tfmcp

# Development Guidelines ## Security and Code Quality Standards ### CRITICAL SECURITY RULES 1. **NEVER use mock frameworks or mock code:** - FORBIDDEN: `mockall`, `mock` libraries, or any mock implementations - FORBIDDEN: Mock structs, mock functions, or fake implementations - ALLOWED: Real integration tests with temporary files/directories - ALLOWED: Testing with actual data structures and real implementations **Reason**: Mock code can mask security vulnerabilities and create false confidence in tests. 2. **Remove ALL unused code immediately:** - FORBIDDEN: Dead code, unused functions, unused structs, unused imports - FORBIDDEN: Commented-out code blocks - FORBIDDEN: `#[allow(dead_code)]` except for very specific cases - REQUIRED: Clean, minimal codebase with only actively used code - REQUIRED: Remove unused dependencies from Cargo.toml 3. **Code quality enforcement:** - FORBIDDEN: Any warnings in CI (`RUSTFLAGS="-Dwarnings"`) - FORBIDDEN: Unused variables, unused imports, unused functions - REQUIRED: Prefix test variables with `_` if intentionally unused - REQUIRED: Use `#[allow(dead_code)]` only for legitimate infrastructure code ## Code Style - Follow `rustfmt` formatting (run `cargo fmt --all` before commits) - Maximum line length: 100 characters - Use `Result`/`Option` types appropriately - Document public APIs with rustdoc comments - Prefer immutable variables when possible ## Error Handling - Use `anyhow` for application-level error propagation - Use `thiserror` for custom error types - Propagate errors with `?` operator - Avoid `.unwrap()` in production code ## Testing Strategy - Unit tests for individual modules - Integration tests for Terraform service operations - Registry API integration tests with real API calls (limited by timeouts) - Performance tests for batch operations and caching - Use `tempfile` for file system tests - **NO MOCK FRAMEWORKS** - Use real implementations only