diff --git a/CHANGELOG.md b/CHANGELOG.md index b8f58c5..3d388ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,12 @@ range may break in any release. ### Added +- **`justfile` dev gates.** Recipes mirroring CI exactly — `just fmt` / `clippy` + (fresh-isolated `-D warnings`, the only form that matches the runner) / `test` + / `headless` / `version-gate` / `deny` / `audit`, with `just ci` running the + full set, plus `just fuzz [secs]` and `just pqc`. Encodes the commands from + `.github/workflows/ci.yml` so they can't drift and are one keystroke. + - **`RELEASING.md` + v0.1 status reconcile.** A maintainer checklist for cutting the `v0.1.0` tag (operational gates → mechanical version bump / CHANGELOG date / signed tag), and PRD §11–§12 annotated with each criterion's status. Docs diff --git a/README.md b/README.md index 4c81917..d36e6e3 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,10 @@ cargo build --release ./target/release/vault --version ``` +The CI gates are mirrored in a `justfile`: `just ci` runs fmt / clippy +(CI-exact, fresh-isolated) / test / headless / version-gate / deny / audit +before pushing; `just --list` shows the rest (`just fuzz`, `just pqc`, …). + Headless install (no TUI dependencies; the agent additionally drops the clipboard's X11/Wayland tree): diff --git a/justfile b/justfile new file mode 100644 index 0000000..9803747 --- /dev/null +++ b/justfile @@ -0,0 +1,66 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +# +# Developer gate recipes mirroring CI (.github/workflows/ci.yml). Run `just ci` +# before pushing; it runs the same checks the runner does. The toolchain is +# pinned by rust-toolchain.toml (1.95.0), so these match CI exactly. + +# List the recipes. +default: + @just --list + +# rustfmt check (CI: rustfmt job). +fmt: + cargo fmt --all -- --check + +# Apply formatting. +fmt-fix: + cargo fmt --all + +# Clippy, CI-exact: a fresh isolated target dir + -D warnings (a warm cache false-greens). +clippy: + rm -rf target/clippy + RUSTFLAGS="-D warnings" CARGO_TARGET_DIR=target/clippy cargo clippy --workspace --all-targets --all-features -- -D warnings + +# Tests (CI: test job; RUSTFLAGS=-D warnings, as the workflow sets globally). +test: + RUSTFLAGS="-D warnings" cargo test --workspace --all-targets + +# Live HTTP integration tests (#[ignore]d by default; needs network / Vaultwarden — docs/m2-vaultwarden.md). +test-live: + cargo test -- --ignored + +# Headless builds (CI: headless job): CLI without the TUI, agent without the clipboard tree. +headless: + cargo build -p vault-cli --no-default-features --features cli + cargo build -p vault-agent --no-default-features + +# `vault --version` carries the Standard §13.2 attribution block (CI: version-gate job). +version-gate: + #!/usr/bin/env bash + set -euo pipefail + cargo build --bin vault --release + out=$(./target/release/vault --version) + grep -q "Mohamed Hammad " <<<"$out" + grep -q "GPL-3.0-or-later" <<<"$out" + grep -q "https://Vault.SpacecraftSoftware.org/" <<<"$out" + echo "version-gate: ok" + +# Supply-chain: licenses/bans/advisories/sources (CI: cargo-deny job). +deny: + cargo deny check + +# Vulnerability advisories (CI: cargo-audit job). Needs `cargo install cargo-audit`. +audit: + cargo audit + +# EncString fuzz harness (nightly; docs/fuzzing.md). Smoke by default; the v0.1 gate is `just fuzz 86400`. +fuzz seconds="30": + cd fuzz && cargo +nightly fuzz run enc_string_parse -- -max_total_time={{seconds}} + +# Build the post-quantum transport feature (docs/pqc.md) and run its tests. +pqc: + cargo build -p vault-agent --features pqc + cargo test -p vault-api --features pqc + +# Everything the CI runner checks, in order. Run before pushing. +ci: fmt clippy test headless version-gate deny audit