simdutf8-cli 0.1.6

SIMD-accelerated UTF-8 validation CLI built on the simdutf8 crate, with hardened path handling.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

# SPDX-License-Identifier: Apache-2.0
# SPDX-FileCopyrightText: 2025,2026 ndaal Gesellschaft für Sicherheit in der Informationstechnik mbH & Co KG, Cologne
# SPDX-FileCopyrightText: Author: Pierre Gronau <Pierre.Gronau@ndaal.eu>

[package]
name = "simdutf8-cli"
version = "0.1.6"
edition = "2021"
rust-version = "1.93.0"
description = "SIMD-accelerated UTF-8 validation CLI built on the simdutf8 crate, with hardened path handling."
authors = ["Pierre Gronau <Pierre.Gronau@ndaal.eu>"]
license = "Apache-2.0"
repository = "https://gitlab.com/vPierre/ndaal_public_simdutf8_cli"
readme = "README.md"
keywords = ["utf-8", "simd", "validation", "cli", "security"]
categories = ["command-line-utilities", "text-processing"]
# Keep the published crate lean: this repository also carries a large skills/,
# csaf/, documentation/ and fuzz/ tree that are not part of the crate.
include = [
    "src/**/*.rs",
    "examples/**/*.rs",
    "Cargo.toml",
    "README.md",
    "LICENSE",
    "CHANGELOG.md",
]

[[bin]]
name = "simdutf8-cli"
path = "src/main.rs"

[lib]
name = "simdutf8_cli"
path = "src/lib.rs"

[features]
default = ["std"]
# Mirror the upstream simdutf8 `std` feature (runtime CPU-feature detection).
std = ["simdutf8/std"]
# Expose the upstream low-level SIMD implementations so the vendored upstream
# test-suite can exercise them. Off by default.
public_imp = ["simdutf8/public_imp"]

[dependencies]
simdutf8 = { version = "0.1.5", default-features = false }
clap = { version = "4.6.1", features = ["derive"] }
thiserror = "2.0.18"
# Structured findings output (see skills/rust-sarif.md):
# spec-compliant SARIF 2.1.0 generation + validation, and SARIF -> Markdown.
sarif_rust = "0.3"
sarif-to-md-core = "1.3"
# Capability-based filesystem (see skills/rust-path-security.md): report files
# are written through a Dir handle scoped to --output-dir, never ambient paths.
cap-std = "4"
# Directory walking with .gitignore/.ignore semantics and glob excludes
# (the ripgrep walker). Each discovered file is still opened/read through the
# hardened PathPolicy, so traversal does not bypass the security checks.
ignore = "0.4.25"

[dev-dependencies]
# Used verbatim by the vendored upstream test-suite (tests/upstream_tests.rs).
flexpect = "0.1.1"
# Hermetic temp files/dirs for path-security and CLI integration tests.
tempfile = "3.27.0"
# Black-box CLI testing of the built binary.
assert_cmd = "2.2.2"
predicates = "3.1.4"

[profile.release]
opt-level = 3
lto = true
codegen-units = 1
panic = "abort"
strip = true

[lints.rust]
# The vendored upstream tests reference a build-script cfg (`avx512_stable`) and
# a nightly-only feature (`portable_public_imp`) that the published simdutf8
# 0.1.5 does not expose. Register both as *known* cfgs so the verbatim tests
# compile without `unexpected_cfgs` warnings; neither is ever actually set here.
unexpected_cfgs = { level = "warn", check-cfg = [
    "cfg(avx512_stable)",
    "cfg(feature, values(\"portable_public_imp\"))",
] }

[lints.clippy]
# Lint LEVELS belong here (clippy.toml only holds configurable values). These are
# the restriction lints the ndaal policy in clippy.toml originally intended.
#
# `mem_forget` is enabled package-wide (clean across all targets).
mem_forget = "warn"
# `# Panics` doc sections are not required project-wide: the pedantic
# `missing_panics_doc` lint otherwise fires on every test helper that uses
# `.unwrap()`/`assert!` (we keep `check-private-items = true`). Public-API error
# behaviour is still documented via `# Errors` sections by convention.
missing_panics_doc = "allow"
# `missing_errors_doc` is likewise pedantic and not part of the enforced gate;
# public fns document errors anyway, internal io plumbing need not.
missing_errors_doc = "allow"
#
# Deliberately NOT blanket-enabled here because they would fire on code this
# package cannot/should not change:
#   * undocumented_unsafe_blocks / unnecessary_safety_doc / unnecessary_safety_comment
#       — moot: the lib and binary are `#![forbid(unsafe_code)]`; the only `unsafe`
#         lives in tests/upstream_tests.rs, which is vendored VERBATIM from
#         simdutf8 and must not be edited to add SAFETY comments.
#   * arithmetic_side_effects (was `integer_arithmetic`)
#       — fires throughout the vendored upstream tests' index arithmetic.
#   * tests_outside_test_module
#       — integration tests (tests/*.rs) put `#[test]` fns at file scope by
#         convention, which this lint forbids.
# Enable any of these per-target with a scoped `#![warn(...)]` if desired.