feat(storage): add mango-storage skeleton with redb + raft-engine fork (ROADMAP:815)#49
Merged
Merged
Conversation
…k deps
Adds the Phase 1 storage crate skeleton per ROADMAP:815. Scaffolding
only — no trait definitions yet (those land in ROADMAP:816's own PR),
no implementations. The goal of this PR is to prove the two load-bearing
storage dependencies integrate cleanly end to end (resolver, cargo-deny,
cargo-vet, cargo-geiger) before the trait and impl PRs land on top.
What ships:
- crates/mango-storage skeleton: publish = false, deny(missing_docs),
matches the shape of the existing mango crate. Single
VERSION-matches-manifest smoke test.
- Cargo.toml workspace deps:
redb = "4.1.0"
raft-engine = humancto/raft-engine at e1d738d, default-features = false,
features = ["internals"]
Consumers inherit the feature set verbatim via `.workspace = true`.
Dropped the `scripting` feature from the original ADR 0002 §W5 plan:
scripting pulls rhai → smartstring (MPL-2.0), which would require a
license-allowlist widening for a raft-engine surface mango does not
use (the TiKV-admin CLI path). `internals` is the only feature mango-
raft actually needs.
- deny.toml:
- allow-git allowlist entry for humancto/raft-engine with a retirement
trigger (tikv/raft-engine#397 merging → drop the entry).
- skip entries for four raft-engine-transitive major-version gaps
(bitflags 1.x, getrandom 0.2, hashbrown 0.14, syn 1.x). Each names
the retirement trigger (raft-engine upstream refresh).
- ignore entry for RUSTSEC-2024-0437 (protobuf 2.28 uncontrolled
recursion via raft-engine → prometheus). Skeleton exercises zero
protobuf parsing; mango-raft impl PRs will carry fuzz corpora for
the crafted-input class per ROADMAP's Reviewer's contract.
- supply-chain/config.toml:
- [policy.mango-storage] first-party stanza.
- [policy.raft-engine] audit-as-crates-io = true so one
[[exemptions.raft-engine]] version = "0.4.2" entry covers both the
active fork and post-retirement upstream, matching the posture
recorded in .planning/fork-raft-engine-lz4-verification.md.
- ~90 new [[exemptions.*]] entries for the transitive graph of both
deps, each with review-by: 2026-10-23 in notes per house convention.
- unsafe-baseline.json: add mango-storage (all zeros — skeleton has no
unsafe, no #![allow(unsafe_code)], no miri enrollment).
- supply-chain/imports.lock: auto-bumped by `cargo vet regenerate
exemptions`.
- .planning/mango-storage-skeleton.plan.md: the revised plan after
rust-expert's REVISE review (addressed two showstoppers, three bugs,
and eight missing items from the first-round findings).
Verification (local):
cargo check --workspace OK
cargo clippy --workspace --all-targets -- -D warnings OK
cargo fmt --check OK
cargo nextest run -p mango-storage 1 passed
cargo deny check (advisories/bans/licenses/sources) all OK
cargo vet check Succeeded
cargo run -q -p xtask-vet-ttl PASS
cargo tree -p mango-storage -i lz4-sys lz4-sys absent
Closes ROADMAP:815. Next item: ROADMAP:816 (Backend + RaftLogStore
trait definition).
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 500384be72
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+509
to
+512
| [[exemptions.rhai]] | ||
| version = "1.24.0" | ||
| criteria = "safe-to-deploy" | ||
| notes = "review-by: 2026-10-23 — raft-engine 0.4.2 transitive (scripting engine), audit pending" |
There was a problem hiding this comment.
This commit adds rhai/rhai_codegen/smartstring (and related wasm helper) exemptions even though raft-engine is configured with only features = ["internals"], so those scripting-path crates are not in the resolved lockfile for this change. Pre-approving unused crates weakens the cargo vet guardrail: if someone later re-enables scripting (or pulls these crates another way), vet will stay green without a fresh review. The exemptions should be limited to the active dependency graph and added when those crates are intentionally introduced.
Useful? React with 👍 / 👎.
Addresses the five must-fix items from rust-expert's final diff review before the mango-storage skeleton can merge: 1. audit.yml: add `ignore: RUSTSEC-2024-0437` — rustsec/audit-check does not read deny.toml, so the protobuf recursion advisory must be suppressed separately here. Cross-reference comment points at deny.toml as the single source of truth for the justification. 2. fork-raft-engine-lz4-verification.md: rewrite the manifest snippet and retirement snippet to show `features = ["internals"]`, add a "scripting dropped" rationale section (MPL-2.0 via rhai / smartstring, avoided by not taking a feature mango does not use), and bump "Last updated" to reflect that PR #49 wires the dep. 3. supply-chain/config.toml raft-engine exemption: keep the SHA-qualified `version = "0.4.2@git:<SHA>"` form — verified by running `cargo vet check` that plain `version = "0.4.2"` does NOT match a git source, even with `audit-as-crates-io = true`. Rewrite the exemption notes AND the `[policy.raft-engine]` notes to honestly describe the actual cargo-vet behavior (exemptions key on fully-resolved source, not `package.version` alone) and the rebase/retirement implications. Fork-tracking doc §"Supply-chain audit posture" rewritten to match. 4. supply-chain/config.toml crc32fast exemption: add the missing `notes = "review-by: 2026-10-23 — raft-engine 0.4.2 transitive, audit pending"`. xtask-vet-ttl would have caught this on any next run. 5. mango-storage-skeleton.plan.md: update the Goal section and the raft-engine pin snippet to show `features = ["internals"]`, add a "Deviations from plan" section at the bottom enumerating the four real implementation departures from the revised plan (scripting drop, explicit version on the git dep, four dedup-skip entries, RUSTSEC-2024-0437 ignore). Verified locally: - cargo vet check — PASS - cargo deny check — advisories/bans/licenses/sources all ok - cargo run -q -p xtask-vet-ttl — PASS (149/149 exemptions have review-by) - cargo clippy --workspace --all-targets -- -D warnings — clean - cargo fmt --check — clean imports.lock drift is cargo-vet's auto-regeneration; included in the commit to keep the working tree clean. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
CI surfaced: cargo-vet 0.10.2 store-consistency check rejects a single-quoted multi-line string that contains an inner escape-quote. cargo vet fmt (which CI runs with --locked --frozen, and which rejects any reformatting delta) wanted the notes rewritten as a TOML triple-quoted literal. This is a formatting-only change: the text content is unchanged. Local cargo vet check PASSES. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes ROADMAP:815 — the Phase 1
crates/mango-storageskeleton. Scaffolding only: no trait definitions yet (that's ROADMAP:816's own PR), no impls. The purpose of this PR is to prove the two load-bearing Phase 1 deps (redband thehumancto/raft-enginefork) integrate cleanly end-to-end through the resolver,cargo-deny,cargo-vet, andcargo-geigerbefore the trait/impl PRs land on top.Builds on PR #48 (ADR 0002 §W5 amendment + fork-tracking file, merged).
Key decisions
Dropped the
scriptingfeature from the original ADR 0002 §W5 plan. The ADR hadfeatures = ["internals", "scripting"]preserving two of upstream's three defaults. Scripting pullsrhai→smartstring(MPL-2.0), which would require a license-allowlist widening for a raft-engine surface mango does not use (TiKV admin CLI).internalsis the only featuremango-raftactually needs. Noted in the ADR's comment header so future impl PRs don't silently re-enable scripting.[policy.raft-engine] audit-as-crates-io = trueso a single[[exemptions.raft-engine]] version = "0.4.2"entry covers both the active fork and the post-retirement upstream, matching the posture already recorded in.planning/fork-raft-engine-lz4-verification.md§"Supply-chain audit posture."Four
[bans] skipentries forraft-engine-transitive major-version gaps (bitflags 1.x,getrandom 0.2,hashbrown 0.14,syn 1.x). Each names its retirement trigger.One new
[advisories] ignoreentry for RUSTSEC-2024-0437 (protobuf 2.28 uncontrolled recursion viaraft-engine → prometheus). Skeleton exercises zero protobuf parsing;mango-raftimpl PRs will carry fuzz corpora for this input class per ROADMAP's Reviewer's contract.Verification
File list
Cargo.toml— workspace member add +redb+ fork-pinnedraft-enginecrates/mango-storage/Cargo.toml(new) —publish = false, deps via.workspace = truecrates/mango-storage/src/lib.rs(new) — placeholder +VERSIONsmoke testdeny.toml—allow-git, 4skipentries, 1ignoreentrysupply-chain/config.toml—[policy.mango-storage],[policy.raft-engine], ~90 new exemptionssupply-chain/imports.lock— auto-regeneratedunsafe-baseline.json—mango-storageentry (all zeros).planning/mango-storage-skeleton.plan.md(new, force-added per precedent) — revised planNon-goals
Explicitly NOT in this PR:
cargo-geigerCI gate against the +10-over-baseline rule (ROADMAP:823)Test plan
cargo check --workspacecargo-denyall four gates green (advisories, bans, licenses, sources)cargo-vetcheck succeedsxtask-vet-ttlPASS-D warningsrustfmtcleancargo docbuilds with#![deny(missing_docs)]lz4-sysabsent from themango-storagedep graph (pure-Rust north-star verified end-to-end)🤖 Generated with Claude Code