feat: Sprint 1 — production hardening, TLS lifecycle, CI coverage, lint cleanup

- Fix 3 client panics: replace .unwrap()/.expect() with proper error handling in rpc.rs (AUTH_CONTEXT lock), repl.rs (pending_member), and retry.rs (last_err) - Add --danger-accept-invalid-certs flag with InsecureServerCertVerifier for development TLS bypass, plus mdBook TLS documentation - Add CI coverage job (cargo-tarpaulin) and Docker build validation to GitHub Actions workflow, plus README CI badge - Add [workspace.lints] config, fix 46 clippy warnings across 8 crates, zero warnings on all buildable crates - Update Dockerfile for all 11 workspace members
2026-03-03 23:19:11 +01:00
parent dc4e4e49a0
commit 612b06aa8e
33 changed files with 388 additions and 67 deletions
--- a/crates/quicproquo-plugin-api/Cargo.toml
+++ b/crates/quicproquo-plugin-api/Cargo.toml
@@ -5,5 +5,8 @@ edition     = "2021"
 description = "C-ABI vtable for quicproquo server plugins. No std dependency; usable from bare-metal plugin authors."
 license     = "MIT"

+[lints]
+workspace = true
+
 # No dependencies — intentionally minimal so plugin authors have zero forced transitive deps.
 [dependencies]
--- a/crates/quicproquo-plugin-api/src/lib.rs
+++ b/crates/quicproquo-plugin-api/src/lib.rs
@@ -186,5 +186,7 @@ pub struct HookVTable {
 // responsible for its own thread safety. The server only calls hook functions
 // one at a time per plugin (wrapped in a single Arc). Plugins that mutate
 // user_data through callbacks must use interior mutability.
+#[allow(unsafe_code)]
 unsafe impl Send for HookVTable {}
+#[allow(unsafe_code)]
 unsafe impl Sync for HookVTable {}