feat(policy): check non-Rust file allowlist (#204, rollout PR 5/12)#217
Conversation
Fifth PR in the 12-PR file-policy rollout. Adds the first real
enforcement command: cargo xtask check-file-policy --mode <mode>.
## Behavior
Reads policy/non-rust-allowlist.toml, walks tracked non-Rust files
(via `git ls-files -z` minus `*.rs`), reconciles each file against
[[file]] (exact path) and [[glob]] (globset pattern) entries.
Surfaces five finding categories:
- unreceipted files (no allowlist entry matches)
- entries with missing required fields (path|pattern, kind, surface,
classification, owner, reason, covered_by, created, review_after)
- expired entries (entry.expires < today, when set)
- stale review entries (entry.review_after < today)
- unused entries (entry matched no tracked file)
## Modes
- advisory — report everything; exit 0 always. Default.
- blocking-allowlist — exit 1 on unreceipted, missing fields, or
expired entries. Stale/unused stay informational.
- blocking-strict — exit 1 on all five categories. Reserved for
after the stale/unused cleanup pass (see
docs/policy/NON_RUST_ROLLOUT.md).
Writes target/policy/file-policy-report.{md,json} consumed by PR 9's
unified policy-report (#208).
## Decisions
- Added toml, globset, chrono (no defaults, clock only) as direct deps.
toml is non-negotiable. globset handles `docs/**/*.md`-style patterns
correctly. chrono is for `today`; ISO 8601 dates would sort lexically
but chrono's `NaiveDate` parse + compare is the defensive choice and
the crate weight is small (clock feature only).
- Failure exits via `bail!` with the issue count and a pointer to the
Markdown report.
## Acceptance
- cargo check --workspace --locked passes.
- cargo clippy -p xtask --all-targets --locked -- -D warnings clean.
- cargo fmt --all -- --check clean.
- cargo xtask check-file-policy --mode advisory exits 0 and reports:
tracked=1018 entries=24 unreceipted=945 missing_fields=0 expired=0
stale=0 unused=0
- cargo xtask check-file-policy --mode blocking-allowlist exits 1
with `found 945 blocking issue(s)`. (Most "unreceipted" entries are
generated files / workflows / non-rust-allowlist-out-of-scope items
that subsequent PRs cover in their own ledgers; PR 7-8 add the
matching checkers, PR 9 aggregates.)
## Out of scope
- check-generated, check-executable-files, check-dependency-surfaces
(PR 7 / #206)
- check-workflow-surfaces, check-process-policy, check-network-policy
(PR 8 / #207)
- Unified policy-report (PR 9 / #208)
- CI wiring (PR 10 / #209)
Closes #204.
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Droid finished @EffortlessSteven's task —— View job Factory Droid Review — PR #217 ✅Status: APPROVED — No findings No candidate comments were produced by the reviewer. The diff was inspected against the shipper product contract (publish correctness, state/receipt coherence, token handling, xtask non-Rust file-policy enforcement). Inspected surfaces:
Checks performed:
Why no comments: Residual risk: Validation signal:
|
Summary
Fifth PR in the 12-PR file-policy rollout. First real enforcement command. Adds
cargo xtask check-file-policy --mode <mode>which reconciles tracked non-Rust files againstpolicy/non-rust-allowlist.toml.Issue
Closes #204. Depends on #202 (ledger scaffolds, merged), #212 (xtask scaffold, merged). Refines #180. Tracks #109.
Behavior
Walks
git ls-files -zminus*.rs, reconciles against[[file]](exact path) and[[glob]](globset pattern) entries. Reports five finding categories:path|pattern,kind,surface,classification,owner,reason,covered_by,created, orreview_afterentry.expires < today(when set)entry.review_after < todayModes
advisory(default)blocking-allowlistblocking-strictblocking-strictis wired but reserved until a dedicated stale/unused cleanup pass, perdocs/policy/NON_RUST_ROLLOUT.md.Decisions
toml,globset,chrono(no defaults,clockonly) as direct xtask deps.tomlis non-negotiable.globsethandlesdocs/**/*.md-style patterns correctly.chronofor "today" — ISO 8601 dates would sort lexically butNaiveDateparse+compare is the defensive choice.clockfeature is the only weight added.bail!("...; see target/policy/file-policy-report.md")so the artifact path is in the operator's terminal.Acceptance
cargo check --workspace --lockedpasses.cargo clippy -p xtask --all-targets --locked -- -D warningsclean.cargo fmt --all -- --checkclean.cargo xtask check-file-policy --mode advisoryexits 0 and reports:tracked=1018 entries=24 unreceipted=945 missing_fields=0 expired=0 stale=0 unused=0cargo xtask check-file-policy --mode blocking-allowlistexits 1:Error: check-file-policy: blocking-allowlist mode found 945 blocking issue(s); see target/policy/file-policy-report.mdtarget/policy/file-policy-report.mdand.jsonproduced.Note on the 945-unreceipted count
Expected. Generated files (
**/*.snap), workflow files, dependency-surface files, etc. live in their own ledgers (generated-allowlist.toml,workflow-allowlist.toml,dependency-surface-allowlist.toml). This checker is scoped tonon-rust-allowlist.tomlonly. PRs 7 (#206) and 8 (#207) add the companion checkers; PR 9 (#208) aggregates into a unifiedpolicy-report. Not a blocker for merging this PR — advisory mode is the configured state, and the report is informational evidence for later PRs.Follow-ups
cargo xtask non-rust proposewrites draft receipts for the unreceipted files this PR surfaces.policy-reportconsumes all four reports.