A+ quality: zero-copy optimizations and Cargo.toml standardization#190
Closed
JeromySt wants to merge 8 commits intousers/jstatia/native_ports_finalfrom
Closed
A+ quality: zero-copy optimizations and Cargo.toml standardization#190JeromySt wants to merge 8 commits intousers/jstatia/native_ports_finalfrom
JeromySt wants to merge 8 commits intousers/jstatia/native_ports_finalfrom
Conversation
Zero-copy improvements: - AKV: Store cose_key_cbor as ArcSlice in CoseKeyHeaderContributor (clone = refcount bump) - AKV: Pre-compute kid bytes as ArcSlice in KeyIdHeaderContributor - AKV: Change COSE_Key cache from Vec<u8> to ArcSlice (zero-copy cache hits) - MST: Return Vec<ArcSlice> from read_receipts instead of Vec<Vec<u8>> Cargo.toml standardization: - Convert 27 crates from dot notation to brace notation (edition/license) - Fix invalid edition '2024' in cose_openssl - Fix hardcoded editions/licenses in 3 crates - Add missing descriptions to 5 crates - Add missing [lints.rust] sections to 2 crates Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Task 1 - ValidationResult.validator_name: Changed from String to
Cow<'static, str> to avoid allocating when the name is a compile-time
constant. Updated constructors to accept impl Into<Cow<'static, str>>.
Changed metadata key insertions from .to_string() to .into() for
clarity. Documented the metadata BTreeMap<String, String> key-type
trade-off (public API, cold-path allocations).
Task 2 - ValidationResult clones: Documented as structurally required.
The same ValidationResult value populates both its stage slot and the
overall slot in CoseSign1ValidationResult, necessitating a clone.
Task 3 - EngineState HashMap values: Changed EngineState.missing and
EngineState.errors from HashMap<..., String> to HashMap<..., Arc<str>>.
Changed TrustFactSet::Missing { reason } and TrustFactSet::Error
{ message } from String to Arc<str>. get_fact_set() now uses
Arc::clone() (cheap refcount bump) instead of String::clone() (full
heap allocation) on every call.
Task 4 - TrustDecision.reasons: Changed from Vec<String> to
Vec<Cow<'static, str>>. Static deny reasons (11+ instances in rules.rs)
now use Cow::Borrowed() avoiding heap allocation entirely. Dynamic
reasons from format!() use Cow::Owned(). Updated all callers in
rules.rs, fluent.rs, and validator.rs.
Task 5 - plan.rs clones: Skipped. Vec<TrustRuleRef> clones are just
Arc refcount bumps, not deep copies. Acceptable as-is.
Task 6 - trust_producers.clone(): Skipped. TrustFactEngine::new()
takes ownership of the Vec; the clone is a Vec<Arc<_>> clone (refcount
bumps only). The engine must own its producers.
Also fixed a pre-existing type mismatch in azure_artifact_signing where
Arc<str>::clone() was assigned to Option<String>.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…AAS crates Tier 0 (payload-scale): - SigningContext: Added Borrowed(&[u8]) variant, factory uses from_slice() eliminating full payload copy - MST JWKS cache: Arc<JwksDocument> wrapping, get() returns refcount bump not 5-50KB deep clone - MST proof blobs: extract_proof_blobs() returns Vec<ArcSlice> instead of Vec<Vec<u8>> Tier 1 (per-validation hot paths): - Certificates: 23 fact struct fields String -> Arc<str>, ParsedCert fields -> Arc<str> - MST proofs: Hash fields [u8;32] fixed arrays, path Vec<(bool,[u8;32])> - CWT claims: claims_bytes Vec<u8> -> ArcSlice Tier 2 (per-operation): - AAS digest: Hash digests stay on stack as GenericArray, eliminated 4x heap alloc per signature - AAS validation: eku_oids uses .to_string() for Vec<String> compatibility All 7,886 tests pass. Clippy clean. Zero regressions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…cates static key usage strings, CWT Arc<str> claims, MST fact Arc<str>/Cow, DID Cow<str> policies, factory ArcStr fields, CounterSignature Cow details, validation message_arc() zero-copy - AKV: Inline digest computation, eliminate hash_sig_structure method and 3x .to_vec() - Certificates: Key usage Vec<String> -> Vec<&'static str> for 10 static strings - CWT: Fact fields String -> Arc<str>, use cose_sign1_message_arc() for zero-copy - MST: sha256_hex->Arc<str>, coverage->&'static str, details->Option<Arc<str>> - DID: DidX509Policy::Eku uses Cow::Borrowed for OID string literals - Factory: Hash envelope contributor fields -> ArcStr, stack GenericArray digests - Validation: CounterSignatureEnvelopeIntegrityFact.details -> Cow<'static, str> - All 7,886 tests pass, clippy clean Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…on pack READMEs
- SigningError/FactoryError: String tuple variants -> named Cow<'static, str> struct
variants for zero-alloc static messages and self-documenting field names
- PayloadTooLargeForEmbedding: positional (u64, u64) -> named { actual, max }
- FFI: Remove misleading #[repr(C)] from 6 validation structs embedding Rust types
(Vec, Arc, Option) — these are opaque behind *mut pointers, never passed by value
- Add #[must_use] to 6 builder/options types: CoseSign1Builder, SigningOptions,
DirectSignatureOptions, IndirectSignatureOptions, TrustPolicyBuilder,
TrustDecisionAuditBuilder
- Add comprehensive README.md for certificates, MST, and AKV extension packs
- All 7,886 tests pass, clippy clean, rustfmt clean
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…rror types - HeaderError: All String variants -> Cow<'static, str> (39 call sites in cwt_claims.rs) - ReceiptVerifyError: All 7 String variants -> Cow<'static, str> (38 call sites) - ValidationFailure: message/error_code/property_name/attempted_value/exception -> Cow - CoseSign1ValidationError: String variants -> Cow<'static, str> - AKV: key_type/curve_name fields -> Cow<'static, str> with static lookups - AKV: Service metadata literals use Cow::Borrowed - Validation FFI: .into_owned() at boundary for FFI String requirement - All 7,886 tests pass, clippy clean, rustfmt clean Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Documents the DID:x509 method implementation including parsing, building, validation, and resolution capabilities. Covers architecture, all modules, key types with usage examples, supported policies, FFI surface, SCITT compliance patterns, and memory design notes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
JeromySt
pushed a commit
that referenced
this pull request
Apr 8, 2026
Complete Cow<'static, str> migration across all error types (SigningError, FactoryError, HeaderError, ReceiptVerifyError, ValidationFailure, CoseSign1ValidationError). Arc<str> for hot-path string facts, &'static str for coverage/key_usage fields, [u8;32] stack digests, ArcSlice proofs, GenericArray hashes, Arc JWKS cache, SigningPayload::Borrowed. FFI fixes: removed #[repr(C)] from 6 validation structs embedding Rust types, added #[must_use] to 6 builder/options types. Created READMEs for certificates, MST, AKV, and DID:x509 extension packs. Structured error types with named Cow fields for zero-allocation static error messages. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Zero-copy and Cargo.toml standardization across native Rust workspace