diff --git a/audits/assail-classifications.a2ml b/audits/assail-classifications.a2ml new file mode 100644 index 00000000..3b32b01f --- /dev/null +++ b/audits/assail-classifications.a2ml @@ -0,0 +1,729 @@ +;; SPDX-License-Identifier: MPL-2.0 +;; Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) +;; +;; Assail Classifications — boj-server +;; See panic-attack/.claude/CLAUDE.md § "User-Classification Registry". + +(assail-classifications + (metadata + (version "1.0.0") + (project "boj-server") + (last-updated "2026-05-26") + (entries 119) + (status "active")) + + (classification + (file "cartridges/civic-connect-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/ssg-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/observe-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/neon-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/pmpl-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/hex-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/idaptik-admin-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/todoist-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/claude-agents-power-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/research-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/burble-admin-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/panic-attack-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/reposystem-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/academic-workflow-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/nesy-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/browser-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/feedback-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/local-memory-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/turso-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/grafana-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/gcp-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/aerie-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/secrets-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/database-mcp/ffi/database_ffi.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/database-mcp/ffi/database_ffi.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/database-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/container-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/k8s-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/cloudflare-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/github-actions-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/aws-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/notifyhub-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/ephapax-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/digitalocean-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/supabase-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/hypatia-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/dns-shield-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/typed-wasm-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/discord-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/hetzner-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/linode-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/opendatamcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/postgresql-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/hesiod-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/notion-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/local-coord-mcp/ffi/coord_identity.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/ml-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/opam-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/agent-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/rokur-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/k9iser-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/k9iser-mcp/adapter/k9iser_adapter.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/sentry-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/prometheus-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/slack-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/docker-hub-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/fleet-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/model-router-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/jira-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/stapeln-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/bofig-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/git-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/verisimdb-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/hackage-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/zotero-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/cloud-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/gitlab-api-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/comms-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/codeseeker-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/obsidian-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/proof-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/google-docs-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/fly-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/iac-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/conflow-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/airtable-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/orchestrator-lsp-mcp/ffi/zig/src/main.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/linear-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/dap-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/laminar-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/claude-ai-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/vault-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/boj-health/ffi/boj_health_ffi.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/mongodb-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/matrix-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/circleci-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/fireflag-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/render-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/vordr-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/clickhouse-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/opsm-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/github-api-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/railway-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/origenemcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/affinescript-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/lang-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/kategoria-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/buildkite-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/pypi-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/game-admin-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/toolchain-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/gossamer-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/sanctify-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/coderag-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/npm-registry-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/vext-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/duckdb-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/queues-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/telegram-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/arango-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/redis-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/crates-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/lsp-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/bsp-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/google-sheets-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/ums-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "cartridges/neo4j-mcp/ffi/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §1") + (rationale "MCP cartridge_shim.zig: extern C declarations + unsafe pointer cast for the cartridge handle, at the Zig→C ABI boundary.")) + (classification + (file "ffi/zig/src/federation.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §2") + (rationale "Zig FFI bridge to boj-server backend (cartridge runtime, federation). Each unsafe pointer cast is at the Zig→C ABI boundary required to call into libboj-server.")) + (classification + (file "ffi/zig/src/cartridge_shim.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md §2") + (rationale "Zig FFI bridge to boj-server backend (cartridge runtime, federation). Each unsafe pointer cast is at the Zig→C ABI boundary required to call into libboj-server.")) +) diff --git a/audits/audit-ffi-2026-05-26.md b/audits/audit-ffi-2026-05-26.md new file mode 100644 index 00000000..32e3e202 --- /dev/null +++ b/audits/audit-ffi-2026-05-26.md @@ -0,0 +1,47 @@ + + +# Audit: FFI `unsafe` blocks (boj-server) + +**Auditor**: Jonathan D.A. Jewell +**Date**: 2026-05-26 +**Scope**: panic-attack assail Critical/High `UnsafeCode` (PA001) and `UnsafeFFI` (PA007) findings located under `cartridges/*/ffi/cartridge_shim.zig` and `ffi/zig/src/{federation,cartridge_shim}.zig`. +**Cross-reference**: campaign tracker [hyperpolymath/panic-attack#32](https://github.com/hyperpolymath/panic-attack/issues/32). +**Registry**: `audits/assail-classifications.a2ml`. + +## §1 — `cartridges/*/ffi/cartridge_shim.zig` (117 entries) + +The `cartridges/` tree contains ~114 MCP (Model Context Protocol) cartridges, each with an identical-shape `ffi/cartridge_shim.zig` that wraps the cartridge's host-side C ABI: + +```zig +extern fn cartridge_(handle: *anyopaque, ...) c_int; + +pub fn invoke(handle: *anyopaque, ...) !Result { + const ptr: [*c]u8 = @ptrCast(handle); + // ... +} +``` + +The `unsafe`-equivalent operations (`@ptrCast`, extern C declarations) sit at the Zig↔C ABI boundary and are required by Zig to call across. + +## §2 — `ffi/zig/src/{federation,cartridge_shim}.zig` (2 entries) + +The backend Zig FFI bridge to boj-server's Idris2 verified core. Same pattern as §1 — extern C declarations + pointer casts at the ABI boundary. + +This is **separate from** the class-J primitive axioms tracked in the backend-assurance harness (those concern the Idris2 trusted base, not the Zig FFI layer). + +## Anti-gameability + +The registry is a separate file from any cartridge_shim source under scan. Adding a new `unsafe` operation inside a cartridge shim or the backend FFI requires a companion classification entry and an update to this audit doc, both visible in the diff. + +## Verification + +Locally on this branch: `panic-attack assail . --headless` reports the 119 findings as `suppressed: true`. Any new `unsafe` outside the classified roots remains unsuppressed. + +Refs hyperpolymath/panic-attack#32. + +## Supersedes + +This PR supersedes [#153](https://github.com/hyperpolymath/boj-server/pull/153) — that PR covered only the 2 backend FFI entries; this one bundles them with the 117 cartridge entries to avoid an a2ml-file merge conflict.