Rust-Slint Password Manager Development

Expert guidance for developing a secure cross-platform desktop password manager built with Rust and Slint UI framework. This skill enforces TDD practices, security standards, and comprehensive quality checks.

Project Context

A cross-platform desktop password manager using military-grade encryption (Argon2 + AES-256-GCM). Built with Rust (Edition 2021, version 1.70+) and Slint UI framework v1.14. Prioritizes security, code quality, and compatibility across macOS and Linux.

Tech Stack

Architecture

```

src/

├── main.rs - Entry point, UI callbacks, event handlers

├── lib.rs - Library crate root

├── storage.rs - Encryption/decryption, password storage

└── ui/

└── main.slint - UI definition

tests/

├── integration_test.rs - Integration tests

└── storage_test.rs - Storage module unit tests

```

Critical Development Workflow

**MANDATORY: Follow this exact workflow for ALL code changes.**

Step 1: Before Making Changes (Build Verification)

Always verify current state first:

```bash

cargo build # Verify project builds

cargo test # Verify all tests pass

cargo fmt -- --check # Verify code formatting

cargo clippy --all-targets -- -D warnings # Verify no lint warnings

```

This prevents introducing new issues and identifies pre-existing problems unrelated to your changes.

Step 2: Development Process (TDD)

For any new feature or bug fix:

1. **Write failing tests first** (Test-Driven Development)

```bash

cargo test <test_name> # Should fail initially

```

2. **Implement minimal code** to make tests pass

```bash

cargo test <test_name> # Should now pass

```

3. **Refactor if needed** while keeping tests passing

```bash

cargo test # All tests should still pass

```

4. **Verify code quality** before moving to next task

```bash

cargo fmt # Auto-format code

cargo clippy --all-targets -- -D warnings # Check for issues

```

Step 3: Before Committing (Quality Verification)

**MANDATORY checklist - run in exact order:**

```bash

Step 1: Format code (auto-fixes formatting issues)

cargo fmt

Step 2: Verify build succeeds

cargo build

Step 3: Verify all tests pass

cargo test

Step 4: Verify no lint warnings (treat as errors)

cargo clippy --all-targets -- -D warnings

Step 5: (Optional but recommended) Security audit

cargo audit

```

**If ANY step fails, you MUST fix it before committing.**

Step 4: Commit Guidelines

Code Quality Standards

Formatting (rustfmt)

- Maximum line width: 100 characters

- 4 spaces for indentation (no hard tabs)

- Automatic import reordering enabled

Linting (Clippy)

Testing

- New features (before implementing)

- Bug fixes (reproduce bug first, then fix)

- Edge cases and error conditions

- Security-critical code paths

Security Requirements

**This is a security-critical application. All changes must be reviewed for security implications.**

Security Best Practices

1. **Never commit secrets or hardcoded passwords** to source code

2. **Always use cryptographically secure random number generators** (e.g., `OsRng` from `aes_gcm::aead`)

3. **Follow existing encryption patterns** in `src/storage.rs`:

- Use Argon2 for key derivation with random salts

- Use AES-256-GCM for encryption with random nonces

- Generate new salt and nonce for each save operation

4. **Zero-knowledge principle**: Master password must never be stored or logged

5. **Zeroize sensitive data** when possible

6. **Validate all user inputs** before processing

7. **Security audit**: Run `cargo audit` to check dependencies for vulnerabilities

- Install: `cargo install cargo-audit`

- Run before major changes affecting dependencies

Security-Related Files

TDD (Test-Driven Development) Workflow

Why TDD for Rust

TDD Cycle

1. **Red Phase** (Write failing test)

```rust

#[test]

fn test_new_feature() {

let input = "test";

let result = my_new_function(input);

assert_eq!(result, "expected");

}

```

Run: `cargo test test_new_feature` → Should fail

2. **Green Phase** (Make test pass)

```rust

fn my_new_function(input: &str) -> String {

"expected".to_string()

}

```

Run: `cargo test test_new_feature` → Should pass

3. **Refactor Phase** (Improve while keeping tests green)

- Clean up code

- Remove duplication

- Improve naming

- Run `cargo test` after each change

Testing Guidelines

**Storage Module Tests** (`src/storage.rs` and `tests/storage_test.rs`):

**Integration Tests** (`tests/integration_test.rs`):

**Slint UI Tests**:

Common Tasks

Adding New Features

1. Follow mandatory workflow (verify build state first)

2. **Write tests first** (TDD approach)

3. Implement minimal code to pass tests

4. Update both code and documentation

5. Run full quality checks before committing

6. Commit with descriptive message

Modifying UI

1. Test current UI behavior first

2. Edit `.slint` files in `src/ui/` directory

3. Update corresponding callbacks in `src/main.rs`

4. Ensure callbacks are properly connected

5. Build and test: `cargo build && cargo run`

6. Verify UI changes work as expected

7. Run quality checks before committing

Modifying Encryption Logic

1. **Extra scrutiny required** for changes to `src/storage.rs`

2. **Write comprehensive tests first** (TDD is mandatory here)

3. Maintain backward compatibility with existing encrypted files

4. Test with various password scenarios

5. Document security implications in commit messages

6. Run `cargo audit` to check for security issues

7. Review changes multiple times before committing

Common Pitfalls

Don't: Commit Without Running Quality Checks

**Problem**: Code fails in CI but worked locally

**Solution**: Always run: `cargo fmt && cargo build && cargo test && cargo clippy --all-targets -- -D warnings`

Don't: Skip Tests or Write Tests After Implementation

**Problem**: Tests become biased toward implementation, not requirements

**Solution**: Practice TDD - write tests FIRST, then implement

Don't: Ignore Clippy Warnings

**Problem**: Code quality issues accumulate

**Solution**: Fix all clippy warnings immediately

Don't: Forget to Build Before Making Changes

**Problem**: Introducing new issues when pre-existing issues exist

**Solution**: Run `cargo build && cargo test` BEFORE making changes

Don't: Modify Generated Code

**Problem**: Changes to generated code (e.g., from `slint-build`) get overwritten

**Solution**: Only modify source files (`.slint`, `.rs`), never generated files

Don't: Test on Only One Platform

**Problem**: Code works on your machine but fails on other platforms

**Solution**: Use platform-agnostic APIs, test path construction with `std::path::PathBuf`, check CI results

Don't: Hardcode Paths or Secrets in Tests

**Problem**: Tests fail on different machines or expose sensitive data

**Solution**: Use `std::env::temp_dir()` for test files, clean up in teardown

Platform Support

- macOS: cmake

- Linux: cmake, libfontconfig1-dev, libxcb-shape0-dev, libxcb-xfixes0-dev

CI/CD Integration

All quality checks run automatically in GitHub Actions:

**Before submitting PR**: Ensure all CI checks will pass by running locally:

```bash

cargo fmt -- --check

cargo clippy --all-targets -- -D warnings

cargo test

cargo audit

```

Key Conventions

Build Commands Reference

```bash

cargo build # Development build

cargo run # Run application

cargo build --release # Release build

cargo run --release # Release run

cargo clean && cargo build # Clean build (troubleshooting)

cargo test # Run all tests

cargo test <name> # Run specific test

cargo test -- --nocapture # Run tests with output

```