diff --git a/.github/agents/cargo-vet-auditor.agent.md b/.github/agents/cargo-vet-auditor.agent.md index 800c5b991..5b4a7eae9 100644 --- a/.github/agents/cargo-vet-auditor.agent.md +++ b/.github/agents/cargo-vet-auditor.agent.md @@ -86,10 +86,49 @@ For every crate you review, systematically check ALL of the following: ## How to Review +### Non-Interactive Execution + +**CRITICAL:** All `cargo vet` commands must run non-interactively: + +- **`diff` / `inspect`:** Always set the pager to a non-interactive command to + prevent the pager from waiting for input. Use `$env:PAGER='more.com';` + (PowerShell) or `PAGER=cat` (POSIX) before the command. +- **`certify`:** Always pass `--accept-all` along with `--criteria`, `--who`, + and `--notes` to skip all interactive prompts. + +Never run a `cargo vet` command that could block waiting for terminal input. + +### Exemptions Are a Last Resort + +Do **not** recommend adding `[[exemptions]]` entries without good reason. +Each exemption bypasses the audit process entirely and requires explicit manual +confirmation from the user. Always prefer performing a full or delta audit over +exempting a crate. If an exemption is truly necessary (e.g., the crate is only +needed at `safe-to-run` level for dev tooling, or an import source removal +requires temporary coverage), flag it clearly and let the user decide. + +Every exemption **must** include a `notes` field explaining why the exemption +exists and under what conditions it can be removed. + +### Duplicate-Audit Guardrail + +Before recommending or running certification, check whether an identical +`[[audits.]]` entry (same who/criteria/version-or-delta/notes) already +exists in `supply-chain/audits.toml`. + +If an identical entry already exists: + +- Do not recommend re-certifying with the same data +- Report that the crate is already certified with identical audit content +- If duplicates already exist, explicitly recommend deduplicating by keeping one + copy and removing the rest + +Rationale: retried `cargo vet certify` commands can append duplicate blocks. + ### For Delta Audits Use `PAGER=cat cargo vet diff CRATE FROM TO` (POSIX) or -`$env:PAGER='cat'; cargo vet diff CRATE FROM TO` (PowerShell) to view the diff. +`$env:PAGER='more.com'; cargo vet diff CRATE FROM TO` (PowerShell) to view the diff. Focus on: 1. New `unsafe` blocks or modifications to existing ones @@ -101,7 +140,7 @@ Focus on: ### For Full Version Audits Use `PAGER=cat cargo vet inspect CRATE VERSION` (POSIX) or -`$env:PAGER='cat'; cargo vet inspect CRATE VERSION` (PowerShell) to view source. +`$env:PAGER='more.com'; cargo vet inspect CRATE VERSION` (PowerShell) to view source. Focus on: 1. All `unsafe` code (search for `unsafe`) diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index bfc766f36..27556de9e 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -177,6 +177,25 @@ Follow the [standard Git commit message conventions](https://tbaggery.com/2008/0 - Wrap body text at 72 characters - Use the body to explain *what* and *why*, not *how* +### AI Attribution + +Every commit that includes AI-generated or AI-assisted work **must** contain an `Assisted-by` trailer in the commit message: + +``` +Assisted-by: AGENT_NAME:MODEL_VERSION [TOOL1] [TOOL2] +``` + +Where: + +- `AGENT_NAME` is the name of the AI tool or framework (e.g., `GitHub Copilot`) +- `MODEL_VERSION` is the specific model version used (e.g., `claude-opus-4.6`) +- `[TOOL1] [TOOL2]` are optional specialized analysis tools used (e.g., `coccinelle`, `sparse`, `smatch`, `clang-tidy`) + +Basic development tools (git, cargo, editors) should not be listed. + +AI agents **must** verify their own identity (agent name and model version) before composing the `Assisted-by` trailer — do not assume or hard-code a model name from a previous session. + +AI agents **MUST NOT** add `Signed-off-by` tags. Only humans can certify the Developer Certificate of Origin. ## Rust PR Review Instructions CI overview: diff --git a/.github/skills/cargo-vet-audit/SKILL.md b/.github/skills/cargo-vet-audit/SKILL.md index 6ac54a1ef..587c3f1c4 100644 --- a/.github/skills/cargo-vet-audit/SKILL.md +++ b/.github/skills/cargo-vet-audit/SKILL.md @@ -60,6 +60,29 @@ Confidence scoring rubric: ## Step 5: Certify +### Exemptions Are a Last Resort + +Do **not** add `[[exemptions]]` entries without explicit user confirmation. +Each exemption bypasses the audit process entirely and must be justified. +Valid reasons include: + +- The crate is only needed for `safe-to-run` (test/dev tooling) and a full + audit is disproportionate +- An upstream import source was removed and the crate needs temporary coverage + while a first-party audit is scheduled +- The user explicitly requests an exemption after reviewing the trade-offs + +Always prefer auditing (full or delta) over exempting. When an exemption is +unavoidable, present it to the user for manual approval before adding it. + +Every exemption **must** include a `--notes` explaining why the exemption exists +and under what conditions it can be removed: + +```shell +cargo vet add-exemption CRATE VERSION --criteria CRITERIA \ + --notes "Reason for exemption; plan for resolution" +``` + For each crate that passes (confidence ≥ 70), run: ```shell @@ -104,9 +127,24 @@ the human reviewer, never the AI agent. ## Step 6: Verify and Clean Up -1. Run `cargo vet` again to confirm everything passes -2. Run `cargo vet prune` to remove stale exemptions -3. Run `cargo vet` one final time to confirm clean state +Before final verification, detect and remove identical duplicate `[[audits.*]]` +entries that may have been appended by retried `cargo vet certify` commands. + +Duplicate-check workflow: + +1. Scan `supply-chain/audits.toml` for byte-for-byte identical audit blocks +2. If duplicates exist, keep one copy (usually the first) and remove the rest +3. Re-run `cargo vet` after deduplication to ensure state is still valid + +To detect duplicates, scan `supply-chain/audits.toml` for repeated blocks +with identical crate name, who, criteria, version/delta, and notes fields. +Remove any duplicates before proceeding. + +Then run the normal cleanup sequence: + +4. Run `cargo vet` again to confirm everything passes +5. Run `cargo vet prune` to remove stale exemptions +6. Run `cargo vet` one final time to confirm clean state ## Reviewing Import Sources diff --git a/Cargo.lock b/Cargo.lock index 89bd9182b..c5a132516 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -341,7 +341,7 @@ dependencies = [ "env_logger", "fw-update-interface", "fw-update-interface-mocks", - "heapless 0.8.0", + "heapless 0.9.2", "log", "static_cell", "tokio", @@ -1610,7 +1610,7 @@ dependencies = [ "embedded-batteries-async", "embedded-services", "env_logger", - "heapless 0.8.0", + "heapless 0.9.2", "log", "power-policy-interface", "tokio", @@ -1983,7 +1983,7 @@ dependencies = [ "embedded-fans-async", "embedded-sensors-hal-async", "embedded-services", - "heapless 0.8.0", + "heapless 0.9.2", "log", "odp-service-common", "thermal-service-interface", @@ -2262,7 +2262,7 @@ dependencies = [ "defmt 0.3.100", "embedded-services", "embedded-usb-pd", - "heapless 0.8.0", + "heapless 0.9.2", "log", "power-policy-interface", ] @@ -2281,7 +2281,7 @@ dependencies = [ "embedded-services", "embedded-usb-pd", "fw-update-interface", - "heapless 0.8.0", + "heapless 0.9.2", "log", "power-policy-interface", "tokio", diff --git a/Cargo.toml b/Cargo.toml index 7073ed90d..2228fbbb0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -61,7 +61,6 @@ unwrap_used = "deny" [workspace.dependencies] odp-service-common = { path = "./odp-service-common" } -heapless = "0.8.*" aligned = "0.4" anyhow = "1.0" battery-service-interface = { path = "./battery-service-interface" } @@ -84,8 +83,8 @@ embedded-mcu-hal = "0.2.0" embassy-futures = "0.1.2" embassy-imxrt = { git = "https://github.com/OpenDevicePartnership/embassy-imxrt" } embassy-sync = "0.8" -embassy-time = "0.5.0" -embassy-time-driver = "0.2.1" +embassy-time = "0.5.1" +embassy-time-driver = "0.2.2" embedded-batteries-async = "0.3" embedded-cfu-protocol = { git = "https://github.com/OpenDevicePartnership/embedded-cfu" } embedded-hal = "1.0" @@ -102,6 +101,7 @@ power-policy-interface = { path = "./power-policy-interface" } paste = "1.0.15" power-policy-service = { path = "./power-policy-service" } fixed = "1.23.1" +heapless = "0.9.2" log = "0.4" proc-macro2 = "1.0" quote = "1.0" diff --git a/LICENSE b/LICENSE index 609bd42da..6d14cbb42 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2025 Open Device Partnership +Copyright (c) Open Device Partnership and Contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/examples/pico-de-gallo/Cargo.lock b/examples/pico-de-gallo/Cargo.lock index 375ba9bb9..205594855 100644 --- a/examples/pico-de-gallo/Cargo.lock +++ b/examples/pico-de-gallo/Cargo.lock @@ -427,9 +427,9 @@ dependencies = [ [[package]] name = "embassy-time" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4fa65b9284d974dad7a23bb72835c4ec85c0b540d86af7fc4098c88cff51d65" +checksum = "592b0c143ec626e821d4d90da51a2bd91d559d6c442b7c74a47d368c9e23d97a" dependencies = [ "cfg-if", "critical-section", @@ -445,9 +445,9 @@ dependencies = [ [[package]] name = "embassy-time-driver" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0a244c7dc22c8d0289379c8d8830cae06bb93d8f990194d0de5efb3b5ae7ba6" +checksum = "6ee71af1b3a0deaa53eaf2d39252f83504c853646e472400b763060389b9fcc9" dependencies = [ "document-features", ] diff --git a/examples/rt685s-evk/Cargo.lock b/examples/rt685s-evk/Cargo.lock index 2ed81527c..39141ce73 100644 --- a/examples/rt685s-evk/Cargo.lock +++ b/examples/rt685s-evk/Cargo.lock @@ -173,7 +173,7 @@ dependencies = [ "embedded-cfu-protocol", "embedded-services", "fw-update-interface", - "heapless 0.8.0", + "heapless 0.9.2", ] [[package]] @@ -1104,7 +1104,7 @@ dependencies = [ "embassy-sync", "embassy-time", "embedded-services", - "heapless 0.8.0", + "heapless 0.9.2", "power-policy-interface", ] @@ -1512,7 +1512,7 @@ dependencies = [ "defmt 0.3.100", "embedded-services", "embedded-usb-pd", - "heapless 0.8.0", + "heapless 0.9.2", "power-policy-interface", ] @@ -1530,7 +1530,7 @@ dependencies = [ "embedded-services", "embedded-usb-pd", "fw-update-interface", - "heapless 0.8.0", + "heapless 0.9.2", "power-policy-interface", "tps6699x", "type-c-interface", diff --git a/examples/rt685s-evk/Cargo.toml b/examples/rt685s-evk/Cargo.toml index 6ebe240a8..9ef0a4995 100644 --- a/examples/rt685s-evk/Cargo.toml +++ b/examples/rt685s-evk/Cargo.toml @@ -42,7 +42,7 @@ embassy-executor = { version = "0.10.0", features = [ "defmt", ] } embassy-futures = "0.1.2" -embassy-time = { version = "0.5.0", features = [ +embassy-time = { version = "0.5.1", features = [ "defmt", "defmt-timestamp-uptime", ] } diff --git a/examples/std/Cargo.lock b/examples/std/Cargo.lock index 9d833a99b..b48fb08c4 100644 --- a/examples/std/Cargo.lock +++ b/examples/std/Cargo.lock @@ -238,7 +238,7 @@ dependencies = [ "embedded-cfu-protocol", "embedded-services", "fw-update-interface", - "heapless 0.8.0", + "heapless 0.9.2", "log", ] @@ -1071,7 +1071,7 @@ dependencies = [ "embassy-sync", "embassy-time", "embedded-services", - "heapless 0.8.0", + "heapless 0.9.2", "log", "power-policy-interface", ] @@ -1341,7 +1341,7 @@ dependencies = [ "embedded-fans-async", "embedded-sensors-hal-async", "embedded-services", - "heapless 0.8.0", + "heapless 0.9.2", "log", "odp-service-common", "thermal-service-interface", @@ -1472,7 +1472,7 @@ dependencies = [ "bitfield 0.17.0", "embedded-services", "embedded-usb-pd", - "heapless 0.8.0", + "heapless 0.9.2", "log", "power-policy-interface", ] @@ -1490,7 +1490,7 @@ dependencies = [ "embedded-services", "embedded-usb-pd", "fw-update-interface", - "heapless 0.8.0", + "heapless 0.9.2", "log", "power-policy-interface", "tps6699x", diff --git a/examples/std/Cargo.toml b/examples/std/Cargo.toml index a1b11088e..d9cee8293 100644 --- a/examples/std/Cargo.toml +++ b/examples/std/Cargo.toml @@ -15,8 +15,8 @@ ignored = ["critical-section"] workspace = true [dependencies] -embassy-sync = { version = "0.8.0", features = ["log", "std"] } -embassy-time = { version = "0.5.0", features = ["log", "std"] } +embassy-sync = { version = "0.8", features = ["log", "std"] } +embassy-time = { version = "0.5.1", features = ["log", "std"] } embassy-executor = { version = "0.10.0", features = [ "platform-std", "executor-thread", diff --git a/power-policy-service/src/service/mod.rs b/power-policy-service/src/service/mod.rs index 701808347..00fb327fa 100644 --- a/power-policy-service/src/service/mod.rs +++ b/power-policy-service/src/service/mod.rs @@ -37,7 +37,7 @@ where /// System unconstrained power unconstrained: UnconstrainedState, /// Connected providers - connected_providers: heapless::FnvIndexSet, + connected_providers: heapless::index_set::FnvIndexSet, } impl Default for InternalState<'_, PSU> @@ -49,7 +49,7 @@ where current_consumer_state: None, current_provider_state: provider::State::default(), unconstrained: UnconstrainedState::default(), - connected_providers: heapless::FnvIndexSet::new(), + connected_providers: heapless::index_set::FnvIndexSet::new(), } } } diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 0c001d01d..8fa3b8413 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -6,6 +6,12 @@ who = "Robert Zieba " criteria = "safe-to-run" version = "0.24.2" +[[audits.ahash]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.8.12" +notes = "All unsafe is SIMD intrinsics (AES-NI, SSE2, SSSE3, ARM NEON) with correct cfg guards. zerocopy::transmute! for type conversions. Build script only checks target arch and compiler features. No I/O, no proc macros. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.aligned]] who = "jerrysxie " criteria = "safe-to-deploy" @@ -51,22 +57,100 @@ who = "Douglas Cheah " criteria = "safe-to-run" version = "1.1.0" +[[audits.autocfg]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +notes = "No unsafe, no build.rs, no network access; delta adds edition-aware rustc probing and best-effort probe-file cleanup only. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet" + +[[audits.az]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.2.1" +notes = "No unsafe code. no_std library with only safe numeric cast traits. Build script probes for track_caller via rustc in OUT_DIR only. No network, no ambient capabilities. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.backtrace]] who = "Robert Zieba " criteria = "safe-to-run" version = "0.3.75" +[[audits.bbq2]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.4.2" +notes = "no_std SPSC bip-buffer queue. Non-trivial unsafe for lock-free coordination and pointer arithmetic, all reviewed and sound. No build script, no proc macros, no I/O. Has Miri CI. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + +[[audits.bincode]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "2.0.1" +notes = "no_std binary serialization library. ~15 unsafe blocks for u8 type-specialization guarded by unty::type_equal and MaybeUninit patterns. No build script, no proc macros. std imports only for Encode/Decode trait impls. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.bincode_derive]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "2.0.1" +notes = "Proc-macro derive for bincode Encode/Decode. No unsafe, no build script, no I/O. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.bitfield]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.13.2 -> 0.15.0" +notes = "Delta audit: BitRange/Bit traits split into read-only and mutable variants (BitRangeMut/BitMut); added mask constant generation; clippy fixes; MSRV bump. No unsafe, no build script, no proc macros, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.bitfield]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.15.0 -> 0.17.0" +notes = "Delta: adds bitwise op derives, constructor derives, arbitrary visibility. Pure declarative macros. No unsafe, no build script. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.bitfield]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.15.0 -> 0.19.2" +notes = "Delta: refactored to proc macros in bitfield-macros, added BitAnd/BitOr/BitXor, signed types, bool arrays. No unsafe. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.bitfield-macros]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.19.2" +notes = "Proc-macro generating bitfield getters/setters/masks. No unsafe, no build script, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.bitfield-struct]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.10.1" +notes = "Proc-macro crate generating safe bitfield structs. No unsafe, no build script. Standard proc-macro deps only. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.bitfield-struct]] who = "matteotullo " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.12.1" notes = "Adds hash and bitenum derives, mostly parsing and refactoring changes. No code execution nor writing to the filesystem." +[[audits.bitvec]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.1" +notes = "Bit-level addressable memory library. Extensive unsafe inherent to sub-byte addressing: BitSpan bit-packs pointer+index+length, BitPtr/BitRef bit-level pointer/proxy types. All Send/Sync bounds mirror std. No build script, no proc macros, no filesystem/network/process access. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.block-device-driver]] who = "jerrysxie " criteria = "safe-to-deploy" version = "0.2.0" +[[audits.bytemuck]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "1.22.0 -> 1.23.2" +notes = "Delta 1.22.0->1.23.2: new ZeroableInOption impls for function pointer types (sound, uses guaranteed niche optimization), core::error::Error impls behind feature flag, safe derive helper module. No new unsafe blocks, no build script, no I/O. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.cfg-if]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "1.0.0 -> 1.0.3" +notes = "Delta 1.0.0->1.0.3: formatting/readability refactor of macro identifiers, removed compiler_builtins dep, updated CI. No unsafe, no build script, no imports. Pure macro_rules crate. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.colorchoice]] who = "Robert Zieba " criteria = "safe-to-run" @@ -92,6 +176,54 @@ who = "Jerry Xie " criteria = "safe-to-deploy" version = "1.0.0" +[[audits.convert_case]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.6.0" +notes = "Pure string case-conversion library. No unsafe code, no build script, no powerful imports. Only dependency is unicode-segmentation. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + +[[audits.cordyceps]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.3.4" +notes = "Intrusive data structures crate (no_std). ~115 unsafe blocks, all necessary for intrusive linked list/queue/stack ops. Correct patterns: addr_of_mut, proper atomic orderings, Vyukov MPSC algorithm. No build script, no proc macros, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.crc]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "3.3.0" +notes = "No unsafe (forbid(unsafe_code)), no build script, no I/O, no_std pure CRC computation. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + +[[audits.crc-catalog]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "2.4.0" +notes = "Pure no_std data-only crate. No unsafe, no build script, no dependencies, no I/O. Contains only const CRC algorithm parameter structs. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.crunchy]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.2.3 -> 0.2.4" +notes = "Tiny diff to use newer core/std features via build.rs env var for path separator; no safety impact. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet" + +[[audits.dd-manifest-tree]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.0" +notes = "No unsafe code, no build script, no proc macros, no powerful imports. Pure trait abstraction unifying JSON/YAML/TOML value types. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.defmt]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.3.100" +notes = "Compatibility shim: no_std crate that re-exports defmt 1.x items for 0.3 API compatibility. No unsafe code, no build script, no powerful imports, no logic - pure pub-use re-exports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.device-driver]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.7" +notes = "no_std device driver toolkit. Unsafe limited to ops.rs bitfield load/store using get_unchecked with documented invariants; fuzz-tested against bitvec. No build script, no proc macros, no filesystem/network/process access. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + [[audits.device-driver]] who = "Felipe Balbi " criteria = "safe-to-deploy" @@ -102,6 +234,30 @@ who = "Felipe Balbi " criteria = "safe-to-run" version = "1.0.9" +[[audits.device-driver]] +who = "Adam Sasine " +criteria = "safe-to-deploy" +delta = "1.0.7 -> 1.0.9" +notes = "Fixes compilation bugs for large registers but does not change invariants or testing strategy." + +[[audits.device-driver-generation]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.7" +notes = "Code generation library for device-driver. No unsafe in generator itself; generated code uses unsafe for register bit ops (validated by MIR passes). Spawns rustfmt via std::process::Command. No filesystem/network access. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.device-driver-macros]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.7" +notes = "Proc macro crate; no unsafe code, no build script. Reads manifest files from disk (relative to CARGO_MANIFEST_DIR) as expected for compile-time codegen. All code generation delegated to device-driver-generation. No network, process, or unexpected filesystem access. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.embassy-embedded-hal]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.5.0" +notes = "No unsafe, no build script, no proc macros. no_std shared bus/flash partition utilities for embedded-hal traits. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.embassy-embedded-hal]] who = "Billy Price " criteria = "safe-to-deploy" @@ -117,6 +273,18 @@ who = "Billy Price " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.0" +[[audits.embassy-futures]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.1.2" +notes = "no_std future combinators. All unsafe is pin-projection and no-op RawWaker - reviewed and sound. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.embassy-hal-internal]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.3.0" +notes = "no_std HAL internals. Unsafe in atomic ring buffer (sound SPSC), peripheral singletons, cortex-m interrupt priority. Build script emits cfg flags only. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.embassy-hal-internal]] who = "Billy Price " criteria = "safe-to-deploy" @@ -128,6 +296,12 @@ criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.0" notes = "Rust 2024 edition update with new ring buffer methods (available, is_half_full). All unsafe code is sound HAL pattern usage. Build script unchanged (cfg flags only). No powerful imports." +[[audits.embassy-sync]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.8.0" +notes = "no_std async sync primitives. Substantial unsafe for UnsafeCell-based interiors and Send/Sync impls -- all reviewed and sound, guarded by RawMutex/critical_section. Build script only reads TARGET env var. No proc macros, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.embassy-time]] who = "Billy Price " criteria = "safe-to-deploy" @@ -139,6 +313,12 @@ criteria = "safe-to-deploy" delta = "0.5.0 -> 0.5.1" notes = "Rust 2024 edition update with import reordering. Unsafe pin projection patterns unchanged and sound. No build script. No new security concerns." +[[audits.embassy-time-driver]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.2.1" +notes = "no_std driver trait for embassy-time. Minimal unsafe for extern Rust FFI calls (sound via links key). Empty build.rs. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.embassy-time-driver]] who = "Billy Price " criteria = "safe-to-deploy" @@ -156,6 +336,11 @@ criteria = "safe-to-deploy" delta = "0.5.0 -> 0.6.0" notes = "No unsafe code, no build script, no powerful imports. Added Clone for I2C devices. Updated embassy dependencies (embassy-sync 0.7→0.8, embassy-hal-internal 0.3→0.4, embassy-time 0.5→0.5.1). All changes safe." +[[audits.embassy-time-queue-utils]] +who = "Felipe Balbi " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.2" + [[audits.embedded-batteries]] who = "Felipe Balbi " criteria = "safe-to-deploy" @@ -249,6 +434,42 @@ criteria = "safe-to-deploy" version = "0.2.0" notes = "ODP crates are always trusted." +[[audits.embedded-hal]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.2.7 -> 1.0.0" +notes = "Pure no_std trait crate. Complete API redesign for 1.0: removed nb-based traits, CAN module, all unsafe code. Only defines traits/enums/types for digital, I2C, SPI, PWM, delay. No build script, no proc macros, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.embedded-hal-async]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.0" +notes = "no_std async HAL trait definitions. No unsafe in library. Build script only runs rustc --version. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.embedded-hal-nb]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.0" +notes = "no_std trait-only crate. No unsafe, no build script, no proc macros, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.embedded-io]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.6.1 -> 0.7.1" +notes = "No unsafe, no build script, no I/O. Trait evolution: Error requires core::error::Error (MSRV 1.81), BufRead: Read, Seek gains seek_relative, new VecDeque impls, defmt bumped to v1. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.embedded-io-async]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.6.1" +notes = "No unsafe. Build script only detects nightly via rustc --version. Pure async trait definitions for embedded I/O. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.embedded-io-async]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.6.1 -> 0.7.0" +notes = "Delta 0.6.1->0.7.0: No unsafe. Build script removed (AFIT now stable). flush() made required, BufRead requires Read, new VecDeque impls. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.embedded-mcu-hal]] who = "Jerry Xie " criteria = "safe-to-deploy" @@ -267,6 +488,18 @@ criteria = "safe-to-deploy" version = "0.3.0" notes = "ODP crates are always trusted." +[[audits.embedded-storage]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.3.1" +notes = "Pure no_std storage abstraction traits. deny(unsafe_code), no build script, no dependencies, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.embedded-storage-async]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.4.1" +notes = "Pure no_std async trait definitions for NOR flash storage. No unsafe code, no build script, no powerful imports. Only dependency is embedded-storage. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.env_filter]] who = "Robert Zieba " criteria = "safe-to-run" @@ -277,6 +510,18 @@ who = "Robert Zieba " criteria = "safe-to-run" version = "0.11.8" +[[audits.fixed]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.29.0" +notes = "no_std fixed-point number library. Unsafe limited to: bytemuck Pod/Zeroable impls on repr(transparent) types, NonZero::new_unchecked after proven-nonzero guards, unreachable_unchecked in exhaustive remainder logic. Build script probes compiler features in OUT_DIR. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.funty]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "2.0.0" +notes = "Pure trait definitions over Rust primitives. No unsafe, no build script, no proc macros, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.futures-task]] who = "Jerry Xie " criteria = "safe-to-deploy" @@ -303,6 +548,42 @@ criteria = "safe-to-deploy" delta = "2.5.0 -> 2.6.0" notes = "Big change seems to be a change in the repo URL, but both the old and new URL resolve to the same place so it looks like the author is still in control." +[[audits.hash32]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.3.1" +notes = "no_std 32-bit hashing (FNV, MurmurHash3). ~10 unsafe blocks in murmur3.rs for MaybeUninit buffer handling - all sound. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.hashbrown]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.13.2 -> 0.14.5" +notes = "SwissTable hash map delta. Major changes: allocator refactored out of RawTableInner, new InsertSlot type, NEON SIMD for aarch64, allocator-api2 integration, new HashTable API, strict provenance. Extensive unsafe reviewed for soundness. No build script, no proc macros, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.hashlink]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.7.0" +notes = "Reviewed full source. Extensive unsafe for intrusive doubly-linked list (NonNull, MaybeUninit, union Links, unsafe Send/Sync) -- all gated correctly and follow standard patterns. Passes miri. No build script, no proc macros, no FS/net/process access. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.hashlink]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.7.0 -> 0.9.1" +notes = "Delta audit. Migrates from hashbrown::HashMap+NullHasher to hashbrown::HashTable. Adds no_std support. New CursorMut API, retain_with_order, shrink_to_fit. All unsafe follows pre-existing linked-list pointer patterns with guard node sentinel checks. Send/Sync extended with S bounds. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.heapless]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.8.0" +notes = "no_std fixed-capacity data structures. Extensive unsafe for MaybeUninit buffer management, lock-free queues (Vyukov MPMC, SPSC), and Treiber stack memory pools with ABA prevention. Patterns mirror std or published algorithms. Build script probes for atomic/LLSC support. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.heapless]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.9.2" +notes = "no_std fixed-capacity data structures. Extensive unsafe for MaybeUninit buffers, lock-free queues (Vyukov MPMC, SPSC), Treiber stack pools with ABA prevention (CAS tagged pointers + ARM LLSC). All Send/Sync bounds verified correct. Build script probes for ARM LLSC. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.heck]] who = "Matteo Tullo " criteria = "safe-to-deploy" @@ -328,6 +609,18 @@ who = "jerrysxie " criteria = "safe-to-deploy" version = "2.9.0" +[[audits.indexmap]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "2.9.0 -> 2.11.0" +notes = "Forward delta audit covering serde_core migration, get_key_value_mut API, and Ord bound relaxation. No unsafe, no build script, no I/O. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.io-uring]] +who = "Jerry Xie " +criteria = "safe-to-run" +delta = "0.5.13 -> 0.7.10" +notes = "Delta audit. Linux io_uring bindings. +15 hand-written unsafe (new from_fd, buffer/file registration APIs). SeqCst fence fix improves atomics correctness. Probe refactored to stack allocation. Build script adds cfg checks only. All unsafe for expected syscall/mmap/fd operations. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.is_terminal_polyfill]] who = "Robert Zieba " criteria = "safe-to-run" @@ -364,6 +657,12 @@ who = "Robert Zieba " criteria = "safe-to-run" version = "0.2.20" +[[audits.kdl]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "6.3.4" +notes = "Pure KDL document language parser/formatter. No unsafe code, no build script, no proc macros, no filesystem/network/process access. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.libc]] who = "Robert Zieba " criteria = "safe-to-run" @@ -374,11 +673,23 @@ who = "Robert Zieba " criteria = "safe-to-run" version = "0.2.172" +[[audits.litrs]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.4.1 -> 0.4.2" +notes = "Delta 0.4.1->0.4.2: Bug fixes for non-ASCII byte string escapes, removes CR LF normalization to align with spec, fixes error span for out-of-range Unicode escapes. No unsafe code, no build script, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.log]] who = "Jerry Xie " criteria = "safe-to-deploy" delta = "0.4.27 -> 0.4.28" +[[audits.maitake-sync]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.2.2" +notes = "No-std async sync primitives. Extensive unsafe for Send/Sync impls, UnsafeCell access under locks/atomics, intrusive linked list nodes, spinlocks -- all follow standard patterns. Uses unreachable_unchecked! macro (panics in debug). No build script, no proc macros. Loom-tested. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.matchers]] who = "Jerry Xie " criteria = "safe-to-deploy" @@ -389,6 +700,24 @@ who = "Robert Zieba " criteria = "safe-to-run" version = "2.7.4" +[[audits.miette]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "7.6.0" +notes = "Diagnostic/error reporting library. Substantial unsafe in eyreish/ module (type-erased vtable pattern forked from eyre): repr(C) layout, TypeId-guarded downcasts, ManuallyDrop -- all sound. std::fs used in one opt-in function. No build script, no proc macros. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.miette-derive]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "7.6.0" +notes = "Proc-macro derive for miette::Diagnostic. No unsafe, no build script, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.mimxrt600-fcb]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.2.1" +notes = "Pure no_std data-definition crate for MIMXRT600 flash config blocks. No unsafe, no build script. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.mimxrt633s-pac]] who = "Robert Zieba " criteria = "safe-to-deploy" @@ -414,16 +743,52 @@ who = "Robert Zieba " criteria = "safe-to-run" version = "0.8.8" +[[audits.mio]] +who = "Jerry Xie " +criteria = "safe-to-run" +delta = "1.0.1 -> 1.0.4" +notes = "Delta 1.0.1->1.0.4: I/O safety trait impls, AIX poll(2) support, windows-sys 0.59 pointer fixes. Unsafe Send/Sync for CompletionPort/Inner sound. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.mutex-traits]] who = "Jerry Xie " criteria = "safe-to-deploy" version = "1.0.1" +[[audits.mycelium-bitfield]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.1.5" +notes = "Pure safe no_std bitfield macro crate. No unsafe code, no build script, no proc macros, no dependencies, no powerful imports. Only core:: types used. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + [[audits.nu-ansi-term]] who = "Jerry Xie " criteria = "safe-to-deploy" delta = "0.46.0 -> 0.50.1" +[[audits.num]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.4.0 -> 0.4.3" +notes = "Pure re-export facade crate. Delta is edition bump (2018->2021), MSRV bump (1.31->1.60), and sub-crate version bumps. No unsafe, no build script, no I/O. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.num-bigint]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.4.3 -> 0.4.6" +notes = "Delta 0.4.3->0.4.6: build.rs removed (radix tables now const fn), new x86 inline asm div_wide with safe fallback (sound), new modinv/ConstZero/Euclid/FromBytes APIs, serde OOM mitigation. No fs/net/process access. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + +[[audits.num-complex]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.4.2 -> 0.4.6" +notes = "Delta 0.4.2->0.4.6: edition 2021 upgrade, const ZERO/ONE/I, c32/c64 constructors, rkyv/bytecheck support, powc zero fix, relaxed serde bounds. No new unsafe, no build script, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.num-iter]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.1.43 -> 0.1.45" +notes = "Delta audit: edition upgrade to 2018, MSRV 1.31, build.rs removed, i128 now unconditional, DoubleEndedIterator uses Integer::dec(). No unsafe, no powerful imports, no_std only. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.num_enum]] who = "Matteo Tullo " criteria = "safe-to-deploy" @@ -464,11 +829,29 @@ who = "Robert Zieba " criteria = "safe-to-run" version = "0.36.7" +[[audits.once_cell]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.20.1" +notes = "Single-assignment cells and lazy values. All unsafe reviewed: UnsafeCell access, Send/Sync impls, atomic waiter queue, strict provenance polyfill - all sound with correct bounds. No build script, no proc macros, no powerful imports beyond std::thread/atomic. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + [[audits.once_cell_polyfill]] who = "Robert Zieba " criteria = "safe-to-run" version = "1.70.2" +[[audits.pin-project]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.1.10" +notes = "no_std pin-projection helper. Re-exports proc macros from pin-project-internal. Minimal unsafe in __private module (drop guards, UnsafeUnpin forwarding) -- all sound with SAFETY comments. No build script, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.pin-project-internal]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.1.10" +notes = "Proc-macro for pin projection. forbid(unsafe_code) in macro itself. Generated unsafe is sound pin projection (Pin::new_unchecked, get_unchecked_mut) with compile-time safety enforced via trait tricks. No build script, no I/O. Deps: proc-macro2, quote, syn only. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + [[audits.portable-atomic]] who = "Robert Zieba " criteria = "safe-to-deploy" @@ -494,6 +877,12 @@ who = "Jerry Xie " criteria = "safe-to-deploy" version = "1.0.4" +[[audits.radium]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.5.3 -> 0.7.0" +notes = "No unsafe, no proc macros. Build script reads TARGET env only. Delta adds if_atomic! macro, fetch_update method. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.rand_core]] who = "Billy Price " criteria = "safe-to-deploy" @@ -546,6 +935,18 @@ who = "jerrysxie " criteria = "safe-to-deploy" version = "0.6.8" +[[audits.serde_spanned]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.6.8 -> 0.6.9" +notes = "Trivial delta: metadata, lint config, and doc formatting only. No functional code changes, no unsafe, no build script, no I/O. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.slab]] +who = "Jerry Xie " +criteria = "safe-to-run" +delta = "0.4.8 -> 0.4.11" +notes = "Delta 0.4.8->0.4.11: new get_disjoint_mut uses unsafe (MaybeUninit + raw ptrs) with sound bounds/overlap checks. build.rs removed. No powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.smbus-pec]] who = "Matteo Tullo " criteria = "safe-to-deploy" @@ -566,11 +967,29 @@ who = "Matteo Tullo " criteria = "safe-to-deploy" version = "1.1.2" +[[audits.tap]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.1" +notes = "No unsafe, no build.rs, no ambient I/O/process/network capabilities; behavior matches no_std tap/pipe/conv utility traits. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet" + +[[audits.thread_local]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "1.1.4 -> 1.1.9" +notes = "No build script, no FS/net/process capability expansion; unsafe refactor to lock-free insertion and nightly TLS path appears sound on review. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet" + [[audits.tokio]] who = "Robert Zieba " criteria = "safe-to-run" version = "1.45.0" +[[audits.tokio]] +who = "Jerry Xie " +criteria = "safe-to-run" +delta = "1.45.0 -> 1.47.1" +notes = "Delta audit. New SetOnce sync primitive, OwnedNotified, spawn location tracking (tokio_unstable), experimental io_uring behind cfg gate, block_in_place hardening. All new unsafe follows existing patterns with safety comments. No build script, no proc macros. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.tokio-macros]] who = "Robert Zieba " criteria = "safe-to-run" @@ -581,16 +1000,34 @@ who = "jerrysxie " criteria = "safe-to-deploy" version = "0.8.22" +[[audits.toml]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.8.22 -> 0.8.23" +notes = "Delta: adds TupleVariant/StructVariant serialization support. All new code is thin wrappers delegating to toml_edit. No unsafe (forbid(unsafe_code)), no build script, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.toml_datetime]] who = "jerrysxie " criteria = "safe-to-deploy" version = "0.6.9" +[[audits.toml_datetime]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.6.9 -> 0.6.11" +notes = "Delta 0.6.9->0.6.11: parser refactored from char-by-char to lexer-based tokenizer with improved error messages; no unsafe (forbid(unsafe_code)), no build script, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.toml_edit]] who = "jerrysxie " criteria = "safe-to-deploy" version = "0.22.26" +[[audits.toml_edit]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.22.26 -> 0.22.27" +notes = "Delta: no changes to unsafe code (all pre-existing from_utf8_unchecked on ASCII-validated buffers). Visibility reductions on parser internals, serializer refactoring, new consuming accessors. No build script, no proc macros, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.tracing-attributes]] who = "Jerry Xie " criteria = "safe-to-deploy" @@ -606,11 +1043,23 @@ who = "Jerry Xie " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.2.0" +[[audits.typenum]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.18.0" +notes = "Pure no_std type-level numbers crate. forbid(unsafe_code) -- zero unsafe anywhere. Build script only writes generated test code to OUT_DIR. No proc macros, no FFI, no network/filesystem/process access in library. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.ufmt-write]] who = "Jerry Xie " criteria = "safe-to-deploy" version = "0.1.0" +[[audits.unty]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.0.4" +notes = "Tiny no_std crate (1 file, ~120 LOC, zero deps). Two unsafe blocks: transmute_copy guarded by TypeId check in unty(), and a dtolnay-pattern transmute in non_static_type_id(). Both documented; no build script, no powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.usb-device]] who = "Jerry Xie " criteria = "safe-to-deploy" @@ -621,6 +1070,30 @@ who = "Jerry Xie " criteria = "safe-to-deploy" version = "1.17.0" +[[audits.valuable]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.1.1" +notes = "No unsafe code; build.rs only sets target atomic cfg via env; no fs/net/process capability use observed; behavior matches value-inspection purpose. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet" + +[[audits.version_check]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.9.4 -> 0.9.5" +notes = "Delta 0.9.4->0.9.5: documentation-only changes (added feature detection guidance, doc cross-references) and Cargo.toml normalization. No code changes, no unsafe, no new imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.virtue]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.0.18" +notes = "Proc-macro derive helper library. No unsafe code, no build script. Uses std::fs/std::env only in opt-in export_to_file() debug helper scoped to target/ dir. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.wasi]] +who = "Jerry Xie " +criteria = "safe-to-run" +version = "0.11.1+wasi-snapshot-preview1" +notes = "Auto-generated WASI snapshot-preview1 bindings from Bytecode Alliance. no_std, no build script, zero runtime deps. Unsafe limited to FFI wrappers for WASI host calls and unreachable_unchecked in exhaustive enum match arms. Assisted-by: copilot-chat:claude-opus-4.6 cargo-vet" + [[audits.windows-targets]] who = "Robert Zieba " criteria = "safe-to-run" @@ -671,11 +1144,35 @@ who = "Robert Zieba " criteria = "safe-to-run" version = "0.52.6" +[[audits.winnow]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.6.24" +notes = "Direct audit of 0.6.24. Contains fewer unsafe stream APIs than 0.7.10. Retains 4 sound unsafe blocks: 2 repr(transparent) transmutes, 2 from_utf8_unchecked on ASCII-only bytes. No build script, no proc macros. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.winnow]] who = "jerrysxie " criteria = "safe-to-deploy" version = "0.7.10" +[[audits.winnow]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +delta = "0.7.10 -> 0.7.13" +notes = "Delta adds Accumulate impls (Cow str, String, VecDeque), fixes macro PartialEq/PartialOrd, optimizes str::next_token, adds tests, improves docs. No unsafe changes, no build script, no new powerful imports. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.wyz]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.5.1" +notes = "Pointer abstraction unsafe in comu.rs delegates to std NonNull ops. wm.rs Send/Sync behind Mutex/RwLock (std+garbage only). Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + +[[audits.yaml-rust2]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "0.9.0" +notes = "Pure YAML parser, no unsafe, no build script, no proc macros. Reviewed version 0.9.0 directly; differences from 0.10.x are minor: hashlink dep range, MSRV, emitter quoting list, scanner reserve(), float parsing guard. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet" + [[audits.zerocopy]] who = "Matteo Tullo " criteria = "safe-to-deploy" @@ -740,6 +1237,12 @@ user-id = 189 # Andrew Gallant (BurntSushi) start = "2019-02-25" end = "2026-09-03" +[[trusted.rustc-demangle]] +criteria = "safe-to-deploy" +user-id = 55123 # rust-lang-owner +start = "2023-03-23" +end = "2027-04-17" + [[trusted.rustversion]] criteria = "safe-to-deploy" user-id = 3618 # David Tolnay (dtolnay) diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 322196ff7..0fc50148b 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -62,6 +62,12 @@ user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" +[[publisher.rustc-demangle]] +version = "0.1.26" +when = "2025-07-27" +user-id = 55123 +user-login = "rust-lang-owner" + [[publisher.rustversion]] version = "1.0.22" when = "2025-08-08" @@ -887,6 +893,23 @@ who = "Pat Hickey " criteria = "safe-to-deploy" delta = "0.3.28 -> 0.3.31" +[[audits.bytecode-alliance.audits.hashbrown]] +who = "Chris Fallin " +criteria = "safe-to-deploy" +delta = "0.12.3 -> 0.13.1" +notes = "The diff looks plausible. Much of it is low-level memory-layout code and I can't be 100% certain without a deeper dive into the implementation logic, but nothing looks actively malicious." + +[[audits.bytecode-alliance.audits.hashbrown]] +who = "Trevor Elliott " +criteria = "safe-to-deploy" +delta = "0.13.1 -> 0.13.2" +notes = "I read through the diff between v0.13.1 and v0.13.2, and verified that the changes made matched up with the changelog entries. There were very few changes between these two releases, and it was easy to verify what they did." + +[[audits.bytecode-alliance.audits.hashbrown]] +who = "Chris Fallin " +criteria = "safe-to-deploy" +delta = "0.14.5 -> 0.15.2" + [[audits.bytecode-alliance.audits.itertools]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" @@ -1204,12 +1227,73 @@ delta = "0.3.1 -> 0.3.2" notes = "Still no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.indexmap]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "2.7.1" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'` +and there were no hits. + +There is a little bit of `unsafe` Rust code - the audit can be found at +https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2 +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.indexmap]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "2.7.1 -> 2.8.0" +notes = """ +No `unsafe` introduced or affected in: +* `indexmap_with_default!` and `indexset_with_default!` macros +* New `PartialEq` implementations +* `fn slice_eq` in `util.rs` +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.io-uring]] who = "George Burgess IV " criteria = "safe-to-run" version = "0.5.13" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.itoa]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.10" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are a few places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5350697. + +Version 1.0.1 of this crate has been added to Chromium in +https://crrev.com/c/3321896. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.itoa]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.10 -> 1.0.11" +notes = """ +Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: + +* Bumping up the version +* A touch up of comments +* And my own PR to make `unsafe` blocks more granular: + https://github.com/dtolnay/itoa/pull/42 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.itoa]] +who = "Daniel Cheng " +criteria = "safe-to-deploy" +delta = "1.0.14 -> 1.0.15" +notes = "Only minor rustdoc changes." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.lazy_static]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -1267,6 +1351,26 @@ criteria = "safe-to-deploy" delta = "1.0.0 -> 1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.num-integer]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "0.1.46" +notes = "Contains no unsafe" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.num-iter]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.1.43" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.num-rational]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "0.4.2" +notes = "Contains no unsafe" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.num-traits]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -1773,3 +1877,9 @@ who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.2.1 -> 0.2.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.yaml-rust2]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +version = "0.10.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" diff --git a/type-c-service/src/service/ucsi.rs b/type-c-service/src/service/ucsi.rs index ce34a84d4..7f9d25876 100644 --- a/type-c-service/src/service/ucsi.rs +++ b/type-c-service/src/service/ucsi.rs @@ -40,7 +40,7 @@ pub(super) struct State { /// /// We provide a battery charging status only after the port has negotiated power. /// This prevents the port from temporarily reporting slow or no charging before the contract has finalized. - valid_battery_charging_capability: heapless::FnvIndexSet, + valid_battery_charging_capability: heapless::index_set::FnvIndexSet, /// PSU connected pub(super) psu_connected: bool, }