chore(deps): update rust dependencies auto-merge (patch)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
config	workspace.dependencies	patch	0.15.19 → 0.15.21
once_cell	workspace.dependencies	patch	1.21.3 → 1.21.4

---

Release Notes

rust-cli/config-rs (config)

v0.15.21

Compare Source

Compatibility

• Bump MSRV to 1.85

v0.15.20

Compare Source

Fixes

• Serialize the full u64 range

Internal

• (toml) Update to 1.0

matklad/once_cell (once_cell)

v1.21.4

Compare Source

• Fix unsoundness in OnceCell::wait under --features=parking_lot, #​295.

  If thread A calls wait, while thread B calls get_or_try_init(f), and, furthermore, f panics,
  the wait incorrectly returns and thread A observes uninitialized memory.

  Kudos to @​meng-xu-cs for a nice find!

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

PR Review: once_cell patch bump 1.21.3 to 1.21.4. Summary: Routine Renovate patch update to once_cell. Verdict: Safe to merge.

[claude]

PR Review: once_cell patch bump 1.21.3 to 1.21.4

Summary: Routine Renovate patch update to once_cell. Changes are limited to Cargo.lock (checksum update only - no Cargo.toml version spec change needed since the workspace already pins once_cell = 1.20, which accepts any 1.x patch).

Soundness fix: The upstream release notes flag a soundness bug fix: Fix unsoundness in OnceCell::wait under the parking_lot feature flag: if thread A calls wait while thread B calls get_or_try_init(f) and f panics, wait incorrectly returns and thread A observes uninitialized memory.

Impact on this repo: This project does not enable the parking_lot feature for once_cell (confirmed in Cargo.toml - no features listed), so the unsoundness bug does not directly affect scotty. Upgrading is still the right call.

Assessment: Code quality - No code changes, only a lockfile checksum update. Security - Picks up a soundness fix. Tests - No new tests needed for a lockfile-only dep bump. Performance - No impact.

Verdict: Safe to merge. This is a low-risk, beneficial patch update.

[claude]

PR Review: once_cell patch bump 1.21.3 to 1.21.4

Summary: Routine Renovate patch update to once_cell. Changes are limited to Cargo.lock (checksum update only). The workspace Cargo.toml pins once_cell = 1.20 which accepts any 1.x patch, so only the lockfile changes.

Soundness fix: The upstream release notes flag a soundness bug fix: OnceCell::wait under --features=parking_lot could incorrectly return and expose uninitialized memory if another thread's get_or_try_init(f) panicked concurrently.

Impact on this repo: This project does NOT enable the parking_lot feature for once_cell (no features listed in Cargo.toml), so the unsoundness bug does not directly affect scotty. Upgrading is still the right call.

Assessment:

• Code quality: No code changes, only a lockfile checksum update. Correct and minimal.
• Security: Picks up a soundness fix even though the vulnerable code path (parking_lot feature) is not enabled here.
• Tests: No new tests needed for a lockfile-only dep bump.
• Performance: No impact.

Verdict: Safe to merge. This is a low-risk, beneficial patch update.

[claude]

PR Review: Dependency Updates (patch) - This is a routine Renovate patch dependency update. Only Cargo.lock is modified. Packages updated: clap 4.5.60 to 4.5.61, clap_derive 4.5.55 to 4.5.61, clap_builder 4.5.60 to 4.5.61, clap_complete 4.5.66 to 4.5.67, anstyle 1.0.10 to 1.0.13, once_cell 1.21.3 to 1.21.4. The once_cell update fixes a soundness bug in OnceCell::wait with parking_lot feature. Risk is very low. This PR looks good to merge.

[claude]

Dependency Update Review

This Renovate PR updates two direct dependencies and pulls in several transitive updates.

Direct updates

once_cell 1.21.3 -> 1.21.4 - Contains a soundness fix:

Fix unsoundness in OnceCell::wait under --features=parking_lot

If scotty uses once_cell with the parking_lot feature enabled, this is an important correctness/safety fix. Worth merging promptly for this alone.

config 0.15.19 -> 0.15.21 - Two changes:

• 0.15.20: Fixes serialization of the full u64 range
• 0.15.21: Bumps MSRV to 1.85

The MSRV bump to 1.85 is worth noting - ensure CI toolchain and deployment environments are on Rust >= 1.85.

Transitive updates

The config bump pulls in notable transitive changes:

• toml 0.9.8 -> 1.0.6+spec-1.1.0 - a major version bump of the underlying TOML parser, now targeting TOML spec 1.1.0
• toml_datetime 0.7.3 -> 1.0.0+spec-1.1.0 - also a major version bump
• toml_parser 1.0.4 -> 1.0.9+spec-1.1.0, winnow 0.7.13 -> 0.7.15, serde_spanned 1.0.3 -> 1.0.4

TOML 1.1.0 is backwards-compatible with 1.0.0 documents, so existing config files should parse without issues. The existing test suite should cover any edge cases.

Summary

• No Cargo.toml changes, only Cargo.lock - changes are fully contained to locked dependency versions
• The soundness fix in once_cell makes this worth merging promptly
• CI passing gives sufficient confidence for patch-level updates
• No security concerns introduced; one soundness concern resolved

[claude]

CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

Project Overview

Scotty is a micro Platform-as-a-Service (PaaS) for managing Docker Compose-based applications:

• scotty: HTTP server (REST API + WebSocket) for managing Docker Compose apps
• scottyctl: CLI client for the scotty server
• scotty-core: Shared business logic (Docker operations, settings, tasks)
• scotty-types: Shared type definitions (TypeScript-compatible via ts-rs)
• frontend: SvelteKit web interface (tightly coupled with API, no backwards compatibility needed)
• ts-generator: Utility for generating TypeScript bindings from Rust types

Development Commands

# Tests
cargo test                                              # Run all tests
cargo test test_name -- --nocapture                     # Specific test with output
RUST_LOG=debug cargo test test_name -p scotty -- --nocapture  # With debug logging

# Server (use .env file for SCOTTY__API__AUTH_MODE=dev etc.)
SCOTTY__API__AUTH_MODE=dev cargo run --bin scotty        # Dev mode (no auth)
RUST_LOG=info cargo run --bin scotty                     # With logging
cargo run --bin scotty -- config                         # View configuration

# scottyctl
cargo run --bin scottyctl -- <command>
cargo run --bin scottyctl -- --server http://localhost:21342 --access-token <token> app:list
# Or via env: SCOTTY_SERVER=http://localhost:21342 SCOTTY_ACCESS_TOKEN=<token>

# Frontend (uses bun, not npm)
cd frontend && bun install && bun run dev               # Development server
bun run build                                           # Production build
bun run check                                           # Type checking
bun run lint                                            # Prettier + ESLint (must pass before push)

# Prerequisites: start Traefik for local development
cd apps/traefik && docker compose up -d

Architecture

Scotty Server (scotty/src/)

Entry Point: main.rs — initializes AppState (settings, Docker client, task manager), sets up OpenTelemetry, spawns HTTP server and background tasks.

Key Modules:

• api/router.rs: Axum router with OpenAPI docs (utoipa)
• api/rest/handlers/: REST endpoints — apps/ (create, list, run, actions, notifications), admin/ (assignments, permissions, roles, scopes), scopes/ (user-facing), blueprints.rs, landing.rs (Traefik fallback routing), login.rs, tasks.rs, health.rs, info.rs
• api/websocket/: Real-time features — handlers/ (auth, logs, shell, tasks), messaging.rs (protocol), client.rs (connection mgmt)
• api/auth_core.rs: Core authentication logic
• api/middleware/: Casbin RBAC authorization
• api/rate_limiting/: Per-tier rate limiting
• docker/state_machine_handlers/: App lifecycle steps (create dir, save files, docker login, compose up, load balancer config, post actions, wait for containers, etc.)
• docker/services/: Long-running log streaming and shell sessions
• docker/loadbalancer/: Traefik/HAProxy config generation
• onepassword/: 1Password secrets — resolves op:// URIs in app env vars (two-pass: 1Password lookup, then env var substitution)
• oauth/: OAuth 2.0 — device flow (CLI) and web flow (/oauth/authorize, /api/oauth/callback, /oauth/exchange)
• services/authorization/: Casbin RBAC (scopes, roles, permissions)
• tasks/: Task execution and output streaming
• notification/: Webhook, Mattermost, GitLab notifications
• static_files.rs: Embedded frontend serving
• metrics/: Collectors for log streaming, shell sessions, WebSocket connections, etc.

AppState (shared via Arc): Settings, Docker client (Bollard), task manager, authorization service, metrics collectors.

Authorization System

Uses Casbin for RBAC. Config: config/casbin/policy.yaml. Implementation: scotty/src/services/authorization/casbin.rs. Tests: scotty/tests/authorization_domain_test.rs.

Permissions: view, manage, create, destroy, shell, logs, admin_read, admin_write

Assignment matching (by precedence): exact email (user@factorial.io) > domain pattern (@factorial.io) > wildcard (*). Wildcard is always additive. Domain patterns prevent subdomain attacks. Case-insensitive per RFC 5321.

# config/casbin/policy.yaml
scopes:
  client-a: { description: "Client A Production" }
  qa: { description: "QA Environment" }
roles:
  admin: { permissions: ['*'], description: "Full access" }
  developer: { permissions: ['view', 'manage', 'create', 'shell', 'logs'], description: "Dev access" }
  viewer: { permissions: ['view'], description: "Read-only" }
assignments:
  stephan@factorial.io:                     # Exact match (highest priority)
    - { role: admin, scopes: ['*'] }
  '@factorial.io':                          # Domain match (fallback)
    - { role: developer, scopes: ['client-a', 'qa'] }
  '*':                                      # Wildcard (always additive)
    - { role: viewer, scopes: ['default'] }

scottyctl (scottyctl/src/)

Commands (colon-separated namespace):

• app: list, create, destroy, run, start, stop, rebuild, purge, adopt, info, action, logs, shell
• admin: scopes:*, roles:*, assignments:*, permissions:*
• auth: login, logout, status, refresh
• blueprint: list, info
• notify: add, remove
• completion, test

Global flags: --server, --access-token, --debug, --bypass-version-check

Preflight (preflight.rs): Checks client/server version compatibility via /api/v1/info before running commands. Bypass with --bypass-version-check.

File upload (app:create): Files collected via utils/files.rs:collect_files(), base64-encoded. Supports .scottyignore (gitignore-style patterns via ignore crate). Auto-excludes .DS_Store, .git/.

Auth: OAuth device flow + bearer tokens via env vars or CLI args. Core logic in auth/ (device flow, token storage, caching).

Blueprints

Reusable app templates defining required/public services, port mappings, lifecycle actions (PostCreate, PostRun, PostRebuild), and custom actions per service. Available via blueprint:list/blueprint:info and GET /api/v1/authenticated/blueprints.

Configuration

Settings loaded via config crate: 1) defaults in code, 2) config files (YAML/TOML), 3) env vars (prefix: SCOTTY__).

Server env vars: SCOTTY__API__AUTH_MODE=dev (disable auth), SCOTTY__TELEMETRY=metrics,traces, SCOTTY__API__BEARER_TOKENS__<NAME> (use env vars, not config files).

scottyctl env vars: SCOTTY_SERVER (default: http://localhost:21342), SCOTTY_ACCESS_TOKEN.

Testing

Unit tests colocated with implementation. Integration tests in scotty/tests/. Uses axum-test for HTTP testing, wiremock for mocking external services.

Observability

cd observability && docker compose up -d

Grafana: http://grafana.ddev.site (admin/admin) | Jaeger: http://jaeger.ddev.site | VictoriaMetrics: http://vm.ddev.site

Release Process

Uses cargo-release with git-cliff for automatic changelog generation. Do not manually update changelogs.

cargo release --no-publish alpha -x --tag-prefix ""

Runs scripts/generate-changelogs.sh, updates versions in all Cargo.toml files, creates signed git tags. Pre-push hook via cargo-husky enforces quality checks.

Project Management

Uses beans, an agentic-first issue tracker. Issues ("beans") are managed via the beans CLI. The .beans/ directory is committed to the repository. Agents should use beans instead of todo lists to track work, create/update issues, and manage task dependencies.

Git Rules

• Never delete frontend/build/.gitkeep from git
• No emojis in commit messages
• Use conventional commits

[claude]

CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

Project Overview

Scotty is a micro Platform-as-a-Service (PaaS) for managing Docker Compose-based applications:

• scotty: HTTP server (REST API + WebSocket) for managing Docker Compose apps
• scottyctl: CLI client for the scotty server
• scotty-core: Shared business logic (Docker operations, settings, tasks)
• scotty-types: Shared type definitions (TypeScript-compatible via ts-rs)
• frontend: SvelteKit web interface (tightly coupled with API, no backwards compatibility needed)
• ts-generator: Utility for generating TypeScript bindings from Rust types

Development Commands

# Tests
cargo test                                              # Run all tests
cargo test test_name -- --nocapture                     # Specific test with output
RUST_LOG=debug cargo test test_name -p scotty -- --nocapture  # With debug logging

# Server (use .env file for SCOTTY__API__AUTH_MODE=dev etc.)
SCOTTY__API__AUTH_MODE=dev cargo run --bin scotty        # Dev mode (no auth)
RUST_LOG=info cargo run --bin scotty                     # With logging
cargo run --bin scotty -- config                         # View configuration

# scottyctl
cargo run --bin scottyctl -- <command>
cargo run --bin scottyctl -- --server http://localhost:21342 --access-token <token> app:list
# Or via env: SCOTTY_SERVER=http://localhost:21342 SCOTTY_ACCESS_TOKEN=<token>

# Frontend (uses bun, not npm)
cd frontend && bun install && bun run dev               # Development server
bun run build                                           # Production build
bun run check                                           # Type checking
bun run lint                                            # Prettier + ESLint (must pass before push)

# Prerequisites: start Traefik for local development
cd apps/traefik && docker compose up -d

Architecture

Scotty Server (scotty/src/)

Entry Point: main.rs — initializes AppState (settings, Docker client, task manager), sets up OpenTelemetry, spawns HTTP server and background tasks.

Key Modules:

• api/router.rs: Axum router with OpenAPI docs (utoipa)
• api/rest/handlers/: REST endpoints — apps/ (create, list, run, actions, notifications), admin/ (assignments, permissions, roles, scopes), scopes/ (user-facing), blueprints.rs, landing.rs (Traefik fallback routing), login.rs, tasks.rs, health.rs, info.rs
• api/websocket/: Real-time features — handlers/ (auth, logs, shell, tasks), messaging.rs (protocol), client.rs (connection mgmt)
• api/auth_core.rs: Core authentication logic
• api/middleware/: Casbin RBAC authorization
• api/rate_limiting/: Per-tier rate limiting
• docker/state_machine_handlers/: App lifecycle steps (create dir, save files, docker login, compose up, load balancer config, post actions, wait for containers, etc.)
• docker/services/: Long-running log streaming and shell sessions
• docker/loadbalancer/: Traefik/HAProxy config generation
• onepassword/: 1Password secrets — resolves op:// URIs in app env vars (two-pass: 1Password lookup, then env var substitution)
• oauth/: OAuth 2.0 — device flow (CLI) and web flow (/oauth/authorize, /api/oauth/callback, /oauth/exchange)
• services/authorization/: Casbin RBAC (scopes, roles, permissions)
• tasks/: Task execution and output streaming
• notification/: Webhook, Mattermost, GitLab notifications
• static_files.rs: Embedded frontend serving
• metrics/: Collectors for log streaming, shell sessions, WebSocket connections, etc.

AppState (shared via Arc): Settings, Docker client (Bollard), task manager, authorization service, metrics collectors.

Authorization System

Uses Casbin for RBAC. Config: config/casbin/policy.yaml. Implementation: scotty/src/services/authorization/casbin.rs. Tests: scotty/tests/authorization_domain_test.rs.

Permissions: view, manage, create, destroy, shell, logs, admin_read, admin_write

Assignment matching (by precedence): exact email (user@factorial.io) > domain pattern (@factorial.io) > wildcard (*). Wildcard is always additive. Domain patterns prevent subdomain attacks. Case-insensitive per RFC 5321.

# config/casbin/policy.yaml
scopes:
  client-a: { description: "Client A Production" }
  qa: { description: "QA Environment" }
roles:
  admin: { permissions: ['*'], description: "Full access" }
  developer: { permissions: ['view', 'manage', 'create', 'shell', 'logs'], description: "Dev access" }
  viewer: { permissions: ['view'], description: "Read-only" }
assignments:
  stephan@factorial.io:                     # Exact match (highest priority)
    - { role: admin, scopes: ['*'] }
  '@factorial.io':                          # Domain match (fallback)
    - { role: developer, scopes: ['client-a', 'qa'] }
  '*':                                      # Wildcard (always additive)
    - { role: viewer, scopes: ['default'] }

scottyctl (scottyctl/src/)

Commands (colon-separated namespace):

• app: list, create, destroy, run, start, stop, rebuild, purge, adopt, info, action, logs, shell
• admin: scopes:*, roles:*, assignments:*, permissions:*
• auth: login, logout, status, refresh
• blueprint: list, info
• notify: add, remove
• completion, test

Global flags: --server, --access-token, --debug, --bypass-version-check

Preflight (preflight.rs): Checks client/server version compatibility via /api/v1/info before running commands. Bypass with --bypass-version-check.

File upload (app:create): Files collected via utils/files.rs:collect_files(), base64-encoded. Supports .scottyignore (gitignore-style patterns via ignore crate). Auto-excludes .DS_Store, .git/.

Auth: OAuth device flow + bearer tokens via env vars or CLI args. Core logic in auth/ (device flow, token storage, caching).

Blueprints

Reusable app templates defining required/public services, port mappings, lifecycle actions (PostCreate, PostRun, PostRebuild), and custom actions per service. Available via blueprint:list/blueprint:info and GET /api/v1/authenticated/blueprints.

Configuration

Settings loaded via config crate: 1) defaults in code, 2) config files (YAML/TOML), 3) env vars (prefix: SCOTTY__).

Server env vars: SCOTTY__API__AUTH_MODE=dev (disable auth), SCOTTY__TELEMETRY=metrics,traces, SCOTTY__API__BEARER_TOKENS__<NAME> (use env vars, not config files).

scottyctl env vars: SCOTTY_SERVER (default: http://localhost:21342), SCOTTY_ACCESS_TOKEN.

Testing

Unit tests colocated with implementation. Integration tests in scotty/tests/. Uses axum-test for HTTP testing, wiremock for mocking external services.

Observability

cd observability && docker compose up -d

Grafana: http://grafana.ddev.site (admin/admin) | Jaeger: http://jaeger.ddev.site | VictoriaMetrics: http://vm.ddev.site

Release Process

Uses cargo-release with git-cliff for automatic changelog generation. Do not manually update changelogs.

cargo release --no-publish alpha -x --tag-prefix ""

Runs scripts/generate-changelogs.sh, updates versions in all Cargo.toml files, creates signed git tags. Pre-push hook via cargo-husky enforces quality checks.

Project Management

Uses beans, an agentic-first issue tracker. Issues ("beans") are managed via the beans CLI. The .beans/ directory is committed to the repository. Agents should use beans instead of todo lists to track work, create/update issues, and manage task dependencies.

Git Rules

• Never delete frontend/build/.gitkeep from git
• No emojis in commit messages
• Use conventional commits

[claude]

PR Review: chore(deps): update rust dependencies auto-merge (patch)

Note: This PR has already been merged. This review is provided for informational purposes.

Summary

This is an automated Renovate dependency update targeting two direct dependencies and their transitive dependency graph.

Direct dependencies:

• once_cell 1.21.3 -> 1.21.4: Fixes an unsoundness bug in OnceCell::wait when compiled with the parking_lot feature. If thread A calls wait while thread B calls get_or_try_init(f) and f panics, thread A could observe uninitialized memory. This is a correctness/safety fix worth prioritizing.

• config 0.15.19 -> 0.15.21: Includes a u64 serialization fix (0.15.20) and an MSRV bump to Rust 1.85 (0.15.21).

Transitive dependencies (pulled in by the config update):

• toml: 0.9.8 -> 1.0.6+spec-1.1.0 (major version bump)
• toml_datetime: 0.7.3 -> 1.0.0+spec-1.1.0 (major version bump)
• toml_parser: 1.0.4 -> 1.0.9+spec-1.1.0
• serde_spanned: 1.0.3 -> 1.0.4
• winnow: 0.7.13 -> 0.7.15

Assessment

Positive:

• The once_cell fix addresses a genuine memory unsoundness issue; good to get this in quickly.
• The config u64 serialization fix prevents silent data corruption for large numeric config values.
• All changes are lock file only (no Cargo.toml version constraint changes).

Worth noting:

• The config upgrade pulls in a major version bump of toml (0.9 -> 1.0). While this is a transitive dependency and the config crate authors handle compatibility, it is a larger change than a typical patch update implies. CI passing is the key validation here.
• The MSRV bump to Rust 1.85 in config 0.15.21 could matter if the project toolchain or CI pins an older Rust version. Worth verifying rust-toolchain.toml or CI config aligns.

No concerns with code quality (lock file only), security (the once_cell fix is a net positive), or test coverage.

Overall: Routine and beneficial dependency update. Auto-merge via Renovate is appropriate for these changes.