ruvector/deny.toml
rUv 227bb3f876
fix(ruvector-npm): accurate MCP tool count + reconcile tool lists (0.2.33) (#624)
* fix(ruvector-npm): accurate MCP tool count + reconcile tool lists (0.2.33)

The package advertised 103 MCP tools but the server registers 97, and the
README listed 12 tools (brain_agi_*, midstream_*) that don't exist. Three
independent sources had also drifted: server TOOLS array (97), the cli
'mcp tools' display list (91, missing the 6 decompile_* tools), and the
README count (103).

- README: 103 → 97; drop the 12 phantom tool bullets; point to
  'npx ruvector mcp tools' as the authoritative list
- cli.js 'mcp tools': add the missing 'decompile' group (6 tools) →
  now lists 97, matching the server
- mcp-server.js: report version from package.json instead of the
  hardcoded (and stale) '0.2.30'
- bump 0.2.32 → 0.2.33

All three sources now reconcile to 97. Full test suite passes
(73 + 7 + 2 + 8 + 2 across the publish-gate files).

Co-Authored-By: claude-flow <ruv@ruv.net>

* fix(ci): commit optimizer module, ignore RUSTSEC-2026-0190, ship src/optimizer

Root-causes three pre-existing CI failures on the ruvector npm package:

1. Optimizer test (Cannot find module src/optimizer/index.js): the module
   was never committed because .gitignore's bare 'index.js' rule (for napi
   artifacts) silently ignored this hand-written module. Add a negation
   exception (as already done for @ruvector/sona) and commit index.js —
   8 profiles, detectTaskType, applyProfile. Test: 135/135 pass.

2. cargo deny (advisories FAILED): RUSTSEC-2026-0190 (unsoundness in
   anyhow's Error::downcast_mut, anyhow 1.0.102, single version in tree).
   Added to deny.toml ignore list with justification + re-review date,
   consistent with the existing unsoundness exceptions — we never downcast
   anyhow::Error to a mismatched mutable type.

3. src/optimizer/ now ships (added to package.json files), so the published
   package's 'optimize' command works instead of graceful-degrading.

Pre-existing failures NOT addressed here (separate infra work; main is also
red): Functional smoke / Recall quality / Learning check fail because the
npm CI installs with --no-optional, so @ruvector/rvf + the native HNSW addon
are absent and the engine runs degraded. dependency-review is already
continue-on-error (awaiting a repo Dependency-Graph settings flip).

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-06-29 12:06:21 -04:00

235 lines
11 KiB
TOML

# cargo-deny configuration — supply-chain policy for the ruvector
# workspace. See the supply-chain CI workflow (`.github/workflows/
# supply-chain.yml`) for how this gets enforced on every PR + on a
# weekly scheduled scan.
#
# Run locally:
# cargo install --locked cargo-deny
# cargo deny check
#
# Four sub-checks run: advisories, bans, licenses, sources.
# Each fails the run independently; together they form the crate-graph
# half of our supply-chain defence (npm side is in the same workflow).
[graph]
# Sensible target set so we don't pull in checks for triples we never
# build day-to-day. wasm32-unknown-unknown is gated per-crate by the
# `wasm` features and gets its own checks in the wasm CI jobs.
targets = [
{ triple = "x86_64-unknown-linux-gnu" },
{ triple = "aarch64-unknown-linux-gnu" },
{ triple = "x86_64-apple-darwin" },
{ triple = "aarch64-apple-darwin" },
]
# ─────────────────────────────────────────────────────────────────────
# 1) advisories — RustSec DB scan
# ─────────────────────────────────────────────────────────────────────
[advisories]
db-urls = ["https://github.com/RustSec/advisory-db"]
version = 2
# Surface yanked crates as warnings. Promote to `deny` once we've
# migrated off whichever transitive holds the yanked version.
yanked = "warn"
# Whitelist specific RUSTSEC IDs with justification + re-review date.
# Every entry MUST carry a justification and an explicit re-review
# date — we revisit on each minor release at minimum. Dependabot will
# auto-resolve most of these as upstreams publish fixes; this list is
# meant to shrink over time.
ignore = [
# ── Real vulnerabilities (need active migration path) ────────────
# rsa 0.9.x — Marvin Attack timing sidechannel (RUSTSEC-2023-0071).
# No patched version exists; the RustCrypto/RSA team is rewriting
# to constant-time. Used by `ruvector-kalshi` for Kalshi exchange
# API signing (RSA-PSS-SHA256, mandated by the exchange). Mitigation
# per the advisory: "local use on a non-compromised computer is
# fine" — we sign locally and an attacker would need to observe
# sub-ms timing across many requests through the network response
# timing to recover the key. Risk is acceptable for trading-bot
# use; re-review on 2026-08-01 or when `rsa 0.10` ships with the
# constant-time fix (track: https://github.com/RustCrypto/RSA/issues/626).
"RUSTSEC-2023-0071",
# ── Unsoundness (no exploit path in our usage) ───────────────────
# rand 0.8.5 — unsound only when paired with a *custom logger* that
# logs during random number generation (RUSTSEC-2026-0097). We use
# `tracing` and never log inside RNG draws; the unsound condition
# cannot be triggered. Re-review on `rand 0.9` adoption across the
# workspace.
"RUSTSEC-2026-0097",
# imageproc 0.25.0 — three unsoundness advisories around image
# sampling / bounds checks. Pulled transitively via the scipix
# examples crate, never reached by the publish artifacts of any
# crates.io-published member. Unsound != exploitable here: inputs
# are caller-controlled image buffers in offline experiments.
# Re-review on 2026-08-01 or when imageproc publishes 0.26 with
# the fixes.
"RUSTSEC-2026-0115",
"RUSTSEC-2026-0116",
"RUSTSEC-2026-0117",
# ── Unmaintained transitive deps (informational, no CVE) ─────────
# proc-macro-error 1.x — unmaintained, transitively required by
# several proc-macro deps (clap-derive ecosystem). 2.x is API
# incompatible. Dependabot tracking. Re-review on 2026-07-01.
"RUSTSEC-2024-0370",
# proc-macro-error2 — the (also now unmaintained) fork of the above,
# pulled transitively via validator_derive -> validator (ruvector-scipix
# example). Same crate family as RUSTSEC-2024-0370, no maintained
# successor yet. Informational. Re-review on 2026-07-01.
"RUSTSEC-2026-0173",
# number_prefix — unmaintained, used transitively by indicatif. No
# known successor; indicatif itself is still maintained. Informational.
"RUSTSEC-2025-0119",
# paste 1.0.x — archived upstream 2024-10. Pulled transitively via
# nalgebra/simba and several proc-macro deps. No vulnerability,
# just informational. Re-review on 2026-08-01.
"RUSTSEC-2024-0436",
# bincode 1.x — unmaintained, 2.x is API-incompatible. Multiple
# call sites across rvf + serialization layers; migration queued.
# Re-review on 2026-07-01.
"RUSTSEC-2025-0141",
# instant 0.1.x — unmaintained. Transitive via async-std / wasm
# adapters. Replacement is `web-time` but several transitives still
# pin instant directly. Re-review on 2026-07-15.
"RUSTSEC-2024-0384",
# rand_os 0.x — unmaintained, replaced by getrandom. Transitive via
# legacy rand internals; modern paths use getrandom directly.
"RUSTSEC-2021-0140",
# core2 0.4.0 — yanked, but pulled transitively via the rav1e/
# image/imageproc chain (offline-only scipix examples crate).
# Re-review when imageproc bumps off ravif 0.13.
"RUSTSEC-2025-0124",
# rustls-pemfile 1.x — unmaintained, replaced by rustls-pki-types'
# builtin PEM parser. Transitive via reqwest / tokio-tungstenite.
# Migration is a transitive bump; Dependabot tracking.
"RUSTSEC-2025-0134",
# rusttype 0.9 — unmaintained (RUSTSEC-2026-0105). Used by
# imageproc's text-rendering path which we don't exercise (scipix
# offline experiments only). No safe upgrade available. Re-review
# 2026-08-01.
"RUSTSEC-2026-0105",
# memmap2 0.9.x — unsound `Unchecked pointer offset` API (RUSTSEC-2026-0186,
# "unsound", not an exploitable vuln). Transitive via safetensors/candle
# mmap loading and other crates; no fixed release on the 0.9 line yet.
# We don't pass attacker-controlled offsets to memmap2. Re-review 2026-08-01.
"RUSTSEC-2026-0186",
# anyhow 1.0.102 — unsoundness in `Error::downcast_mut()` (RUSTSEC-2026-0190,
# "unsound", not an exploitable vuln). Triggering it requires downcasting an
# `anyhow::Error` to a mismatched mutable type — a pattern we never use; our
# usage is construct/propagate/`Display`/read-only `downcast_ref`. Single
# version (1.0.102) in the tree. Bump to the patched anyhow once it ships and
# remove this entry. Re-review 2026-08-01.
"RUSTSEC-2026-0190",
]
# ─────────────────────────────────────────────────────────────────────
# 2) bans — explicit crate-name allow/block list
# ─────────────────────────────────────────────────────────────────────
[bans]
# 136-member workspace pulls both Tokio and async-std families,
# producing legitimate version skew (e.g. nalgebra 0.32 vs 0.33 across
# linear-algebra crates). Track for cleanup but `warn`, not `deny`.
multiple-versions = "warn"
# Refuse `version = "*"` for crates.io deps in any of our Cargo.tomls
# — that's how typosquatting + accidental floats land malicious
# versions. Demoted to `warn` for now because several internal/path
# wildcards exist in the mcp-brain + consciousness experiment crates
# (those use `workspace = "*"` for path-only deps which cargo-deny
# can't always distinguish from registry wildcards). Tracked for
# tightening to `deny` once those are migrated to explicit version
# constraints. Re-review on 2026-08-01.
wildcards = "warn"
# Highlight transitively-pulled-in deep deps so reviewers can audit
# tree growth without explicit blessing.
highlight = "all"
# Concretely forbidden crates — empty for now. Use this slot to
# quickly block a compromised package mid-flight without editing the
# workflow.
deny = []
# Allow internal workspace path deps to use `version = "*"` until the
# tighten-up pass lands. Listed crates have been audited as path-only.
allow-wildcard-paths = true
# ─────────────────────────────────────────────────────────────────────
# 3) licenses — what we'll allow in the graph
# ─────────────────────────────────────────────────────────────────────
[licenses]
version = 2
# Matches `actions/dependency-review-action`'s allow-list in the
# supply-chain workflow so the two checks agree.
#
# Additions vs sublinear-time-solver's allowlist:
# * BSL-1.0 — Boost Software License (xxhash-rust transitive
# via rvf-wire → mcp-brain-server + benchmarks)
# * CDLA-Permissive-2.0 — used by tch-rs / onnxruntime style deps
# * NCSA — University of Illinois/NCSA Open Source
# License (LLVM family deps)
allow = [
"MIT",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"Unicode-DFS-2016",
"Unicode-3.0",
"MPL-2.0",
"Zlib",
"CC0-1.0",
"BSL-1.0",
"CDLA-Permissive-2.0",
"NCSA",
]
confidence-threshold = 0.8
exceptions = []
# Workspace-internal crates without `license = "..."` set are research
# / examples crates with `publish = false`. Ignore them rather than
# failing the run — they're never shipped to crates.io. If one is ever
# flipped to `publish = true`, the publish flow's `cargo publish` step
# will refuse it without an explicit license, so this is safe.
private = { ignore = true }
# ─────────────────────────────────────────────────────────────────────
# 4) sources — which registries / git remotes the graph can pull from
# ─────────────────────────────────────────────────────────────────────
[sources]
# Default: only the official crates.io registry. Anything else (private
# mirror, git dep) must be explicitly allowed.
unknown-registry = "deny"
# `warn` instead of `deny` for ruvector because the workspace pulls
# several legitimate git deps (vendored hailo bindings, in-flight
# upstream fixes pinned to commits). Promote to `deny` once those
# have crates.io releases. Each unknown-git appearance shows up in
# the CI log so reviewers can challenge it on a per-PR basis.
unknown-git = "warn"
# Allow-list for git remotes — populated on demand. If a future PR
# needs a git dep, this is where the reviewer adds it with a
# justification comment.
allow-git = []
allow-registry = ["https://github.com/rust-lang/crates.io-index"]