diff --git a/server/clippy.toml b/server/clippy.toml
index 09149fd..4ab45d6 100644
--- a/server/clippy.toml
+++ b/server/clippy.toml
@@ -3,6 +3,6 @@ disallowed-methods = [
     # We only use RSA for Windows Hello (KeyCredentialManager) public-key verification — decryption
     # is never required and must not be introduced.
     { path = "rsa::RsaPrivateKey::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted." },
-    { path = "rsa::pkcs1v15::DecryptingKey::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted." },
-    { path = "rsa::oaep::DecryptingKey::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted." },
+    { path = "rsa::pkcs1v15::DecryptingKey::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted.", allow-invalid = true },
+    { path = "rsa::oaep::DecryptingKey::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted.", allow-invalid = true },
 ]
diff --git a/server/crates/arbiter-server/src/actors/client/auth.rs b/server/crates/arbiter-server/src/actors/client/auth.rs
index 3f9c7a8..cb11d9a 100644
--- a/server/crates/arbiter-server/src/actors/client/auth.rs
+++ b/server/crates/arbiter-server/src/actors/client/auth.rs
@@ -17,7 +17,10 @@ use kameo::error::SendError;
 use tracing::error;
 
 use crate::{
-    actors::{client::ClientConnection, router::{self, RequestClientApproval}},
+    actors::{
+        client::ClientConnection,
+        router::{self, RequestClientApproval},
+    },
     db::{self, schema::program_client},
 };
 
@@ -100,7 +103,9 @@ async fn approve_new_client(
 ) -> Result<(), Error> {
     let result = actors
         .router
-        .ask(RequestClientApproval { client_pubkey: pubkey })
+        .ask(RequestClientApproval {
+            client_pubkey: pubkey,
+        })
         .await;
 
     match result {
@@ -166,18 +171,18 @@ async fn challenge_client(
             Error::Transport
         })?;
 
-    let AuthChallengeSolution { signature } = expect_message(
-        &mut *props.transport,
-        |req: ClientRequest| match req.payload? {
-            ClientRequestPayload::AuthChallengeSolution(s) => Some(s),
-            _ => None,
-        },
-    )
-    .await
-    .map_err(|e| {
-        error!(error = ?e, "Failed to receive challenge solution");
-        Error::Transport
-    })?;
+    let AuthChallengeSolution { signature } =
+        expect_message(&mut *props.transport, |req: ClientRequest| {
+            match req.payload? {
+                ClientRequestPayload::AuthChallengeSolution(s) => Some(s),
+                _ => None,
+            }
+        })
+        .await
+        .map_err(|e| {
+            error!(error = ?e, "Failed to receive challenge solution");
+            Error::Transport
+        })?;
 
     let formatted = format_challenge(nonce, &challenge.pubkey);
     let sig = signature.as_slice().try_into().map_err(|_| {
@@ -196,9 +201,9 @@ async fn challenge_client(
 fn connect_error_code(err: &Error) -> ConnectErrorCode {
     match err {
         Error::ApproveError(ApproveError::Denied) => ConnectErrorCode::ApprovalDenied,
-        Error::ApproveError(ApproveError::Upstream(router::ApprovalError::NoUserAgentsConnected)) => {
-            ConnectErrorCode::NoUserAgentsOnline
-        }
+        Error::ApproveError(ApproveError::Upstream(
+            router::ApprovalError::NoUserAgentsConnected,
+        )) => ConnectErrorCode::NoUserAgentsOnline,
         _ => ConnectErrorCode::Unknown,
     }
 }
@@ -234,7 +239,7 @@ async fn authenticate(props: &mut ClientConnection) -> Result<VerifyingKey, Erro
 
 pub async fn authenticate_and_create(mut props: ClientConnection) -> Result<ClientSession, Error> {
     match authenticate(&mut props).await {
-        Ok(pubkey) => Ok(ClientSession::new(props, pubkey)),
+        Ok(_pubkey) => Ok(ClientSession::new(props)),
         Err(err) => {
             let code = connect_error_code(&err);
             let _ = props
diff --git a/server/crates/arbiter-server/src/actors/client/session.rs b/server/crates/arbiter-server/src/actors/client/session.rs
index a0d21ca..a2ae4a4 100644
--- a/server/crates/arbiter-server/src/actors/client/session.rs
+++ b/server/crates/arbiter-server/src/actors/client/session.rs
@@ -1,5 +1,4 @@
 use arbiter_proto::proto::client::{ClientRequest, ClientResponse};
-use ed25519_dalek::VerifyingKey;
 use kameo::Actor;
 use tokio::select;
 use tracing::{error, info};
@@ -10,12 +9,11 @@ use crate::{actors::{
 
 pub struct ClientSession {
     props: ClientConnection,
-    key: VerifyingKey,
 }
 
 impl ClientSession {
-    pub(crate) fn new(props: ClientConnection, key: VerifyingKey) -> Self {
-        Self { props, key }
+    pub(crate) fn new(props: ClientConnection) -> Self {
+        Self { props }
     }
 
     pub async fn process_transport_inbound(&mut self, req: ClientRequest) -> Output {
@@ -24,9 +22,8 @@ impl ClientSession {
             ClientError::MissingRequestPayload
         })?;
 
-        match msg {
-            _ => Err(ClientError::UnexpectedRequestPayload),
-        }
+        let _ = msg;
+        Err(ClientError::UnexpectedRequestPayload)
     }
 }
 
@@ -92,7 +89,6 @@ impl ClientSession {
         use arbiter_proto::transport::DummyTransport;
         let transport: super::Transport = Box::new(DummyTransport::new());
         let props = ClientConnection::new(db, transport, actors);
-        let key = VerifyingKey::from_bytes(&[0u8; 32]).unwrap();
-        Self { props, key }
+        Self { props }
     }
 }
diff --git a/server/crates/arbiter-server/src/actors/evm/mod.rs b/server/crates/arbiter-server/src/actors/evm/mod.rs
index 0b7e97a..012b41c 100644
--- a/server/crates/arbiter-server/src/actors/evm/mod.rs
+++ b/server/crates/arbiter-server/src/actors/evm/mod.rs
@@ -1,4 +1,4 @@
-use alloy::{consensus::TxEip1559, network::TxSigner, primitives::Address, signers::Signature};
+use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
 use diesel::{ExpressionMethods, OptionalExtension as _, QueryDsl, SelectableHelper as _, dsl::insert_into};
 use diesel_async::RunQueryDsl;
 use kameo::{Actor, actor::ActorRef, messages};
diff --git a/server/crates/arbiter-server/src/actors/router/mod.rs b/server/crates/arbiter-server/src/actors/router/mod.rs
index ac1d720..a0a75b8 100644
--- a/server/crates/arbiter-server/src/actors/router/mod.rs
+++ b/server/crates/arbiter-server/src/actors/router/mod.rs
@@ -67,7 +67,7 @@ async fn request_client_approval(
     client_pubkey: VerifyingKey,
 ) -> Result<bool, ApprovalError> {
     if user_agents.is_empty() {
-        return Err(ApprovalError::NoUserAgentsConnected).into();
+        return Err(ApprovalError::NoUserAgentsConnected);
     }
 
     let mut pool = JoinSet::new();
@@ -76,7 +76,6 @@ async fn request_client_approval(
     for weak_ref in user_agents {
         match weak_ref.upgrade() {
             Some(agent) => {
-                let client_pubkey = client_pubkey.clone();
                 let cancel_rx = cancel_rx.clone();
                 pool.spawn(async move {
                     agent
@@ -167,7 +166,7 @@ impl MessageRouter {
         // handle in subtask to not to lock the actor
         tokio::task::spawn(async move {
             let result = request_client_approval(&weak_refs, client_pubkey).await;
-            let _ = reply_sender.send(result);
+            reply_sender.send(result);
         });
 
         reply
diff --git a/server/crates/arbiter-server/src/evm/mod.rs b/server/crates/arbiter-server/src/evm/mod.rs
index 9e00fc0..f295dc8 100644
--- a/server/crates/arbiter-server/src/evm/mod.rs
+++ b/server/crates/arbiter-server/src/evm/mod.rs
@@ -117,7 +117,8 @@ async fn check_shared_constraints(
     let now = Utc::now();
 
     // Validity window
-    if shared.valid_from.map_or(false, |t| now < t) || shared.valid_until.map_or(false, |t| now > t)
+    if shared.valid_from.is_some_and(|t| now < t)
+        || shared.valid_until.is_some_and(|t| now > t)
     {
         violations.push(EvalViolation::InvalidTime);
     }
@@ -125,8 +126,8 @@ async fn check_shared_constraints(
     // Gas fee caps
     let fee_exceeded = shared
         .max_gas_fee_per_gas
-        .map_or(false, |cap| U256::from(context.max_fee_per_gas) > cap);
-    let priority_exceeded = shared.max_priority_fee_per_gas.map_or(false, |cap| {
+        .is_some_and(|cap| U256::from(context.max_fee_per_gas) > cap);
+    let priority_exceeded = shared.max_priority_fee_per_gas.is_some_and(|cap| {
         U256::from(context.max_priority_fee_per_gas) > cap
     });
     if fee_exceeded || priority_exceeded {
@@ -228,7 +229,7 @@ impl Engine {
                         .values(&NewEvmBasicGrant {
                             wallet_id: full_grant.basic.wallet_id,
                             chain_id: full_grant.basic.chain as i32,
-                            client_id: client_id,
+                            client_id,
                             valid_from: full_grant.basic.valid_from.map(SqliteTimestamp),
                             valid_until: full_grant.basic.valid_until.map(SqliteTimestamp),
                             max_gas_fee_per_gas: full_grant
diff --git a/server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs b/server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs
index dfea8cb..e1f01c5 100644
--- a/server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs
+++ b/server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs
@@ -41,17 +41,12 @@ pub struct Meaning {
 }
 impl Display for Meaning {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(
-            f,
-            "Ether transfer of {} to {}",
-            self.value,
-            self.to.to_string()
-        )
+        write!(f, "Ether transfer of {} to {}", self.value, self.to)
     }
 }
-impl Into<SpecificMeaning> for Meaning {
-    fn into(self) -> SpecificMeaning {
-        SpecificMeaning::EtherTransfer(self)
+impl From<Meaning> for SpecificMeaning {
+    fn from(val: Meaning) -> SpecificMeaning {
+        SpecificMeaning::EtherTransfer(val)
     }
 }
 
@@ -61,9 +56,9 @@ pub struct Settings {
     limit: VolumeRateLimit,
 }
 
-impl Into<SpecificGrant> for Settings {
-    fn into(self) -> SpecificGrant {
-        SpecificGrant::EtherTransfer(self)
+impl From<Settings> for SpecificGrant {
+    fn from(val: Settings) -> SpecificGrant {
+        SpecificGrant::EtherTransfer(val)
     }
 }
 
diff --git a/server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs b/server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs
index 53d8679..856370f 100644
--- a/server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs
+++ b/server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs
@@ -51,9 +51,9 @@ impl std::fmt::Display for Meaning {
         )
     }
 }
-impl Into<SpecificMeaning> for Meaning {
-    fn into(self) -> SpecificMeaning {
-        SpecificMeaning::TokenTransfer(self)
+impl From<Meaning> for SpecificMeaning {
+    fn from(val: Meaning) -> SpecificMeaning {
+        SpecificMeaning::TokenTransfer(val)
     }
 }
 
@@ -63,9 +63,9 @@ pub struct Settings {
     target: Option<Address>,
     volume_limits: Vec<VolumeRateLimit>,
 }
-impl Into<SpecificGrant> for Settings {
-    fn into(self) -> SpecificGrant {
-        SpecificGrant::TokenTransfer(self)
+impl From<Settings> for SpecificGrant {
+    fn from(val: Settings) -> SpecificGrant {
+        SpecificGrant::TokenTransfer(val)
     }
 }
 
@@ -156,10 +156,10 @@ impl Policy for TokenTransfer {
             return Ok(violations);
         }
 
-        if let Some(allowed) = grant.settings.target {
-            if allowed != meaning.to {
-                violations.push(EvalViolation::InvalidTarget { target: meaning.to });
-            }
+        if let Some(allowed) = grant.settings.target
+            && allowed != meaning.to
+        {
+            violations.push(EvalViolation::InvalidTarget { target: meaning.to });
         }
 
         let rate_violations = check_volume_rate_limits(grant, db).await?;
diff --git a/server/crates/arbiter-server/src/evm/safe_signer.rs b/server/crates/arbiter-server/src/evm/safe_signer.rs
index 5a2fdad..1e10031 100644
--- a/server/crates/arbiter-server/src/evm/safe_signer.rs
+++ b/server/crates/arbiter-server/src/evm/safe_signer.rs
@@ -94,13 +94,13 @@ impl SafeSigner {
         &self,
         tx: &mut dyn SignableTransaction<Signature>,
     ) -> Result<Signature> {
-        if let Some(chain_id) = self.chain_id {
-            if !tx.set_chain_id_checked(chain_id) {
-                return Err(Error::TransactionChainIdMismatch {
-                    signer: chain_id,
-                    tx: tx.chain_id().unwrap(),
-                });
-            }
+        if let Some(chain_id) = self.chain_id
+            && !tx.set_chain_id_checked(chain_id)
+        {
+            return Err(Error::TransactionChainIdMismatch {
+                signer: chain_id,
+                tx: tx.chain_id().unwrap(),
+            });
         }
         self.sign_hash_inner(&tx.signature_hash()).map_err(Error::other)
     }
diff --git a/server/crates/arbiter-server/tests/common/mod.rs b/server/crates/arbiter-server/tests/common/mod.rs
index e23360f..7fb5bac 100644
--- a/server/crates/arbiter-server/tests/common/mod.rs
+++ b/server/crates/arbiter-server/tests/common/mod.rs
@@ -9,7 +9,6 @@ use diesel_async::RunQueryDsl;
 use memsafe::MemSafe;
 use tokio::sync::mpsc;
 
-
 #[allow(dead_code)]
 pub async fn bootstrapped_keyholder(db: &db::DatabasePool) -> KeyHolder {
     let mut actor = KeyHolder::new(db.clone()).await.unwrap();
@@ -31,13 +30,14 @@ pub async fn root_key_history_id(db: &db::DatabasePool) -> i32 {
     id.expect("root_key_id should be set after bootstrap")
 }
 
-
+#[allow(dead_code)]
 pub struct ChannelTransport<T, Y> {
     receiver: mpsc::Receiver<T>,
     sender: mpsc::Sender<Y>,
 }
 
 impl<T, Y> ChannelTransport<T, Y> {
+    #[allow(dead_code)]
     pub fn new() -> (Self, ChannelTransport<Y, T>) {
         let (tx1, rx1) = mpsc::channel(10);
         let (tx2, rx2) = mpsc::channel(10);
@@ -54,8 +54,6 @@ impl<T, Y> ChannelTransport<T, Y> {
     }
 }
 
-
-
 #[async_trait]
 impl<T, Y> Bi<T, Y> for ChannelTransport<T, Y>
 where