refactor(core): migrate lang_analyzer cache from bincode to postcard (#16)

Closes #8.

Migrates `mlxcel-core`'s `TokenLanguageIndex` on-disk cache off the
unmaintained `bincode` 1.x (RUSTSEC-2025-0141 — project permanently
ceased development) to `postcard` 1.x.

## Architectural choice — postcard

- Drop-in serde-based API (`postcard::to_allocvec(&v)?` /
  `postcard::from_bytes::<T>(&bytes)?`) — minimal call-site change.
- 1.0+ stable with frozen wire format — protects production users'
  cache compatibility across future dependency upgrades.
- Embedded Rust ecosystem standard — natural fit for an
  inference-runtime cache.

Alternatives considered: `bitcode` (faster but pre-1.0, wire-format
changes between minors), `rkyv` (zero-copy over-engineering for a
startup-time cache), `bincode` 2.x / 3.x (different maintainer team,
name-confusion risk — Dependabot's auto-PR #10 to bincode 3.x was
explicitly closed in favor of this approach).

## Cache compatibility — graceful degradation

`lang_analyzer/cache.rs` already has corrupt-detection: a
deserialization failure renames the existing bincode-format file to
`*.broken.<epoch>.bak` and rebuilds the cache from source. Users
upgrading from a prior mlxcel release will trip this path
automatically on the first cache read — no explicit migration code
needed.

## Scope (3 files + Cargo.lock)

- `src/lib/mlxcel-core/Cargo.toml` — `bincode = "1"` → `postcard = { version = "1", features = ["alloc"] }`
- `src/lib/mlxcel-core/src/lang_analyzer/cache.rs` — 3 call sites + doc comments
- `src/lib/mlxcel-core/src/lang_analyzer/mod.rs` — error variant `Bincode` → `Postcard` (no external match-arms on it, safe rename)
- `deny.toml` — RUSTSEC-2025-0141 `[advisories.ignore]` entry removed (no longer applicable)

Verified locally: `cargo deny check` clean (advisories ok, bans ok,
licenses ok, sources ok); `cargo tree -p mlxcel-core -i bincode`
returns "package not found" — bincode is fully removed from the
dependency tree.

Self-hosted clippy + test gate is queued behind the PR #14 cold-build
backlog at merge time; will run on main after the runner clears.

Author: inureyes

Cargo.lock

@@ -18,13 +18,6 @@ no-default-features = false
 [advisories]
 db-path = "~/.cargo/advisory-db"
 ignore = [
-    # `bincode 1.3.3` — used by mlxcel-core. The bincode 1.x team has permanently
-    # ceased development (RUSTSEC-2025-0141). No safe upgrade exists; bincode 2.x
-    # is a different crate with a breaking API. Migration to an alternative
-    # (postcard / bitcode / rkyv) is tracked separately and is not a runtime
-    # security issue — the advisory is "unmaintained", not a vulnerability.
-    { id = "RUSTSEC-2025-0141", reason = "bincode 1.x permanently unmaintained; migration tracked in a follow-up issue; no runtime vulnerability" },
-
     # `paste 1.0.15` — transitive via the `tokenizers` crate (HF). The author
     # archived the project (RUSTSEC-2024-0436). `pastey` is a drop-in fork but
     # adoption depends on upstream `tokenizers` switching. No runtime vulnerability

deny.toml

@@ -23,7 +23,7 @@ smallvec = { version = "1.13", features = ["serde"] }
 sha2 = "0.11"
 thiserror = "2.0"
 tokenizers = "0.22.2"
-bincode = "1"
+postcard = { version = "1", features = ["alloc"] }
 dirs = "6"
 libm = "0.2"
 tracing = "0.1"

src/lib/mlxcel-core/Cargo.toml

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//! Disk cache for `TokenLanguageIndex` (B4 — vocab-hash keyed, bincode v1).
+//! Disk cache for `TokenLanguageIndex` (B4 — vocab-hash keyed, postcard 1.x).
 //!
 //! # Cache key
 //! `vocab_hash = hex(sha256(tokenizer.json bytes))[..16]`
@@ -24,7 +24,7 @@
 //! - File missing → build and write.
 //! - `version` field mismatch → rebuild and overwrite.
 //! - `--lang-bias-rebuild-cache` / `rebuild: bool` → force rebuild.
-//! - Corrupted bincode → rename to `*.broken.<epoch>.bak` then rebuild.
+//! - Corrupted postcard data → rename to `*.broken.<epoch>.bak` then rebuild.
 
 use std::path::PathBuf;
 
@@ -69,15 +69,15 @@ pub fn cache_path(vocab_hash: &str) -> PathBuf {
 /// On a version mismatch the corrupted/stale file is left in place (the
 /// caller will overwrite it via [`save`]).
 ///
-/// On a **bincode decode failure** the corrupt file is renamed to
+/// On a **postcard decode failure** the corrupt file is renamed to
 /// `<original>.broken.<epoch_secs>.bak` before returning `None`, so the
 /// caller can build fresh without worrying about re-encountering the same
 /// corrupt bytes.
 pub fn try_load(vocab_hash: &str) -> Option<TokenLanguageIndex> {
     let path = cache_path(vocab_hash);
     let bytes = std::fs::read(&path).ok()?;
 
-    match bincode::deserialize::<TokenLanguageIndex>(&bytes) {
+    match postcard::from_bytes::<TokenLanguageIndex>(&bytes) {
         Ok(idx) if idx.version == CURRENT_VERSION => Some(idx),
         Ok(_) => {
             // Version mismatch — stale cache. Leave the file; the caller will
@@ -121,7 +121,7 @@ pub fn save(index: &TokenLanguageIndex) -> Result<(), LangAnalyzerError> {
     if let Some(parent) = path.parent() {
         std::fs::create_dir_all(parent)?;
     }
-    let bytes = bincode::serialize(index)?;
+    let bytes = postcard::to_allocvec(index)?;
     // Write to a sibling temp file first to ensure atomicity.
     let tmp = path.with_extension("bin.tmp");
     std::fs::write(&tmp, &bytes)?;
@@ -364,7 +364,7 @@ mod tests {
         std::env::set_var("MLXCEL_CACHE_DIR", tmp.path());
         let path = cache_path(hash);
         std::fs::create_dir_all(path.parent().unwrap()).expect("create dirs");
-        std::fs::write(&path, b"not valid bincode data!!!").expect("write garbage");
+        std::fs::write(&path, b"not valid postcard data!!!").expect("write garbage");
         let result = try_load(hash);
         let path_still_exists = path.exists();
         let cache_dir = path.parent().unwrap().to_path_buf();

src/lib/mlxcel-core/src/lang_analyzer/cache.rs

@@ -22,7 +22,7 @@
 //! The module is structured in sub-issues:
 //! - **B2 (this file, initial)**: `Script` enum, `classify_token`, helper predicates.
 //! - **B3** (added in the same file): `TokenScriptInfo`, `TokenLanguageIndex`, `build()`.
-//! - **B4** (`cache` submodule): disk cache for `TokenLanguageIndex` (vocab-hash keyed, bincode v1).
+//! - **B4** (`cache` submodule): disk cache for `TokenLanguageIndex` (vocab-hash keyed, postcard 1.x).
 
 pub mod cache;
 pub use cache::{cache_path, load_or_build, save, try_load};
@@ -284,8 +284,8 @@ pub enum LangAnalyzerError {
     Io(#[from] std::io::Error),
     #[error("tokenizer.json not found at path: {0}")]
     TokenizerJsonNotFound(String),
-    #[error("bincode serialization error: {0}")]
-    Bincode(#[from] bincode::Error),
+    #[error("postcard serialization error: {0}")]
+    Postcard(#[from] postcard::Error),
     #[error("unknown language code '{0}'; expected one of: ja zh ko en ru ar th hi he el")]
     UnknownLanguageCode(String),
 }