-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathclippy.toml
More file actions
24 lines (22 loc) · 2.81 KB
/
clippy.toml
File metadata and controls
24 lines (22 loc) · 2.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
disallowed-methods = [
{ path = "chrono::offset::Utc::now", reason = "inject ClockProvider instead of calling Utc::now() directly", allow-invalid = true },
{ path = "std::time::SystemTime::now", reason = "inject ClockProvider instead of calling SystemTime::now() directly", allow-invalid = true },
{ path = "std::env::var", reason = "use EnvironmentConfig abstraction instead of reading env vars directly", allow-invalid = true },
{ path = "uuid::Uuid::new_v4", reason = "Use UuidProvider::new_id() instead. Inject SystemUuidProvider in production and DeterministicUuidProvider in tests." },
# === DID/newtype construction: prefer parse() for external input ===
{ path = "auths_verifier::types::IdentityDID::new_unchecked", reason = "Use IdentityDID::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
{ path = "auths_verifier::types::DeviceDID::new_unchecked", reason = "Use DeviceDID::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
{ path = "auths_verifier::types::CanonicalDid::new_unchecked", reason = "Use CanonicalDid::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
{ path = "auths_verifier::core::CommitOid::new_unchecked", reason = "Use CommitOid::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
{ path = "auths_verifier::core::PublicKeyHex::new_unchecked", reason = "Use PublicKeyHex::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
# === Curve-agnostic refactor (fn-114) — ban Ed25519-hardcoded APIs ===
# Removed in fn-114.40 cleanup after all sweeps complete.
{ path = "ring::signature::Ed25519KeyPair::from_pkcs8", reason = "use TypedSignerKey::from_pkcs8 — dispatches on curve.", allow-invalid = true },
{ path = "ring::signature::Ed25519KeyPair::from_seed_unchecked", reason = "use auths_crypto::sign(&TypedSeed, msg).", allow-invalid = true },
{ path = "ring::signature::Ed25519KeyPair::generate_pkcs8", reason = "use inception::generate_keypair_for_init(curve).", allow-invalid = true },
{ path = "ring::signature::UnparsedPublicKey::new", reason = "use DevicePublicKey::verify — dispatches on curve.", allow-invalid = true },
{ path = "auths_crypto::parse_ed25519_seed", reason = "use parse_key_material — returns TypedSeed.", allow-invalid = true },
{ path = "auths_crypto::parse_ed25519_key_material", reason = "use parse_key_material — returns TypedSeed.", allow-invalid = true },
]
allow-unwrap-in-tests = true
allow-expect-in-tests = true