I've added more detail to the ValidationError.

• ValidationError::source_type field stores the name of the source type
• ValidationError::message stores an error message.
• ValidationError::new::<T>(message) fills in the source_type name based on T and stores the message.
• I've removed PartialEq (you should always pair PartialEq and Eq) as it was only being used for equality comparisons in the integration tests. Using assert_matches! allows you to avoid equality tests as the pattern matching system does not use equality tests.

Some draft:

prae::define! {
    pub Text: String
    adjust |t| *t = t.trim().to_owned()
    ensure |t| !t.is_empty()
}
prae::extend! {
    pub CapitalizedText: Text
    ensure |t| t.chars().nth(0).unwrap().is_uppercase()
}

• add warn unsafe_code lint.

Is there a use-case for having the unsafe functions? The use of unsafe keyword here is stretching it's intended use. Using unsafe is intended to turn off memory safety checks. But prae is using it to mean "turn off data integrity checks"

Current impl adds get and set for the type. Maybe we can add an impl of Deref and DerefMut to allow for easier use of the type if we expect no error.

Also, the original set method could be renamed to try_set to reflect the fact that it could fail.

This branch introduces two errors:

• ConstructionError<G> which will be returned from Guarded::new
• MutationError<G> which will be returned from Guarded::try_mutate

Possible syntax 1:

prae::define! {
    /// This is documentation for the `Username`.
    pub Username: String
    ensure |u| !u.is_empty()
}

Possible syntax 2:

/// This is documentation for the `Username`.
prae::define! {
    pub Username: String
    ensure |u| !u.is_empty()
}

I prefer the second one. The documentation for UsernameGuard must link to the Username.

Instead of doing something like this:

t.try_mutate(|t| *t = "new text".to_owned());

We should be able to do this:

t.set("new text");

• It is idiomatic Rust to return a Result for a fn that can fail with Error.
• This means that any fn written to be a validation fn for a prae::Guarded type will play well with other fns in the Rust ecosystem.

By this I mean the look of generated code. Suppose we have following code:

prae::define! {
    Username: String
    ensure |u| !u.is_empty()
}

The validate method of the generated Guard will look like this:

fn validate(v: &Self::Target) -> Option<&'static str> {
    let f: fn(&Self::Target) -> bool = |u| !u.is_empty();
    if f(v) { None } else { Some("provided value is invalid") }
}

In this particular case, since the body of the closure is an syn::Expr that compiles (meaning it returns bool), we actually can just use it directly:

fn validate(v: &Self::Target) -> Option<&'static str> {
    if !v.is_empty() { None } else { Some("provided value is invalid") }
}

This is tricky, though. In this case we just magically renamed u to v. This is not easy.

The documentation should be improved. Here are some ideas:

• Use cargo-readme to keep the documentation and README in sync (right now they aren't).
• Don't populate root doc with a ton of examples. Move most of the into the documentation of define! macro.
• Add examples to the methods of Guarded.

Add optional features serde, which will add implementations for Serialize and Deserialize for wrappers that wrap types that already implement Serialize and Deserialize. The Deserialize must fail for values that don't hold invariants of the given type.

Not sure if it's possible. It should look something like this:

prae::define! {
    pub NonEmptyVec<T>: Vec<T>;
    ensure |v| !v.is_empty();
}

Example for structs:

define! {
    pub User: struct {
        pub name: String,
    }
    ensure |u| !u.name.is_empty()
}

Example for enums:

define! {
    pub Error: enum {
        WithMessage(String),
        WithoutMessage,
    }
    ensure |e| {
        if let Error::WithMessage(msg) = e {
            !msg.is_empty()
        } else {
            true
        }
    }
}