feat: CPEX Rust config

[terylt]

Summary

Adds config-driven plugin management to the CPEX Rust core. Plugins, policy groups, and routing rules are declared in
a single YAML config. The manager resolves routes at dispatch time based on entity metadata in extensions, with cached
lookups for high-throughput use cases.

Built on top of feat/cpex_rust_core (async invoke, PluginContextTable, OnError::Disable, etc.).

Config parser — Parses a unified YAML format with plugins, policy_groups, and routes sections. Routes match
entities by exact name, name list, glob, or wildcard with specificity-based resolution (exact 1000 > list 500 > glob
300 > wildcard 0). Scope filtering, tag merging (union), and when clauses (carried for APL evaluation) are
supported. Validation at parse time rejects duplicate plugins, unknown plugin refs, and malformed routes.

Factory system — PluginFactory trait maps kind strings to plugin constructors. from_config(yaml, factories)
builds a fully wired PluginManager from YAML. Routes can override plugin config; the factory creates new instances
with merged config.

Route-filtered dispatch — invoke_by_name and invoke::<H> resolve routes via MetaExtension (entity_type,
entity_name, scope, tags) before dispatching. When routing is disabled or meta is absent, all registered plugins fire.

Route cache — RwLock<HashMap<RouteCacheKey, Arc<Vec<HookEntry>>>> with hashbrown raw_entry for zero-allocation
cache hits and Arc for zero-copy reads. Keyed by (entity_type, entity_name, hook_name, scope).
clear_route_cache() for config reload.

MetaExtension — Added to Extensions with entity_type, entity_name, tags, scope, and properties. Used by the
routing system to identify which entity a hook invocation targets.

Closes: #16

Changes

• config.rs — Unified YAML config parser with plugins, policy groups, routes, specificity-based resolution, scope
  matching, tag merging, and validation
  • factory.rs — PluginFactory trait and PluginFactoryRegistry for config-driven plugin instantiation
  • manager.rs — from_config/load_config, route-filtered dispatch, hashbrown route cache with Arc zero-copy
    reads, override instances with merged config, clear_route_cache
  • hooks/payload.rs — MetaExtension (entity_type, entity_name, tags, scope, properties) on Extensions
  • registry.rs — register_for_names_with_handler for factory path (no HookTypeDef type parameter required)
  • lib.rs — Added factory module
  • Cargo.toml — Added hashbrown dependency

[araujof]

Nice work, @terylt!

Overall,

• Trust model enforcement is consistent: config loader -> manager -> PluginRef -> executor, never from plugin.
• The Arc-based route cache with raw_entry zero-allocation hits is a good optimization.
• Test coverage spans all execution modes, error behaviors, routing resolution, and cache behavior.
• The 5-phase executor design is clean and the phase separation is well-enforced.

A few minor comments, let me know if they are planned in a next PR, or if you want to address them here.

Issues

1. Glob matching is overly simplistic (config.rs)

StringOrList::matches() only handles suffix wildcards (prefix*). Was that intentional?

let prefix = pattern.trim_end_matches('*');
name.starts_with(prefix)

This silently mismatches on interior or leading globs. Either document that only trailing * is supported, or use a glob crate (e.g., glob-match).

2. from_config duplicates load_config logic (manager.rs)

from_config() and load_config() have the same plugin instantiation loop and executor setup, but diverged implementations. Consider having from_config delegate to load_config internally.

3. RwLock::unwrap() will panic on poisoned lock (manager.rs)

If a thread panics while holding the write lock, all subsequent unwrap() calls will panic too, cascading across the system. Since this is a library crate consumed by others, consider using .read().unwrap_or_else(|e| e.into_inner()) (or parking_lot::RwLock which is non-poisoning and already a transitive dep via tokio).

4. find_matching_route returns only the single best route (config.rs)

If two routes have equal specificity for the same entity, the last one in config order wins (due to total > s using strict greater-than). This is deterministic but not documented, and could surprise users. Consider either documenting "first wins on tie" or returning all tied routes.

5. serde_yaml is deprecated (Cargo.toml)

The serde_yaml crate is deprecated in favor of alternatives. Not blocking, but worth noting for future migration planning (e.g., serde_yml or yaml-rust2 + manual serde).

Suggestions (non-blocking)

• create_override_instance silently falls back (manager.rs): when factory creation fails, it logs an error and returns None, causing the base instance to fire with the original config. This could mask misconfigurations. Consider propagating the error or at minimum emitting a warn! with the route context.

• FilteredExtensions is always default() (executor.rs): the TODO is fine for Phase 1, but since meta is needed for route resolution and plugins might want to read it, you could pass through meta in the filtered view now. Currently plugins can't see the meta extension that drives their own dispatch.

• Shutdown in reverse order (manager.rs): the comment says "reverse registration order" but plugin_names() returns insertion order. If you want reverse, call .rev() on the iterator.

[araujof]

LGTM. Fixes to this PR will fold into #45.