tzlint-io-safety

star 1

All boundary I/O goes through the centralized tzlint_core::io module; no raw fs/network elsewhere.

simorgh3196 By simorgh3196 schedule Updated 5/28/2026
play_arrow Run Skill in Manus View GitHub

name: tzlint-io-safety description: All boundary I/O goes through the centralized tzlint_core::io module; no raw fs/network elsewhere.

Rule. Every file/network read or write goes through tzlint_core::io (read_with_limit, the atomic-write helper). Raw std::fs::read*/write, libc, and ad-hoc network calls are forbidden outside that module (enforced by clippy disallowed-methods + a CI io-guard grep). Reads use Read::take(max + 1) (no metadata-then-read; avoids TOCTOU). Durable writes are tmp (O_CREAT|O_EXCL, 0600, same dir) + fsync(tmp) + rename + fsync(parent dir) — used by both the cache and --fix. FIFO/O_NONBLOCK via rustix, never unsafe libc.

Why. A single I/O mistake repeated across many entry points is the most frequent recurring bug/vuln class; one wrapper makes it structurally impossible.

How to apply. Need to touch a file or the network? Call (or extend) tzlint_core::io. The wrapper functions are the only place allowed to #[allow(clippy::disallowed_methods)], with a justifying comment. Surface failures as IoError/SecurityError.

Install via CLI
npx skills add https://github.com/simorgh3196/tsuzulint --skill tzlint-io-safety
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
simorgh3196
simorgh3196 Explore all skills →