Features/Phase 0 - rstix structure

.gitignore

@@ -19,3 +19,6 @@ editors/vscode/*.vsix
 .cursor/
 
 /docs-drafts/
+.DS_Store
+/plan/*
+/Sidenote/*

Cargo.toml

@@ -7,6 +7,7 @@ members = [
     "crates/rsigma-runtime",
     "crates/rsigma-cli",
     "crates/rsigma-lsp",
+    "crates/rstix",
 ]
 exclude = ["fuzz"]
 

crates/rstix/Cargo.toml

@@ -0,0 +1,50 @@
+[package]
+name = "rstix"
+description = "STIX 2.1 + TAXII 2.1 library crate"
+readme = "README.md"
+version.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+license.workspace = true
+repository.workspace = true
+homepage.workspace = true
+
+[features]
+default = ["serde"]
+
+serde = ["dep:serde", "dep:serde_json"]
+pattern = ["serde"]
+validate = ["serde", "pattern"]
+graph = ["serde"]
+marking = ["serde"]
+store = ["serde"]
+store-fs = ["store"]
+enrichment = ["store", "graph"]
+taxii = ["serde", "dep:reqwest", "dep:tokio", "dep:secrecy"]
+auth-certificate = ["taxii"]
+testing = ["validate", "taxii", "dep:wiremock"]
+full = [
+    "pattern",
+    "validate",
+    "graph",
+    "marking",
+    "store-fs",
+    "enrichment",
+    "taxii",
+    "auth-certificate",
+    "testing",
+]
+
+[dependencies]
+uuid = { version = "1", features = ["v4", "v5"] }
+time = { version = "0.3", features = ["formatting", "parsing"] }
+phf = { version = "0.11", features = ["macros"] }
+thiserror = "2"
+
+serde = { version = "1", features = ["derive"], optional = true }
+serde_json = { version = "1", optional = true }
+
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls", "json", "stream"], optional = true }
+tokio = { version = "1", features = ["rt-multi-thread", "macros"], optional = true }
+secrecy = { version = "0.10", optional = true }
+wiremock = { version = "0.6", optional = true }

crates/rstix/README.md

@@ -0,0 +1,31 @@
+# rstix
+
+`rstix` is a phase-driven Rust library crate for STIX 2.1 and TAXII 2.1 support inside the `rsigma` workspace.
+
+Phase 0 intentionally ships only infrastructure and feature-flag scaffolding.
+
+## Feature Flags
+
+| Feature | Purpose |
+|---|---|
+| `serde` (default) | Enables serialization/deserialization support modules |
+| `pattern` | STIX pattern parsing/evaluation module |
+| `validate` | Validation pipeline module |
+| `graph` | Graph traversal module |
+| `marking` | Data marking semantics module |
+| `store` | Storage abstraction module |
+| `store-fs` | Filesystem-backed store support |
+| `enrichment` | Enrichment APIs |
+| `taxii` | TAXII client module |
+| `auth-certificate` | TAXII certificate auth support |
+| `testing` | Test helper interfaces |
+| `full` | Enables all major optional features |
+
+## Status
+
+- Phase 0: crate skeleton and workspace integration
+- No STIX/TAXII production behavior yet
+
+## License
+
+This crate inherits the workspace `MIT` license.

crates/rstix/src/core/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 core module placeholder.
+//! Phase 0 core module placeholder.

crates/rstix/src/enrichment/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 enrichment module placeholder.
+//! Phase 0 enrichment module placeholder.

crates/rstix/src/graph/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 graph module placeholder.
+//! Phase 0 graph module placeholder.

crates/rstix/src/lib.rs

@@ -0,0 +1,63 @@
+#![forbid(unsafe_code)]
+#![warn(missing_docs)]
+
+//! STIX 2.1 + TAXII 2.1 library crate.
+//!
+//! Phase 0 intentionally ships only infrastructure scaffolding and feature-gated
+//! module boundaries. Production semantics are introduced in later phases.
+
+/// Core module placeholder.
+pub mod core;
+
+/// Serde-focused module placeholder.
+#[cfg(feature = "serde")]
+pub mod serde_impls;
+
+/// STIX pattern module placeholder.
+#[cfg(feature = "pattern")]
+pub mod pattern;
+
+/// Validation module placeholder.
+#[cfg(feature = "validate")]
+pub mod validate;
+
+/// Graph module placeholder.
+#[cfg(feature = "graph")]
+pub mod graph;
+
+/// Data marking module placeholder.
+#[cfg(feature = "marking")]
+pub mod marking;
+
+/// Object store module placeholder.
+#[cfg(feature = "store")]
+pub mod store;
+
+/// Enrichment module placeholder.
+#[cfg(feature = "enrichment")]
+pub mod enrichment;
+
+/// TAXII client module placeholder.
+#[cfg(feature = "taxii")]
+pub mod taxii;
+
+/// Testing helper module placeholder.
+#[cfg(feature = "testing")]
+pub mod testing;
+
+/// Top-level parse error placeholder for the Phase 0 stub API.
+#[derive(Debug, thiserror::Error)]
+pub enum ParseError {
+    /// Feature not implemented yet.
+    #[error("not yet implemented")]
+    NotImplemented,
+}
+
+/// Parse a STIX bundle from a JSON string.
+///
+/// # Errors
+///
+/// Always returns [`ParseError::NotImplemented`] during Phase 0 scaffolding.
+pub fn parse_bundle(_json: &str) -> Result<(), ParseError> {
+    Err(ParseError::NotImplemented)
+}

crates/rstix/src/marking/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 marking module placeholder.
+//! Phase 0 marking module placeholder.

crates/rstix/src/pattern/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 pattern module placeholder.
+//! Phase 0 pattern module placeholder.

crates/rstix/src/serde_impls/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 serde module placeholder.
+//! Phase 0 serde module placeholder.

crates/rstix/src/store/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 store module placeholder.
+//! Phase 0 store module placeholder.

crates/rstix/src/taxii/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 TAXII module placeholder.
+//! Phase 0 TAXII module placeholder.

crates/rstix/src/testing/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 testing module placeholder.
+//! Phase 0 testing module placeholder.

crates/rstix/src/validate/mod.rs

@@ -0,0 +1,2 @@
+//! Phase 0 validation module placeholder.
+//! Phase 0 validation module placeholder.

crates/rstix/tests/.gitkeep

@@ -0,0 +1,2 @@
+
+