ontoref/deny.toml

# cargo-deny configuration — cargo-deny 0.18+
# https://embarkstudios.github.io/cargo-deny/

[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
unmaintained = "workspace"
yanked = "warn"
ignore = [
    # RUSTSEC-2023-0071: rsa Marvin Attack (timing side-channel).
    # rsa is a transitive dep; not used in network-facing key operations here.
    # Revisit when rsa publishes a patched release.
    { id = "RUSTSEC-2023-0071" },
]

[licenses]
allow = [
    "MIT",
    "MIT-0",
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "Unicode-DFS-2016",
    "Unicode-3.0",
    "CC0-1.0",
    "Zlib",
    "Unlicense",
    "MPL-2.0",
    "OpenSSL",
    "CDLA-Permissive-2.0",
    "BUSL-1.1",
]
exceptions = []

[bans]
multiple-versions = "warn"
allow = []
deny = []
skip = []
skip-tree = []

[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []
feat: unified auth model, project onboarding, install pipeline, config management The full scope across this batch: POST /sessions key→token exchange, SessionStore dual-index with revoke_by_id, CLI Bearer injection (ONTOREF_TOKEN), ontoref setup --gen-keys, install scripts, daemon config form roundtrip, ADR-004/005, on+re self-description update (fully-self-described), and landing page refresh. 2026-03-13 21:14:55 +00:00			`# cargo-deny configuration — cargo-deny 0.18+`
			`# https://embarkstudios.github.io/cargo-deny/`
chore: add ci and dev settings 2026-03-13 00:15:49 +00:00
			`[advisories]`
			`db-path = "~/.cargo/advisory-db"`
			`db-urls = ["https://github.com/rustsec/advisory-db"]`
feat: unified auth model, project onboarding, install pipeline, config management The full scope across this batch: POST /sessions key→token exchange, SessionStore dual-index with revoke_by_id, CLI Bearer injection (ONTOREF_TOKEN), ontoref setup --gen-keys, install scripts, daemon config form roundtrip, ADR-004/005, on+re self-description update (fully-self-described), and landing page refresh. 2026-03-13 21:14:55 +00:00			`unmaintained = "workspace"`
chore: add ci and dev settings 2026-03-13 00:15:49 +00:00			`yanked = "warn"`
feat: unified auth model, project onboarding, install pipeline, config management The full scope across this batch: POST /sessions key→token exchange, SessionStore dual-index with revoke_by_id, CLI Bearer injection (ONTOREF_TOKEN), ontoref setup --gen-keys, install scripts, daemon config form roundtrip, ADR-004/005, on+re self-description update (fully-self-described), and landing page refresh. 2026-03-13 21:14:55 +00:00			`ignore = [`
			`# RUSTSEC-2023-0071: rsa Marvin Attack (timing side-channel).`
			`# rsa is a transitive dep; not used in network-facing key operations here.`
			`# Revisit when rsa publishes a patched release.`
			`{ id = "RUSTSEC-2023-0071" },`
			`]`
chore: add ci and dev settings 2026-03-13 00:15:49 +00:00
			`[licenses]`
			`allow = [`
			`"MIT",`
			`"MIT-0",`
			`"Apache-2.0",`
			`"Apache-2.0 WITH LLVM-exception",`
			`"BSD-2-Clause",`
			`"BSD-3-Clause",`
			`"ISC",`
			`"Unicode-DFS-2016",`
feat: unified auth model, project onboarding, install pipeline, config management The full scope across this batch: POST /sessions key→token exchange, SessionStore dual-index with revoke_by_id, CLI Bearer injection (ONTOREF_TOKEN), ontoref setup --gen-keys, install scripts, daemon config form roundtrip, ADR-004/005, on+re self-description update (fully-self-described), and landing page refresh. 2026-03-13 21:14:55 +00:00			`"Unicode-3.0",`
			`"CC0-1.0",`
			`"Zlib",`
			`"Unlicense",`
			`"MPL-2.0",`
			`"OpenSSL",`
			`"CDLA-Permissive-2.0",`
			`"BUSL-1.1",`
chore: add ci and dev settings 2026-03-13 00:15:49 +00:00			`]`
feat: unified auth model, project onboarding, install pipeline, config management The full scope across this batch: POST /sessions key→token exchange, SessionStore dual-index with revoke_by_id, CLI Bearer injection (ONTOREF_TOKEN), ontoref setup --gen-keys, install scripts, daemon config form roundtrip, ADR-004/005, on+re self-description update (fully-self-described), and landing page refresh. 2026-03-13 21:14:55 +00:00			`exceptions = []`
chore: add ci and dev settings 2026-03-13 00:15:49 +00:00
			`[bans]`
			`multiple-versions = "warn"`
feat: unified auth model, project onboarding, install pipeline, config management The full scope across this batch: POST /sessions key→token exchange, SessionStore dual-index with revoke_by_id, CLI Bearer injection (ONTOREF_TOKEN), ontoref setup --gen-keys, install scripts, daemon config form roundtrip, ADR-004/005, on+re self-description update (fully-self-described), and landing page refresh. 2026-03-13 21:14:55 +00:00			`allow = []`
			`deny = []`
			`skip = []`
			`skip-tree = []`
chore: add ci and dev settings 2026-03-13 00:15:49 +00:00
			`[sources]`
			`unknown-registry = "deny"`
			`unknown-git = "deny"`
			`allow-registry = ["https://github.com/rust-lang/crates.io-index"]`
			`allow-git = []`