torc 0.16.0

Workflow management system
# cargo-deny configuration
# https://embarkstudios.github.io/cargo-deny/

[graph]
all-features = true

# Vulnerability scanning via RustSec advisory database
[advisories]
ignore = [
    # Transitive deps from swagger via hyper-old-types - can't fix without upstream update
    { id = "RUSTSEC-2024-0370", reason = "proc-macro-error via validator_derive" },
    { id = "RUSTSEC-2023-0081", reason = "safemem via swagger -> hyper-old-types" },
    { id = "RUSTSEC-2020-0071", reason = "time 0.1 via swagger -> hyper-old-types" },
    # Transitive deps we can't directly upgrade
    { id = "RUSTSEC-2024-0421", reason = "idna 0.4 via validator - needs validator upgrade" },
    { id = "RUSTSEC-2020-0168", reason = "mach via quanta -> tracing-timing" },
    { id = "RUSTSEC-2024-0436", reason = "paste via ratatui and rmcp - no maintained fork in use yet" },
    { id = "RUSTSEC-2025-0069", reason = "daemonize - no alternative available yet" },
    { id = "RUSTSEC-2025-0057", reason = "fxhash via tracing-timing - needs upstream update" },
]

# License compliance - permissive allow-list
[licenses]
allow = [
    "0BSD",
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "BSL-1.0",
    "CC0-1.0",
    "ISC",
    "MIT",
    "MIT-0",
    "MPL-2.0",
    "Unicode-3.0",
    "Unlicense",
    "Zlib",
]
confidence-threshold = 0.8

# cargo-husky has no license field in Cargo.toml but is MIT on GitHub
[[licenses.clarify]]
crate = "cargo-husky"
expression = "MIT"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]

[licenses.private]
ignore = true

# Crate bans and duplicate detection
[bans]
multiple-versions = "warn"
wildcards = "deny"

# Source origin restrictions
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []