vrr/ruvector
2
0
Fork 0
mirror of https://github.com/ruvnet/RuVector.git synced 2026-05-24 22:15:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
ruvector/crates/ruvector-tiny-dancer-node/Cargo.toml
rUv eafba64fa5
fix(security): RUSTSEC advisories + clippy hardening in RuVector (#504) 
* fix(security): RUSTSEC advisories + clippy hardening in RuVector

- Replace all bare `partial_cmp().unwrap()` calls on f32/f64 with
  `.unwrap_or(Ordering::Equal)` to prevent panics on NaN values in
  sorting/max-by operations across ruvllm, ruvector-dag, prime-radiant,
  and rvagent-wasm (12 sites in production code).
- Add input validation guards to the HTTP search endpoint: reject k=0,
  k > 10_000, empty vectors, and vectors exceeding 65_536 dimensions,
  preventing memory exhaustion via unbounded allocations.
- Harden LocalFsBackend::execute in rvagent-cli with env_clear() +
  safe-env allowlist (SEC-005), deadline-based timeout enforcement, and
  1 MB output truncation, matching the security posture of LocalShellBackend.
- Remove 129 occurrences of the deprecated `unused_unit = "allow"` lint
  and 3 occurrences of the removed `clippy::match_on_vec_items` lint from
  Cargo.toml files workspace-wide; both are no-ops in current Rust/Clippy.
- All 653+ tests across ruvector-core, ruvector-server, ruvector-dag,
  rvagent-cli, and prime-radiant pass with zero failures.

Note: `bytes` is already at 1.11.1 (>= 1.10.0); `paste` 1.0.15 is a
transitive dependency with no semver fix available upstream; `cargo audit`
returns clean.

Co-Authored-By: claude-flow <ruv@ruv.net>

* fix(ci): cargo fmt + restore workspace unused_unit lint allow

- Run cargo fmt --all across all 9 files that drifted from rustfmt style
  (prime-radiant/energy.rs, ruvector-dag/bottleneck.rs+reasoning_bank.rs,
   ruvector-server/points.rs, ruvllm/pretrain_pipeline.rs+report.rs+registry.rs,
   rvagent-cli/app.rs, rvagent-wasm/gallery.rs)
- Add [workspace.lints.clippy] unused_unit = "allow" to root Cargo.toml;
  the per-crate entries removed in the security commit were still needed —
  moving to workspace-level is cleaner and restores -D warnings CI pass

Co-Authored-By: claude-flow <ruv@ruv.net>

* fix(ci): remove unneeded unit return type in ruvix bench

Removes `-> ()` from the Fn bound in run_benchmark_with_kernel
(crates/ruvix/benches/src/ruvix.rs:50) — triggers clippy::unused_unit
under -D warnings. Clippy prefers `Fn(&mut Kernel)` without explicit
unit return.

Co-Authored-By: claude-flow <ruv@ruv.net>

* fix(ci): resolve rustfmt and clippy unused_unit failures

- Run cargo fmt --all to fix long closure formatting in 9 files
  (energy.rs, bottleneck.rs, reasoning_bank.rs, points.rs,
  pretrain_pipeline.rs, report.rs, registry.rs, app.rs, gallery.rs)
- Add unused_unit = "allow" to [lints.clippy] in ruvix-bench and
  ruvector-mincut Cargo.toml files to suppress the unused_unit lint
  that was previously suppressed globally and now fires on two
  Fn(&mut T) -> () and FnMut() -> () function bounds

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-05-23 05:40:24 -04:00

232 lines
6.6 KiB
TOML
Raw Permalink Blame History

[package]
name = "ruvector-tiny-dancer-node"
version.workspace = true
edition.workspace = true
rust-version.workspace = true
license.workspace = true
authors.workspace = true
repository.workspace = true
readme = "README.md"
description = "Node.js bindings for Tiny Dancer neural routing via NAPI-RS"
[lib]
crate-type = ["cdylib"]
[dependencies]
ruvector-tiny-dancer-core = { version = "2.0", path = "../ruvector-tiny-dancer-core" }
# Node.js bindings
napi = { workspace = true }
napi-derive = { workspace = true }
# Async
tokio = { workspace = true }
# Error handling
thiserror = { workspace = true }
anyhow = { workspace = true }
# Serialization
serde = { workspace = true }
serde_json = { workspace = true }
# Time
chrono = { workspace = true }
# Concurrency
parking_lot = { workspace = true }
[build-dependencies]
napi-build = "2.1"
[profile.release]
lto = true
strip = true
# Workspace cleanup pass: research-tier crate, doc/style churn deferred. Correctness + suspicious lints stay denied.
[lints.rust]
unexpected_cfgs = { level = "allow", priority = -1 }
unused_imports = "allow"
dead_code = "allow"
unused_variables = "allow"
unused_mut = "allow"
unused_assignments = "allow"
unused_must_use = "allow"
missing_docs = "allow"
unsafe_op_in_unsafe_fn = "allow"
unused_parens = "allow"
unused_comparisons = "allow"
non_local_definitions = "allow"
static_mut_refs = "allow"
non_camel_case_types = "allow"
deprecated = "allow"
ambiguous_glob_reexports = "allow"
non_upper_case_globals = "allow"
unused_doc_comments = "allow"
unused_unsafe = "allow"
unreachable_patterns = "allow"
suspicious_double_ref_op = "allow"
[lints.clippy]
pedantic = { level = "allow", priority = -2 }
correctness = { level = "deny", priority = -1 }
suspicious = { level = "deny", priority = -1 }
needless_range_loop = "allow"
needless_borrow = "allow"
needless_borrows_for_generic_args = "allow"
needless_update = "allow"
needless_bool = "allow"
needless_pass_by_value = "allow"
manual_div_ceil = "allow"
manual_is_multiple_of = "allow"
manual_range_contains = "allow"
manual_clamp = "allow"
manual_checked_ops = "allow"
manual_let_else = "allow"
manual_memcpy = "allow"
manual_repeat_n = "allow"
manual_contains = "allow"
manual_flatten = "allow"
manual_abs_diff = "allow"
manual_slice_size_calculation = "allow"
redundant_closure = "allow"
redundant_closure_for_method_calls = "allow"
redundant_field_names = "allow"
len_zero = "allow"
get_first = "allow"
useless_vec = "allow"
too_many_arguments = "allow"
derivable_impls = "allow"
approx_constant = "allow"
assertions_on_constants = "allow"
field_reassign_with_default = "allow"
nonminimal_bool = "allow"
collapsible_if = "allow"
collapsible_match = "allow"
inconsistent_digit_grouping = "allow"
unnecessary_sort_by = "allow"
unnecessary_map_or = "allow"
unnecessary_filter_map = "allow"
unnecessary_lazy_evaluations = "allow"
unnecessary_cast = "allow"
unnecessary_to_owned = "allow"
unnecessary_wraps = "allow"
unnecessary_literal_unwrap = "allow"
unnecessary_struct_initialization = "allow"
should_implement_trait = "allow"
ptr_arg = "allow"
let_unit_value = "allow"
let_and_return = "allow"
type_complexity = "allow"
identity_op = "allow"
match_like_matches_macro = "allow"
match_same_arms = "allow"
match_single_binding = "allow"
vec_init_then_push = "allow"
absurd_extreme_comparisons = "allow"
incompatible_msrv = "allow"
unused_enumerate_index = "allow"
unused_self = "allow"
map_clone = "allow"
map_unwrap_or = "allow"
result_map_or_into_option = "allow"
unusual_byte_groupings = "allow"
if_same_then_else = "allow"
unnested_or_patterns = "allow"
uninlined_format_args = "allow"
single_match_else = "allow"
single_char_pattern = "allow"
mixed_attributes_style = "allow"
arc_with_non_send_sync = "allow"
bool_assert_comparison = "allow"
bool_comparison = "allow"
bind_instead_of_map = "allow"
cloned_ref_to_slice_refs = "allow"
large_stack_arrays = "allow"
implicit_saturating_sub = "allow"
ignored_unit_patterns = "allow"
explicit_iter_loop = "allow"
elidable_lifetime_names = "allow"
doc_markdown = "allow"
doc_overindented_list_items = "allow"
comparison_chain = "allow"
clone_on_copy = "allow"
items_after_statements = "allow"
inline_always = "allow"
format_push_string = "allow"
format_collect = "allow"
for_kv_map = "allow"
float_cmp = "allow"
if_not_else = "allow"
return_self_not_must_use = "allow"
missing_fields_in_debug = "allow"
upper_case_acronyms = "allow"
wildcard_imports = "allow"
must_use_candidate = "allow"
cast_possible_truncation = "allow"
cast_possible_wrap = "allow"
cast_precision_loss = "allow"
cast_lossless = "allow"
cast_sign_loss = "allow"
unreadable_literal = "allow"
struct_excessive_bools = "allow"
trivially_copy_pass_by_ref = "allow"
missing_safety_doc = "allow"
missing_errors_doc = "allow"
missing_panics_doc = "allow"
similar_names = "allow"
module_name_repetitions = "allow"
assign_op_pattern = "allow"
iter_cloned_collect = "allow"
excessive_precision = "allow"
await_holding_refcell_ref = "allow"
unnecessary_unwrap = "allow"
unit_arg = "allow"
redundant_pattern_matching = "allow"
question_mark = "allow"
partialeq_to_none = "allow"
new_without_default = "allow"
map_flatten = "allow"
manual_unwrap_or = "allow"
len_without_is_empty = "allow"
format_in_format_args = "allow"
single_char_add_str = "allow"
useless_conversion = "allow"
useless_format = "allow"
doc_lazy_continuation = "allow"
manual_strip = "allow"
double_ended_iterator_last = "allow"
unwrap_or_default = "allow"
single_component_path_imports = "allow"
needless_return = "allow"
int_plus_one = "allow"
needless_lifetimes = "allow"
explicit_counter_loop = "allow"
unnecessary_mut_passed = "allow"
module_inception = "allow"
option_as_ref_deref = "allow"
print_literal = "allow"
explicit_auto_deref = "allow"
manual_swap = "allow"
writeln_empty_string = "allow"
items_after_test_module = "allow"
no_effect = "allow"
non_canonical_partial_ord_impl = "allow"
wildcard_in_or_patterns = "allow"
large_enum_variant = "allow"
not_unsafe_ptr_arg_deref = { level = "allow", priority = 1 }
erasing_op = { level = "allow", priority = 1 }
almost_swapped = { level = "allow", priority = 1 }
cast_abs_to_unsigned = { level = "allow", priority = 1 }
let_underscore_lock = { level = "allow", priority = 1 }
no_effect_replace = { level = "allow", priority = 1 }
await_holding_lock = { level = "allow", priority = 1 }
needless_character_iteration = { level = "allow", priority = 1 }
unnecessary_get_then_check = { level = "allow", priority = 1 }
let_underscore_future = { level = "allow", priority = 1 }
overly_complex_bool_expr = { level = "allow", priority = 1 }
zombie_processes = { level = "allow", priority = 1 }
repeat_vec_with_capacity = { level = "allow", priority = 1 }
missing_transmute_annotations = { level = "allow", priority = 1 }
Reference in a new issue View git blame Copy permalink