Rust Engine

Admina ships a Rust core engine (admina_core) compiled via PyO3 as a Python extension. The engine provides ~1.7x faster governance processing compared to the pure Python implementation. Admina auto-detects which engine to use at startup.

Performance

Component Python Rust Speedup
Firewall (regex) 9.1ยตs 6.9ยตs 1.3x
PII Scanner 8.2ยตs 2.4ยตs 3.5x
Loop Breaker 5.4ยตs 3.7ยตs 1.4x
Total pipeline 24ยตs 14ยตs 1.7x

Benchmarks on Apple M2, Python 3.11, single-threaded. Reproduce with make bench (requires both engines installed).

The real advantage is under concurrent load. The single-request numbers above are already good, but they don't tell the whole story. Python's GIL means that under concurrent agent traffic, the Python engine serialises governance calls โ€” throughput plateaus even as more cores are available. The Rust engine has no GIL: all regex, PII, and hash-chain operations run truly in parallel across threads. In practice this means 3โ€“5ร— higher throughput at typical production concurrency levels (10โ€“50 simultaneous agent sessions) compared to the Python implementation, with p99 latency staying flat instead of climbing.

Auto-detection

The engine_bridge.py module checks for the compiled Rust extension at startup and falls back to Python if unavailable. This means Admina works identically without Rust โ€” just slower. 

# Check which engine is active
make status
# โ†’ {"engine": "rust", "rust_available": true, "version": "0.2.0"}

# Or via the health endpoint
curl http://localhost:8080/health
# โ†’ {"engine": "rust", "rust_available": true, ...}

Building the Rust engine

Prerequisites

  • Rust toolchain 1.75+ (rustup.rs)
  • Python 3.11+ with development headers
  • maturin (pip install maturin)

Build

# Full build: Rust engine + Python install
make all

# Or manually
cd core-rust
maturin develop --release    # builds + installs into current venv

# Python-only mode (no Rust required)
make python

Verify the build

python -c "import admina_core; print(admina_core.__version__)"
# โ†’ 0.2.0

python -c "from admina_core import Firewall; f = Firewall(); print(f.check('test'))"
# โ†’ {"risk_level": "LOW", "matched_patterns": []}

Rust modules

core-rust/src/firewall.rs

RegexSet single-pass injection pattern matching. Compiles all 15 patterns at build time for zero runtime regex compilation overhead.

core-rust/src/pii.rs

Compiled PII regex scanner. Email, phone, credit card, SSN, IBAN, IP โ€” all patterns pre-compiled into a single pass.

core-rust/src/loop_breaker.rs

TF-IDF vectorization and cosine similarity for loop detection. Uses nalgebra for fast vector operations.

core-rust/src/forensic.rs

SHA-256 hash chain for the forensic black box. Uses the sha2 crate for zero-dependency hashing.

Running benchmarks

# Full benchmark suite (requires both engines)
make bench

# Or directly
python benchmark.py --output report.html

# Stress test with 10k requests
python benchmark.py --requests 10000 --report json

The benchmark generates an HTML report with latency percentiles, throughput curves, and a Python vs Rust comparison. Reports are saved to benchmark-reports/.

Dockerfile notes

The included proxy/Dockerfile compiles the Rust engine during the Docker build. If the Rust toolchain is unavailable in the build environment, the build falls back to Python-only mode automatically (see Makefile targets).

The benchmark.Dockerfile is a separate image for running benchmarks in isolation without polluting the proxy image.