RUST-CI-004 - Harden Rust toolchain, feature, and supply-chain gates
Summary
Make Rust development and release inputs reproducible: pin the current stable
toolchain, exercise the diagnostics feature explicitly, centralize workspace
manifest policy, and enforce dependency source and license rules after obsolete
Git dependencies are removed.
Scope
- Pin Rust 1.97.0 in one repository-owned toolchain file and make CI consume it.
- Declare the workspace Rust version and verify the active compiler in CI.
- Build/check the
packet-diagnostics binary without enabling test-only
egress-audit in product builds.
- Set internal crates non-publishable and use
GPL-2.0-only.
- Centralize repeated direct dependencies and narrow Tokio features by crate.
- Enforce Cargo-deny source and license policy after the dependency baseline is
green; record justified duplicate-version exceptions separately.
- Make maintainability advisories emphasize changed files without becoming
source-size failures.
Acceptance Criteria
Validation
python tools\rust_quality_gate.py policy
- Supported workspace Rust format, Clippy, build, and test orchestration.
- Cargo-deny advisories, sources, licenses, and the reviewed bans baseline.
RUST-CI-004 - Harden Rust toolchain, feature, and supply-chain gates
Summary
Make Rust development and release inputs reproducible: pin the current stable
toolchain, exercise the diagnostics feature explicitly, centralize workspace
manifest policy, and enforce dependency source and license rules after obsolete
Git dependencies are removed.
Scope
packet-diagnosticsbinary without enabling test-onlyegress-auditin product builds.GPL-2.0-only.green; record justified duplicate-version exceptions separately.
source-size failures.
Acceptance Criteria
configuration each have an explicit gate.
publish = falseandGPL-2.0-only.licenses.
Validation
python tools\rust_quality_gate.py policy