jedarden
|
54fe6c1964
|
feat(pdftract-1xf4d): implement TH-06 supply-chain gate
- Add minimum version requirements to deny.toml (ring >= 0.17.5, rustls >= 0.23)
- Create build/CHECKSUMS.sha256 for build-time data file integrity
- Update build.rs to verify checksums on every build
- Add tampering detection tests (th06_checksum_test.rs)
- Create nightly supply-chain scan workflow (pdftract-nightly-supply-chain.yaml)
- Update audit.toml with advisory exceptions
Closes: pdftract-1xf4d
Refs: plan lines 877, 883-896, 906-913
|
2026-05-26 17:31:13 -04:00 |
|
jedarden
|
db468a6f7e
|
ci(pdftract-1rljr): add cargo-deny quality gate configuration
Configure cargo-deny enforcement for licenses, bans, sources, and advisories.
- Add workspace path dependency exceptions for internal crates
- Add advisory exceptions for tracked issues (atty, pyo3)
- Workflow template already implemented in pdftract-ci.yaml
Verification: All checks pass locally (advisories ok, bans ok, licenses ok, sources ok)
Refs:
- Bead: pdftract-1rljr
- Plan: Phase 0.4 Quality Targets
- ADR-003: lzw advisory exception (RUSTSEC-2020-0144)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
2026-05-23 11:20:36 -04:00 |
|