Skip to content

chore(policy): add non-Rust policy allowlist ledgers (#202, rollout PR 2/12)#214

Merged
EffortlessSteven merged 1 commit into
mainfrom
chore/policy-ledgers-20260511
May 11, 2026
Merged

chore(policy): add non-Rust policy allowlist ledgers (#202, rollout PR 2/12)#214
EffortlessSteven merged 1 commit into
mainfrom
chore/policy-ledgers-20260511

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Summary

Second PR in the 12-PR file-policy rollout decomposition. Creates the policy/ directory and the 8 TOML ledger files. No checker, no enforcement, no CI wiring — pure scaffolding + first-pass receipts.

Issue

Closes #202. Depends on #201 (merged docs framing). Refines #180. Tracks #109.

Decisions

  • Decision: Seed non-rust-allowlist.toml, generated-allowlist.toml, dependency-surface-allowlist.toml with real entries that cover the current tracked state. Leave non-rust-debt.toml, executable-allowlist.toml, workflow-allowlist.toml, process-allowlist.toml, network-allowlist.toml as documented scaffolds.
  • Decision: Use review_after dates ranging 90 days (docs, agent instructions, build config) to 1 year (license files). expires not used yet — that's for transitional ("scheduled to be converted to Rust/xtask") entries which haven't been identified.
  • Decision: Snapshots covered by single glob **/*.snap with the regen command spelled out, rather than enumerating 813 individual files.

Validation

  • Every policy/*.toml parses as valid TOML (Python tomllib check).
  • cargo check --workspace --locked passes.
  • No source code touched.
  • No workflow files touched.
policy/dependency-surface-allowlist.toml: ok
policy/executable-allowlist.toml:         ok (scaffold)
policy/generated-allowlist.toml:          ok
policy/network-allowlist.toml:            ok (scaffold)
policy/non-rust-allowlist.toml:           ok
policy/non-rust-debt.toml:                ok (scaffold)
policy/process-allowlist.toml:            ok (scaffold)
policy/workflow-allowlist.toml:           ok (scaffold)

Follow-ups

Second PR in the 12-PR file-policy rollout decomposition. Creates the
policy/ directory and the 8 TOML ledger files referenced throughout
the existing documentation. No checker, no behavior change, no CI
wiring.

Each ledger uses the agreed schema:

  schema_version = "1.0"
  policy = "<name>"
  owner = "EffortlessMetrics"
  status = "active"

Substantively seeded:

- policy/non-rust-allowlist.toml — receipts for the tracked non-Rust
  files that exist today: top-level docs (README, CHANGELOG, MISSION,
  ROADMAP, CONTRIBUTING, SECURITY, GAPS_CLOSEOUT), agent docs
  (AGENTS, CLAUDE, GEMINI), the license trio (LICENSE,
  LICENSE-APACHE, LICENSE-MIT), historical release artifacts
  (RELEASE_*v0.2.0, RELEASE_*v0.3.0), build/toolchain config
  (rust-toolchain.toml, clippy.toml, codecov.yml), and four
  documentation/test subtrees (docs/**/*.md, features/**/*.feature,
  templates/**, fuzz/**).

- policy/generated-allowlist.toml — `**/*.snap` glob for the 813
  tracked insta snapshots, with regen command `cargo insta accept`.

- policy/dependency-surface-allowlist.toml — Cargo.toml, Cargo.lock,
  crates/*/Cargo.toml, fuzz/Cargo.toml.

Scaffold-only (PR 3 #203 sweeps current state into entries):

- policy/non-rust-debt.toml
- policy/executable-allowlist.toml
- policy/workflow-allowlist.toml
- policy/process-allowlist.toml
- policy/network-allowlist.toml

The non-rust-debt ledger ships empty by design — entries are added
intentionally from `cargo xtask non-rust propose` output (PR 6), never
auto-generated into the file.

Acceptance: every `policy/*.toml` parses as valid TOML;
`cargo check --workspace --locked` still passes.

Closes #202.
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@coderabbitai

coderabbitai Bot commented May 11, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 56 minutes and 6 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 73af2958-6dd6-4f3d-8e2e-b9f6fc0cba5f

📥 Commits

Reviewing files that changed from the base of the PR and between fa0ebb4 and ac27033.

📒 Files selected for processing (8)
  • policy/dependency-surface-allowlist.toml
  • policy/executable-allowlist.toml
  • policy/generated-allowlist.toml
  • policy/network-allowlist.toml
  • policy/non-rust-allowlist.toml
  • policy/non-rust-debt.toml
  • policy/process-allowlist.toml
  • policy/workflow-allowlist.toml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/policy-ledgers-20260511

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@factory-droid

factory-droid Bot commented May 11, 2026

Copy link
Copy Markdown

Droid finished @EffortlessSteven's task —— View job


Droid is reviewing code and running a security check…

@EffortlessSteven EffortlessSteven merged commit 1e8aea6 into main May 11, 2026
35 of 36 checks passed
@EffortlessSteven EffortlessSteven deleted the chore/policy-ledgers-20260511 branch May 11, 2026 20:59
EffortlessSteven added a commit that referenced this pull request May 11, 2026
Third PR in the 12-PR file-policy rollout decomposition. Populates the
high-risk ledgers that #214 left as scaffolds. No checker, no
enforcement, no CI wiring.

## workflow-allowlist.toml

Explicit receipt for every workflow currently in `.github/workflows/`.
No `.github/**` wildcard. Each entry declares its `process_policy` and
`network_policy`:

  ci.yml, coverage.yml, architecture-guard.yml,
  fuzz.yml, mutation.yml         → ci profile
  release.yml                    → release profile
  droid-review.yml, droid.yml,
  droid-security-scan.yml        → droid profile

Also receipts `.github/dependabot.yml` (configuration, not a workflow,
but governs bot behavior).

## process-allowlist.toml

Three named profiles seeded with the commands actually invoked today:

  ci      → cargo, rustup, rustc, cargo-fuzz, cargo-mutants,
            cargo-llvm-cov, cargo-nextest
  release → adds shipper, gh, tar, sha256sum, install, sudo
  droid   → bash, curl, sh, bun, mkdir, cat, jq
            (Factory CLI fetch + BYOK heredoc + droid-action-safe)

## network-allowlist.toml

Three named profiles seeded with endpoints actually contacted today:

  ci      → github.com + crates.io family, rustup endpoints, codecov
  release → adds Trusted Publishing OIDC + uploads.github.com
  droid   → adds app.factory.ai, api.factory.ai, api.minimax.io

Renames the array-of-tables from `[[policy]]` to `[[profile]]` to
avoid collision with the top-level `policy = "..."` field. All eight
ledgers now parse as valid TOML.

Acceptance: every `policy/*.toml` parses; `cargo check --workspace
--locked` passes. PR 8 (#207) adds the checker that scans workflows
and reconciles against these profiles.

Closes #203.
EffortlessSteven added a commit that referenced this pull request May 11, 2026
Sixth PR in the 12-PR file-policy rollout. Adds
`cargo xtask non-rust propose`, which finds tracked non-Rust files
that are not yet covered by `policy/non-rust-allowlist.toml` and
writes draft entries to `target/policy/`:

  target/policy/non-rust-proposed-allowlist.toml
  target/policy/non-rust-proposal.md

The proposer NEVER mutates `policy/non-rust-allowlist.toml`. The
draft TOML is a starting point; a human (or follow-up agent) reviews,
edits, and intentionally copies entries into the real ledger.

## Behavior

- Walks `git ls-files -z` minus `*.rs` for the tracked non-Rust set.
- Loads `policy/non-rust-allowlist.toml` and the `[[file]]` / `[[glob]]`
  selectors.
- Subtracts the covered set; the remainder is the unreceipted list.
- Writes one `[[file]]` entry per unreceipted path with TODO fields:

      kind = "TODO"
      surface = "TODO"
      classification = "TODO"
      owner = "TODO"
      reason = "TODO: explain why this non-Rust surface remains. If
                scheduled for conversion to Rust/xtask, say so and add
                an `expires` date."
      created = "<today>"
      review_after = "<today + 90 days>"

- Writes a Markdown proposal that groups entries by top-level directory
  and explains the review workflow.

## Decisions

- **Default review window: 90 days.** Honest enough for a first-pass
  receipt; a reviewer can shorten or extend per entry. Matches what the
  hand-seeded receipts in #214 used.
- **TOML rendered by hand, not via `toml::to_string`.** Keeps comment
  blocks at the top and the order deterministic. The proposed-allowlist
  schema is documented inline so reviewers see the explanation in the
  file itself.
- **Duplicated allowlist deserialization + tracked-file enumeration
  from check_file_policy.rs.** The shared helpers fit in ~30 lines
  each; a DRY refactor is a small follow-up PR rather than scope creep
  here.

## Acceptance

- `cargo check --workspace --locked` passes.
- `cargo clippy -p xtask --all-targets --locked -- -D warnings` clean.
- `cargo fmt --all -- --check` clean.
- `cargo xtask non-rust propose` ran on this branch:
    `wrote 945 proposed entries to target/policy/non-rust-proposed-
     allowlist.toml (and matching non-rust-proposal.md)`
- Both artifacts produced; the TOML parses as valid TOML.
- `policy/non-rust-allowlist.toml` is unchanged (proposer never
  touches the real ledger).

Closes #205.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

chore(policy): add non-Rust policy allowlist ledgers (rollout PR 2/12)

1 participant