An AI with an understanding of prior context would understand.
PROTIP: Take notes such as my:
https://bomonike.github.io/rustlang
cannot borrow * as mutable because it is also borrowed as immutable. CAUSE: an active immutable borrow when you try to create a mutable borrow. Restructure your code. Ensure the immutable borrow is no longer used before the mutable borrow occurs. Sometimes, you can end the borrow earlier by limiting its scope with a block {} or by cloning the data if performance allows.
does not live long enough. CAUSE: A value is dropped (goes out of scope) while it’s still being borrowed. Fix the lifetime. You may need to extend the lifetime of the value, take ownership (return an owned String instead of a &str), or add explicit lifetime annotations to your functions.
mismatched types. CAUSE: A variable or return value is of the wrong type. Convert the type. Use .into(), as, or another method to convert the value to the expected type.
The Cargo.toml and clippy.toml files can contain specifications about what check to igore. Location is the ~/.cargo folder would apply to all Rust runs in any folder. Annoying examples:
warning: doc paragraphs should end with a terminal punctuation mark
These programs were created with the help of several AI tools, including Claude and Warp Oz.
Here I aim to provide specifics wisdom and examples, beyond platitudes such as “Leverage the Compiler, Don’t Fight It”.
Examples of what is applicable to many modules:
// POLICY: Generally, issue results from functions rather than print formatted output so that the calling function has a choice of natural languages to present results.
// POLICY: Within main(), uniquely identify each step to provide the AI a way to reference code rather than using more cumbersome line numbers. The AI can renumber sequentially numbered steps automatically when asked.
// POLICY: When printing sequential numbers, zero-fill 3-digit numbers (specified as “”) so columns line up vertically.
// POLICY: Do not store sensitive values in clear-text .env files, even though they are in the user home folder. Store secrets in a local secrets database such as KeepassXC.
// POLICY: Use the zeroize crate to securely wipe the master password from memory as soon as the database is decrypted. This is so other processes snooping can’t steal it.
// POLICY: To access a database from multiple threads (e.g., in a Tauri or Axum web app), wrap crypto keys in a Mutex inside a single thread, or decrypt what you need and pass the decrypted strings (carefully) to other threads.
// POLICY: When running in production (ENV_TYPE=”PROD”), verify that the hash (SHA-1) of the main.rs file is the same hash as the file in GitHub to ensure that the file has not been corrupted.
To store API keys as secrets using the “Custom Attributes” Approach (Recommended)
This method allows you to store as many distinct API values as you need for a single service while keeping them organized and secure.
Create a new .kdbx file for APIs separate from your personal secrets (for banking, etc.).
In the Value column, paste your actual API value.
v033 feat: nato-audio @rustops.md created 2021-10-03