ποΈ Nexus Architecture
"A solid foundation does not merely bear today's load β it is ready for tomorrow's demands."
π― Design Philosophyβ
Nexus architecture is built on three core principles:
| Principle | Practical Meaning |
|---|---|
| Module Independence | Each tool operates standalone β deploy incrementally, no all-or-nothing commitment |
| Deployment Simplicity | Single binary per tool, no runtime dependencies, no complex installation |
| Cross-Platform Native | Windows (Dev) and Linux (Production) β identical behavior, no surprises |
𧬠System Architectureβ
Nexus is a Rust workspace of 11 specialized crates sharing a common core library while maintaining clear separation of responsibility.
graph TB
subgraph "Developer Environment"
VSCODE["VS Code Extension"]
NEXUS_CLI["nexus CLI"]
ICOMP["icomp β Compiler"]
end
subgraph "Management Server β isman"
AXUM["Axum HTTP Server"]
IPOL_SVC["Policy Service (ipol)"]
ING_SVC["Ingenium Service (ing)"]
JOBS["Job Scheduler"]
HEALTH["Health Monitor"]
end
subgraph "Core Library"
TERMINAL["Terminal Abstraction"]
DB2["DB2 Integration"]
CRYPTO["AES-256-GCM Crypto"]
SSH_LIB["SSH Library"]
POOL["Terminal Pool"]
PROCESS["Process Manager"]
end
subgraph "Target Systems"
LOCAL["Local Terminal"]
REMOTE["Remote SSH Servers"]
DB2_SERVER["DB2 Database"]
end
VSCODE --> NEXUS_CLI
VSCODE --> ICOMP
VSCODE --> AXUM
NEXUS_CLI --> TERMINAL
ICOMP --> TERMINAL
AXUM --> IPOL_SVC
AXUM --> ING_SVC
AXUM --> JOBS
AXUM --> HEALTH
IPOL_SVC --> TERMINAL
IPOL_SVC --> DB2
ING_SVC --> TERMINAL
JOBS --> TERMINAL
TERMINAL --> LOCAL
TERMINAL --> REMOTE
DB2 --> DB2_SERVER
REMOTE -.-> SSH_LIB
TERMINAL -.-> POOL
π¦ Dependency Mapβ
Every component builds on the Core Library β ensuring consistent behavior system-wide:
| Crate | Type | Function |
|---|---|---|
| core | Library | Foundation: terminal, DB2, crypto, parallel execution |
| ssh | Library | SSH connection management and pooling |
| policy | Library | Policy data models and business logic |
| nexus | Binary | CLI for environment orchestration |
| icomp | Binary | Intelligent COBOL compiler |
| iman | Binary | Ingenium management (CLI) |
| ipol | Binary | Policy management (CLI) |
| isman | Binary | Central HTTP management server |
| benova | Binary | Developer utilities |
| vscext | Extension | VS Code integration |
π Terminal Abstraction Layerβ
This is the most important architectural decision in Nexus β a unified abstraction allowing every operation to run identically on a local machine or remote server via SSH.
ββββββββββββββββββββββββ
β Terminal Trait β
β execute() β
β read_all() β
β change_directory() β
β get_variable() β
ββββ¬ββββββββββββββββ¬ββββ
β β
βββββββββΌβββββ ββββββββΌβββββββββββ
β Local β β SSH Terminal β
β Terminal β β (Remote) β
ββββββββββββββ βββββββββββββββββββ
Practical Benefits:
- Write once, run anywhere β code managing a local dev machine and a production server is identical
- Terminal Pooling β efficient connection reuse, preventing resource exhaustion
- Configurable timeouts β from quick queries (seconds) to long-running batch jobs (minutes)
- Automatic health checks β dead connections are transparently detected and replaced, zero disruption
π Management Server Architectureβ
isman is built on Axum + Tokio β a high-performance async Rust stack handling thousands of concurrent requests with minimal resources.
Client Request
β
βΌ
βββββββββββββ ββββββββββββββββ ββββββββββββββββββ
β Router ββββββΆβ Validation ββββββΆβ spawn_blocking β
β (Axum) β β (Params) β β (Tokio) β
βββββββββββββ ββββββββββββββββ βββββββββ¬βββββββββ
β
ββββββββββΌββββββββ
β Terminal Pool β
ββββββββββ¬ββββββββ
β
ββββββββββΌββββββββ
β DB2 / SSH Ops β
ββββββββββββββββββ
API Endpointsβ
| Endpoint | Method | Function |
|---|---|---|
/ping | GET | Fast connectivity check |
/status | GET | System health and uptime |
/ipol/tasks | GET | List policy tasks |
/ipol/copy | POST | Copy policy between environments |
/ipol/export | POST | Export policy artifacts |
/ipol/import | POST | Import policy artifacts |
/ipol/upload | POST | Upload archive via HTTP |
/ipol/download | GET | Download archive via HTTP |
/shutdown | POST | Controlled server shutdown |
ποΈ DB2 Integrationβ
- β Automatic connection management β connect once, reuse, auto-close on cleanup
- β Secure credential handling β decrypted in memory, zeroed immediately after use, never logged
- β
SQL injection prevention β built-in
sql_escape()function and parameterized queries - β
Atomic operations β supports
BEGIN ATOMIC ... ENDfor multi-statement transactions - β Intelligent error detection β SQLSTATE and SQL code analysis for precise error reporting
π Technology Stackβ
| Layer | Technology | Reason |
|---|---|---|
| Core language | Rust | High performance + memory safety + single binary |
| Async runtime | Tokio | Thousands of concurrent connections, zero overhead |
| HTTP framework | Axum | Fastest in Rust, type-safe routing |
| Encryption | AES-256-GCM | Military-grade, authentication built-in |
| SSH | libssh2 | Battle-tested, production-proven SSH library |
| Serialization | serde + serde_json | Zero-copy, maximum throughput |
| Compression | zstd | Best compression ratio available today |
π Legal Noticeβ
This document is provided for informational and advisory purposes only. All trademarks are the property of their respective owners. This project has no affiliation with DXC Technology, Sun Life, or any other third parties mentioned herein.