Built a local PDF security toolkit where Rust handles the CLI and
process orchestration, Python does the heavy PDF parsing (pypdf,
pdfminer, tesseract), and Zig handles the crypto layer (AES-256,
byte-level watermark injection).
The architecture: Rust CLI → Python subprocess → Zig binary.
Rust's role is intentionally narrow — argument parsing, subprocess
management, error boundaries, colored terminal output via colored
and clap. find_root() walks up the directory tree to locate
core/detect.py so the binary works from anywhere.
Interesting design decision: rather than PyO3 bindings, I used
subprocess calls. Tradeoff was simpler build (no binding complexity)
vs. overhead per command. For a CLI tool where each invocation is
a single command, subprocess is fine.