OpenDevicePartnership · jerrysxie · May 19, 2026 · Apr 20, 2026 · Apr 21, 2026 · Apr 22, 2026
@@ -86,10 +86,49 @@ For every crate you review, systematically check ALL of the following:
 
 ## How to Review
 
+### Non-Interactive Execution
+
+**CRITICAL:** All `cargo vet` commands must run non-interactively:
+
+- **`diff` / `inspect`:** Always set the pager to a non-interactive command to
+  prevent the pager from waiting for input. Use `$env:PAGER='more.com';`
+  (PowerShell) or `PAGER=cat` (POSIX) before the command.
+- **`certify`:** Always pass `--accept-all` along with `--criteria`, `--who`,
+  and `--notes` to skip all interactive prompts.
+
+Never run a `cargo vet` command that could block waiting for terminal input.
+
+### Exemptions Are a Last Resort
+
+Do **not** recommend adding `[[exemptions]]` entries without good reason.
+Each exemption bypasses the audit process entirely and requires explicit manual
+confirmation from the user. Always prefer performing a full or delta audit over
+exempting a crate. If an exemption is truly necessary (e.g., the crate is only
+needed at `safe-to-run` level for dev tooling, or an import source removal
+requires temporary coverage), flag it clearly and let the user decide.
+
+Every exemption **must** include a `notes` field explaining why the exemption
+exists and under what conditions it can be removed.
+
+### Duplicate-Audit Guardrail
+
+Before recommending or running certification, check whether an identical
+`[[audits.<crate>]]` entry (same who/criteria/version-or-delta/notes) already
+exists in `supply-chain/audits.toml`.
+
+If an identical entry already exists:
+
+- Do not recommend re-certifying with the same data
+- Report that the crate is already certified with identical audit content
+- If duplicates already exist, explicitly recommend deduplicating by keeping one
+  copy and removing the rest
+
+Rationale: retried `cargo vet certify` commands can append duplicate blocks.
+
 ### For Delta Audits
 
 Use `PAGER=cat cargo vet diff CRATE FROM TO` (POSIX) or
-`$env:PAGER='cat'; cargo vet diff CRATE FROM TO` (PowerShell) to view the diff.
+`$env:PAGER='more.com'; cargo vet diff CRATE FROM TO` (PowerShell) to view the diff.
 
 Focus on:
 1. New `unsafe` blocks or modifications to existing ones
@@ -101,7 +140,7 @@ Focus on:
 ### For Full Version Audits
 
 Use `PAGER=cat cargo vet inspect CRATE VERSION` (POSIX) or
-`$env:PAGER='cat'; cargo vet inspect CRATE VERSION` (PowerShell) to view source.
+`$env:PAGER='more.com'; cargo vet inspect CRATE VERSION` (PowerShell) to view source.
 
 Focus on:
 1. All `unsafe` code (search for `unsafe`)

@@ -177,6 +177,25 @@ Follow the [standard Git commit message conventions](https://tbaggery.com/2008/0
 - Wrap body text at 72 characters
 - Use the body to explain *what* and *why*, not *how*
 
+### AI Attribution
+
+Every commit that includes AI-generated or AI-assisted work **must** contain an `Assisted-by` trailer in the commit message:
+
+```
+Assisted-by: AGENT_NAME:MODEL_VERSION [TOOL1] [TOOL2]
+```
+
+Where:
+
+- `AGENT_NAME` is the name of the AI tool or framework (e.g., `GitHub Copilot`)
+- `MODEL_VERSION` is the specific model version used (e.g., `claude-opus-4.6`)
+- `[TOOL1] [TOOL2]` are optional specialized analysis tools used (e.g., `coccinelle`, `sparse`, `smatch`, `clang-tidy`)
+
+Basic development tools (git, cargo, editors) should not be listed.
+
+AI agents **must** verify their own identity (agent name and model version) before composing the `Assisted-by` trailer — do not assume or hard-code a model name from a previous session.
+
+AI agents **MUST NOT** add `Signed-off-by` tags. Only humans can certify the Developer Certificate of Origin.
 
 ## Rust PR Review Instructions
 CI overview:

@@ -60,6 +60,29 @@ Confidence scoring rubric:
 
 ## Step 5: Certify
 
+### Exemptions Are a Last Resort
+
+Do **not** add `[[exemptions]]` entries without explicit user confirmation.
+Each exemption bypasses the audit process entirely and must be justified.
+Valid reasons include:
+
+- The crate is only needed for `safe-to-run` (test/dev tooling) and a full
+  audit is disproportionate
+- An upstream import source was removed and the crate needs temporary coverage
+  while a first-party audit is scheduled
+- The user explicitly requests an exemption after reviewing the trade-offs
+
+Always prefer auditing (full or delta) over exempting. When an exemption is
+unavoidable, present it to the user for manual approval before adding it.
+
+Every exemption **must** include a `--notes` explaining why the exemption exists
+and under what conditions it can be removed:
+
+```shell
+cargo vet add-exemption CRATE VERSION --criteria CRITERIA \
+  --notes "Reason for exemption; plan for resolution"
+```
+
 For each crate that passes (confidence ≥ 70), run:
 
 ```shell
@@ -104,9 +127,24 @@ the human reviewer, never the AI agent.
 
 ## Step 6: Verify and Clean Up
 
-1. Run `cargo vet` again to confirm everything passes
-2. Run `cargo vet prune` to remove stale exemptions
-3. Run `cargo vet` one final time to confirm clean state
+Before final verification, detect and remove identical duplicate `[[audits.*]]`
+entries that may have been appended by retried `cargo vet certify` commands.
+
+Duplicate-check workflow:
+
+1. Scan `supply-chain/audits.toml` for byte-for-byte identical audit blocks
+2. If duplicates exist, keep one copy (usually the first) and remove the rest
+3. Re-run `cargo vet` after deduplication to ensure state is still valid
+
+To detect duplicates, scan `supply-chain/audits.toml` for repeated blocks
+with identical crate name, who, criteria, version/delta, and notes fields.
+Remove any duplicates before proceeding.
+
+Then run the normal cleanup sequence:
+
+4. Run `cargo vet` again to confirm everything passes
+5. Run `cargo vet prune` to remove stale exemptions
+6. Run `cargo vet` one final time to confirm clean state
 
 ## Reviewing Import Sources
 

@@ -61,7 +61,6 @@ unwrap_used = "deny"
 [workspace.dependencies]
 
 odp-service-common = { path = "./odp-service-common" }
-heapless = "0.8.*"
 aligned = "0.4"
 anyhow = "1.0"
 battery-service-interface = { path = "./battery-service-interface" }
@@ -84,8 +83,8 @@ embedded-mcu-hal = "0.2.0"
 embassy-futures = "0.1.2"
 embassy-imxrt = { git = "https://github.com/OpenDevicePartnership/embassy-imxrt" }
 embassy-sync = "0.8"
-embassy-time = "0.5.0"
-embassy-time-driver = "0.2.1"
+embassy-time = "0.5.1"
+embassy-time-driver = "0.2.2"
 embedded-batteries-async = "0.3"
 embedded-cfu-protocol = { git = "https://github.com/OpenDevicePartnership/embedded-cfu" }
 embedded-hal = "1.0"
@@ -102,6 +101,7 @@ power-policy-interface = { path = "./power-policy-interface" }
 paste = "1.0.15"
 power-policy-service = { path = "./power-policy-service" }
 fixed = "1.23.1"
+heapless = "0.9.2"
 log = "0.4"
 proc-macro2 = "1.0"
 quote = "1.0"

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 Open Device Partnership
+Copyright (c) Open Device Partnership and Contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

@@ -42,7 +42,7 @@ embassy-executor = { version = "0.10.0", features = [
     "defmt",
 ] }
 embassy-futures = "0.1.2"
-embassy-time = { version = "0.5.0", features = [
+embassy-time = { version = "0.5.1", features = [
     "defmt",
     "defmt-timestamp-uptime",
 ] }

@@ -15,8 +15,8 @@ ignored = ["critical-section"]
 workspace = true
 
 [dependencies]
-embassy-sync = { version = "0.8.0", features = ["log", "std"] }
-embassy-time = { version = "0.5.0", features = ["log", "std"] }
+embassy-sync = { version = "0.8", features = ["log", "std"] }
+embassy-time = { version = "0.5.1", features = ["log", "std"] }
 embassy-executor = { version = "0.10.0", features = [
     "platform-std",
     "executor-thread",

@@ -37,7 +37,7 @@ where
     /// System unconstrained power
     unconstrained: UnconstrainedState,
     /// Connected providers
-    connected_providers: heapless::FnvIndexSet<usize, MAX_CONNECTED_PROVIDERS>,
+    connected_providers: heapless::index_set::FnvIndexSet<usize, MAX_CONNECTED_PROVIDERS>,
 }
 
 impl<PSU: Lockable> Default for InternalState<'_, PSU>
@@ -49,7 +49,7 @@ where
             current_consumer_state: None,
             current_provider_state: provider::State::default(),
             unconstrained: UnconstrainedState::default(),
-            connected_providers: heapless::FnvIndexSet::new(),
+            connected_providers: heapless::index_set::FnvIndexSet::new(),
         }
     }
 }