feat(smart-proxy): add hot-reloadable global ingress security policy across Rust and TypeScript proxy layers

rust/crates/rustproxy-tls/src/cert_store.rs

@@ -1,5 +1,5 @@
-use std::collections::HashMap;
 use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
 
 /// Certificate metadata stored alongside certs.
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -90,8 +90,10 @@ mod tests {
 
     fn make_test_bundle(domain: &str) -> CertBundle {
         CertBundle {
-            key_pem: "-----BEGIN PRIVATE KEY-----\ntest-key\n-----END PRIVATE KEY-----\n".to_string(),
-            cert_pem: "-----BEGIN CERTIFICATE-----\ntest-cert\n-----END CERTIFICATE-----\n".to_string(),
+            key_pem: "-----BEGIN PRIVATE KEY-----\ntest-key\n-----END PRIVATE KEY-----\n"
+                .to_string(),
+            cert_pem: "-----BEGIN CERTIFICATE-----\ntest-cert\n-----END CERTIFICATE-----\n"
+                .to_string(),
             ca_pem: None,
             metadata: CertMetadata {
                 domain: domain.to_string(),
@@ -122,7 +124,8 @@ mod tests {
         let mut store = CertStore::new();
 
         let mut bundle = make_test_bundle("secure.com");
-        bundle.ca_pem = Some("-----BEGIN CERTIFICATE-----\nca-cert\n-----END CERTIFICATE-----\n".to_string());
+        bundle.ca_pem =
+            Some("-----BEGIN CERTIFICATE-----\nca-cert\n-----END CERTIFICATE-----\n".to_string());
         store.store("secure.com".to_string(), bundle);
 
         let loaded = store.get("secure.com").unwrap();
@@ -147,7 +150,10 @@ mod tests {
     fn test_remove_cert() {
         let mut store = CertStore::new();
 
-        store.store("remove-me.com".to_string(), make_test_bundle("remove-me.com"));
+        store.store(
+            "remove-me.com".to_string(),
+            make_test_bundle("remove-me.com"),
+        );
         assert!(store.has("remove-me.com"));
 
         let removed = store.remove("remove-me.com");
@@ -165,7 +171,10 @@ mod tests {
     fn test_wildcard_domain() {
         let mut store = CertStore::new();
 
-        store.store("*.example.com".to_string(), make_test_bundle("*.example.com"));
+        store.store(
+            "*.example.com".to_string(),
+            make_test_bundle("*.example.com"),
+        );
         assert!(store.has("*.example.com"));
 
         let loaded = store.get("*.example.com").unwrap();