housekeeping(server): fixed clippy warns

server/crates/arbiter-client/src/auth.rs

@@ -109,9 +109,7 @@ async fn receive_auth_confirmation(
         .await
         .map_err(|_| AuthError::UnexpectedAuthResponse)?;
 
-    let payload = response
+    let payload = response.payload.ok_or(AuthError::UnexpectedAuthResponse)?;
-        .payload
-        .ok_or(AuthError::UnexpectedAuthResponse)?;
     match payload {
         ClientResponsePayload::AuthResult(result)
             if AuthResult::try_from(result).ok() == Some(AuthResult::Success) =>

server/crates/arbiter-client/src/bin/test_connect.rs

@@ -1,9 +1,7 @@
-
 use std::io::{self, Write};
 
 use arbiter_client::ArbiterClient;
 use arbiter_proto::{ClientMetadata, url::ArbiterUrl};
-use tonic::ConnectError;
 
 #[tokio::main]
 async fn main() {
@@ -23,8 +21,6 @@ async fn main() {
         return;
     }
 
-   
-
     let url = match ArbiterUrl::try_from(input) {
         Ok(url) => url,
         Err(err) => {
@@ -33,7 +29,7 @@ async fn main() {
         }
     };
 
-     println!("{:#?}", url);
+    println!("{:#?}", url);
 
     let metadata = ClientMetadata {
         name: "arbiter-client test_connect".to_string(),
@@ -45,4 +41,4 @@ async fn main() {
         Ok(_) => println!("Connected and authenticated successfully."),
         Err(err) => eprintln!("Failed to connect: {:#?}", err),
     }
-}
+}

server/crates/arbiter-client/src/client.rs

@@ -1,11 +1,16 @@
-use arbiter_proto::{ClientMetadata, proto::arbiter_service_client::ArbiterServiceClient, url::ArbiterUrl};
+use arbiter_proto::{
+    ClientMetadata, proto::arbiter_service_client::ArbiterServiceClient, url::ArbiterUrl,
+};
 use std::sync::Arc;
 use tokio::sync::{Mutex, mpsc};
 use tokio_stream::wrappers::ReceiverStream;
 use tonic::transport::ClientTlsConfig;
 
 use crate::{
-    StorageError, auth::{AuthError, authenticate}, storage::{FileSigningKeyStorage, SigningKeyStorage}, transport::{BUFFER_LENGTH, ClientTransport}
+    StorageError,
+    auth::{AuthError, authenticate},
+    storage::{FileSigningKeyStorage, SigningKeyStorage},
+    transport::{BUFFER_LENGTH, ClientTransport},
 };
 
 #[cfg(feature = "evm")]
@@ -30,7 +35,6 @@ pub enum Error {
 
     #[error("Storage error")]
     Storage(#[from] StorageError),
-    
 }
 
 pub struct ArbiterClient {
@@ -61,10 +65,11 @@ impl ArbiterClient {
         let anchor = webpki::anchor_from_trusted_cert(&url.ca_cert)?.to_owned();
         let tls = ClientTlsConfig::new().trust_anchor(anchor);
 
-        let channel = tonic::transport::Channel::from_shared(format!("https://{}:{}", url.host, url.port))?
+        let channel =
-            .tls_config(tls)?
+            tonic::transport::Channel::from_shared(format!("https://{}:{}", url.host, url.port))?
-            .connect()
+                .tls_config(tls)?
-            .await?;
+                .connect()
+                .await?;
 
         let mut client = ArbiterServiceClient::new(channel);
         let (tx, rx) = mpsc::channel(BUFFER_LENGTH);

server/crates/arbiter-client/src/transport.rs

@@ -1,6 +1,4 @@
-use arbiter_proto::proto::{
+use arbiter_proto::proto::client::{ClientRequest, ClientResponse};
-    client::{ClientRequest, ClientResponse},
-};
 use std::sync::atomic::{AtomicI32, Ordering};
 use tokio::sync::mpsc;
 
@@ -36,9 +34,7 @@ impl ClientTransport {
             .map_err(|_| ClientSignError::ChannelClosed)
     }
 
-    pub(crate) async fn recv(
+    pub(crate) async fn recv(&mut self) -> std::result::Result<ClientResponse, ClientSignError> {
-        &mut self,
-    ) -> std::result::Result<ClientResponse, ClientSignError> {
         match self.receiver.message().await {
             Ok(Some(resp)) => Ok(resp),
             Ok(None) => Err(ClientSignError::ConnectionClosed),

server/crates/arbiter-proto/src/url.rs

@@ -7,7 +7,6 @@ const ARBITER_URL_SCHEME: &str = "arbiter";
 const CERT_QUERY_KEY: &str = "cert";
 const BOOTSTRAP_TOKEN_QUERY_KEY: &str = "bootstrap_token";
 
-
 #[derive(Debug, Clone)]
 pub struct ArbiterUrl {
     pub host: String,

server/crates/arbiter-server/src/actors/client/auth.rs

@@ -1,5 +1,6 @@
 use arbiter_proto::{
-    ClientMetadata, format_challenge, transport::{Bi, expect_message}
+    ClientMetadata, format_challenge,
+    transport::{Bi, expect_message},
 };
 use chrono::Utc;
 use diesel::{
@@ -320,7 +321,7 @@ where
     sync_client_metadata(&props.db, info.id, &metadata).await?;
 
     challenge_client(transport, pubkey, info.current_nonce).await?;
-    
+
     transport
         .send(Ok(Outbound::AuthSuccess))
         .await

server/crates/arbiter-server/src/actors/client/mod.rs

@@ -3,7 +3,7 @@ use kameo::actor::Spawn;
 use tracing::{error, info};
 
 use crate::{
-    actors::{GlobalActors, client::{ session::ClientSession}},
+    actors::{GlobalActors, client::session::ClientSession},
     db,
 };
 

server/crates/arbiter-server/src/actors/evm/mod.rs

@@ -9,7 +9,7 @@ use rand::{SeedableRng, rng, rngs::StdRng};
 use crate::{
     actors::keyholder::{CreateNew, Decrypt, KeyHolder},
     db::{
-        self, DatabaseError, DatabasePool,
+        DatabaseError, DatabasePool,
         models::{self, SqliteTimestamp},
         schema,
     },

server/crates/arbiter-server/src/actors/flow_coordinator/client_connect_approval.rs

@@ -15,7 +15,7 @@ use crate::actors::{
 pub struct Args {
     pub client: ClientProfile,
     pub user_agents: Vec<ActorRef<UserAgentSession>>,
-    pub reply: ReplySender<Result<bool, ApprovalError>>
+    pub reply: ReplySender<Result<bool, ApprovalError>>,
 }
 
 pub struct ClientApprovalController {
@@ -39,7 +39,11 @@ impl Actor for ClientApprovalController {
     type Error = ();
 
     async fn on_start(
-        Args { client, mut user_agents, reply }: Self::Args,
+        Args {
+            client,
+            mut user_agents,
+            reply,
+        }: Self::Args,
         actor_ref: ActorRef<Self>,
     ) -> Result<Self, Self::Error> {
         let this = Self {

server/crates/arbiter-server/src/actors/keyholder/mod.rs

@@ -8,7 +8,14 @@ use kameo::{Actor, Reply, messages};
 use strum::{EnumDiscriminants, IntoDiscriminant};
 use tracing::{error, info};
 
-use crate::{crypto::{KeyCell, derive_key, encryption::v1::{self, Nonce}, integrity::v1::compute_integrity_tag}, safe_cell::SafeCell};
+use crate::{
+    crypto::{
+        KeyCell, derive_key,
+        encryption::v1::{self, Nonce},
+        integrity::v1::compute_integrity_tag,
+    },
+    safe_cell::SafeCell,
+};
 use crate::{
     db::{
         self,
@@ -18,7 +25,6 @@ use crate::{
     safe_cell::SafeCellHandle as _,
 };
 
-
 #[derive(Default, EnumDiscriminants)]
 #[strum_discriminants(derive(Reply), vis(pub), name(KeyHolderState))]
 enum State {
@@ -112,14 +118,13 @@ impl KeyHolder {
                         .first(conn)
                         .await?;
 
-                    let mut nonce =
+                    let mut nonce = Nonce::try_from(current_nonce.as_slice()).map_err(|_| {
-                        Nonce::try_from(current_nonce.as_slice()).map_err(|_| {
+                        error!(
-                            error!(
+                            "Broken database: invalid nonce for root key history id={}",
-                                "Broken database: invalid nonce for root key history id={}",
+                            root_key_id
-                                root_key_id
+                        );
-                            );
+                        Error::BrokenDatabase
-                            Error::BrokenDatabase
+                    })?;
-                        })?;
                     nonce.increment();
 
                     update(schema::root_key_history::table)
@@ -265,11 +270,8 @@ impl KeyHolder {
             return Err(Error::NotBootstrapped);
         };
 
-        let tag = compute_integrity_tag(
+        let tag =
-            root_key,
+            compute_integrity_tag(root_key, &purpose_tag, data_parts.iter().map(Vec::as_slice));
-            &purpose_tag,
-            data_parts.iter().map(Vec::as_slice),
-        );
         Ok(tag.to_vec())
     }
 

server/crates/arbiter-server/src/actors/user_agent/session/connection.rs

@@ -2,7 +2,7 @@ use std::sync::Mutex;
 
 use alloy::primitives::Address;
 use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit};
-use diesel::{ExpressionMethods as _, QueryDsl as _, SelectableHelper, dsl::update};
+use diesel::{ExpressionMethods as _, QueryDsl as _, SelectableHelper};
 use diesel_async::{AsyncConnection, RunQueryDsl};
 use kameo::error::SendError;
 use kameo::messages;
@@ -13,9 +13,8 @@ use x25519_dalek::{EphemeralSecret, PublicKey};
 use crate::actors::flow_coordinator::client_connect_approval::ClientApprovalAnswer;
 use crate::actors::keyholder::KeyHolderState;
 use crate::actors::user_agent::session::Error;
-use crate::crypto::integrity::v1::USERAGENT_INTEGRITY_TAG;
 use crate::db::models::{
-    EvmWalletAccess, KeyType, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata,
+    EvmWalletAccess, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata,
 };
 use crate::evm::policies::{Grant, SpecificGrant};
 use crate::safe_cell::SafeCell;
@@ -24,7 +23,7 @@ use crate::{
         evm::{
             Generate, ListWallets, UseragentCreateGrant, UseragentDeleteGrant, UseragentListGrants,
         },
-        keyholder::{self, Bootstrap, SignIntegrityTag, TryUnseal},
+        keyholder::{self, Bootstrap, TryUnseal},
         user_agent::session::{
             UserAgentSession,
             state::{UnsealContext, UserAgentEvents, UserAgentStates},

server/crates/arbiter-server/src/context/tls.rs

@@ -116,9 +116,7 @@ impl TlsCa {
         ];
         params
             .subject_alt_names
-            .push(SanType::IpAddress(IpAddr::from([
+            .push(SanType::IpAddress(IpAddr::from([127, 0, 0, 1])));
-                127, 0, 0, 1,
-            ])));
 
         let mut dn = DistinguishedName::new();
         dn.push(DnType::CommonName, "Arbiter Instance Leaf");

server/crates/arbiter-server/src/crypto/encryption/mod.rs

@@ -1 +1 @@
-pub mod v1;
+pub mod v1;

server/crates/arbiter-server/src/crypto/encryption/v1.rs

@@ -5,7 +5,6 @@ use rand::{
     rngs::{StdRng, SysRng},
 };
 
-
 pub const ROOT_KEY_TAG: &[u8] = "arbiter/seal/v1".as_bytes();
 pub const TAG: &[u8] = "arbiter/private-key/v1".as_bytes();
 
@@ -42,8 +41,6 @@ impl<'a> TryFrom<&'a [u8]> for Nonce {
     }
 }
 
-
-
 pub type Salt = [u8; ArgonSalt::RECOMMENDED_LENGTH];
 
 pub fn generate_salt() -> Salt {
@@ -62,7 +59,10 @@ mod tests {
     use std::ops::Deref as _;
 
     use super::*;
-    use crate::{crypto::derive_key, safe_cell::{SafeCell, SafeCellHandle as _}};
+    use crate::{
+        crypto::derive_key,
+        safe_cell::{SafeCell, SafeCellHandle as _},
+    };
 
     #[test]
     pub fn derive_seal_key_deterministic() {
@@ -93,8 +93,6 @@ mod tests {
         assert_ne!(key_ref.as_slice(), &[0u8; 32][..]);
     }
 
-    
-
     #[test]
     // We should fuzz this
     pub fn test_nonce_increment() {

server/crates/arbiter-server/src/crypto/integrity/mod.rs

@@ -1 +1 @@
-pub mod v1;
+pub mod v1;

server/crates/arbiter-server/src/crypto/integrity/v1.rs

@@ -2,9 +2,8 @@ use crate::{crypto::KeyCell, safe_cell::SafeCellHandle as _};
 use chacha20poly1305::Key;
 use hmac::Mac as _;
 
-    pub const USERAGENT_INTEGRITY_DERIVE_TAG: &[u8] = "arbiter/useragent/integrity-key/v1".as_bytes();
+pub const USERAGENT_INTEGRITY_DERIVE_TAG: &[u8] = "arbiter/useragent/integrity-key/v1".as_bytes();
-    pub const USERAGENT_INTEGRITY_TAG: &[u8] = "arbiter/useragent/pubkey-entry/v1".as_bytes();
+pub const USERAGENT_INTEGRITY_TAG: &[u8] = "arbiter/useragent/pubkey-entry/v1".as_bytes();
-
 
 /// Computes an integrity tag for a specific domain and payload shape.
 pub fn compute_integrity_tag<'a, I>(
@@ -33,10 +32,12 @@ where
 
 #[cfg(test)]
 mod tests {
-    use crate::{crypto::{derive_key, encryption::v1::generate_salt}, safe_cell::{SafeCell, SafeCellHandle as _}};
+    use crate::{
-
+        crypto::{derive_key, encryption::v1::generate_salt},
-    use super::{compute_integrity_tag, USERAGENT_INTEGRITY_TAG};
+        safe_cell::{SafeCell, SafeCellHandle as _},
+    };
 
+    use super::{USERAGENT_INTEGRITY_TAG, compute_integrity_tag};
 
     #[test]
     pub fn integrity_tag_deterministic() {
@@ -74,4 +75,4 @@ mod tests {
         );
         assert_ne!(t1, t2);
     }
-}
+}

server/crates/arbiter-server/src/crypto/mod.rs

@@ -5,9 +5,12 @@ use chacha20poly1305::{
     AeadInPlace, Key, KeyInit as _, XChaCha20Poly1305, XNonce,
     aead::{AeadMut, Error, Payload},
 };
-use rand::{Rng as _, SeedableRng as _, rngs::{StdRng, SysRng}};
+use rand::{
+    Rng as _, SeedableRng as _,
+    rngs::{StdRng, SysRng},
+};
 
-use crate::{safe_cell::{SafeCell, SafeCellHandle as _}};
+use crate::safe_cell::{SafeCell, SafeCellHandle as _};
 
 pub mod encryption;
 pub mod integrity;
@@ -124,8 +127,11 @@ pub fn derive_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell {
 
 #[cfg(test)]
 mod tests {
-    use crate::{safe_cell::{SafeCell, SafeCellHandle as _}};
+    use super::{
-    use super::{derive_key, encryption::v1::{Nonce, generate_salt}};
+        derive_key,
+        encryption::v1::{Nonce, generate_salt},
+    };
+    use crate::safe_cell::{SafeCell, SafeCellHandle as _};
 
     #[test]
     pub fn encrypt_decrypt() {
@@ -150,4 +156,4 @@ mod tests {
         let buffer = buffer.read();
         assert_eq!(*buffer, b"secret data");
     }
-}
+}

server/crates/arbiter-server/src/evm/mod.rs

@@ -8,7 +8,6 @@ use alloy::{
 use chrono::Utc;
 use diesel::{ExpressionMethods as _, QueryDsl as _, QueryResult, insert_into, sqlite::Sqlite};
 use diesel_async::{AsyncConnection, RunQueryDsl};
-use tracing_subscriber::registry::Data;
 
 use crate::{
     db::{

server/crates/arbiter-server/src/grpc/client.rs

@@ -34,7 +34,9 @@ async fn dispatch_loop(
     mut request_tracker: RequestTracker,
 ) {
     loop {
-        let Some(message) = bi.recv().await else { return };
+        let Some(message) = bi.recv().await else {
+            return;
+        };
 
         let conn = match message {
             Ok(conn) => conn,
@@ -53,16 +55,24 @@ async fn dispatch_loop(
         };
 
         let Some(payload) = conn.payload else {
-            let _ = bi.send(Err(Status::invalid_argument("Missing client request payload"))).await;
+            let _ = bi
+                .send(Err(Status::invalid_argument(
+                    "Missing client request payload",
+                )))
+                .await;
             return;
         };
 
         match dispatch_inner(&actor, payload).await {
             Ok(response) => {
-                if bi.send(Ok(ClientResponse {
+                if bi
-                    request_id: Some(request_id),
+                    .send(Ok(ClientResponse {
-                    payload: Some(response),
+                        request_id: Some(request_id),
-                })).await.is_err() {
+                        payload: Some(response),
+                    }))
+                    .await
+                    .is_err()
+                {
                     return;
                 }
             }

server/crates/arbiter-server/src/grpc/client/auth.rs

@@ -1,11 +1,13 @@
 use arbiter_proto::{
-    ClientMetadata, proto::client::{
+    ClientMetadata,
+    proto::client::{
         AuthChallenge as ProtoAuthChallenge, AuthChallengeRequest as ProtoAuthChallengeRequest,
         AuthChallengeSolution as ProtoAuthChallengeSolution, AuthResult as ProtoAuthResult,
         ClientInfo as ProtoClientInfo, ClientRequest, ClientResponse,
         client_request::Payload as ClientRequestPayload,
         client_response::Payload as ClientResponsePayload,
-    }, transport::{Bi, Error as TransportError, Receiver, Sender, grpc::GrpcBi}
+    },
+    transport::{Bi, Error as TransportError, Receiver, Sender, grpc::GrpcBi},
 };
 use async_trait::async_trait;
 use tonic::Status;

server/crates/arbiter-server/src/grpc/client/inbound.rs

@@ -0,0 +1 @@
+

server/crates/arbiter-server/src/grpc/client/outbound.rs

@@ -0,0 +1 @@
+

server/crates/arbiter-server/src/grpc/user_agent.rs

@@ -20,8 +20,7 @@ use arbiter_proto::{
             SdkClientConnectionRequest as ProtoSdkClientConnectionRequest,
             SdkClientEntry as ProtoSdkClientEntry, SdkClientError as ProtoSdkClientError,
             SdkClientGrantWalletAccess, SdkClientList as ProtoSdkClientList,
-            SdkClientListResponse as ProtoSdkClientListResponse, SdkClientRevokeWalletAccess,
+            SdkClientListResponse as ProtoSdkClientListResponse, SdkClientRevokeWalletAccess, UnsealEncryptedKey as ProtoUnsealEncryptedKey,
-            SdkClientWalletAccess, UnsealEncryptedKey as ProtoUnsealEncryptedKey,
             UnsealResult as ProtoUnsealResult, UnsealStart, UserAgentRequest, UserAgentResponse,
             VaultState as ProtoVaultState,
             sdk_client_list_response::Result as ProtoSdkClientListResult,
@@ -53,7 +52,7 @@ use crate::{
             },
         },
     },
-    db::models::{CoreEvmWalletAccess, NewEvmWalletAccess},
+    db::models::NewEvmWalletAccess,
     grpc::{Convert, TryConvert, request_tracker::RequestTracker},
 };
 mod auth;
@@ -404,7 +403,10 @@ async fn dispatch_inner(
         }
 
         UserAgentRequestPayload::RevokeWalletAccess(SdkClientRevokeWalletAccess { accesses }) => {
-            match actor.ask(HandleRevokeEvmWalletAccess { entries: accesses }).await {
+            match actor
+                .ask(HandleRevokeEvmWalletAccess { entries: accesses })
+                .await
+            {
                 Ok(()) => {
                     info!("Successfully revoked wallet access");
                     return Ok(None);

server/crates/arbiter-server/src/grpc/user_agent/inbound.rs

@@ -10,7 +10,7 @@ use chrono::{DateTime, TimeZone, Utc};
 use prost_types::Timestamp as ProtoTimestamp;
 use tonic::Status;
 
-use crate::db::models::{CoreEvmWalletAccess, NewEvmWallet, NewEvmWalletAccess};
+use crate::db::models::{CoreEvmWalletAccess, NewEvmWalletAccess};
 use crate::grpc::Convert;
 use crate::{
     evm::policies::{

server/crates/arbiter-server/src/lib.rs

@@ -1,9 +1,9 @@
 #![forbid(unsafe_code)]
 use crate::context::ServerContext;
 
-pub mod crypto;
 pub mod actors;
 pub mod context;
+pub mod crypto;
 pub mod db;
 pub mod evm;
 pub mod grpc;

server/crates/arbiter-server/tests/keyholder/lifecycle.rs

@@ -1,5 +1,8 @@
 use arbiter_server::{
-    actors::keyholder::{Error, KeyHolder}, crypto::encryption::v1::{Nonce, ROOT_KEY_TAG}, db::{self, models, schema}, safe_cell::{SafeCell, SafeCellHandle as _}
+    actors::keyholder::{Error, KeyHolder},
+    crypto::encryption::v1::{Nonce, ROOT_KEY_TAG},
+    db::{self, models, schema},
+    safe_cell::{SafeCell, SafeCellHandle as _},
 };
 use diesel::{QueryDsl, SelectableHelper};
 use diesel_async::RunQueryDsl;
@@ -23,16 +26,10 @@ async fn test_bootstrap() {
         .unwrap();
 
     assert_eq!(row.schema_version, 1);
-    assert_eq!(
+    assert_eq!(row.tag, ROOT_KEY_TAG);
-        row.tag,
-        ROOT_KEY_TAG
-    );
     assert!(!row.ciphertext.is_empty());
     assert!(!row.salt.is_empty());
-    assert_eq!(
+    assert_eq!(row.data_encryption_nonce, Nonce::default().to_vec());
-        row.data_encryption_nonce,
-        Nonce::default().to_vec()
-    );
 }
 
 #[tokio::test]

server/crates/arbiter-server/tests/keyholder/storage.rs

@@ -1,7 +1,10 @@
 use std::collections::HashSet;
 
 use arbiter_server::{
-    actors::keyholder::Error, crypto::encryption::v1::Nonce, db::{self, models, schema}, safe_cell::{SafeCell, SafeCellHandle as _}
+    actors::keyholder::Error,
+    crypto::encryption::v1::Nonce,
+    db::{self, models, schema},
+    safe_cell::{SafeCell, SafeCellHandle as _},
 };
 use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper, dsl::update};
 use diesel_async::RunQueryDsl;