Fix cargo fmt formatting

symbibot · symbibot · commit cb9b3e2f3bb5 · 2026-04-02T16:12:04.000-07:00
diff --git a/crates/runtime/src/api/api_keys.rs b/crates/runtime/src/api/api_keys.rs
@@ -199,8 +199,7 @@ impl ApiKeyStore {
         let salt = SaltString::generate(&mut rand::thread_rng());
         let params = argon2::Params::new(19 * 1024, 2, 1, None)
             .map_err(|e| format!("Invalid Argon2 parameters: {}", e))?;
-        let argon2 =
-            Argon2::new(argon2::Algorithm::Argon2id, argon2::Version::V0x13, params);
+        let argon2 = Argon2::new(argon2::Algorithm::Argon2id, argon2::Version::V0x13, params);
         let hash = argon2
             .hash_password(raw_key.as_bytes(), &salt)
             .map_err(|e| format!("Failed to hash key: {}", e))?;
diff --git a/crates/runtime/src/integrations/policy_engine/engine.rs b/crates/runtime/src/integrations/policy_engine/engine.rs
@@ -165,10 +165,7 @@ impl OpaClient {
                         .cloned()
                         .unwrap_or(serde_json::json!(false)))
                 } else {
-                    tracing::warn!(
-                        "OPA returned HTTP {}: denying by default",
-                        resp.status()
-                    );
+                    tracing::warn!("OPA returned HTTP {}: denying by default", resp.status());
                     Ok(serde_json::json!(false))
                 }
             }
diff --git a/crates/runtime/src/integrations/schemapin/native_client.rs b/crates/runtime/src/integrations/schemapin/native_client.rs
@@ -141,9 +141,14 @@ impl SchemaPinClient for NativeSchemaPinClient {
 
         // Attempt to extract an embedded signature from the schema JSON.
         // Schemas signed by SchemaPin contain a top-level `signature` field.
-        let embedded_signature: Option<String> = serde_json::from_slice::<serde_json::Value>(&schema_data)
-            .ok()
-            .and_then(|v| v.get("signature").and_then(|s| s.as_str()).map(String::from));
+        let embedded_signature: Option<String> =
+            serde_json::from_slice::<serde_json::Value>(&schema_data)
+                .ok()
+                .and_then(|v| {
+                    v.get("signature")
+                        .and_then(|s| s.as_str())
+                        .map(String::from)
+                });
 
         if let Some(ref sig) = embedded_signature {
             // Verify the embedded signature against the schema content and fetched public key
@@ -155,14 +160,17 @@ impl SchemaPinClient for NativeSchemaPinClient {
             if let Some(obj) = schema_value.as_object_mut() {
                 obj.remove("signature");
             }
-            let canonical_payload = serde_json::to_vec(&schema_value)
-                .map_err(|e| SchemaPinError::IoError {
+            let canonical_payload =
+                serde_json::to_vec(&schema_value).map_err(|e| SchemaPinError::IoError {
                     reason: format!("Failed to serialize canonical schema: {}", e),
                 })?;
 
             match verify_signature(&public_key_pem, &canonical_payload, sig) {
                 Ok(true) => {
-                    tracing::info!("Schema signature verified successfully for {}", args.schema_path);
+                    tracing::info!(
+                        "Schema signature verified successfully for {}",
+                        args.schema_path
+                    );
                     Ok(VerificationResult {
                         success: true,
                         message: "Schema signature verified successfully using native Rust implementation".to_string(),
@@ -179,10 +187,14 @@ impl SchemaPinClient for NativeSchemaPinClient {
                     })
                 }
                 Ok(false) => {
-                    tracing::warn!("Schema signature verification failed: signature invalid for {}", args.schema_path);
+                    tracing::warn!(
+                        "Schema signature verification failed: signature invalid for {}",
+                        args.schema_path
+                    );
                     Ok(VerificationResult {
                         success: false,
-                        message: "Schema signature verification failed: signature is invalid".to_string(),
+                        message: "Schema signature verification failed: signature is invalid"
+                            .to_string(),
                         schema_hash: Some(schema_hash),
                         public_key_url: Some(args.public_key_url.clone()),
                         signature: Some(SignatureInfo {
@@ -196,7 +208,11 @@ impl SchemaPinClient for NativeSchemaPinClient {
                     })
                 }
                 Err(e) => {
-                    tracing::warn!("Schema signature verification error for {}: {}", args.schema_path, e);
+                    tracing::warn!(
+                        "Schema signature verification error for {}: {}",
+                        args.schema_path,
+                        e
+                    );
                     Ok(VerificationResult {
                         success: false,
                         message: format!("Schema signature verification error: {}", e),
diff --git a/crates/runtime/src/secrets/auditing.rs b/crates/runtime/src/secrets/auditing.rs
@@ -12,7 +12,6 @@ use thiserror::Error;
 use tokio::fs::OpenOptions;
 use tokio::io::AsyncWriteExt;
 
-
 /// Controls whether audit failures block secret operations
 #[derive(Debug, Default, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(rename_all = "lowercase")]
@@ -208,9 +207,12 @@ impl SecretAuditSink for JsonFileAuditSink {
         opts.create(true).append(true);
         #[cfg(unix)]
         opts.mode(0o600); // Owner-only read/write
-        let mut file = opts.open(&self.file_path).await.map_err(|e| AuditError::IoError {
-            message: format!("Failed to open audit log file: {}", e),
-        })?;
+        let mut file = opts
+            .open(&self.file_path)
+            .await
+            .map_err(|e| AuditError::IoError {
+                message: format!("Failed to open audit log file: {}", e),
+            })?;
 
         // Write the JSON line followed by a newline
         file.write_all(json_line.as_bytes())
diff --git a/crates/runtime/src/toolclad/executor.rs b/crates/runtime/src/toolclad/executor.rs
@@ -748,8 +748,7 @@ fn evaluate_condition(when: &str, args: &HashMap<String, String>) -> bool {
 
 /// Reject URLs targeting private/internal IP ranges to prevent SSRF.
 fn reject_ssrf_url(url: &str) -> Result<(), String> {
-    let parsed =
-        url::Url::parse(url).map_err(|e| format!("Invalid URL '{}': {}", url, e))?;
+    let parsed = url::Url::parse(url).map_err(|e| format!("Invalid URL '{}': {}", url, e))?;
 
     // Only allow http/https
     if !matches!(parsed.scheme(), "http" | "https") {

Original file line number	Diff line number	Diff line change
`@@ -165,10 +165,7 @@ impl OpaClient {`
`165`	`165`	`.cloned()`
`166`	`166`	`.unwrap_or(serde_json::json!(false)))`
`167`	`167`	`} else {`
`168`		`- tracing::warn!(`
`169`		`- "OPA returned HTTP {}: denying by default",`
`170`		`- resp.status()`
`171`		`- );`
	`168`	`+ tracing::warn!("OPA returned HTTP {}: denying by default", resp.status());`
`172`	`169`	`Ok(serde_json::json!(false))`
`173`	`170`	`}`
`174`	`171`	`}`