From 2f4cd6104a9c88134917d2c47078c3f54baab032 Mon Sep 17 00:00:00 2001 From: Luca Palmieri <20745048+LukeMathWalker@users.noreply.github.com> Date: Sat, 20 Jun 2026 15:26:41 +0200 Subject: [PATCH 1/2] dev: Don't use 'deny' as lint level, it makes local development more cumbersome. We deny warnings in CI, so 'warn' is sufficient --- Cargo.toml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 89f7f717..3ea8e3ed 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,15 +20,15 @@ license = "Apache-2.0" repository = "https://github.com/Firma-AI/openfirma" [workspace.lints.clippy] -pedantic = { level = "deny", priority = -1 } +pedantic = { level = "warn", priority = -1 } nursery = { level = "warn", priority = -1 } -unwrap_used = "deny" -expect_used = "deny" -panic = "deny" +unwrap_used = "warn" +expect_used = "warn" +panic = "warn" missing_const_for_fn = "allow" [workspace.lints.rust] -unsafe_code = "deny" +unsafe_code = "warn" [workspace.dependencies] anyhow = "1" From 40167310ddff696f3121828453c19d1e54951d67 Mon Sep 17 00:00:00 2001 From: Luca Palmieri <20745048+LukeMathWalker@users.noreply.github.com> Date: Sat, 20 Jun 2026 20:49:26 +0200 Subject: [PATCH 2/2] dev: Convert most 'allow' usages to 'expect' to prevent allow rot --- Cargo.toml | 1 + .../firma-authority/src/authorized_clients.rs | 6 ++++-- crates/firma-authority/src/cedar_loader.rs | 1 - crates/firma-authority/src/config.rs | 1 - crates/firma-authority/src/issuance.rs | 1 - crates/firma-authority/src/revocation.rs | 1 - crates/firma-authority/src/server.rs | 5 ++++- crates/firma-authority/src/service.rs | 1 - .../src/startup/log_contract.rs | 1 - crates/firma-authority/src/tls_verifier.rs | 1 - crates/firma-config/src/provider.rs | 1 - crates/firma-config/src/resolver.rs | 1 - crates/firma-config/src/schema.rs | 1 - crates/firma-config/tests/resolution.rs | 2 -- crates/firma-core/src/agent.rs | 5 ++++- crates/firma-core/src/capability_seed.rs | 1 - crates/firma-core/src/decision.rs | 1 - crates/firma-core/src/envelope.rs | 1 - crates/firma-core/src/session.rs | 5 ++++- crates/firma-core/src/token.rs | 1 - crates/firma-core/src/token/paseto.rs | 1 - crates/firma-core/src/transport.rs | 1 - .../firma-grpc-interceptor-proto/src/lib.rs | 4 ++++ crates/firma-run/src/authority/bootstrap.rs | 1 - crates/firma-run/src/authority/config.rs | 1 - crates/firma-run/src/authority/selection.rs | 1 - crates/firma-run/src/authority/supervisor.rs | 4 ++-- crates/firma-run/src/backend/linux_bwrap.rs | 9 ++++---- crates/firma-run/src/backend/mod.rs | 5 ++++- crates/firma-run/src/capability/guard.rs | 6 ------ crates/firma-run/src/capability/issue.rs | 6 ------ crates/firma-run/src/config.rs | 7 +++++-- crates/firma-run/src/mediator.rs | 13 ++++++++++-- crates/firma-run/src/routing.rs | 11 +++++----- crates/firma-run/src/runtime.rs | 12 ++++++++--- crates/firma-run/src/seccomp.rs | 5 ++++- crates/firma-run/src/sidecar/config.rs | 8 +------ crates/firma-run/src/sidecar/selection.rs | 1 - crates/firma-run/src/sidecar/supervisor.rs | 4 ++-- crates/firma-sidecar/benches/bundle_reload.rs | 4 ++-- crates/firma-sidecar/benches/cedar_eval.rs | 4 ++-- crates/firma-sidecar/benches/pipeline.rs | 4 ++-- crates/firma-sidecar/benches/stage1.rs | 2 +- .../common_fixtures.rs} | 8 +++---- crates/firma-sidecar/src/audit/builder.rs | 1 - crates/firma-sidecar/src/audit/sink/file.rs | 1 - crates/firma-sidecar/src/audit/sink/grpc.rs | 1 - crates/firma-sidecar/src/audit/sink/stdout.rs | 1 - crates/firma-sidecar/src/audit/sink/wal.rs | 5 ----- .../src/authority_client/backoff.rs | 2 +- .../src/authority_client/channel.rs | 6 ------ .../src/authority_client/integration_tests.rs | 1 - .../src/authority_client/readiness.rs | 1 - .../src/authority_credentials.rs | 1 - crates/firma-sidecar/src/config.rs | 6 ++++-- crates/firma-sidecar/src/config/audit.rs | 1 - .../src/config/capability_seed.rs | 1 - crates/firma-sidecar/src/config/connector.rs | 1 - .../firma-sidecar/src/config/enforcement.rs | 7 +++++-- crates/firma-sidecar/src/config/revocation.rs | 1 - .../src/connector/provider/http.rs | 1 - .../firma-sidecar/src/connector/registry.rs | 1 - crates/firma-sidecar/src/credential.rs | 1 - .../src/credential/provider/basic.rs | 1 - .../src/credential/provider/composite.rs | 1 - .../src/credential/provider/vault.rs | 1 - .../src/enforcement/capability_map.rs | 1 - .../src/enforcement/capability_validation.rs | 1 - .../src/enforcement/cedar_evaluator.rs | 1 - .../src/enforcement/constraint_enforcement.rs | 2 -- .../firma-sidecar/src/enforcement/decision.rs | 1 - crates/firma-sidecar/src/enforcement/error.rs | 1 - .../firma-sidecar/src/enforcement/registry.rs | 6 ++++-- .../src/enforcement/revocation.rs | 1 - .../src/enforcement/revocation/bloom.rs | 1 - .../src/enforcement/revocation/lru.rs | 1 - .../src/enforcement/revocation/metrics.rs | 1 - .../src/enforcement/session_state.rs | 18 +++++++++------- crates/firma-sidecar/src/handler.rs | 3 --- crates/firma-sidecar/src/health.rs | 1 - crates/firma-sidecar/src/interceptor/grpc.rs | 1 - crates/firma-sidecar/src/interceptor/http.rs | 21 ++++++++++++++----- .../src/interceptor/https_mitm.rs | 1 - .../src/interceptor/unix_socket.rs | 1 - .../firma-sidecar/src/local_exec/endpoint.rs | 16 ++++++++++---- .../firma-sidecar/src/local_exec/handler.rs | 1 - .../src/local_exec/token_store.rs | 16 ++++++++++---- crates/firma-sidecar/src/normalizer.rs | 1 - .../firma-sidecar/src/normalizer/mapping.rs | 1 - crates/firma-sidecar/src/pipeline.rs | 1 - .../firma-sidecar/src/startup/capability.rs | 1 - .../firma-sidecar/src/startup/log_contract.rs | 1 - crates/firma-stack/src/config.rs | 1 - crates/firma-stack/src/detach.rs | 5 ++++- crates/firma-stack/src/platform.rs | 10 +++++++-- crates/firma-stack/src/platform/windows.rs | 5 ----- crates/firma-stack/src/runtime_paths.rs | 10 ++++++--- crates/firma-stack/src/state_dir.rs | 8 ++++++- crates/firma-stack/tests/sidecar_markers.rs | 17 +++++---------- crates/firma/src/args/config.rs | 5 ++++- crates/firma/src/args/monitor.rs | 6 ++++-- crates/firma/src/args/run.rs | 5 ++++- crates/firma/src/doctor/config_parse.rs | 1 - crates/firma/src/doctor/reachability.rs | 1 - crates/firma/src/monitor/filters.rs | 1 - crates/firma/src/monitor/render.rs | 1 - crates/firma/src/monitor/tailer.rs | 2 +- crates/firma/src/output.rs | 13 +++++------- crates/firma/src/policy/bundle.rs | 1 - crates/firma/src/policy/fixture.rs | 1 - crates/firma/src/policy/test_fixture.rs | 6 ++++-- crates/firma/src/policy/validate.rs | 5 ++++- crates/firma/src/services/config.rs | 2 -- crates/firma/src/services/config/doc.rs | 12 ++++++++--- crates/firma/src/services/doctor.rs | 1 - crates/firma/src/services/sidecar_status.rs | 2 +- crates/firma/src/signal/windows.rs | 5 ----- crates/firma/tests/firma_config.rs | 2 +- 118 files changed, 211 insertions(+), 221 deletions(-) rename crates/firma-sidecar/benches/{fixtures.rs => support/common_fixtures.rs} (54%) diff --git a/Cargo.toml b/Cargo.toml index 3ea8e3ed..91704454 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,6 +26,7 @@ unwrap_used = "warn" expect_used = "warn" panic = "warn" missing_const_for_fn = "allow" +allow_attributes = "warn" [workspace.lints.rust] unsafe_code = "warn" diff --git a/crates/firma-authority/src/authorized_clients.rs b/crates/firma-authority/src/authorized_clients.rs index acd76421..c309641c 100644 --- a/crates/firma-authority/src/authorized_clients.rs +++ b/crates/firma-authority/src/authorized_clients.rs @@ -94,7 +94,10 @@ struct AuthorizedClientsFile { } #[derive(Deserialize)] -#[allow(dead_code)] +#[expect( + dead_code, + reason = "backward-compatible TOML schema accepts metadata fields that serde deserializes even when the loader ignores them" +)] struct AuthorizedEntry { #[serde(default)] cn: Option, @@ -112,7 +115,6 @@ struct ClientEntry { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; use std::io::Write as _; diff --git a/crates/firma-authority/src/cedar_loader.rs b/crates/firma-authority/src/cedar_loader.rs index 0e4706c7..4a0c82e0 100644 --- a/crates/firma-authority/src/cedar_loader.rs +++ b/crates/firma-authority/src/cedar_loader.rs @@ -326,7 +326,6 @@ fn compute_version_hash(policies: &str, schema: &str) -> String { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use std::fs; diff --git a/crates/firma-authority/src/config.rs b/crates/firma-authority/src/config.rs index fe9307e1..38c5d7d1 100644 --- a/crates/firma-authority/src/config.rs +++ b/crates/firma-authority/src/config.rs @@ -283,7 +283,6 @@ pub enum ConfigError { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-authority/src/issuance.rs b/crates/firma-authority/src/issuance.rs index 87fcab77..fecaa17e 100644 --- a/crates/firma-authority/src/issuance.rs +++ b/crates/firma-authority/src/issuance.rs @@ -109,7 +109,6 @@ pub async fn issue_capability( } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use pasetors::keys::{AsymmetricKeyPair, Generate}; diff --git a/crates/firma-authority/src/revocation.rs b/crates/firma-authority/src/revocation.rs index c7f80415..84cd6482 100644 --- a/crates/firma-authority/src/revocation.rs +++ b/crates/firma-authority/src/revocation.rs @@ -424,7 +424,6 @@ impl RevocationStoreWatcher { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-authority/src/server.rs b/crates/firma-authority/src/server.rs index 1bc9381a..97403800 100644 --- a/crates/firma-authority/src/server.rs +++ b/crates/firma-authority/src/server.rs @@ -239,7 +239,10 @@ where // Per-mode server future builders // --------------------------------------------------------------------------- -#[allow(clippy::too_many_arguments)] +#[expect( + clippy::too_many_arguments, + reason = "mTLS server construction needs explicit TLS paths, services, listener, and shutdown signal" +)] async fn build_mtls_future( cert_path: &Path, key_path: &Path, diff --git a/crates/firma-authority/src/service.rs b/crates/firma-authority/src/service.rs index 280304a3..51fe3293 100644 --- a/crates/firma-authority/src/service.rs +++ b/crates/firma-authority/src/service.rs @@ -528,7 +528,6 @@ pub(crate) fn clamp_ttl(requested: i32, max: i32) -> i32 { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-authority/src/startup/log_contract.rs b/crates/firma-authority/src/startup/log_contract.rs index f7e6e530..4dedc401 100644 --- a/crates/firma-authority/src/startup/log_contract.rs +++ b/crates/firma-authority/src/startup/log_contract.rs @@ -39,7 +39,6 @@ pub fn log_ready_sequence(report: &StartupReport<'_>) { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use std::path::PathBuf; diff --git a/crates/firma-authority/src/tls_verifier.rs b/crates/firma-authority/src/tls_verifier.rs index 4bdab8a3..046b9860 100644 --- a/crates/firma-authority/src/tls_verifier.rs +++ b/crates/firma-authority/src/tls_verifier.rs @@ -158,7 +158,6 @@ fn extract_identity(cert_der: &CertificateDer<'_>) -> Option { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic, clippy::expect_used)] mod tests { use super::*; fn make_allow_list(ids: &[&str]) -> Arc { diff --git a/crates/firma-config/src/provider.rs b/crates/firma-config/src/provider.rs index 8a57e0fb..036e2155 100644 --- a/crates/firma-config/src/provider.rs +++ b/crates/firma-config/src/provider.rs @@ -30,7 +30,6 @@ impl DirProvider for SystemDirs { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-config/src/resolver.rs b/crates/firma-config/src/resolver.rs index 678dd8b7..e5145f1f 100644 --- a/crates/firma-config/src/resolver.rs +++ b/crates/firma-config/src/resolver.rs @@ -102,7 +102,6 @@ pub fn resolve_config( } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; use tempfile::tempdir; diff --git a/crates/firma-config/src/schema.rs b/crates/firma-config/src/schema.rs index 11dece22..a259fa62 100644 --- a/crates/firma-config/src/schema.rs +++ b/crates/firma-config/src/schema.rs @@ -78,7 +78,6 @@ pub fn load_section(path: &Path, section: &str) -> Result { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; use tempfile::tempdir; diff --git a/crates/firma-config/tests/resolution.rs b/crates/firma-config/tests/resolution.rs index ec81de3e..fcfec35d 100644 --- a/crates/firma-config/tests/resolution.rs +++ b/crates/firma-config/tests/resolution.rs @@ -1,8 +1,6 @@ //! End-to-end: a sectioned firma.toml resolves and the sidecar section //! parses through `load_section`. -#![allow(clippy::unwrap_used, clippy::panic)] - use firma_config::{ConfigSource, SystemDirs, load_section, resolve_config}; use tempfile::tempdir; diff --git a/crates/firma-core/src/agent.rs b/crates/firma-core/src/agent.rs index 824642ac..f0bed064 100644 --- a/crates/firma-core/src/agent.rs +++ b/crates/firma-core/src/agent.rs @@ -7,7 +7,10 @@ use serde::{Deserialize, Serialize}; const AGENT_ID_PATTERN: &str = "^[a-zA-Z0-9_-]{1,128}$"; -#[allow(clippy::expect_used)] +#[expect( + clippy::expect_used, + reason = "compiles a fixed AgentId regex literal that is only invalid if edited" +)] static AGENT_ID_RE: LazyLock = LazyLock::new(|| Regex::new(AGENT_ID_PATTERN).expect("compile-time literal pattern")); diff --git a/crates/firma-core/src/capability_seed.rs b/crates/firma-core/src/capability_seed.rs index 414d540e..e6c37b15 100644 --- a/crates/firma-core/src/capability_seed.rs +++ b/crates/firma-core/src/capability_seed.rs @@ -56,7 +56,6 @@ impl CapabilitySeed { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use crate::TokenId; diff --git a/crates/firma-core/src/decision.rs b/crates/firma-core/src/decision.rs index 3ab98979..aede35e5 100644 --- a/crates/firma-core/src/decision.rs +++ b/crates/firma-core/src/decision.rs @@ -119,7 +119,6 @@ pub enum DenyReason { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use std::fmt::Display; diff --git a/crates/firma-core/src/envelope.rs b/crates/firma-core/src/envelope.rs index 9e96e4c7..69c4adbd 100644 --- a/crates/firma-core/src/envelope.rs +++ b/crates/firma-core/src/envelope.rs @@ -279,7 +279,6 @@ pub struct ExecutionContext { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use chrono::Utc; diff --git a/crates/firma-core/src/session.rs b/crates/firma-core/src/session.rs index 5d21bcc0..71ab316e 100644 --- a/crates/firma-core/src/session.rs +++ b/crates/firma-core/src/session.rs @@ -7,7 +7,10 @@ use serde::{Deserialize, Serialize}; const SESSION_ID_PATTERN: &str = "^[a-zA-Z0-9_-]{1,128}$"; -#[allow(clippy::expect_used)] +#[expect( + clippy::expect_used, + reason = "compiles a fixed SessionId regex literal that is only invalid if edited" +)] static SESSION_ID_RE: LazyLock = LazyLock::new(|| Regex::new(SESSION_ID_PATTERN).expect("compile-time literal pattern")); diff --git a/crates/firma-core/src/token.rs b/crates/firma-core/src/token.rs index a8258e1e..81b60d9a 100644 --- a/crates/firma-core/src/token.rs +++ b/crates/firma-core/src/token.rs @@ -189,7 +189,6 @@ pub fn matches_resource_scope(scope: &str, resource: &str) -> bool { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use chrono::Utc; diff --git a/crates/firma-core/src/token/paseto.rs b/crates/firma-core/src/token/paseto.rs index a1bc6d08..5dd3b62f 100644 --- a/crates/firma-core/src/token/paseto.rs +++ b/crates/firma-core/src/token/paseto.rs @@ -266,7 +266,6 @@ fn extract_capability_claims(claims: &Claims) -> Result Result<(), RunError> { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use tempfile::tempdir; diff --git a/crates/firma-run/src/authority/config.rs b/crates/firma-run/src/authority/config.rs index 58d4271d..daa9396d 100644 --- a/crates/firma-run/src/authority/config.rs +++ b/crates/firma-run/src/authority/config.rs @@ -150,7 +150,6 @@ fn validate_connect_section( } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use tempfile::tempdir; diff --git a/crates/firma-run/src/authority/selection.rs b/crates/firma-run/src/authority/selection.rs index 19369df8..bd78db31 100644 --- a/crates/firma-run/src/authority/selection.rs +++ b/crates/firma-run/src/authority/selection.rs @@ -75,7 +75,6 @@ fn section_to_selection(s: &AuthoritySection) -> Option { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use tempfile::tempdir; diff --git a/crates/firma-run/src/authority/supervisor.rs b/crates/firma-run/src/authority/supervisor.rs index e1d19a45..f365e743 100644 --- a/crates/firma-run/src/authority/supervisor.rs +++ b/crates/firma-run/src/authority/supervisor.rs @@ -100,7 +100,7 @@ impl AuthoritySupervisor { /// /// See the platform-stub variant of this method for the full list. #[cfg(unix)] - #[allow( + #[expect( clippy::too_many_lines, reason = "single linear spawn-then-scrape sequence reads more clearly inline" )] @@ -397,7 +397,7 @@ fn send_sigterm(_pid: u32) {} const LISTENING_TOKEN: &str = "listening"; #[doc(hidden)] -#[allow( +#[expect( clippy::needless_pass_by_value, reason = "tx is moved into the spawned thread" )] diff --git a/crates/firma-run/src/backend/linux_bwrap.rs b/crates/firma-run/src/backend/linux_bwrap.rs index 521a4779..771efeb7 100644 --- a/crates/firma-run/src/backend/linux_bwrap.rs +++ b/crates/firma-run/src/backend/linux_bwrap.rs @@ -37,10 +37,6 @@ impl SandboxBackend for BwrapBackend { BackendKind::Bwrap } - #[allow( - clippy::too_many_lines, - reason = "sequential preflight checks + mount assembly read more clearly inline" - )] fn prepare(&self, request: &PrepareRequest) -> Result { if !cfg!(target_os = "linux") { return Err(RunError::UnsupportedBackend { @@ -237,7 +233,10 @@ impl SandboxBackend for BwrapBackend { } #[cfg(target_os = "linux")] - #[allow(clippy::collection_is_never_read)] + #[expect( + clippy::collection_is_never_read, + reason = "keeps the seccomp file descriptor alive until bwrap inherits it" + )] let mut _seccomp_file: Option = None; #[cfg(target_os = "linux")] let seccomp_path = launch diff --git a/crates/firma-run/src/backend/mod.rs b/crates/firma-run/src/backend/mod.rs index f09addb4..5fe17e00 100644 --- a/crates/firma-run/src/backend/mod.rs +++ b/crates/firma-run/src/backend/mod.rs @@ -83,7 +83,10 @@ impl BackendKind { return Self::Wsl2; } - #[allow(unreachable_code)] + #[expect( + unreachable_code, + reason = "fallback satisfies exhaustive return typing after cfg-gated platform branches" + )] Self::Bwrap } } diff --git a/crates/firma-run/src/capability/guard.rs b/crates/firma-run/src/capability/guard.rs index c989520d..e5c5a34a 100644 --- a/crates/firma-run/src/capability/guard.rs +++ b/crates/firma-run/src/capability/guard.rs @@ -37,12 +37,6 @@ impl Drop for CapabilityFileGuard { } #[cfg(test)] -#[allow( - clippy::unwrap_used, - clippy::expect_used, - clippy::panic, - reason = "test module" -)] mod tests { use super::*; diff --git a/crates/firma-run/src/capability/issue.rs b/crates/firma-run/src/capability/issue.rs index 0987f0ed..bb871d44 100644 --- a/crates/firma-run/src/capability/issue.rs +++ b/crates/firma-run/src/capability/issue.rs @@ -170,12 +170,6 @@ fn write_seed(seed: &CapabilitySeed, out_path: &Path) -> Result<(), RunError> { } #[cfg(test)] -#[allow( - clippy::unwrap_used, - clippy::expect_used, - clippy::panic, - reason = "test module" -)] mod tests { use super::*; use firma_core::{CapabilityClaims, TokenId}; diff --git a/crates/firma-run/src/config.rs b/crates/firma-run/src/config.rs index af8f03b5..f8c2991f 100644 --- a/crates/firma-run/src/config.rs +++ b/crates/firma-run/src/config.rs @@ -472,7 +472,7 @@ impl ProfilePatch { /// /// Returns an error when profile resolution fails due to invalid inputs, /// parse errors, or resulting validation failures. -#[allow( +#[expect( clippy::too_many_lines, reason = "sequential profile resolution (patch merge + endpoint/selection + network + capability) reads more clearly inline" )] @@ -1060,7 +1060,10 @@ mod tests { return BackendKind::Wsl2; } - #[allow(unreachable_code)] + #[expect( + unreachable_code, + reason = "fallback satisfies exhaustive return typing after cfg-gated platform branches" + )] BackendKind::Firecracker } diff --git a/crates/firma-run/src/mediator.rs b/crates/firma-run/src/mediator.rs index c05934d8..5462244a 100644 --- a/crates/firma-run/src/mediator.rs +++ b/crates/firma-run/src/mediator.rs @@ -133,7 +133,10 @@ pub fn enforce_local_command_governance( } /// Build and send one local-exec governance request; return the parsed response. -#[allow(clippy::too_many_arguments)] +#[expect( + clippy::too_many_arguments, + reason = "governance request fields are passed through as separate inputs" +)] fn call_mediator( mediator: &CommandMediatorConfig, identity: &RunIdentity, @@ -292,7 +295,13 @@ fn request_over_unix( #[cfg(target_family = "unix")] #[cfg(target_os = "linux")] -#[cfg_attr(test, allow(dead_code))] +#[cfg_attr( + test, + expect( + dead_code, + reason = "linux peer-credential validation is compiled but not exercised by unit tests" + ) +)] fn validate_unix_peer_credentials(stream: &UnixStream) -> Result<(), RunError> { let creds = getsockopt(stream, PeerCredentials).map_err(|error| { RunError::Governance(format!( diff --git a/crates/firma-run/src/routing.rs b/crates/firma-run/src/routing.rs index 61dfe66f..4a86a06a 100644 --- a/crates/firma-run/src/routing.rs +++ b/crates/firma-run/src/routing.rs @@ -80,7 +80,10 @@ impl NetworkRuntime { /// Inputs to [`prepare_network_runtime`] that gate autostart behaviour. #[derive(Debug, Clone)] -#[allow(clippy::struct_excessive_bools)] +#[expect( + clippy::struct_excessive_bools, + reason = "this type intentionally models independent CLI/runtime flags one-to-one" +)] pub struct AutostartFlags { /// `true` when the selection resolved to local autostart. pub sidecar_autostart: bool, @@ -507,11 +510,11 @@ fn autostart_sidecar( /// # Errors /// /// Propagates any `RunError` raised by selection or spawn paths. -#[allow( +#[expect( clippy::too_many_arguments, reason = "every input is independent — bundling into a request struct only adds noise here" )] -#[allow( +#[expect( clippy::too_many_lines, reason = "step-0 selection + plaintext-h2 transport probe + autostart fallback read more clearly inline than split" )] @@ -1001,7 +1004,6 @@ fn relay_unix_to_unix(client: &UnixStream, target: &UnixStream) -> io::Result<() #[cfg(test)] #[cfg(unix)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod non_structural_env_tests { use std::collections::BTreeMap; use std::io::{Read, Write}; @@ -1316,7 +1318,6 @@ mod non_structural_env_tests { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod parse_host_port_tests { use std::path::{Path, PathBuf}; diff --git a/crates/firma-run/src/runtime.rs b/crates/firma-run/src/runtime.rs index defd613d..8a5fd620 100644 --- a/crates/firma-run/src/runtime.rs +++ b/crates/firma-run/src/runtime.rs @@ -19,7 +19,10 @@ use crate::supervisor::wait_with_signal_forwarding; /// Lib-level input for [`execute_run`]. The CLI layer (in the `firma` /// host crate) builds this from its `clap`-derived args struct. #[derive(Debug, Clone)] -#[allow(clippy::struct_excessive_bools)] +#[expect( + clippy::struct_excessive_bools, + reason = "this type intentionally models independent CLI/runtime flags one-to-one" +)] pub struct RunInput { /// Built-in profile id to use. pub profile: String, @@ -69,7 +72,7 @@ pub struct RunInput { /// /// Returns an error when config resolution, backend lifecycle operations, or /// wrapped process supervision fails. -#[allow( +#[expect( clippy::too_many_lines, reason = "step-0 authority resolution + sidecar autostart + sandbox lifecycle are sequential and read more clearly inline" )] @@ -1274,7 +1277,10 @@ mod tests { { return crate::backend::BackendKind::Wsl2; } - #[allow(unreachable_code)] + #[expect( + unreachable_code, + reason = "fallback satisfies exhaustive return typing after cfg-gated platform branches" + )] crate::backend::BackendKind::Firecracker } } diff --git a/crates/firma-run/src/seccomp.rs b/crates/firma-run/src/seccomp.rs index 2e80a29e..bff88dee 100644 --- a/crates/firma-run/src/seccomp.rs +++ b/crates/firma-run/src/seccomp.rs @@ -531,7 +531,10 @@ fn current_runtime_uid() -> Result { } #[cfg(not(target_os = "linux"))] -#[allow(clippy::unnecessary_wraps)] +#[expect( + clippy::unnecessary_wraps, + reason = "non-linux stub preserves the linux Result-based interface" +)] fn verify_artifact_trust_paths( _managed: &SeccompPolicyConfig, _bpf_path: &Path, diff --git a/crates/firma-run/src/sidecar/config.rs b/crates/firma-run/src/sidecar/config.rs index df2ba961..c7ca458e 100644 --- a/crates/firma-run/src/sidecar/config.rs +++ b/crates/firma-run/src/sidecar/config.rs @@ -193,7 +193,7 @@ pub enum TemplateSource { /// Returns I/O, parse, or serialization errors. All variants are wrapped in /// [`RunError`] so that callers can fail-closed through the existing path. #[doc(hidden)] -#[allow( +#[expect( clippy::needless_pass_by_value, reason = "request struct carries owned PathBufs the function selects between; cloning to keep callers free of borrow plumbing is the simpler API" )] @@ -750,12 +750,6 @@ pub mod testing { } #[cfg(test)] -#[allow( - clippy::unwrap_used, - clippy::expect_used, - clippy::panic, - reason = "test module" -)] mod tests { use super::{configure_capability_seed, normalize_to_sectioned_sidecar}; diff --git a/crates/firma-run/src/sidecar/selection.rs b/crates/firma-run/src/sidecar/selection.rs index 2db94c6a..662474b4 100644 --- a/crates/firma-run/src/sidecar/selection.rs +++ b/crates/firma-run/src/sidecar/selection.rs @@ -78,7 +78,6 @@ fn parse_endpoint(raw: &str) -> Result { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-run/src/sidecar/supervisor.rs b/crates/firma-run/src/sidecar/supervisor.rs index 7882a7f3..5545da02 100644 --- a/crates/firma-run/src/sidecar/supervisor.rs +++ b/crates/firma-run/src/sidecar/supervisor.rs @@ -132,7 +132,7 @@ impl SidecarSupervisor { } #[cfg(unix)] - #[allow( + #[expect( clippy::too_many_lines, reason = "single linear spawn-then-scrape sequence reads more clearly inline than split" )] @@ -408,7 +408,7 @@ const INTERCEPTOR_TOKEN: &str = "interceptor listening"; /// piped). The raw bytes are written to the log file unmodified so a /// human `cat`ting the log still sees the colors the subscriber chose. #[doc(hidden)] -#[allow( +#[expect( clippy::needless_pass_by_value, reason = "tx is moved into the spawned thread and owns the sender for the thread lifetime" )] diff --git a/crates/firma-sidecar/benches/bundle_reload.rs b/crates/firma-sidecar/benches/bundle_reload.rs index 5b44ebf8..8f718acb 100644 --- a/crates/firma-sidecar/benches/bundle_reload.rs +++ b/crates/firma-sidecar/benches/bundle_reload.rs @@ -6,7 +6,7 @@ // // Fixture: benches/fixtures/reference_bundle.cedar (Task 2). -#![allow(clippy::unwrap_used, clippy::expect_used)] +#![allow(clippy::expect_used)] use std::hint::black_box; @@ -16,7 +16,7 @@ use firma_sidecar::enforcement::cedar_evaluator::CedarPolicyEvaluator; use firma_sidecar::enforcement::constraint_enforcement::PolicyEvaluation; use serde_json::json; -include!("fixtures.rs"); +include!("support/common_fixtures.rs"); fn bench_reload(c: &mut Criterion) { let bundle = reference_bundle(); diff --git a/crates/firma-sidecar/benches/cedar_eval.rs b/crates/firma-sidecar/benches/cedar_eval.rs index eecabc74..3ae7b126 100644 --- a/crates/firma-sidecar/benches/cedar_eval.rs +++ b/crates/firma-sidecar/benches/cedar_eval.rs @@ -1,6 +1,6 @@ //! Stage 2 policy-eval bench. Target: p95 < 200 µs. -#![allow(clippy::unwrap_used, clippy::expect_used)] +#![allow(clippy::expect_used)] use std::hint::black_box; @@ -10,7 +10,7 @@ use firma_sidecar::enforcement::cedar_evaluator::CedarPolicyEvaluator; use firma_sidecar::enforcement::constraint_enforcement::PolicyEvaluation; use serde_json::json; -include!("fixtures.rs"); +include!("support/common_fixtures.rs"); fn agent() -> AgentId { "agent-bench".parse().expect("literal agent id") diff --git a/crates/firma-sidecar/benches/pipeline.rs b/crates/firma-sidecar/benches/pipeline.rs index 40cf4779..40ffa62d 100644 --- a/crates/firma-sidecar/benches/pipeline.rs +++ b/crates/firma-sidecar/benches/pipeline.rs @@ -1,6 +1,6 @@ //! End-to-end pipeline bench. Target: p95 < 3 ms. -#![allow(clippy::unwrap_used, clippy::expect_used)] +#![allow(clippy::expect_used)] use std::hint::black_box; use std::sync::Arc; @@ -21,7 +21,7 @@ use firma_sidecar::normalizer::{IntentNormalizer, MappingTable, RawRequest}; use firma_sidecar::pipeline::{EnforcementPipeline, PipelineArgs}; use tokio::runtime::Runtime; -include!("fixtures.rs"); +include!("support/common_fixtures.rs"); /// Canonical action class emitted by the normalizer for the bench request. /// Must be (a) a valid v0.1 `ActionClassRegistry` entry so the mapping diff --git a/crates/firma-sidecar/benches/stage1.rs b/crates/firma-sidecar/benches/stage1.rs index 2d225bc8..7790a117 100644 --- a/crates/firma-sidecar/benches/stage1.rs +++ b/crates/firma-sidecar/benches/stage1.rs @@ -1,7 +1,7 @@ //! Stage 1 bench: `CapabilityValidator::enforce` under a realistic //! revocation-store population. Target: p95 < 1 ms. -#![allow(clippy::unwrap_used, clippy::expect_used)] +#![allow(clippy::expect_used)] use std::hint::black_box; use std::sync::Arc; diff --git a/crates/firma-sidecar/benches/fixtures.rs b/crates/firma-sidecar/benches/support/common_fixtures.rs similarity index 54% rename from crates/firma-sidecar/benches/fixtures.rs rename to crates/firma-sidecar/benches/support/common_fixtures.rs index 26e2b1c4..568629d5 100644 --- a/crates/firma-sidecar/benches/fixtures.rs +++ b/crates/firma-sidecar/benches/support/common_fixtures.rs @@ -1,12 +1,10 @@ // Shared helpers for criterion benches. Each bench `include!`s this file // (benches are separate crates, so a normal `mod fixtures` would not be -// visible cross-bench). No inner attributes — `include!` inlines at the -// call site and inner attributes would apply to the whole bench crate. +// visible cross-bench). -const BUNDLE_SRC: &str = include_str!("fixtures/reference_bundle.cedar"); -const SCHEMA_SRC: &str = include_str!("fixtures/reference_schema.cedarschema"); +const BUNDLE_SRC: &str = include_str!("../fixtures/reference_bundle.cedar"); +const SCHEMA_SRC: &str = include_str!("../fixtures/reference_schema.cedarschema"); -#[allow(dead_code)] fn reference_bundle() -> firma_core::policy::PolicyBundle { firma_core::policy::PolicyBundle::new( "reference-v1".to_string(), diff --git a/crates/firma-sidecar/src/audit/builder.rs b/crates/firma-sidecar/src/audit/builder.rs index ba1e0755..8d3dac62 100644 --- a/crates/firma-sidecar/src/audit/builder.rs +++ b/crates/firma-sidecar/src/audit/builder.rs @@ -176,7 +176,6 @@ fn timestamp_nanos() -> u128 { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/audit/sink/file.rs b/crates/firma-sidecar/src/audit/sink/file.rs index 2a7afa26..50c15d43 100644 --- a/crates/firma-sidecar/src/audit/sink/file.rs +++ b/crates/firma-sidecar/src/audit/sink/file.rs @@ -126,7 +126,6 @@ impl AuditSink for FileAuditSink { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/audit/sink/grpc.rs b/crates/firma-sidecar/src/audit/sink/grpc.rs index 63fcafd6..7c08c2df 100644 --- a/crates/firma-sidecar/src/audit/sink/grpc.rs +++ b/crates/firma-sidecar/src/audit/sink/grpc.rs @@ -117,7 +117,6 @@ impl AuditSink for GrpcAuditSink { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/audit/sink/stdout.rs b/crates/firma-sidecar/src/audit/sink/stdout.rs index d113ab69..7ad1b788 100644 --- a/crates/firma-sidecar/src/audit/sink/stdout.rs +++ b/crates/firma-sidecar/src/audit/sink/stdout.rs @@ -68,7 +68,6 @@ impl AuditSink for StdoutAuditSink { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/audit/sink/wal.rs b/crates/firma-sidecar/src/audit/sink/wal.rs index 080e0f46..9c4a33f5 100644 --- a/crates/firma-sidecar/src/audit/sink/wal.rs +++ b/crates/firma-sidecar/src/audit/sink/wal.rs @@ -470,7 +470,6 @@ impl WalAuditSink { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; @@ -572,10 +571,6 @@ mod tests { } #[tokio::test] - #[allow( - clippy::similar_names, - reason = "_a / _b suffixes are descriptive here" - )] async fn test_wal_compaction_drops_oldest_events() { let dir = tempfile::tempdir().unwrap_or_else(|e| panic!("tempdir: {e}")); let wal_path = dir.path().join("compact.jsonl"); diff --git a/crates/firma-sidecar/src/authority_client/backoff.rs b/crates/firma-sidecar/src/authority_client/backoff.rs index 87352019..99175b03 100644 --- a/crates/firma-sidecar/src/authority_client/backoff.rs +++ b/crates/firma-sidecar/src/authority_client/backoff.rs @@ -34,7 +34,7 @@ impl ExponentialBackoff { /// /// Applies symmetric jitter within ±15% of the current base so reconnect /// storms spread out in both directions rather than biasing upward. - #[allow( + #[expect( clippy::should_implement_trait, reason = "Backoff is not an iterator; `next` names the next delay" )] diff --git a/crates/firma-sidecar/src/authority_client/channel.rs b/crates/firma-sidecar/src/authority_client/channel.rs index 7bb2ba26..dbd36ed4 100644 --- a/crates/firma-sidecar/src/authority_client/channel.rs +++ b/crates/firma-sidecar/src/authority_client/channel.rs @@ -81,12 +81,6 @@ pub fn build_channel( } #[cfg(test)] -#[allow( - clippy::unwrap_used, - clippy::expect_used, - clippy::panic, - reason = "test module" -)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/authority_client/integration_tests.rs b/crates/firma-sidecar/src/authority_client/integration_tests.rs index a9d62f6b..8e44ab44 100644 --- a/crates/firma-sidecar/src/authority_client/integration_tests.rs +++ b/crates/firma-sidecar/src/authority_client/integration_tests.rs @@ -7,7 +7,6 @@ //! valid bundle. #![cfg(test)] -#![allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] use std::sync::{Arc, Mutex}; use std::time::{Duration, Instant}; diff --git a/crates/firma-sidecar/src/authority_client/readiness.rs b/crates/firma-sidecar/src/authority_client/readiness.rs index 684fcb29..c6b272a5 100644 --- a/crates/firma-sidecar/src/authority_client/readiness.rs +++ b/crates/firma-sidecar/src/authority_client/readiness.rs @@ -93,7 +93,6 @@ impl ReadinessView { } #[cfg(test)] -#[allow(clippy::expect_used, reason = "test-only")] mod tests { use std::sync::Arc; use std::time::Duration; diff --git a/crates/firma-sidecar/src/authority_credentials.rs b/crates/firma-sidecar/src/authority_credentials.rs index ad341c84..a64c543c 100644 --- a/crates/firma-sidecar/src/authority_credentials.rs +++ b/crates/firma-sidecar/src/authority_credentials.rs @@ -189,7 +189,6 @@ fn trim_trailing_newlines(mut value: String) -> String { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, reason = "test module")] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/config.rs b/crates/firma-sidecar/src/config.rs index 91368da4..173c77cc 100644 --- a/crates/firma-sidecar/src/config.rs +++ b/crates/firma-sidecar/src/config.rs @@ -928,7 +928,6 @@ impl LocalExecConfig { // --------------------------------------------------------------------------- #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; @@ -1431,7 +1430,10 @@ mod tests { } #[test] - #[allow(clippy::too_many_lines)] + #[expect( + clippy::too_many_lines, + reason = "single end-to-end HTTP proxy TOML fixture is easier to review in one test" + )] fn test_full_toml_deserialization_http_proxy() { let toml_str = r#" [interceptor] diff --git a/crates/firma-sidecar/src/config/audit.rs b/crates/firma-sidecar/src/config/audit.rs index 5c02ff09..d687154a 100644 --- a/crates/firma-sidecar/src/config/audit.rs +++ b/crates/firma-sidecar/src/config/audit.rs @@ -165,7 +165,6 @@ const fn default_wal_max_bytes() -> u64 { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/config/capability_seed.rs b/crates/firma-sidecar/src/config/capability_seed.rs index 375bcfd0..723e0a98 100644 --- a/crates/firma-sidecar/src/config/capability_seed.rs +++ b/crates/firma-sidecar/src/config/capability_seed.rs @@ -42,7 +42,6 @@ impl CapabilitySeedConfig { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/config/connector.rs b/crates/firma-sidecar/src/config/connector.rs index cc838a87..5f9bccbc 100644 --- a/crates/firma-sidecar/src/config/connector.rs +++ b/crates/firma-sidecar/src/config/connector.rs @@ -108,7 +108,6 @@ const fn default_timeout_ms() -> u64 { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/config/enforcement.rs b/crates/firma-sidecar/src/config/enforcement.rs index a7cf1f41..2d15026d 100644 --- a/crates/firma-sidecar/src/config/enforcement.rs +++ b/crates/firma-sidecar/src/config/enforcement.rs @@ -1,5 +1,10 @@ //! Enforcement engine configuration. +#![allow( + dead_code, + reason = "Authority-wired capability manifest support is defined now but not consumed yet" +)] + use serde::Deserialize; const VALID_HTTP_METHODS: &[&str] = &[ @@ -217,7 +222,6 @@ impl CapabilityManifestEntry { /// # Errors /// /// Returns a message describing the first invalid field. - #[allow(dead_code, reason = "consumed once Authority integration is wired")] pub fn validate(&self) -> Result<(), String> { if self.agent_id.trim().is_empty() { return Err("agent_id must not be empty".into()); @@ -260,7 +264,6 @@ const fn default_stage2_timeout_ms() -> u64 { // --------------------------------------------------------------------------- #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/config/revocation.rs b/crates/firma-sidecar/src/config/revocation.rs index 68e11770..b5d93a88 100644 --- a/crates/firma-sidecar/src/config/revocation.rs +++ b/crates/firma-sidecar/src/config/revocation.rs @@ -66,7 +66,6 @@ const fn default_lru_capacity() -> usize { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/connector/provider/http.rs b/crates/firma-sidecar/src/connector/provider/http.rs index 4d055932..556358e9 100644 --- a/crates/firma-sidecar/src/connector/provider/http.rs +++ b/crates/firma-sidecar/src/connector/provider/http.rs @@ -387,7 +387,6 @@ fn duration_to_u64_micros(duration: Duration) -> u64 { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use std::collections::HashMap; use std::io::{self, Write}; diff --git a/crates/firma-sidecar/src/connector/registry.rs b/crates/firma-sidecar/src/connector/registry.rs index 773e691e..6779651c 100644 --- a/crates/firma-sidecar/src/connector/registry.rs +++ b/crates/firma-sidecar/src/connector/registry.rs @@ -76,7 +76,6 @@ impl ConnectorRegistry { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use std::collections::HashMap; use std::time::Duration; diff --git a/crates/firma-sidecar/src/credential.rs b/crates/firma-sidecar/src/credential.rs index 5e10f856..e006b893 100644 --- a/crates/firma-sidecar/src/credential.rs +++ b/crates/firma-sidecar/src/credential.rs @@ -62,7 +62,6 @@ impl CredentialInjector for NullCredentialInjector { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use firma_core::{ActionParams, ExecutionIntent, ExecutionMetadata, HttpMethod, HttpParams}; diff --git a/crates/firma-sidecar/src/credential/provider/basic.rs b/crates/firma-sidecar/src/credential/provider/basic.rs index b22971b7..c4f532d0 100644 --- a/crates/firma-sidecar/src/credential/provider/basic.rs +++ b/crates/firma-sidecar/src/credential/provider/basic.rs @@ -73,7 +73,6 @@ impl CredentialInjector for BasicCredentialInjector { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use firma_core::{ActionParams, ExecutionIntent, ExecutionMetadata, HttpMethod, HttpParams}; diff --git a/crates/firma-sidecar/src/credential/provider/composite.rs b/crates/firma-sidecar/src/credential/provider/composite.rs index 773b3492..3b7cce1a 100644 --- a/crates/firma-sidecar/src/credential/provider/composite.rs +++ b/crates/firma-sidecar/src/credential/provider/composite.rs @@ -45,7 +45,6 @@ impl CredentialInjector for CompositeCredentialInjector { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use crate::credential::provider::VaultSecretEntry; diff --git a/crates/firma-sidecar/src/credential/provider/vault.rs b/crates/firma-sidecar/src/credential/provider/vault.rs index d47bc5e5..e0f19b4b 100644 --- a/crates/firma-sidecar/src/credential/provider/vault.rs +++ b/crates/firma-sidecar/src/credential/provider/vault.rs @@ -118,7 +118,6 @@ impl CredentialInjector for VaultCredentialInjector { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use firma_core::{ActionParams, ExecutionIntent, ExecutionMetadata, HttpMethod, HttpParams}; diff --git a/crates/firma-sidecar/src/enforcement/capability_map.rs b/crates/firma-sidecar/src/enforcement/capability_map.rs index af03200d..d516024d 100644 --- a/crates/firma-sidecar/src/enforcement/capability_map.rs +++ b/crates/firma-sidecar/src/enforcement/capability_map.rs @@ -229,7 +229,6 @@ impl CapabilityMap { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use chrono::Utc; diff --git a/crates/firma-sidecar/src/enforcement/capability_validation.rs b/crates/firma-sidecar/src/enforcement/capability_validation.rs index b8bca653..cc8b3d7e 100644 --- a/crates/firma-sidecar/src/enforcement/capability_validation.rs +++ b/crates/firma-sidecar/src/enforcement/capability_validation.rs @@ -184,7 +184,6 @@ impl CapabilityValidator { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use crate::enforcement::capability_map::CapabilityEntry; diff --git a/crates/firma-sidecar/src/enforcement/cedar_evaluator.rs b/crates/firma-sidecar/src/enforcement/cedar_evaluator.rs index 8b9be8bf..9aa2813d 100644 --- a/crates/firma-sidecar/src/enforcement/cedar_evaluator.rs +++ b/crates/firma-sidecar/src/enforcement/cedar_evaluator.rs @@ -194,7 +194,6 @@ impl PolicyEvaluation for CedarPolicyEvaluator { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; use firma_core::policy::PolicyBundle; diff --git a/crates/firma-sidecar/src/enforcement/constraint_enforcement.rs b/crates/firma-sidecar/src/enforcement/constraint_enforcement.rs index 57d2e0ce..d4d45396 100644 --- a/crates/firma-sidecar/src/enforcement/constraint_enforcement.rs +++ b/crates/firma-sidecar/src/enforcement/constraint_enforcement.rs @@ -205,7 +205,6 @@ impl ConstraintEnforcer { /// (`PolicyBundleStale`), policy evaluation times out /// (`EnforcementTimeout`), or the policy evaluator returns an error /// (`FailClosed`). - #[allow(clippy::result_large_err)] pub async fn evaluate_with_timeout( &self, envelope: &NormalizedEnvelope, @@ -404,7 +403,6 @@ impl ConstraintEnforcer { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use crate::enforcement::session_state::RuntimeSignals; diff --git a/crates/firma-sidecar/src/enforcement/decision.rs b/crates/firma-sidecar/src/enforcement/decision.rs index 8ec3802c..24b96ddf 100644 --- a/crates/firma-sidecar/src/enforcement/decision.rs +++ b/crates/firma-sidecar/src/enforcement/decision.rs @@ -174,7 +174,6 @@ impl EnforcementDecision { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/enforcement/error.rs b/crates/firma-sidecar/src/enforcement/error.rs index ddaf8586..c6c1bca5 100644 --- a/crates/firma-sidecar/src/enforcement/error.rs +++ b/crates/firma-sidecar/src/enforcement/error.rs @@ -75,7 +75,6 @@ fn token_error_to_deny_reason(err: &TokenError) -> DenyReason { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/enforcement/registry.rs b/crates/firma-sidecar/src/enforcement/registry.rs index 6266b942..a87982e5 100644 --- a/crates/firma-sidecar/src/enforcement/registry.rs +++ b/crates/firma-sidecar/src/enforcement/registry.rs @@ -50,7 +50,10 @@ impl ActionClassRegistry { /// in-place additions covering the GitHub (12), Stripe (12), and /// Gmail (5) REST surfaces. #[must_use] - #[allow(clippy::too_many_lines)] + #[expect( + clippy::too_many_lines, + reason = "the canonical v0.1 action-class registry is maintained as one declarative literal" + )] pub fn v0_1() -> Self { use RiskLevel::{Critical, High, Low, Medium}; @@ -314,7 +317,6 @@ impl ActionClassRegistry { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/enforcement/revocation.rs b/crates/firma-sidecar/src/enforcement/revocation.rs index 2ccb1ec0..d5d645da 100644 --- a/crates/firma-sidecar/src/enforcement/revocation.rs +++ b/crates/firma-sidecar/src/enforcement/revocation.rs @@ -107,7 +107,6 @@ impl RevocationStore for BloomLruRevocationStore { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use std::sync::Arc; use std::thread; diff --git a/crates/firma-sidecar/src/enforcement/revocation/bloom.rs b/crates/firma-sidecar/src/enforcement/revocation/bloom.rs index f6d18409..9543b46b 100644 --- a/crates/firma-sidecar/src/enforcement/revocation/bloom.rs +++ b/crates/firma-sidecar/src/enforcement/revocation/bloom.rs @@ -71,7 +71,6 @@ impl AtomicBloom { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use std::sync::Arc; use std::thread; diff --git a/crates/firma-sidecar/src/enforcement/revocation/lru.rs b/crates/firma-sidecar/src/enforcement/revocation/lru.rs index c0ccf924..095809d3 100644 --- a/crates/firma-sidecar/src/enforcement/revocation/lru.rs +++ b/crates/firma-sidecar/src/enforcement/revocation/lru.rs @@ -32,7 +32,6 @@ impl LruSet { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/enforcement/revocation/metrics.rs b/crates/firma-sidecar/src/enforcement/revocation/metrics.rs index 93301191..4519b8b9 100644 --- a/crates/firma-sidecar/src/enforcement/revocation/metrics.rs +++ b/crates/firma-sidecar/src/enforcement/revocation/metrics.rs @@ -51,7 +51,6 @@ impl RevocationMetrics { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/enforcement/session_state.rs b/crates/firma-sidecar/src/enforcement/session_state.rs index 8d6ba657..ca1341dd 100644 --- a/crates/firma-sidecar/src/enforcement/session_state.rs +++ b/crates/firma-sidecar/src/enforcement/session_state.rs @@ -41,7 +41,11 @@ impl RuntimeSignals { /// ceiling means unbounded → emit `i64::MAX`. Otherwise emit /// `floor(ceiling - budget_consumed)` clamped to `i64`. #[must_use] - #[allow(clippy::cast_possible_truncation, clippy::cast_precision_loss)] + #[expect( + clippy::cast_possible_truncation, + clippy::cast_precision_loss, + reason = "conversion intentionally floors and clamps budget values into Cedar Long semantics" + )] pub fn budget_remaining_long(&self, ceiling: Option) -> i64 { let Some(ceiling) = ceiling else { return i64::MAX; @@ -63,7 +67,10 @@ impl RuntimeSignals { /// `risk_score` as a Cedar `Long` — floor-rounded. #[must_use] - #[allow(clippy::cast_possible_truncation)] + #[expect( + clippy::cast_possible_truncation, + reason = "conversion intentionally floors risk score into Cedar Long semantics" + )] pub fn risk_score_long(&self) -> i64 { // Fail-closed: NaN risk collapses to the most-positive Long so // `context.risk_score > N` policies always deny. @@ -173,13 +180,8 @@ impl SessionStateStore for LruSessionStateStore { } #[cfg(test)] -#[allow( - clippy::unwrap_used, - clippy::expect_used, - clippy::panic, - clippy::float_cmp -)] mod tests { + #![allow(clippy::float_cmp)] use super::*; use firma_core::SessionId; diff --git a/crates/firma-sidecar/src/handler.rs b/crates/firma-sidecar/src/handler.rs index 11351c9e..4d522b7a 100644 --- a/crates/firma-sidecar/src/handler.rs +++ b/crates/firma-sidecar/src/handler.rs @@ -46,7 +46,6 @@ pub enum HandledResponse { // same 403 response). Tests read it. `cfg_attr` keeps the // non-test build warning-clean without marking the attribute // unfulfilled during test compilation. - #[cfg_attr(not(test), allow(dead_code))] context: DenialContext, }, /// Request was approved by enforcement but the dispatch could not @@ -174,7 +173,6 @@ pub fn deny_body_json(reason: DenyReason, detail: &str) -> Vec { #[must_use] // Public API reserved for a future tool-call interceptor; V1 has no // tool-call transport so the function is only called from tests. -#[cfg_attr(not(test), allow(dead_code))] pub fn tool_denial_body_json( reason: DenyReason, detail: &str, @@ -707,7 +705,6 @@ fn parse_http_method(method: &str) -> HttpMethod { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] pub(crate) mod tests { use std::collections::HashMap; use std::net::SocketAddr; diff --git a/crates/firma-sidecar/src/health.rs b/crates/firma-sidecar/src/health.rs index 3e061672..c116e6b5 100644 --- a/crates/firma-sidecar/src/health.rs +++ b/crates/firma-sidecar/src/health.rs @@ -99,7 +99,6 @@ async fn handle(req: Request) -> Result, handler: Arc, @@ -1776,7 +1785,10 @@ fn deny_json_response(status: StatusCode, body: Vec) -> Response /// For absolute-form proxy requests (`http://host/path`), strips the scheme /// and authority to return just the path (e.g. `/path`). For origin-form /// requests (`/path`), returns the value unchanged. -#[allow(clippy::option_if_let_else)] +#[expect( + clippy::option_if_let_else, + reason = "absolute-form versus origin-form path parsing is clearer as one optional-prefix branch" +)] fn extract_path(raw_path: &[u8]) -> String { let s = String::from_utf8_lossy(raw_path); if let Some(rest) = s @@ -1797,7 +1809,6 @@ fn extract_path(raw_path: &[u8]) -> String { // Note: CONNECT routing is handled explicitly in `handle_connect_request`. #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use std::collections::HashMap; use std::io::Cursor; diff --git a/crates/firma-sidecar/src/interceptor/https_mitm.rs b/crates/firma-sidecar/src/interceptor/https_mitm.rs index 900413d6..37b80f13 100644 --- a/crates/firma-sidecar/src/interceptor/https_mitm.rs +++ b/crates/firma-sidecar/src/interceptor/https_mitm.rs @@ -554,7 +554,6 @@ fn validate_dns_hostname(host: &str) -> Result<(), String> { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use tempfile::tempdir; diff --git a/crates/firma-sidecar/src/interceptor/unix_socket.rs b/crates/firma-sidecar/src/interceptor/unix_socket.rs index ddc6bc8f..355880f1 100644 --- a/crates/firma-sidecar/src/interceptor/unix_socket.rs +++ b/crates/firma-sidecar/src/interceptor/unix_socket.rs @@ -264,7 +264,6 @@ fn deny_json_response(status: StatusCode, body: Vec) -> Response } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use std::net::SocketAddr; use std::time::Duration; diff --git a/crates/firma-sidecar/src/local_exec/endpoint.rs b/crates/firma-sidecar/src/local_exec/endpoint.rs index b600fd28..b48aabb0 100644 --- a/crates/firma-sidecar/src/local_exec/endpoint.rs +++ b/crates/firma-sidecar/src/local_exec/endpoint.rs @@ -75,7 +75,13 @@ pub struct LocalExecEndpoint { impl LocalExecEndpoint { /// Create the endpoint with the given socket path and handler. #[must_use] - #[cfg_attr(not(target_family = "unix"), allow(clippy::needless_pass_by_value))] + #[cfg_attr( + not(target_family = "unix"), + expect( + clippy::needless_pass_by_value, + reason = "non-unix builds keep the constructor signature aligned with the unix implementation" + ) + )] pub fn new(socket_path: PathBuf, handler: LocalExecHandler) -> Self { #[cfg(target_family = "unix")] { @@ -359,10 +365,12 @@ fn validate_peer_uid(stream: &UnixStream) -> io::Result<()> { // Tests // --------------------------------------------------------------------------- -#[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] -#[cfg(target_family = "unix")] +#[cfg(all(test, target_family = "unix"))] mod tests { + #![allow( + clippy::expect_used, + reason = "unix-only endpoint tests use expect for socket setup and wire round-trips" + )] use std::time::Duration; use super::*; diff --git a/crates/firma-sidecar/src/local_exec/handler.rs b/crates/firma-sidecar/src/local_exec/handler.rs index 630caceb..20430596 100644 --- a/crates/firma-sidecar/src/local_exec/handler.rs +++ b/crates/firma-sidecar/src/local_exec/handler.rs @@ -459,7 +459,6 @@ fn compute_fingerprint(request: &LocalExecRequest) -> String { // --------------------------------------------------------------------------- #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/local_exec/token_store.rs b/crates/firma-sidecar/src/local_exec/token_store.rs index 78e2c7b9..eb20ff15 100644 --- a/crates/firma-sidecar/src/local_exec/token_store.rs +++ b/crates/firma-sidecar/src/local_exec/token_store.rs @@ -251,7 +251,10 @@ impl InMemoryTokenStore { /// so `firma-run` knows to keep polling until the operator approves or the /// TTL expires. Context binding is checked for both `Pending` and `Approved` /// tokens to fail-close on mismatched retries. - #[allow(clippy::significant_drop_tightening)] + #[expect( + clippy::significant_drop_tightening, + reason = "explicit lock scope keeps token state transitions atomic before returning derived results" + )] pub fn validate_and_consume( &self, token_id: &str, @@ -306,7 +309,10 @@ impl InMemoryTokenStore { /// Approve a pending token, making it consumable by `firma-run`. /// /// Idempotent on [`TokenState::Approved`]. - #[allow(clippy::significant_drop_tightening)] + #[expect( + clippy::significant_drop_tightening, + reason = "explicit lock scope keeps token state transitions atomic before returning derived results" + )] pub fn approve(&self, token_id: &str) -> ApproveResult { let mut guard = lock_or_recover(&self.tokens); @@ -333,7 +339,10 @@ impl InMemoryTokenStore { /// Revoke a pending or approved token, preventing any future consumption. /// /// Idempotent on [`TokenState::Revoked`]. - #[allow(clippy::significant_drop_tightening)] + #[expect( + clippy::significant_drop_tightening, + reason = "explicit lock scope keeps token state transitions atomic before returning derived results" + )] pub fn revoke(&self, token_id: &str) -> RevokeResult { let mut guard = lock_or_recover(&self.tokens); @@ -418,7 +427,6 @@ impl TokenStore for InMemoryTokenStore { // --------------------------------------------------------------------------- #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-sidecar/src/normalizer.rs b/crates/firma-sidecar/src/normalizer.rs index 20a4c14b..511b4654 100644 --- a/crates/firma-sidecar/src/normalizer.rs +++ b/crates/firma-sidecar/src/normalizer.rs @@ -385,7 +385,6 @@ fn normalize_path(path: &str) -> String { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use crate::config::{MappingRuleConfig, MappingRulesFile}; diff --git a/crates/firma-sidecar/src/normalizer/mapping.rs b/crates/firma-sidecar/src/normalizer/mapping.rs index 06fb1c43..16b27ba6 100644 --- a/crates/firma-sidecar/src/normalizer/mapping.rs +++ b/crates/firma-sidecar/src/normalizer/mapping.rs @@ -228,7 +228,6 @@ fn glob_match(pattern: &str, value: &str) -> bool { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use crate::config::MappingRuleConfig; diff --git a/crates/firma-sidecar/src/pipeline.rs b/crates/firma-sidecar/src/pipeline.rs index 646d817b..b3fdb22c 100644 --- a/crates/firma-sidecar/src/pipeline.rs +++ b/crates/firma-sidecar/src/pipeline.rs @@ -565,7 +565,6 @@ fn extract_host(resource: &str) -> &str { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use crate::config::{MappingRuleConfig, MappingRulesFile}; diff --git a/crates/firma-sidecar/src/startup/capability.rs b/crates/firma-sidecar/src/startup/capability.rs index 0c5926d4..1b325540 100644 --- a/crates/firma-sidecar/src/startup/capability.rs +++ b/crates/firma-sidecar/src/startup/capability.rs @@ -153,7 +153,6 @@ impl TokenVerifier for RejectAllVerifier { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use firma_core::TokenSigner; diff --git a/crates/firma-sidecar/src/startup/log_contract.rs b/crates/firma-sidecar/src/startup/log_contract.rs index 7477332e..bf2a7d43 100644 --- a/crates/firma-sidecar/src/startup/log_contract.rs +++ b/crates/firma-sidecar/src/startup/log_contract.rs @@ -118,7 +118,6 @@ pub fn compute_policy_bundle_version(policy_dir: &Path) -> std::io::Result<(Stri } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-stack/src/config.rs b/crates/firma-stack/src/config.rs index c5aaaf6b..9a172437 100644 --- a/crates/firma-stack/src/config.rs +++ b/crates/firma-stack/src/config.rs @@ -49,7 +49,6 @@ pub fn resolve_stack_config(cli_override: Option<&Path>) -> Result } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; use tempfile::tempdir; diff --git a/crates/firma-stack/src/detach.rs b/crates/firma-stack/src/detach.rs index 70577d18..ff411c25 100644 --- a/crates/firma-stack/src/detach.rs +++ b/crates/firma-stack/src/detach.rs @@ -35,7 +35,10 @@ pub fn spawn_supervisor(state_dir: &Path) -> Result<()> { // Detach from the controlling terminal so closing the parent shell // does not deliver SIGHUP to the supervisor. `setsid` must run in // the child between fork and exec. - #[allow(unsafe_code)] + #[expect( + unsafe_code, + reason = "CommandExt::pre_exec is required here to call setsid in the fork/exec window" + )] // SAFETY: `setsid` is async-signal-safe and is the only syscall in // the pre-exec closure. No allocator or locks are used. unsafe { diff --git a/crates/firma-stack/src/platform.rs b/crates/firma-stack/src/platform.rs index 7ff68e16..944a741c 100644 --- a/crates/firma-stack/src/platform.rs +++ b/crates/firma-stack/src/platform.rs @@ -18,10 +18,16 @@ pub struct Group { } #[cfg(windows)] -#[allow(unsafe_code)] +#[expect( + unsafe_code, + reason = "the Windows Group wraps an owned Job Object handle that is safe to move across threads" +)] unsafe impl Send for Group {} #[cfg(windows)] -#[allow(unsafe_code)] +#[expect( + unsafe_code, + reason = "shared references rely on Windows Job Object handle semantics rather than Rust auto-derivation" +)] unsafe impl Sync for Group {} #[cfg(windows)] diff --git a/crates/firma-stack/src/platform/windows.rs b/crates/firma-stack/src/platform/windows.rs index 4960081d..e7253d4d 100644 --- a/crates/firma-stack/src/platform/windows.rs +++ b/crates/firma-stack/src/platform/windows.rs @@ -153,11 +153,6 @@ impl Platform for WindowsPlatform { } #[cfg(test)] -#[allow( - clippy::unwrap_used, - clippy::expect_used, - reason = "test code: panics are acceptable test failures" -)] mod tests { use windows_sys::Win32::Foundation::WAIT_OBJECT_0; use windows_sys::Win32::System::Threading::{CreateEventW, WaitForSingleObject}; diff --git a/crates/firma-stack/src/runtime_paths.rs b/crates/firma-stack/src/runtime_paths.rs index 124884d6..6825aa15 100644 --- a/crates/firma-stack/src/runtime_paths.rs +++ b/crates/firma-stack/src/runtime_paths.rs @@ -22,8 +22,13 @@ pub fn default_runtime_dir() -> PathBuf { /// Compute the runtime dir from explicit inputs. Exposed for tests and /// internal callers that need to inject environment overrides. #[doc(hidden)] -#[cfg_attr(windows, allow(clippy::needless_pass_by_value))] -#[cfg_attr(unix, allow(clippy::needless_pass_by_value))] +#[cfg_attr( + unix, + expect( + clippy::needless_pass_by_value, + reason = "the pure helper takes owned env overrides so tests and callers can pass them through directly" + ) +)] #[must_use] pub fn default_runtime_dir_from( xdg_runtime_dir: Option, @@ -86,7 +91,6 @@ fn current_uid() -> u32 { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma-stack/src/state_dir.rs b/crates/firma-stack/src/state_dir.rs index 285b2eb7..bf004f71 100644 --- a/crates/firma-stack/src/state_dir.rs +++ b/crates/firma-stack/src/state_dir.rs @@ -23,7 +23,13 @@ pub fn resolve_state_dir(flag: Option) -> Result { } #[doc(hidden)] -#[cfg_attr(windows, allow(clippy::needless_pass_by_value))] +#[cfg_attr( + windows, + expect( + clippy::needless_pass_by_value, + reason = "the pure helper takes owned env overrides so tests and callers can pass them through directly" + ) +)] pub fn resolve_state_dir_from( flag: Option, firma_state_dir: Option, diff --git a/crates/firma-stack/tests/sidecar_markers.rs b/crates/firma-stack/tests/sidecar_markers.rs index 7bebce17..8e0405f3 100644 --- a/crates/firma-stack/tests/sidecar_markers.rs +++ b/crates/firma-stack/tests/sidecar_markers.rs @@ -1,14 +1,15 @@ //! Integration tests for the per-run sidecar marker reader. +#![allow( + clippy::expect_used, + reason = "integration-test setup uses expect to fail fast on fixture construction" +)] + use std::fs; use std::path::Path; use firma_stack::MetadataFile; -#[allow( - clippy::expect_used, - reason = "test helper: panics are acceptable test failures" -)] fn write_marker(run_dir: &Path, sandbox_id: &str, pid: u32) { write_marker_with_listen(run_dir, sandbox_id, pid, None); } @@ -17,10 +18,6 @@ fn write_marker(run_dir: &Path, sandbox_id: &str, pid: u32) { /// (a `host:port` pair for an `http_proxy` interceptor, or a socket path). /// `None` omits the field, mirroring a legacy marker written before /// FIR-195. -#[allow( - clippy::expect_used, - reason = "test helper: panics are acceptable test failures" -)] fn write_marker_with_listen(run_dir: &Path, sandbox_id: &str, pid: u32, listen: Option<&str>) { let dir = run_dir.join(sandbox_id); fs::create_dir_all(&dir).expect("mkdir marker dir"); @@ -76,10 +73,6 @@ fn live_pid_no_socket_is_unhealthy() { /// Spawn and immediately reap a child, returning its now-dead PID. /// /// `is_alive` on this PID returns false (ESRCH) until the OS reuses the slot. -#[allow( - clippy::expect_used, - reason = "test helper: panics are acceptable test failures" -)] fn reaped_dead_pid() -> u32 { #[cfg(windows)] let mut child = std::process::Command::new("cmd") diff --git a/crates/firma/src/args/config.rs b/crates/firma/src/args/config.rs index eb79c02e..6a58079f 100644 --- a/crates/firma/src/args/config.rs +++ b/crates/firma/src/args/config.rs @@ -37,7 +37,10 @@ impl Mode { /// Scaffold a new agent config directory interactively. #[derive(Debug, Args)] -#[allow(clippy::struct_excessive_bools)] +#[expect( + clippy::struct_excessive_bools, + reason = "this type intentionally models independent CLI/runtime flags one-to-one" +)] pub struct InitArgs { /// What to configure: agent-local | agent-remote | authority. #[arg(long, value_enum)] diff --git a/crates/firma/src/args/monitor.rs b/crates/firma/src/args/monitor.rs index 3713cb6c..39ea7c63 100644 --- a/crates/firma/src/args/monitor.rs +++ b/crates/firma/src/args/monitor.rs @@ -7,7 +7,10 @@ use clap::{Args as ClapArgs, ValueEnum}; /// Parsed `firma monitor` command-line arguments. // X-compliance: struct_excessive_bools is acceptable for CLI args structs where // each bool maps 1-to-1 to a distinct command-line flag. -#[allow(clippy::struct_excessive_bools)] +#[expect( + clippy::struct_excessive_bools, + reason = "this type intentionally models independent CLI/runtime flags one-to-one" +)] #[derive(Debug, ClapArgs)] pub struct Args { /// Accepted for compatibility; `state_dir` is resolved from @@ -104,7 +107,6 @@ pub enum Format { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma/src/args/run.rs b/crates/firma/src/args/run.rs index 188e5992..dce8fc65 100644 --- a/crates/firma/src/args/run.rs +++ b/crates/firma/src/args/run.rs @@ -10,7 +10,10 @@ use firma_run::config::SandboxIdentityMode; /// Arguments for `firma run`. #[derive(Debug, Args)] -#[allow(clippy::struct_excessive_bools)] +#[expect( + clippy::struct_excessive_bools, + reason = "this type intentionally models independent CLI/runtime flags one-to-one" +)] pub struct RunArgs { /// Built-in agent profile (e.g. `generic`, `codex`, `claude-code`) that selects /// default backend, identity mode and policy bundle. diff --git a/crates/firma/src/doctor/config_parse.rs b/crates/firma/src/doctor/config_parse.rs index 2e5716ff..3c263b41 100644 --- a/crates/firma/src/doctor/config_parse.rs +++ b/crates/firma/src/doctor/config_parse.rs @@ -45,7 +45,6 @@ pub fn check(firma_toml: &Path) -> Check { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use super::*; use crate::doctor::report::Status; diff --git a/crates/firma/src/doctor/reachability.rs b/crates/firma/src/doctor/reachability.rs index 822e57e9..2f48b156 100644 --- a/crates/firma/src/doctor/reachability.rs +++ b/crates/firma/src/doctor/reachability.rs @@ -160,7 +160,6 @@ pub fn reconcile_reachability(daemon: Check, live_running: usize) -> Check { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use std::io::ErrorKind; use std::net::{Ipv4Addr, TcpListener}; diff --git a/crates/firma/src/monitor/filters.rs b/crates/firma/src/monitor/filters.rs index 287c161e..cf0c2993 100644 --- a/crates/firma/src/monitor/filters.rs +++ b/crates/firma/src/monitor/filters.rs @@ -105,7 +105,6 @@ fn decision_matches(parsed: &AuditLite, want: Decision) -> bool { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma/src/monitor/render.rs b/crates/firma/src/monitor/render.rs index c14f2139..4b0bbf9c 100644 --- a/crates/firma/src/monitor/render.rs +++ b/crates/firma/src/monitor/render.rs @@ -140,7 +140,6 @@ fn json_escape(value: &str) -> String { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use crate::args::monitor::{Decision, Format}; diff --git a/crates/firma/src/monitor/tailer.rs b/crates/firma/src/monitor/tailer.rs index 7766f654..7589c066 100644 --- a/crates/firma/src/monitor/tailer.rs +++ b/crates/firma/src/monitor/tailer.rs @@ -32,7 +32,7 @@ pub struct Line { pub raw: String, } -#[allow( +#[expect( clippy::needless_pass_by_value, reason = "tailers run in spawned threads and intentionally own these handles" )] diff --git a/crates/firma/src/output.rs b/crates/firma/src/output.rs index cc8b2749..6f73fe29 100644 --- a/crates/firma/src/output.rs +++ b/crates/firma/src/output.rs @@ -9,6 +9,11 @@ //! render the same way across `firma run`, `firma authority`, `firma config`, //! `firma doctor`, `firma monitor`, `firma policy`, and friends. +#![allow( + dead_code, + reason = "Info is reserved for future callers in the shared CLI output surface" +)] + use std::io::{IsTerminal as _, Write as _}; use owo_colors::{OwoColorize as _, Stream}; @@ -18,10 +23,6 @@ const TERM_WIDTH: usize = 80; const PREFIX_WIDTH: usize = 7; #[derive(Clone, Copy)] -#[allow( - dead_code, - reason = "Info is reserved for future informational lines; output::info is part of the public surface" -)] enum Level { Ok, Info, @@ -64,10 +65,6 @@ pub fn ok(msg: impl AsRef) { } /// Emit an informational line to stdout. -#[allow( - dead_code, - reason = "part of the public output surface; not all callers wired yet" -)] pub fn info(msg: impl AsRef) { emit(Level::Info, msg.as_ref()); } diff --git a/crates/firma/src/policy/bundle.rs b/crates/firma/src/policy/bundle.rs index 3683452e..ad604164 100644 --- a/crates/firma/src/policy/bundle.rs +++ b/crates/firma/src/policy/bundle.rs @@ -114,7 +114,6 @@ pub fn read_policy_set(dir: &Path) -> Result { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use std::fs; diff --git a/crates/firma/src/policy/fixture.rs b/crates/firma/src/policy/fixture.rs index 4c822a85..cedfb732 100644 --- a/crates/firma/src/policy/fixture.rs +++ b/crates/firma/src/policy/fixture.rs @@ -255,7 +255,6 @@ pub fn merged_context(overrides: &BTreeMap) -> serde_json:: } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; diff --git a/crates/firma/src/policy/test_fixture.rs b/crates/firma/src/policy/test_fixture.rs index 508c7460..b1ff5584 100644 --- a/crates/firma/src/policy/test_fixture.rs +++ b/crates/firma/src/policy/test_fixture.rs @@ -70,7 +70,10 @@ impl Outcome { /// Never returns `Err`: every failure is converted to a stderr diagnostic /// plus a non-zero [`ExitCode`], keeping evaluation fail-closed. The /// `anyhow::Result` return type matches sibling `firma` service entry points. -#[allow(clippy::unnecessary_wraps)] +#[expect( + clippy::unnecessary_wraps, + reason = "matches the shared CLI service entry-point signature returning anyhow::Result" +)] pub fn run(path: &Path) -> anyhow::Result { let outcome = evaluate_to_outcome(path); if let Some(stdout) = outcome.stdout { @@ -221,7 +224,6 @@ fn build_uids(fixture: &Fixture) -> Result<(EntityUid, EntityUid, EntityUid), St } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] mod tests { use super::*; use std::fs; diff --git a/crates/firma/src/policy/validate.rs b/crates/firma/src/policy/validate.rs index 0beea77a..d579e536 100644 --- a/crates/firma/src/policy/validate.rs +++ b/crates/firma/src/policy/validate.rs @@ -34,7 +34,10 @@ use miette::{Diagnostic, GraphicalReportHandler, GraphicalTheme, NamedSource, Re // The `Result` wrapper is intentional and not removable: it is the shared // contract for `firma` service entry points dispatched by `main.rs`, and the // sibling `PolicyCommand::Test` arm in `services::policy` does return `Err`. -#[allow(clippy::unnecessary_wraps)] +#[expect( + clippy::unnecessary_wraps, + reason = "matches the shared CLI service entry-point signature returning anyhow::Result" +)] pub fn run(path: &Path) -> anyhow::Result { let (code, diagnostic) = validate_to_outcome(path); if let Some(diagnostic) = diagnostic { diff --git a/crates/firma/src/services/config.rs b/crates/firma/src/services/config.rs index af65cb54..bc39f38f 100644 --- a/crates/firma/src/services/config.rs +++ b/crates/firma/src/services/config.rs @@ -1141,7 +1141,6 @@ fn resolve_state_dir_with_default( /// /// # Errors /// Returns a formatted string on any filesystem or key-generation failure. -#[allow(clippy::too_many_lines)] pub fn scaffold_from_plan(plan: &ScaffoldPlan) -> Result<()> { let mappings = provider_to_mappings(&plan.provider); let (mode, authority) = match &plan.authority { @@ -1263,7 +1262,6 @@ fn provider_to_profile(provider: &str) -> String { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic)] mod tests { use strum::IntoEnumIterator; diff --git a/crates/firma/src/services/config/doc.rs b/crates/firma/src/services/config/doc.rs index 86639c24..cb5564f6 100644 --- a/crates/firma/src/services/config/doc.rs +++ b/crates/firma/src/services/config/doc.rs @@ -27,6 +27,11 @@ //! Keeping a strict entry only *narrows* the egress surface (fail-closed), //! so preserving it is safe. +#![allow( + dead_code, + reason = "some backend-selection helpers are compiled only for non-test host combinations" +)] + use std::path::Path; use anyhow::{Result, bail}; @@ -289,7 +294,10 @@ fn default_run_backend() -> &'static str { { return backend_for_linux(firma_run::backend::platform::detect_wsl()); } - #[allow(unreachable_code)] + #[expect( + unreachable_code, + reason = "fallback satisfies exhaustive return typing after cfg-gated platform branches" + )] "bwrap" } @@ -302,7 +310,6 @@ fn default_run_backend() -> &'static str { // // Only invoked from the Linux branch of `default_run_backend`; on other // targets it is exercised solely by unit tests, so silence dead-code there. -#[cfg_attr(not(target_os = "linux"), allow(dead_code))] fn backend_for_linux(wsl: firma_run::backend::platform::WslKind) -> &'static str { if wsl.is_wsl() { "wsl2" } else { "bwrap" } } @@ -543,7 +550,6 @@ fn set_str_array(table: &mut Table, key: &str, items: &[String]) { } #[cfg(test)] -#[allow(clippy::unwrap_used, clippy::panic, clippy::expect_used)] mod tests { use super::*; diff --git a/crates/firma/src/services/doctor.rs b/crates/firma/src/services/doctor.rs index c6cc83a9..d8597493 100644 --- a/crates/firma/src/services/doctor.rs +++ b/crates/firma/src/services/doctor.rs @@ -88,7 +88,6 @@ fn marker_state_is_live(state: firma_stack::status::State) -> bool { /// the `block_on` call without extra synchronisation. struct RenderedReport(Report, bool); -#[allow(clippy::too_many_lines)] async fn build_report(args: Args) -> RenderedReport { let mut report = Report::default(); let timeout = Duration::from_millis(args.timeout_ms); diff --git a/crates/firma/src/services/sidecar_status.rs b/crates/firma/src/services/sidecar_status.rs index 13307bf7..bc972838 100644 --- a/crates/firma/src/services/sidecar_status.rs +++ b/crates/firma/src/services/sidecar_status.rs @@ -80,7 +80,7 @@ pub fn render_pretty(rows: &[SidecarEntry]) -> String { /// /// Internal failures print to stderr and map to exit code 2 so the caller /// does not double-report. -#[allow( +#[expect( clippy::unnecessary_wraps, reason = "uniform with every other services::*::run returning anyhow::Result; errors are handled internally and mapped to exit code 2, never propagated" )] diff --git a/crates/firma/src/signal/windows.rs b/crates/firma/src/signal/windows.rs index 5e24714c..5a0b7fcb 100644 --- a/crates/firma/src/signal/windows.rs +++ b/crates/firma/src/signal/windows.rs @@ -72,11 +72,6 @@ pub fn install_listener(token: CancellationToken) { } #[cfg(test)] -#[allow( - clippy::unwrap_used, - clippy::expect_used, - reason = "test code: panics are acceptable test failures" -)] mod tests { use std::time::Duration; diff --git a/crates/firma/tests/firma_config.rs b/crates/firma/tests/firma_config.rs index d6f0533e..9f70b129 100644 --- a/crates/firma/tests/firma_config.rs +++ b/crates/firma/tests/firma_config.rs @@ -78,7 +78,7 @@ fn assert_unified_config_parses(firma_toml: &Path) { } #[test] -#[allow(clippy::too_many_lines, reason = "linear scenario test")] +#[expect(clippy::too_many_lines, reason = "linear scenario test")] fn reads_existing_config_as_defaults_and_allows_overrides() { let tmp = tempfile::tempdir().expect("tmpdir"); let config_dir = tmp.path().join("config");