Skip to content

Commit c3df847

Browse files
JAORMXclaude
andcommitted
Address review feedback on RFC
- Fix Tier 1 package list in Phase 2 (was incorrectly listing logger/healthcheck) - Change Tier 1 packages from "Stable (v1)" to "Beta" (v0.x = no stability guarantee) - Add "no global state" graduation criterion - Add permissions package scope to open questions - Remove verbose Go code example from Stability Levels section Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent d68b5ff commit c3df847

1 file changed

Lines changed: 15 additions & 19 deletions

File tree

rfcs/THV-0032-toolhive-core-shared-library.md

Lines changed: 15 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ A package must meet ALL of the following criteria to graduate to `toolhive-core`
101101
| **API stability** | No breaking changes in the last 2 minor releases |
102102
| **Interface design** | Uses Go interfaces for dependency injection and testability |
103103
| **Error handling** | Returns typed errors; no panics except for programming bugs |
104+
| **No global state** | No singletons, global variables for state, or `init()` side effects |
104105

105106
#### 2. Quality Requirements
106107

@@ -160,19 +161,11 @@ sequenceDiagram
160161

161162
### Stability Levels
162163

163-
`toolhive-core` packages use explicit stability markers:
164-
165-
```go
166-
// Package logger provides structured logging for ToolHive services.
167-
//
168-
// Stability: Stable (v1)
169-
// Since: v0.1.0
170-
package logger
171-
```
164+
Each package in `toolhive-core` is marked with a stability level in its godoc:
172165

173166
| Level | Meaning | API Guarantees |
174167
|-------|---------|----------------|
175-
| **Stable (v1)** | Production-ready, fully supported | No breaking changes without major version bump |
168+
| **Stable** | Production-ready, fully supported | No breaking changes without major version bump |
176169
| **Beta** | Feature-complete, may have minor changes | Breaking changes possible with deprecation notice |
177170
| **Alpha** | Experimental, subject to significant changes | No stability guarantees |
178171

@@ -199,12 +192,14 @@ These packages meet all graduation criteria (zero ToolHive-specific coupling, we
199192

200193
| Package | Current Location | Stability | Rationale |
201194
|---------|------------------|-----------|-----------|
202-
| **errors** | `pkg/errors/` | Stable (v1) | HTTP-aware error handling, zero deps, 10mo stable |
203-
| **oauth** | `pkg/oauth/` | Stable (v1) | RFC-compliant OAuth/OIDC types, fosite dep only |
204-
| **env** | `pkg/env/` | Stable (v1) | Testable environment access, zero deps |
205-
| **permissions** | `pkg/permissions/` | Stable (v1) | Container permission profiles, stdlib-only, security validations |
206-
| **validation** | `pkg/validation/` | Stable (v1) | RFC 7230 HTTP header validation, security-focused |
207-
| **versions** | `pkg/versions/` | Stable (v1) | Build metadata, User-Agent generation |
195+
| **errors** | `pkg/errors/` | Beta | HTTP-aware error handling, zero deps, 10mo stable |
196+
| **oauth** | `pkg/oauth/` | Beta | RFC-compliant OAuth/OIDC types, fosite dep only |
197+
| **env** | `pkg/env/` | Beta | Testable environment access, zero deps |
198+
| **permissions** | `pkg/permissions/` | Beta | Container permission profiles, stdlib-only, security validations |
199+
| **validation** | `pkg/validation/` | Beta | RFC 7230 HTTP header validation, security-focused |
200+
| **versions** | `pkg/versions/` | Beta | Build metadata, User-Agent generation |
201+
202+
> **Note**: All packages start as Beta in v0.x releases. Once the library reaches v1.0.0, packages meeting all graduation criteria will be promoted to Stable.
208203
209204
**Proposed `toolhive-core` structure:**
210205

@@ -405,7 +400,7 @@ import "github.com/stacklok/toolhive-core/logger"
405400

406401
### Phase 2: Initial Package Migration (Week 3-4)
407402

408-
- Extract Tier 1 packages: logger, errors, validation, healthcheck, versions, env
403+
- Extract Tier 1 packages: errors, oauth, env, permissions, validation, versions
409404
- Ensure 100% test parity with original implementations
410405
- Write package documentation and examples
411406
- Tag v0.1.0 release
@@ -470,8 +465,9 @@ import "github.com/stacklok/toolhive-core/logger"
470465
## Open Questions
471466

472467
1. **Release cadence**: Monthly minor releases, or release when ready?
473-
2. **Tier 2 timeline**: When should we start refactoring logger/healthcheck/tokenexchange for graduation?
474-
3. **Logger refactoring approach**: When decoupling logger from Viper, should we use zap with config injection, switch to slog, or provide an interface that supports both?
468+
2. **Tier 2 timeline**: When should we start refactoring healthcheck/tokenexchange for graduation?
469+
3. **Logger approach**: When decoupling logger from Viper, should we use zap with config injection, switch to slog (stdlib), or provide an interface that supports both?
470+
4. **permissions package scope**: Is `pkg/permissions` (container security profiles) generic enough for a shared library, or is it too domain-specific to ToolHive?
475471

476472
## References
477473

0 commit comments

Comments
 (0)