mirror of
https://github.com/ruvnet/RuVector.git
synced 2026-07-09 17:28:42 +00:00
* fix(ruvector-npm): accurate MCP tool count + reconcile tool lists (0.2.33) The package advertised 103 MCP tools but the server registers 97, and the README listed 12 tools (brain_agi_*, midstream_*) that don't exist. Three independent sources had also drifted: server TOOLS array (97), the cli 'mcp tools' display list (91, missing the 6 decompile_* tools), and the README count (103). - README: 103 → 97; drop the 12 phantom tool bullets; point to 'npx ruvector mcp tools' as the authoritative list - cli.js 'mcp tools': add the missing 'decompile' group (6 tools) → now lists 97, matching the server - mcp-server.js: report version from package.json instead of the hardcoded (and stale) '0.2.30' - bump 0.2.32 → 0.2.33 All three sources now reconcile to 97. Full test suite passes (73 + 7 + 2 + 8 + 2 across the publish-gate files). Co-Authored-By: claude-flow <ruv@ruv.net> * fix(ci): commit optimizer module, ignore RUSTSEC-2026-0190, ship src/optimizer Root-causes three pre-existing CI failures on the ruvector npm package: 1. Optimizer test (Cannot find module src/optimizer/index.js): the module was never committed because .gitignore's bare 'index.js' rule (for napi artifacts) silently ignored this hand-written module. Add a negation exception (as already done for @ruvector/sona) and commit index.js — 8 profiles, detectTaskType, applyProfile. Test: 135/135 pass. 2. cargo deny (advisories FAILED): RUSTSEC-2026-0190 (unsoundness in anyhow's Error::downcast_mut, anyhow 1.0.102, single version in tree). Added to deny.toml ignore list with justification + re-review date, consistent with the existing unsoundness exceptions — we never downcast anyhow::Error to a mismatched mutable type. 3. src/optimizer/ now ships (added to package.json files), so the published package's 'optimize' command works instead of graceful-degrading. Pre-existing failures NOT addressed here (separate infra work; main is also red): Functional smoke / Recall quality / Learning check fail because the npm CI installs with --no-optional, so @ruvector/rvf + the native HNSW addon are absent and the engine runs degraded. dependency-review is already continue-on-error (awaiting a repo Dependency-Graph settings flip). Co-Authored-By: claude-flow <ruv@ruv.net>
235 lines
11 KiB
TOML
235 lines
11 KiB
TOML
# cargo-deny configuration — supply-chain policy for the ruvector
|
|
# workspace. See the supply-chain CI workflow (`.github/workflows/
|
|
# supply-chain.yml`) for how this gets enforced on every PR + on a
|
|
# weekly scheduled scan.
|
|
#
|
|
# Run locally:
|
|
# cargo install --locked cargo-deny
|
|
# cargo deny check
|
|
#
|
|
# Four sub-checks run: advisories, bans, licenses, sources.
|
|
# Each fails the run independently; together they form the crate-graph
|
|
# half of our supply-chain defence (npm side is in the same workflow).
|
|
|
|
[graph]
|
|
# Sensible target set so we don't pull in checks for triples we never
|
|
# build day-to-day. wasm32-unknown-unknown is gated per-crate by the
|
|
# `wasm` features and gets its own checks in the wasm CI jobs.
|
|
targets = [
|
|
{ triple = "x86_64-unknown-linux-gnu" },
|
|
{ triple = "aarch64-unknown-linux-gnu" },
|
|
{ triple = "x86_64-apple-darwin" },
|
|
{ triple = "aarch64-apple-darwin" },
|
|
]
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# 1) advisories — RustSec DB scan
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
[advisories]
|
|
db-urls = ["https://github.com/RustSec/advisory-db"]
|
|
version = 2
|
|
|
|
# Surface yanked crates as warnings. Promote to `deny` once we've
|
|
# migrated off whichever transitive holds the yanked version.
|
|
yanked = "warn"
|
|
|
|
# Whitelist specific RUSTSEC IDs with justification + re-review date.
|
|
# Every entry MUST carry a justification and an explicit re-review
|
|
# date — we revisit on each minor release at minimum. Dependabot will
|
|
# auto-resolve most of these as upstreams publish fixes; this list is
|
|
# meant to shrink over time.
|
|
ignore = [
|
|
# ── Real vulnerabilities (need active migration path) ────────────
|
|
|
|
# rsa 0.9.x — Marvin Attack timing sidechannel (RUSTSEC-2023-0071).
|
|
# No patched version exists; the RustCrypto/RSA team is rewriting
|
|
# to constant-time. Used by `ruvector-kalshi` for Kalshi exchange
|
|
# API signing (RSA-PSS-SHA256, mandated by the exchange). Mitigation
|
|
# per the advisory: "local use on a non-compromised computer is
|
|
# fine" — we sign locally and an attacker would need to observe
|
|
# sub-ms timing across many requests through the network response
|
|
# timing to recover the key. Risk is acceptable for trading-bot
|
|
# use; re-review on 2026-08-01 or when `rsa 0.10` ships with the
|
|
# constant-time fix (track: https://github.com/RustCrypto/RSA/issues/626).
|
|
"RUSTSEC-2023-0071",
|
|
|
|
# ── Unsoundness (no exploit path in our usage) ───────────────────
|
|
|
|
# rand 0.8.5 — unsound only when paired with a *custom logger* that
|
|
# logs during random number generation (RUSTSEC-2026-0097). We use
|
|
# `tracing` and never log inside RNG draws; the unsound condition
|
|
# cannot be triggered. Re-review on `rand 0.9` adoption across the
|
|
# workspace.
|
|
"RUSTSEC-2026-0097",
|
|
|
|
# imageproc 0.25.0 — three unsoundness advisories around image
|
|
# sampling / bounds checks. Pulled transitively via the scipix
|
|
# examples crate, never reached by the publish artifacts of any
|
|
# crates.io-published member. Unsound != exploitable here: inputs
|
|
# are caller-controlled image buffers in offline experiments.
|
|
# Re-review on 2026-08-01 or when imageproc publishes 0.26 with
|
|
# the fixes.
|
|
"RUSTSEC-2026-0115",
|
|
"RUSTSEC-2026-0116",
|
|
"RUSTSEC-2026-0117",
|
|
|
|
# ── Unmaintained transitive deps (informational, no CVE) ─────────
|
|
|
|
# proc-macro-error 1.x — unmaintained, transitively required by
|
|
# several proc-macro deps (clap-derive ecosystem). 2.x is API
|
|
# incompatible. Dependabot tracking. Re-review on 2026-07-01.
|
|
"RUSTSEC-2024-0370",
|
|
|
|
# proc-macro-error2 — the (also now unmaintained) fork of the above,
|
|
# pulled transitively via validator_derive -> validator (ruvector-scipix
|
|
# example). Same crate family as RUSTSEC-2024-0370, no maintained
|
|
# successor yet. Informational. Re-review on 2026-07-01.
|
|
"RUSTSEC-2026-0173",
|
|
|
|
# number_prefix — unmaintained, used transitively by indicatif. No
|
|
# known successor; indicatif itself is still maintained. Informational.
|
|
"RUSTSEC-2025-0119",
|
|
|
|
# paste 1.0.x — archived upstream 2024-10. Pulled transitively via
|
|
# nalgebra/simba and several proc-macro deps. No vulnerability,
|
|
# just informational. Re-review on 2026-08-01.
|
|
"RUSTSEC-2024-0436",
|
|
|
|
# bincode 1.x — unmaintained, 2.x is API-incompatible. Multiple
|
|
# call sites across rvf + serialization layers; migration queued.
|
|
# Re-review on 2026-07-01.
|
|
"RUSTSEC-2025-0141",
|
|
|
|
# instant 0.1.x — unmaintained. Transitive via async-std / wasm
|
|
# adapters. Replacement is `web-time` but several transitives still
|
|
# pin instant directly. Re-review on 2026-07-15.
|
|
"RUSTSEC-2024-0384",
|
|
|
|
# rand_os 0.x — unmaintained, replaced by getrandom. Transitive via
|
|
# legacy rand internals; modern paths use getrandom directly.
|
|
"RUSTSEC-2021-0140",
|
|
|
|
# core2 0.4.0 — yanked, but pulled transitively via the rav1e/
|
|
# image/imageproc chain (offline-only scipix examples crate).
|
|
# Re-review when imageproc bumps off ravif 0.13.
|
|
"RUSTSEC-2025-0124",
|
|
|
|
# rustls-pemfile 1.x — unmaintained, replaced by rustls-pki-types'
|
|
# builtin PEM parser. Transitive via reqwest / tokio-tungstenite.
|
|
# Migration is a transitive bump; Dependabot tracking.
|
|
"RUSTSEC-2025-0134",
|
|
|
|
# rusttype 0.9 — unmaintained (RUSTSEC-2026-0105). Used by
|
|
# imageproc's text-rendering path which we don't exercise (scipix
|
|
# offline experiments only). No safe upgrade available. Re-review
|
|
# 2026-08-01.
|
|
"RUSTSEC-2026-0105",
|
|
|
|
# memmap2 0.9.x — unsound `Unchecked pointer offset` API (RUSTSEC-2026-0186,
|
|
# "unsound", not an exploitable vuln). Transitive via safetensors/candle
|
|
# mmap loading and other crates; no fixed release on the 0.9 line yet.
|
|
# We don't pass attacker-controlled offsets to memmap2. Re-review 2026-08-01.
|
|
"RUSTSEC-2026-0186",
|
|
|
|
# anyhow 1.0.102 — unsoundness in `Error::downcast_mut()` (RUSTSEC-2026-0190,
|
|
# "unsound", not an exploitable vuln). Triggering it requires downcasting an
|
|
# `anyhow::Error` to a mismatched mutable type — a pattern we never use; our
|
|
# usage is construct/propagate/`Display`/read-only `downcast_ref`. Single
|
|
# version (1.0.102) in the tree. Bump to the patched anyhow once it ships and
|
|
# remove this entry. Re-review 2026-08-01.
|
|
"RUSTSEC-2026-0190",
|
|
]
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# 2) bans — explicit crate-name allow/block list
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
[bans]
|
|
# 136-member workspace pulls both Tokio and async-std families,
|
|
# producing legitimate version skew (e.g. nalgebra 0.32 vs 0.33 across
|
|
# linear-algebra crates). Track for cleanup but `warn`, not `deny`.
|
|
multiple-versions = "warn"
|
|
|
|
# Refuse `version = "*"` for crates.io deps in any of our Cargo.tomls
|
|
# — that's how typosquatting + accidental floats land malicious
|
|
# versions. Demoted to `warn` for now because several internal/path
|
|
# wildcards exist in the mcp-brain + consciousness experiment crates
|
|
# (those use `workspace = "*"` for path-only deps which cargo-deny
|
|
# can't always distinguish from registry wildcards). Tracked for
|
|
# tightening to `deny` once those are migrated to explicit version
|
|
# constraints. Re-review on 2026-08-01.
|
|
wildcards = "warn"
|
|
|
|
# Highlight transitively-pulled-in deep deps so reviewers can audit
|
|
# tree growth without explicit blessing.
|
|
highlight = "all"
|
|
|
|
# Concretely forbidden crates — empty for now. Use this slot to
|
|
# quickly block a compromised package mid-flight without editing the
|
|
# workflow.
|
|
deny = []
|
|
|
|
# Allow internal workspace path deps to use `version = "*"` until the
|
|
# tighten-up pass lands. Listed crates have been audited as path-only.
|
|
allow-wildcard-paths = true
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# 3) licenses — what we'll allow in the graph
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
[licenses]
|
|
version = 2
|
|
|
|
# Matches `actions/dependency-review-action`'s allow-list in the
|
|
# supply-chain workflow so the two checks agree.
|
|
#
|
|
# Additions vs sublinear-time-solver's allowlist:
|
|
# * BSL-1.0 — Boost Software License (xxhash-rust transitive
|
|
# via rvf-wire → mcp-brain-server + benchmarks)
|
|
# * CDLA-Permissive-2.0 — used by tch-rs / onnxruntime style deps
|
|
# * NCSA — University of Illinois/NCSA Open Source
|
|
# License (LLVM family deps)
|
|
allow = [
|
|
"MIT",
|
|
"Apache-2.0",
|
|
"Apache-2.0 WITH LLVM-exception",
|
|
"BSD-2-Clause",
|
|
"BSD-3-Clause",
|
|
"ISC",
|
|
"Unicode-DFS-2016",
|
|
"Unicode-3.0",
|
|
"MPL-2.0",
|
|
"Zlib",
|
|
"CC0-1.0",
|
|
"BSL-1.0",
|
|
"CDLA-Permissive-2.0",
|
|
"NCSA",
|
|
]
|
|
|
|
confidence-threshold = 0.8
|
|
exceptions = []
|
|
|
|
# Workspace-internal crates without `license = "..."` set are research
|
|
# / examples crates with `publish = false`. Ignore them rather than
|
|
# failing the run — they're never shipped to crates.io. If one is ever
|
|
# flipped to `publish = true`, the publish flow's `cargo publish` step
|
|
# will refuse it without an explicit license, so this is safe.
|
|
private = { ignore = true }
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# 4) sources — which registries / git remotes the graph can pull from
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
[sources]
|
|
# Default: only the official crates.io registry. Anything else (private
|
|
# mirror, git dep) must be explicitly allowed.
|
|
unknown-registry = "deny"
|
|
# `warn` instead of `deny` for ruvector because the workspace pulls
|
|
# several legitimate git deps (vendored hailo bindings, in-flight
|
|
# upstream fixes pinned to commits). Promote to `deny` once those
|
|
# have crates.io releases. Each unknown-git appearance shows up in
|
|
# the CI log so reviewers can challenge it on a per-PR basis.
|
|
unknown-git = "warn"
|
|
|
|
# Allow-list for git remotes — populated on demand. If a future PR
|
|
# needs a git dep, this is where the reviewer adds it with a
|
|
# justification comment.
|
|
allow-git = []
|
|
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
|