feat(graph): add RestApiAdapter and CloudflareCrawlAdapter (v0.1.15) (#16)

* feat(graph): add RestApiAdapter and CloudflareCrawlAdapter

- RestApiAdapter: flexible REST JSON API scraping with 5 auth schemes
  (Bearer, Basic, API key header/query, none), 4 pagination strategies
  (none, offset, cursor, RFC 8288 Link header), dot-path response
  extraction, and configurable exponential-backoff retry; 24 unit tests
- CloudflareCrawlAdapter: managed whole-site crawling via Cloudflare
  Browser Rendering /crawl endpoint; feature-gated behind cloudflare-crawl
- examples/rest-api-scrape.toml: unauthenticated GET, Bearer + link_header
  pagination, and api_key_header + cursor pagination patterns
- fix: resolve all clippy -D warnings in rest_api.rs and cloudflare_crawl.rs
- docs: update adapters.md, graphql-plugins.md, configuration.md, env-vars.md
- chore: bump version to 0.1.15, update CHANGELOG and README

* fix: update quinn-proto to 0.11.14 (RUSTSEC-2026-0037), fix rustdoc links

Author: greysquirr3l

CHANGELOG.md

@@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.15] - 2026-03-13
+
+### Added
+
+- `stygian-graph`: `RestApiAdapter` — flexible REST JSON API adapter with 5 auth schemes (Bearer, Basic, API key header/query, none), 4 pagination strategies (none, offset, cursor, RFC 8288 Link header), dot-path JSON response extraction, configurable retries with exponential backoff, and 24 unit tests; registered as `"rest-api"`
+- `stygian-graph`: `CloudflareCrawlAdapter` — delegates whole-site crawling to the Cloudflare Browser Rendering `/crawl` endpoint (open beta); polls until complete, aggregates page results, configurable poll interval and job timeout; gated behind `cloudflare-crawl` feature flag
+- `examples/rest-api-scrape.toml` — example pipeline demonstrating unauthenticated GET, Bearer-auth + Link-header pagination, and API-key + cursor pagination patterns
+
+### Fixed
+
+- `stygian-graph`: resolved all `clippy -D warnings` lint failures in `rest_api.rs` and `cloudflare_crawl.rs` — `indexing_slicing`, `map_unwrap_or`, `manual_map`, `if_not_else`, `option_if_let_else`, `unnecessary_map_or`, `cast_possible_truncation`, `ignore_without_reason`, `panic` in tests
+
 ## [0.1.14] - 2026-03-04
 
 ### Fixed

Cargo.lock

@@ -6,7 +6,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.1.14"
+version = "0.1.15"
 edition = "2024"
 rust-version = "1.93.1"
 authors = ["Nick Campbell <s0ma@protonmail.com>"]

Cargo.toml

@@ -230,6 +230,6 @@ Built with:
 
 ---
 
-**Status**: Active development | Version 0.1.1 | Rust 2024 edition | 842 tests | Linux + macOS
+**Status**: Active development | Version 0.1.15 | Rust 2024 edition | 694 tests | Linux + macOS
 
 For detailed documentation, see the [project docs site](https://greysquirr3l.github.io/stygian).

README.md

@@ -50,7 +50,7 @@ let config = BrowserConfig::builder()
 | Field | Type | Default | Description |
 |---|---|---|---|
 | `headless` | `bool` | `true` | Run without visible window |
-| `headless_mode` | `HeadlessMode` | `New` | `New` = `--headless=new` (same renderer as headed Chrome); `Legacy` = classic `--headless` (Chromium < 112 only) |
+| `headless_mode` | `HeadlessMode` | `New` | `New` = `--headless=new` (full Chromium rendering, default since Chrome 112, **only mode since Chrome 132**); `Legacy` = `chrome-headless-shell` / pre-112 `--headless` |
 | `window_size` | `Option<(u32, u32)>` | `(1920, 1080)` | Browser viewport dimensions |
 | `chrome_path` | `Option<PathBuf>` | auto-detect | Path to Chrome/Chromium binary |
 | `stealth_level` | `StealthLevel` | `Advanced` | Anti-detection level |
@@ -92,7 +92,7 @@ All config values can be overridden without touching source code:
 |---|---|---|
 | `STYGIAN_CHROME_PATH` | auto-detect | Path to Chrome/Chromium binary |
 | `STYGIAN_HEADLESS` | `true` | Set `false` for headed mode |
-| `STYGIAN_HEADLESS_MODE` | `new` | `new` (`--headless=new`) or `legacy` (classic `--headless`) |
+| `STYGIAN_HEADLESS_MODE` | `new` | `new` (`--headless=new`) or `legacy` (`chrome-headless-shell`; old `--headless` removed in Chrome 132) |
 | `STYGIAN_STEALTH_LEVEL` | `advanced` | `none`, `basic`, `advanced` |
 | `STYGIAN_POOL_MIN` | `2` | Minimum warm browsers |
 | `STYGIAN_POOL_MAX` | `10` | Maximum concurrent browsers |
@@ -160,9 +160,17 @@ let config = BrowserConfig::builder()
     .build();
 ```
 
-For Chromium < 112 (rare), fall back to the legacy mode:
+For Chromium ≥ 112 (all modern Chrome / Chromium builds), `New` is the right
+choice. `Legacy` targets are rare: pre-112 Chromium or the separately distributed
+`chrome-headless-shell` binary for lightweight CI workloads where full rendering
+fidelity is not required.
+
+> **Note:** As of Chrome 132 the old `--headless` flag is removed entirely.
+> `HeadlessMode::Legacy` now maps to `chrome-headless-shell` semantics — avoid it
+> unless you are explicitly targeting that binary.
 
 ```rust,no_run
+// Only needed for Chromium < 112 or chrome-headless-shell
 let config = BrowserConfig::builder()
     .headless_mode(HeadlessMode::Legacy)
     .build();

book/src/browser/configuration.md

@@ -36,6 +36,136 @@ let adapter = HttpAdapter::with_config(HttpConfig {
 
 ---
 
+## REST API Adapter
+
+Purpose-built for structured JSON REST APIs. Handles authentication, automatic
+multi-strategy pagination, JSON response extraction, and retry — without the caller
+needing to manage any of that manually.
+
+```rust
+use stygian_graph::adapters::rest_api::{RestApiAdapter, RestApiConfig};
+use stygian_graph::ports::{ScrapingService, ServiceInput};
+use serde_json::json;
+use std::time::Duration;
+
+let adapter = RestApiAdapter::with_config(RestApiConfig {
+    timeout:      Duration::from_secs(20),
+    max_retries:  3,
+    ..Default::default()
+});
+
+let input = ServiceInput {
+    url: "https://api.github.com/repos/rust-lang/rust/issues".to_string(),
+    params: json!({
+        "auth":       { "type": "bearer", "token": "${env:GITHUB_TOKEN}" },
+        "query":      { "state": "open", "per_page": "100" },
+        "pagination": { "strategy": "link_header", "max_pages": 10 },
+        "response":   { "data_path": "" }
+    }),
+};
+// let output = adapter.execute(input).await?;
+```
+
+**Registered service name**: `"rest-api"`
+
+### Config fields
+
+| Field | Default | Description |
+|---|---|---|
+| `timeout` | 30 s | Per-request timeout |
+| `max_retries` | 3 | Retry attempts on transient errors (`429`, `5xx`, network) |
+| `retry_base_delay` | 1 s | Base for exponential backoff |
+| `proxy_url` | `None` | HTTP/HTTPS/SOCKS5 proxy URL |
+
+### `ServiceInput.params` contract
+
+| Param | Required | Default | Description |
+|---|---|---|---|
+| `method` | — | `"GET"` | `GET`, `POST`, `PUT`, `PATCH`, `DELETE`, `HEAD` |
+| `body` | — | — | JSON body for `POST`/`PUT`/`PATCH` |
+| `body_raw` | — | — | Raw string body (takes precedence over `body`) |
+| `headers` | — | — | Extra request headers object |
+| `query` | — | — | Extra query string parameters object |
+| `accept` | — | `"application/json"` | `Accept` header |
+| `auth` | — | none | Authentication object (see below) |
+| `response.data_path` | — | full body | Dot path into the JSON response to extract |
+| `response.collect_as_array` | — | `false` | Force multi-page results into a JSON array |
+| `pagination.strategy` | — | `"none"` | `"none"`, `"offset"`, `"cursor"`, `"link_header"` |
+| `pagination.max_pages` | — | `1` | Maximum pages to fetch |
+
+### Authentication
+
+```toml
+# Bearer token
+[nodes.params.auth]
+type  = "bearer"
+token = "${env:API_TOKEN}"
+
+# HTTP Basic
+[nodes.params.auth]
+type     = "basic"
+username = "${env:API_USER}"
+password = "${env:API_PASS}"
+
+# API key in header
+[nodes.params.auth]
+type   = "api_key_header"
+header = "X-Api-Key"
+key    = "${env:API_KEY}"
+
+# API key in query string
+[nodes.params.auth]
+type  = "api_key_query"
+param = "api_key"
+key   = "${env:API_KEY}"
+```
+
+### Pagination strategies
+
+| Strategy | How it works | Best for |
+|---|---|---|
+| `"none"` | Single request | Simple endpoints |
+| `"offset"` | Increments `page_param` from `start_page` | REST APIs with `?page=N` |
+| `"cursor"` | Extracts next cursor from `cursor_field` (dot path), sends as `cursor_param` | GraphQL-REST hybrids, Stripe-style |
+| `"link_header"` | Follows RFC 8288 `Link: <url>; rel="next"` | GitHub API, GitLab API |
+
+#### Offset example
+
+```toml
+[nodes.params.pagination]
+strategy        = "offset"
+page_param      = "page"
+page_size_param = "per_page"
+page_size       = 100
+start_page      = 1
+max_pages       = 20
+```
+
+#### Cursor example
+
+```toml
+[nodes.params.pagination]
+strategy     = "cursor"
+cursor_param = "after"
+cursor_field = "meta.next_cursor"
+max_pages    = 50
+```
+
+### Output
+
+`ServiceOutput.data` — pretty-printed JSON string of the extracted data.
+
+`ServiceOutput.metadata`:
+
+```json
+{
+  "url":        "https://...",
+  "page_count": 3
+}
+```
+
+---
+
 ## Browser Adapter
 
 Delegates to `stygian-browser` for JavaScript-rendered pages. Requires the `browser`
@@ -260,3 +390,104 @@ let service = GraphQlService::new(GraphQlConfig::default(), Some(Arc::new(regist
 
 See the [GraphQL Plugins](./graphql-plugins.md) page for the full builder reference,
 `AuthPort` implementation guide, proactive cost throttling, and custom plugin examples.
+
+---
+
+## Cloudflare Browser Rendering adapter
+
+Submits a multi-page crawl job to the [Cloudflare Browser Rendering API](https://developers.cloudflare.com/browser-rendering/),
+polls until it completes, and returns the aggregated content. All page rendering is done
+inside Cloudflare's infrastructure — no local Chrome binary needed.
+
+**Feature flag**: `cloudflare-crawl` (not included in `default` or `browser`; add it
+explicitly or use `full`).
+
+### Quick start
+
+```toml
+# Cargo.toml
+[dependencies]
+stygian-graph = { version = "0.1", features = ["cloudflare-crawl"] }
+```
+
+```rust
+use stygian_graph::adapters::cloudflare_crawl::{
+    CloudflareCrawlAdapter, CloudflareCrawlConfig,
+};
+use std::time::Duration;
+
+let adapter = CloudflareCrawlAdapter::with_config(CloudflareCrawlConfig {
+    poll_interval: Duration::from_secs(3),
+    job_timeout:   Duration::from_secs(120),
+    ..Default::default()
+});
+```
+
+**Registered service name**: `"cloudflare-crawl"`
+
+### `ServiceInput.params` contract
+
+All per-request options are passed via `ServiceInput.params`. `account_id` and
+`api_token` are **required**; the rest are optional and forwarded verbatim to the
+Cloudflare API.
+
+| Param key | Required | Default | Description |
+|---|---|---|---|
+| `account_id` | ✅ | — | Cloudflare account ID |
+| `api_token` | ✅ | — | Cloudflare API token with Browser Rendering permission |
+| `output_format` | — | `"markdown"` | `"markdown"`, `"html"`, or `"raw"` |
+| `max_depth` | — | API default | Maximum crawl depth from the seed URL |
+| `max_pages` | — | API default | Maximum pages to crawl |
+| `url_pattern` | — | API default | Regex or glob restricting which URLs are followed |
+| `modified_since` | — | API default | ISO-8601 timestamp; skip pages not modified since |
+| `max_age_seconds` | — | API default | Skip cached pages older than this many seconds |
+| `static_mode` | — | `false` | Set `"true"` to skip JS execution (faster, static HTML only) |
+
+### Config fields
+
+| Field | Default | Description |
+|---|---|---|
+| `poll_interval` | 2 s | How often to poll for job completion |
+| `job_timeout` | 5 min | Hard timeout per crawl job; returns `ServiceError::Timeout` if exceeded |
+
+### Output
+
+`ServiceOutput.data` contains the page content of all crawled pages joined by newlines.
+`ServiceOutput.metadata` is a JSON object:
+
+```json
+{
+  "job_id":    "some-uuid",
+  "pages":     12,
+  "url_count": 12
+}
+```
+
+### TOML pipeline usage
+
+```toml
+[[nodes]]
+id     = "crawl"
+type   = "scrape"
+target = "https://docs.example.com"
+
+  [nodes.params]
+  account_id    = "${env:CF_ACCOUNT_ID}"
+  api_token     = "${env:CF_API_TOKEN}"
+  output_format = "markdown"
+  max_depth     = "3"
+  max_pages     = "50"
+  url_pattern   = "https://docs.example.com/**"
+
+  [nodes.service]
+  name = "cloudflare-crawl"
+```
+
+### Error mapping
+
+| Condition | `StygianError` variant |
+|---|---|
+| Missing `account_id` or `api_token` | `ServiceError::Unavailable` |
+| Cloudflare API non-2xx | `ServiceError::Unavailable` (with CF error code) |
+| Job still pending after `job_timeout` | `ServiceError::Timeout` |
+| Unexpected response shape | `ServiceError::InvalidResponse` |