fix(ci): enforce the dormant pre-commit hook; clear fmt + lopdf-advisory rot#2
Open
evnchn wants to merge 1 commit into
Open
fix(ci): enforce the dormant pre-commit hook; clear fmt + lopdf-advisory rot#2evnchn wants to merge 1 commit into
evnchn wants to merge 1 commit into
Conversation
… new lopdf advisory Three of main's red CI jobs are accidental rot, not feature work: - Rustfmt: .githooks/pre-commit exists (fmt+clippy+test) but is never enforced — nothing sets core.hooksPath, so two mechanical rename commits drifted formatting into main. Add a 'just setup' recipe + a CONTRIBUTING step that sets core.hooksPath=.githooks; scope the enforced hook to fmt + clippy (the test suite is intentionally red under the TDD workflow, so it cannot gate every commit — CI still runs it); and run cargo fmt to clear the existing drift (issen-report, issen-signatures, an issen-mem scratch test). - Cargo Deny / Cargo Audit: add RUSTSEC-2026-0187 (lopdf stack overflow, high) to deny.toml and .cargo/audit.toml. lopdf is transitive via printpdf 0.9 (pins lopdf ^0.39) and used only for report generation, never to parse untrusted PDFs, so it cannot be bumped independently — matching the existing 'transitive; awaiting upstream' ignore policy. Verified on the pinned 1.96.0 toolchain: cargo fmt --all --check, cargo deny check, and cargo audit all pass. The Test job's 36 failures are left untouched (committed TDD red tests for subcommands not yet built). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01DRGyJcRwSwtMcirxKZr7p4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Drafted by Claude Code on evnchn's behalf; every claim below was verified as described.
TL;DR
Greens 3 of
main's currently-red CI jobs — Rustfmt, Cargo Deny, Cargo Audit — by fixing causes, not symptoms.The load-bearing finding:
.githooks/pre-commitwas doubly dormant — nothing setscore.hooksPath, and the file is committed non-executable (100644), which git silently skips even when hooks are enabled. So formatting drifted intomainunguarded.Deliberately not touched: the Test job (36 failures are committed TDD-red tests for unbuilt subcommands — yours by design) and the Docs job (separate workflow). This PR doesn't pretend to fix those.
Ask: review/merge. The advisory call (ignore vs upgrade) is the one judgement worth a second look — reasoning folded below.
Root cause — why fmt drifted into main
.githooks/pre-commitalready exists and runs the right checks, but:core.hooksPathis ever set (no setup recipe, no CONTRIBUTING step) — so git never looks in.githooks/.100644— even withcore.hooksPathset, git skips a non-executable hook on POSIX.The 6 fmt-drift lines all trace to two mechanical rename commits (
RapidTriage → Issen,unit → parse job) — find-and-replace sweeps that reformat nothing — committed directly tomain. CI flagged them only post-merge. The rest of the tree is clean.The hook also can't simply be enabled as-is: it ran
cargo test --workspace, which is intentionally red (the 36 TDD tests), so it would block every commit. Hence scoping the enforced hook to fmt + clippy.What changed (4 parts)
Justfile:just setup→git config core.hooksPath .githooks;CONTRIBUTING.mddocuments it.githooks/pre-commit: mode100644 → 100755, dropcargo test --workspace, keep fmt + clippy (-D warnings)cargo fmton the 3 drifted filesRUSTSEC-2026-0187(lopdf) →deny.toml+.cargo/audit.tomlNote:
just setupoverwrites a contributor's existing localcore.hooksPath(per-clone-local, not global). Happy to add a guard if you'd prefer.The advisory: why ignore, not upgrade (the non-rug-sweep check)
cargo auditsuggestslopdf >= 0.42.0. I checked whether that's reachable before ignoring:printpdf 0.9(pinned incrates/issen-report/Cargo.toml) requireslopdf ^0.39, so it can't be bumped independently — the real fix is a futureprintpdfbump. lopdf is reached only via printpdf for report generation; the advisory is a stack overflow when parsing deeply-nested input PDFs, a path this code never takes. So a documented ignore matching the existing "transitive; awaiting upstream" policy indeny.tomlis proportionate.Verification (pinned 1.96.0 toolchain, matching CI)
Hook executable-bit fix proven behaviorally (with
core.hooksPath=.githooks):100644: an empty test commit succeeded → hook skipped (the latent bug).100755: the same commit was blocked, printing==> pre-commit: cargo fmt --check→ git now invokes it.cargo fmtchanges are mechanical line-wrapping only (no semantic drift). Reviewed independently by a second model (Codex, different lineage): no blocking findings.Out of scope (left red on purpose)
Ingest/Analyse/Pivot/Supertimelinesubcommands not yet built.