Add guardrails and update audit sources for cargo-vet workflow

.github/agents/cargo-vet-auditor.agent.md

@@ -86,6 +86,45 @@ For every crate you review, systematically check ALL of the following:
 
 ## How to Review
 
+### Non-Interactive Execution
+
+**CRITICAL:** All `cargo vet` commands must run non-interactively:
+
+- **`diff` / `inspect`:** Always set the pager to `cat` to prevent the pager
+  from waiting for input. Use `$env:PAGER='cat';` (PowerShell) or `PAGER=cat`
+  (POSIX) before the command.
+- **`certify`:** Always pass `--accept-all` along with `--criteria`, `--who`,
+  and `--notes` to skip all interactive prompts.
+
+Never run a `cargo vet` command that could block waiting for terminal input.
+
+## Exemptions Are a Last Resort
+
+Do **not** recommend adding `[[exemptions]]` entries without good reason.
+Each exemption bypasses the audit process entirely and requires explicit manual
+confirmation from the user. Always prefer performing a full or delta audit over
+exempting a crate. If an exemption is truly necessary (e.g., the crate is only
+needed at `safe-to-run` level for dev tooling, or an import source removal
+requires temporary coverage), flag it clearly and let the user decide.
+
+Every exemption **must** include a `notes` field explaining why the exemption
+exists and under what conditions it can be removed.
+
+## Duplicate-Audit Guardrail
+
+Before recommending or running certification, check whether an identical
+`[[audits.<crate>]]` entry (same who/criteria/version-or-delta/notes) already
+exists in `supply-chain/audits.toml`.
+
+If an identical entry already exists:
+
+- Do not recommend re-certifying with the same data
+- Report that the crate is already certified with identical audit content
+- If duplicates already exist, explicitly recommend deduplicating by keeping one
+  copy and removing the rest
+
+Rationale: retried `cargo vet certify` commands can append duplicate blocks.
+
 ### For Delta Audits
 
 Use `PAGER=cat cargo vet diff CRATE FROM TO` (POSIX) or

.github/skills/cargo-vet-audit/SKILL.md

@@ -60,6 +60,29 @@ Confidence scoring rubric:
 
 ## Step 5: Certify
 
+### Exemptions Are a Last Resort
+
+Do **not** add `[[exemptions]]` entries without explicit user confirmation.
+Each exemption bypasses the audit process entirely and must be justified.
+Valid reasons include:
+
+- The crate is only needed for `safe-to-run` (test/dev tooling) and a full
+  audit is disproportionate
+- An upstream import source was removed and the crate needs temporary coverage
+  while a first-party audit is scheduled
+- The user explicitly requests an exemption after reviewing the trade-offs
+
+Always prefer auditing (full or delta) over exempting. When an exemption is
+unavoidable, present it to the user for manual approval before adding it.
+
+Every exemption **must** include a `--notes` explaining why the exemption exists
+and under what conditions it can be removed:
+
+```shell
+cargo vet add-exemption CRATE VERSION --criteria CRITERIA \
+  --notes "Reason for exemption; plan for resolution"
+```
+
 For each crate that passes (confidence ≥ 70), run:
 
 ```shell
@@ -104,9 +127,32 @@ the human reviewer, never the AI agent.
 
 ## Step 6: Verify and Clean Up
 
-1. Run `cargo vet` again to confirm everything passes
-2. Run `cargo vet prune` to remove stale exemptions
-3. Run `cargo vet` one final time to confirm clean state
+Before final verification, detect and remove identical duplicate `[[audits.*]]`
+entries that may have been appended by retried `cargo vet certify` commands.
+
+Duplicate-check workflow:
+
+1. Scan `supply-chain/audits.toml` for byte-for-byte identical audit blocks
+2. If duplicates exist, keep one copy (usually the first) and remove the rest
+3. Re-run `cargo vet` after deduplication to ensure state is still valid
+
+Suggested duplicate detection commands:
+
+```powershell
+# PowerShell: use any local script/command that prints duplicate blocks
+# with crate names and line numbers
+```
+
+```shell
+# POSIX: optional equivalent using awk/python if available
+# (implementation may vary by environment)
+```
+
+Then run the normal cleanup sequence:
+
+4. Run `cargo vet` again to confirm everything passes
+5. Run `cargo vet prune` to remove stale exemptions
+6. Run `cargo vet` one final time to confirm clean state
 
 ## Reviewing Import Sources
 

supply-chain/audits.toml

@@ -46,6 +46,12 @@ who = "Douglas Cheah <douglascheah@microsoft.com>"
 criteria = "safe-to-run"
 version = "1.1.0"
 
+[[audits.autocfg]]
+who = "Jerry Xie <jerryxie@microsoft.com>"
+criteria = "safe-to-deploy"
+delta = "1.4.0 -> 1.5.0"
+notes = "No unsafe, no build.rs, no network access; delta adds edition-aware rustc probing and best-effort probe-file cleanup only. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet"
+
 [[audits.backtrace]]
 who = "Robert Zieba <robertzieba@microsoft.com>"
 criteria = "safe-to-run"
@@ -72,6 +78,12 @@ who = "Jerry Xie <jerryxie@microsoft.com>"
 criteria = "safe-to-deploy"
 version = "1.0.0"
 
+[[audits.crunchy]]
+who = "Jerry Xie <jerryxie@microsoft.com>"
+criteria = "safe-to-deploy"
+delta = "0.2.3 -> 0.2.4"
+notes = "Tiny diff to use newer core/std features via build.rs env var for path separator; no safety impact. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet"
+
 [[audits.embassy-embedded-hal]]
 who = "Jerry Xie <jerryxie@microsoft.com>"
 criteria = "safe-to-deploy"
@@ -460,6 +472,12 @@ who = "jerrysxie <jerryxie@microsoft.com>"
 criteria = "safe-to-deploy"
 version = "0.6.8"
 
+[[audits.serde_spanned]]
+who = "Jerry Xie <jerryxie@microsoft.com>"
+criteria = "safe-to-deploy"
+delta = "0.6.8 -> 0.6.9"
+notes = "Trivial delta: metadata, lint config, and doc formatting only. No functional code changes, no unsafe, no build script, no I/O. Assisted-by: copilot-cli:claude-opus-4.6 cargo-vet"
+
 [[audits.smbus-pec]]
 who = "Matteo Tullo <matteotullo@microsoft.com>"
 criteria = "safe-to-deploy"
@@ -480,6 +498,18 @@ who = "Matteo Tullo <matteotullo@microsoft.com>"
 criteria = "safe-to-deploy"
 version = "1.1.2"
 
+[[audits.tap]]
+who = "Jerry Xie <jerryxie@microsoft.com>"
+criteria = "safe-to-deploy"
+version = "1.0.1"
+notes = "No unsafe, no build.rs, no ambient I/O/process/network capabilities; behavior matches no_std tap/pipe/conv utility traits. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet"
+
+[[audits.thread_local]]
+who = "Jerry Xie <jerryxie@microsoft.com>"
+criteria = "safe-to-deploy"
+delta = "1.1.4 -> 1.1.9"
+notes = "No build script, no FS/net/process capability expansion; unsafe refactor to lock-free insertion and nightly TLS path appears sound on review. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet"
+
 [[audits.tokio]]
 who = "Robert Zieba <robertzieba@microsoft.com>"
 criteria = "safe-to-run"
@@ -535,6 +565,12 @@ who = "Jerry Xie <jerryxie@microsoft.com>"
 criteria = "safe-to-deploy"
 version = "1.17.0"
 
+[[audits.valuable]]
+who = "Jerry Xie <jerryxie@microsoft.com>"
+criteria = "safe-to-deploy"
+version = "0.1.1"
+notes = "No unsafe code; build.rs only sets target atomic cfg via env; no fs/net/process capability use observed; behavior matches value-inspection purpose. Assisted-by: copilot-cli:GPT-5.3-Codex cargo-vet"
+
 [[audits.windows-targets]]
 who = "Robert Zieba <robertzieba@microsoft.com>"
 criteria = "safe-to-run"
@@ -654,6 +690,12 @@ user-id = 189 # Andrew Gallant (BurntSushi)
 start = "2019-02-25"
 end = "2026-09-03"
 
+[[trusted.rustc-demangle]]
+criteria = "safe-to-deploy"
+user-id = 55123 # rust-lang-owner
+start = "2023-03-23"
+end = "2027-04-17"
+
 [[trusted.rustversion]]
 criteria = "safe-to-deploy"
 user-id = 3618 # David Tolnay (dtolnay)

supply-chain/config.toml

@@ -10,18 +10,12 @@ url = "https://raw.githubusercontent.com/OpenDevicePartnership/rust-crate-audits
 [imports.bytecode-alliance]
 url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"
 
-[imports.embark-studios]
-url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml"
-
 [imports.google]
 url = "https://raw.githubusercontent.com/google/rust-crate-audits/main/audits.toml"
 
 [imports.mozilla]
 url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml"
 
-[imports.zcash]
-url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml"
-
 [policy.embassy-imxrt]
 audit-as-crates-io = false
 

supply-chain/imports.lock

@@ -69,6 +69,12 @@ user-id = 189
 user-login = "BurntSushi"
 user-name = "Andrew Gallant"
 
+[[publisher.rustc-demangle]]
+version = "0.1.26"
+when = "2025-07-27"
+user-id = 55123
+user-login = "rust-lang-owner"
+
 [[publisher.rustversion]]
 version = "1.0.22"
 when = "2025-08-08"
@@ -598,17 +604,6 @@ a few `unsafe` blocks related to utf-8 validation which are locally verifiable
 as correct and otherwise this crate is good to go.
 """
 
-[[audits.bytecode-alliance.audits.rustc-demangle]]
-who = "Alex Crichton <alex@alexcrichton.com>"
-criteria = "safe-to-deploy"
-version = "0.1.21"
-notes = "I am the author of this crate."
-
-[[audits.bytecode-alliance.audits.rustc-demangle]]
-who = "Alex Crichton <alex@alexcrichton.com>"
-criteria = "safe-to-deploy"
-delta = "0.1.21 -> 0.1.24"
-
 [[audits.bytecode-alliance.audits.semver]]
 who = "Pat Hickey <phickey@fastly.com>"
 criteria = "safe-to-deploy"
@@ -653,18 +648,6 @@ who = "Pat Hickey <phickey@fastly.com>"
 criteria = "safe-to-deploy"
 version = "0.3.17"
 
-[[audits.embark-studios.audits.tap]]
-who = "Johan Andersson <opensource@embark-studios.com>"
-criteria = "safe-to-deploy"
-version = "1.0.1"
-notes = "No unsafe usage or ambient capabilities"
-
-[[audits.embark-studios.audits.valuable]]
-who = "Johan Andersson <opensource@embark-studios.com>"
-criteria = "safe-to-deploy"
-version = "0.1.0"
-notes = "No unsafe usage or ambient capabilities, sane build script"
-
 [[audits.google.audits.autocfg]]
 who = "Manish Goregaokar <manishearth@google.com>"
 criteria = "safe-to-deploy"
@@ -1342,6 +1325,12 @@ end = "2026-02-01"
 notes = "All code written or reviewed by Manish"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.adler2]]
+who = "Erich Gubler <erichdongubler@gmail.com>"
+criteria = "safe-to-deploy"
+delta = "2.0.0 -> 2.0.1"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.arraydeque]]
 who = "Lars Eggert <lars@eggert.org>"
 criteria = "safe-to-deploy"
@@ -1645,79 +1634,3 @@ who = "Mark Hammond <mhammond@skippinet.com.au>"
 criteria = "safe-to-deploy"
 delta = "0.3.19 -> 0.3.20"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
-
-[[audits.zcash.audits.adler2]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "2.0.0 -> 2.0.1"
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
-[[audits.zcash.audits.autocfg]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "1.4.0 -> 1.5.0"
-notes = "Filesystem change is to remove the generated LLVM IR output file after probing."
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
-[[audits.zcash.audits.crunchy]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "0.2.3 -> 0.2.4"
-notes = """
-Build script change is to fix a bug where a path separator for an included file
-was being selected by the target OS instead of the host OS.
-"""
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
-[[audits.zcash.audits.rustc-demangle]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "0.1.24 -> 0.1.25"
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
-[[audits.zcash.audits.rustc-demangle]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "0.1.25 -> 0.1.26"
-notes = "Parser changes use existing parsing machinery in an obvious way."
-aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"
-
-[[audits.zcash.audits.serde_spanned]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "0.6.8 -> 0.6.9"
-aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"
-
-[[audits.zcash.audits.thread_local]]
-who = "Jack Grigg <jack@z.cash>"
-criteria = "safe-to-deploy"
-delta = "1.1.4 -> 1.1.7"
-notes = """
-New `unsafe` usage:
-- An extra `deallocate_bucket`, to replace a `Mutex::lock` with a `compare_exchange`.
-- Setting and getting a `#[thread_local] static mut Option<Thread>` on nightly.
-"""
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
-[[audits.zcash.audits.thread_local]]
-who = "Daira-Emma Hopwood <daira@jacaranda.org>"
-criteria = "safe-to-deploy"
-delta = "1.1.7 -> 1.1.8"
-notes = """
-Adds `unsafe` code that makes an assumption that `ptr::null_mut::<Entry<T>>()` is a valid representation
-of an `AtomicPtr<Entry<T>>`, but this is likely a correct assumption.
-"""
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
-[[audits.zcash.audits.thread_local]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "1.1.8 -> 1.1.9"
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
-[[audits.zcash.audits.valuable]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "0.1.0 -> 0.1.1"
-notes = "Build script changes are for linting."
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"