diff --git a/Cargo.toml b/Cargo.toml index 8a8dd19..42a3430 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,5 +18,5 @@ soroban-sdk = { version = "26.0.1" } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" anyhow = "1.0" -dotenv = "0.15" +dotenvy = "0.15" common = { package = "orbitchain-common", path = "common" } diff --git a/campaign/Cargo.toml b/campaign/Cargo.toml index 993d32e..fd9d214 100644 --- a/campaign/Cargo.toml +++ b/campaign/Cargo.toml @@ -2,6 +2,8 @@ name = "orbitchain-campaign" version = "0.1.0" edition = "2021" +license = "MIT" +publish = false description = "OrbitChain campaign smart contract — milestones, donations, refunds, and lifecycle" [lib] diff --git a/common/Cargo.toml b/common/Cargo.toml index 62d0b73..637eb7b 100644 --- a/common/Cargo.toml +++ b/common/Cargo.toml @@ -2,6 +2,8 @@ name = "orbitchain-common" version = "0.1.0" edition = "2021" +license = "MIT" +publish = false description = "OrbitChain common types — shared CampaignStatus, MilestoneStatus, AssetInfo, and ErrorCode" [lib] diff --git a/crates/contracts/core/Cargo.toml b/crates/contracts/core/Cargo.toml index 99856a0..cf7079a 100644 --- a/crates/contracts/core/Cargo.toml +++ b/crates/contracts/core/Cargo.toml @@ -3,6 +3,8 @@ name = "orbitchain-core" version.workspace = true edition.workspace = true rust-version.workspace = true +license = "MIT" +publish = false description = "Legacy OrbitChain campaign reference contract; canonical implementation lives in orbitchain-campaign" [lib] diff --git a/crates/tools/Cargo.toml b/crates/tools/Cargo.toml index cf490c1..910f8a4 100644 --- a/crates/tools/Cargo.toml +++ b/crates/tools/Cargo.toml @@ -3,6 +3,8 @@ name = "orbitchain-tools" version.workspace = true edition.workspace = true rust-version.workspace = true +license = "MIT" +publish = false description = "OrbitChain CLI tools — key management, signing, asset issuing, and payment processing" [[bin]] @@ -15,7 +17,7 @@ serde = { workspace = true } serde_json = { workspace = true } tokio = { version = "1.0", features = ["rt", "macros", "time"] } anyhow = { workspace = true } -dotenv = { workspace = true } +dotenvy = { workspace = true } toml = "0.8" aes-gcm = "0.10" rand = "0.8" diff --git a/crates/tools/src/asset_issuing.rs b/crates/tools/src/asset_issuing.rs index c1a810d..c776a43 100644 --- a/crates/tools/src/asset_issuing.rs +++ b/crates/tools/src/asset_issuing.rs @@ -24,7 +24,7 @@ pub struct TrustlineConfig { impl AssetConfig { pub fn from_env() -> Result { - dotenv::dotenv().ok(); + dotenvy::dotenv().ok(); let code = env::var("ASSET_CODE") .unwrap_or_else(|_| "ORBIT".to_string()); diff --git a/crates/tools/src/encrypted_vault.rs b/crates/tools/src/encrypted_vault.rs index fac9ecc..fe138bc 100644 --- a/crates/tools/src/encrypted_vault.rs +++ b/crates/tools/src/encrypted_vault.rs @@ -58,7 +58,7 @@ impl EncryptedVault { /// Load vault configuration from .env file #[must_use] pub fn from_env() -> Result { - dotenv::dotenv().ok(); + dotenvy::dotenv().ok(); // Try to get master password from environment let master_password = env::var("VAULT_MASTER_PASSWORD") diff --git a/crates/tools/src/environment_config.rs b/crates/tools/src/environment_config.rs index 44ccc34..2f5f8bb 100644 --- a/crates/tools/src/environment_config.rs +++ b/crates/tools/src/environment_config.rs @@ -43,7 +43,7 @@ impl EnvironmentConfig { } pub fn from_env() -> Result { - dotenv::dotenv().ok(); + dotenvy::dotenv().ok(); let network = env::var("SOROBAN_NETWORK").unwrap_or_else(|_| "testnet".to_string()); diff --git a/crates/tools/src/main.rs b/crates/tools/src/main.rs index 1d45967..0580948 100644 --- a/crates/tools/src/main.rs +++ b/crates/tools/src/main.rs @@ -42,7 +42,7 @@ mod withdrawal_audit; mod withdrawal_limits; fn main() -> Result<()> { - dotenv::dotenv().ok(); + dotenvy::dotenv().ok(); let args: Vec = env::args().collect(); diff --git a/crates/tools/src/secure_vault.rs b/crates/tools/src/secure_vault.rs index c3974d5..6a2ffd1 100644 --- a/crates/tools/src/secure_vault.rs +++ b/crates/tools/src/secure_vault.rs @@ -23,7 +23,7 @@ pub struct SecureVault { impl SecureVault { #[must_use] pub fn from_env() -> Self { - dotenv::dotenv().ok(); + dotenvy::dotenv().ok(); Self { admin_secret_key: env::var("SOROBAN_ADMIN_SECRET_KEY").ok(), diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..b5f7729 --- /dev/null +++ b/deny.toml @@ -0,0 +1,55 @@ +# cargo-deny configuration +# Run `cargo deny check` to verify license compliance + +[advisories] +# Advisories to ignore (after review) +ignore = [] +# How to handle yanked crates: deny, warn (default), or allow +yanked = "warn" +# How to handle unmaintained advisories: all, workspace, transitive, none +unmaintained = "workspace" +# How to handle unsound advisories: all, workspace (default), transitive, none +unsound = "workspace" +# Warn about unused ignored advisories +unused-ignored-advisory = "warn" + +[licenses] +# List of allowed licenses. +# See https://spdx.org/licenses/ for full list. +allow = [ + "MIT", + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "BSD-2-Clause", + "BSD-3-Clause", + "Unicode-3.0", + "Unlicense", + "Zlib", +] +# Confidence threshold for license detection (0.0 - 1.0) +confidence-threshold = 0.8 +# Warn about unused allowed licenses +unused-allowed-license = "warn" + +# Specific exceptions for crates that need additional licenses +# [[licenses.exceptions]] +# allow = ["License-Id"] +# crate = "crate-name" + +[bans] +# Specific crates that are banned +deny = [ + # Example: { name = "openssl", reason = "Using rustls instead" }, +] +# Skip these specific crates from being checked +skip = [] +# Skip entire trees +skip-tree = [] + +[sources] +# Only allow crates from crates.io by default +allow-registry = ["https://github.com/rust-lang/crates.io-index"] +# Deny unknown registries +unknown-registry = "deny" +# Deny git sources unless explicitly allowed +unknown-git = "deny" diff --git a/token-bridge/Cargo.toml b/token-bridge/Cargo.toml index f76e7f1..d806888 100644 --- a/token-bridge/Cargo.toml +++ b/token-bridge/Cargo.toml @@ -2,6 +2,8 @@ name = "orbitchain-token-bridge" version = "0.1.0" edition = "2021" +license = "MIT" +publish = false description = "OrbitChain cross-chain token bridge contract" [lib]