housekeeping(server): clippy warns fix

server/Cargo.lock

@@ -707,6 +707,7 @@ dependencies = [
  "memsafe",
  "ml-dsa",
  "rand 0.10.1",
+ "thiserror 2.0.18",
  "x-wing",
 ]
 

server/crates/arbiter-crypto/Cargo.toml

@@ -11,6 +11,7 @@ hmac.workspace = true
 alloy.workspace = true
 x-wing = { version = "0.1.0-rc.0", features = ["zeroize"] }
 chrono.workspace = true
+thiserror.workspace = true
 
 [lints]
 workspace = true

server/crates/arbiter-crypto/src/authn/v1.rs

@@ -11,6 +11,13 @@ pub static USERAGENT_CONTEXT: &[u8] = b"arbiter_user_agent";
 
 const NONCE_SIZE: usize = 32;
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq, thiserror::Error)]
+#[error("invalid length: expected {expected} bytes, got {actual} bytes")]
+pub struct InvalidLength {
+    pub expected: usize,
+    pub actual: usize,
+}
+
 #[derive(Debug, Clone)]
 pub struct AuthChallenge {
     pub nonce: [u8; NONCE_SIZE],
@@ -43,8 +50,11 @@ impl AuthChallenge {
         }
     }
 
-    pub fn from_parts(nonce: &[u8], timestamp: i64) -> Result<Self, ()> {
-        let random_nonce = nonce.as_array().ok_or(())?;
+    pub fn from_parts(nonce: &[u8], timestamp: i64) -> Result<Self, InvalidLength> {
+        let random_nonce = nonce.as_array().ok_or(InvalidLength {
+            expected: NONCE_SIZE,
+            actual: nonce.len(),
+        })?;
         Ok(AuthChallenge {
             nonce: *random_nonce,
             timestamp: DateTime::from_timestamp_nanos(timestamp),

server/crates/arbiter-server/src/grpc/user_agent/vault_gate.rs

@@ -15,7 +15,6 @@ mod outbound;
 #[async_trait]
 impl Receiver<vault_gate::Inbound> for AuthTransportAdapter<'_> {
     async fn recv(&mut self) -> Option<vault_gate::Inbound> {
-        loop {
         let request = match self.bi_mut().recv().await? {
             Ok(request) => request,
             Err(error) => {
@@ -41,11 +40,10 @@ impl Receiver<vault_gate::Inbound> for AuthTransportAdapter<'_> {
         };
 
         match payload.try_convert() {
-                Ok(inbound) => return Some(inbound),
+            Ok(inbound) => Some(inbound),
             Err(status) => {
                 let _ = self.bi_mut().send(Err(status)).await;
-                    return None;
-                }
+                None
             }
         }
     }

server/crates/arbiter-server/src/peers/user_agent/mod.rs

@@ -81,7 +81,7 @@ async fn verify_integrity(
         .get()
         .await
         .map_err(|_| Error::Internal("DB unavailable".into()))?;
-    match integrity::verify_entity(&mut conn, &vault, credentials, credentials.id).await {
+    match integrity::verify_entity(&mut conn, vault, credentials, credentials.id).await {
         Ok(AttestationStatus::Attested) => Ok(()),
         Ok(AttestationStatus::Unavailable) => {
             Err(Error::Internal("Vault sealed during promotion".into()))

server/crates/arbiter-server/src/peers/user_agent/vault_gate/mod.rs

@@ -132,7 +132,7 @@ impl VaultGate {
         let secret = ephemeral_secret.diffie_hellman(&client_pubkey);
 
         self.state = State::ReadyForExchange {
-            server_key: public_key.clone(),
+            server_key: public_key,
             secret,
         };
 
@@ -179,7 +179,7 @@ impl VaultGate {
             }
             Err(err) => {
                 error!(?err, "Failed to send unseal request to vault");
-                Err(Error::internal("Vault actor error").into())
+                Err(Error::internal("Vault actor error"))
             }
         }
     }