codenexus 0.3.3

A queryable code knowledge graph tool built on LadybugDB and tree-sitter
# cargo-deny 配置 — `cargo deny check` 按此校验 漏洞/许可证/禁用源/重复依赖。
# 完整字段见: https://embarkstudios.github.io/cargo-deny/

[advisories]
db-urls = ["https://github.com/RustSec/advisory-db"]
yanked = "deny"
# 临时接受:
# - cxx RUSTSEC-2026-0202 (unsound):lbug v0.17.1 精确锁定 cxx = "=1.0.138",待 lbug 放宽约束后升级。
# - paste RUSTSEC-2024-0436 (unmaintained):tokenizers/parquet 的间接依赖,无安全升级路径。
ignore = [
    "RUSTSEC-2026-0202",
    "RUSTSEC-2024-0436",
]

[licenses]
# 允许的宽松许可证;新增非宽松许可证需在此放行
allow = [
    "MIT", "Apache-2.0", "Apache-2.0 WITH LLVM-exception",
    "BSD-3-Clause", "BSD-2-Clause", "ISC",
    "Unicode-3.0", "Unicode-DFS-2016",
    "Zlib", "CC0-1.0", "MPL-2.0",
    # webpki-roots / webpki-root-certs (TLS 根证书库) 使用此数据许可
    "CDLA-Permissive-2.0",
]
confidence-threshold = 0.8

[bans]
multiple-versions = "warn"
wildcards = "deny"

[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]