Skip to content

cargo-allow v0.1.7

Choose a tag to compare

View all tags
@EffortlessSteven EffortlessSteven released this 12 Jun 20:35
· 173 commits to main since this release
v0.1.7
e46e66e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

cargo-allow v0.1.7

cargo-allow v0.1.7 adds an opt-in spec-system preview profile for static
source-tree graph validation.

Default cargo-allow behavior remains the source-exception ledger:

cargo-allow audit
cargo-allow check --mode no-new
cargo-allow diff --base origin/main
cargo-allow worklist --format json

The new preview profile is explicit:

cargo-allow init --profile spec-system
cargo-allow doctor --profile spec-system
cargo-allow check --profile spec-system
cargo-allow audit --profile spec-system
cargo-allow worklist --profile spec-system --format json
cargo-allow explain CARGO-ALLOW-SPEC-0001 --profile spec-system

Highlights

  • Adds spec-system as one opt-in governance profile for proposals, specs,
    ADRs, implementation plans, active goals, support tiers, policy ledgers,
    proof-command fields, release records, and closeouts.
  • Emits cargo-allow.spec-system.v1 JSON artifacts with graph inventory,
    findings, work items, setup readiness, single-artifact explanation, scanner
    limitations, and claim boundary.
  • Adds worklist repair items for broken source-of-truth graph structure.
  • Adds doctor, init, check, audit, worklist, and explain preview
    surfaces for the profile.
  • Dogfoods the profile in the cargo-allow repository with CI artifacts and
    repo-local blocking posture for selected objective structural findings.
  • Adds first-hour adoption, CI, profile architecture, cross-repo adoption, and
    adoption-friction guidance.

Install

After the crates.io packages are published:

cargo install cargo-allow --version 0.1.7 --locked

Preview Boundary

spec-system is preview and opt-in. It is not part of default
cargo-allow check.

The profile validates structural source-tree relationships: IDs, paths,
statuses, required fields, links, support-tier proof fields, active-goal
references, and closeout links.

It does not execute proof commands, call GitHub APIs, run Cargo, rustc, Clippy,
build scripts, proc macros, ripr, unsafe-review, coverage, or network checks as
part of the cargo-allow scan. It does not claim semantic correctness, proof
execution, release readiness, unsafe soundness, test adequacy, or coverage
proof.

More

Assets 2
Loading