elasticproject-eu · rodneyosodo · Feb 18, 2026
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -29,5 +29,8 @@ jobs:
       - name: Check formatting
         run: cargo fmt --all -- --check
 
+      - name: Run linter
+        run: cargo clippy -- -D warnings
+
       - name: Build release
         run: cargo build --release
diff --git a/src/clock.rs b/src/clock.rs
@@ -78,7 +78,7 @@ impl ClockInterface {
         self.timezone_offset = if offset_seconds == 0 {
             None
         } else {
-            Some(Duration::from_secs(offset_seconds.abs() as u64))
+            Some(Duration::from_secs(offset_seconds.unsigned_abs() as u64))
         };
 
         Ok(())

diff --git a/src/enforcement/engine.rs b/src/enforcement/engine.rs
@@ -57,7 +57,7 @@ impl EnforcementLayer {
 
         // Crypto interface
         if policy.capabilities.crypto {
-            let crypto = DefaultCryptoProvider::new();
+            let crypto = DefaultCryptoProvider::default();
             let audited =
                 AuditedCryptoProvider::new(crypto, entity_id.clone(), self.audit_log.clone());
 
@@ -90,17 +90,17 @@ impl EnforcementLayer {
 
         // Capabilities interface
         if policy.capabilities.capabilities {
-            hal.capabilities = Some(Box::new(DefaultCapabilitiesProvider::new()));
+            hal.capabilities = Some(Box::new(DefaultCapabilitiesProvider::default()));
         }
 
         // Random interface
         if policy.capabilities.random {
-            hal.random = Some(Box::new(DefaultRandomProvider::new()));
+            hal.random = Some(Box::new(DefaultRandomProvider::default()));
         }
 
         // Clock interface
         if policy.capabilities.clock {
-            hal.clock = Some(Box::new(DefaultClockProvider::new()));
+            hal.clock = Some(Box::new(DefaultClockProvider::default()));
         }
 
         // Storage interface

diff --git a/src/enforcement/policy.rs b/src/enforcement/policy.rs
@@ -151,22 +151,16 @@ pub struct PolicyConfig {
 }
 
 /// Policy engine that manages and enforces policies
+#[derive(Default)]
 pub struct PolicyEngine {
     policies: HashMap<EntityId, EntityPolicy>,
     umbrella_id: Option<EntityId>,
 }
 
 impl PolicyEngine {
-    pub fn new() -> Self {
-        Self {
-            policies: HashMap::new(),
-            umbrella_id: None,
-        }
-    }
-
     /// Load policies from configuration
     pub fn from_config(config: PolicyConfig) -> EnforcementResult<Self> {
-        let mut engine = Self::new();
+        let mut engine = Self::default();
 
         // Load entity policies
         for policy in config.entities {

diff --git a/src/events.rs b/src/events.rs
@@ -252,12 +252,12 @@ impl EventInterface {
                 if let Some(handler) = handlers.get(&subscription.handler_handle) {
                     // Check queue size
                     let current_size = *handler.current_queue_size.read().await;
-                    if current_size < handler.max_queue_size {
-                        if handler.sender.send(event.clone()).is_ok() {
-                            let mut queue_size = handler.current_queue_size.write().await;
-                            *queue_size += 1;
-                            sent_count += 1;
-                        }
+                    if current_size < handler.max_queue_size
+                        && handler.sender.send(event.clone()).is_ok()
+                    {
+                        let mut queue_size = handler.current_queue_size.write().await;
+                        *queue_size += 1;
+                        sent_count += 1;
                     }
                 }
             }
@@ -513,21 +513,20 @@ impl Default for EventInterface {
 
 // Helper function to use UUID without adding it as a dependency
 mod uuid {
-    pub struct Uuid;
+    use core::fmt;
 
-    impl Uuid {
-        pub fn new_v4() -> Self {
-            Self
-        }
+    pub struct Uuid;
 
-        pub fn to_string(&self) -> String {
+    impl fmt::Display for Uuid {
+        fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
             // Simple UUID-like string generator for testing
             let timestamp = std::time::SystemTime::now()
                 .duration_since(std::time::UNIX_EPOCH)
                 .unwrap()
                 .as_nanos();
 
-            format!(
+            write!(
+                f,
                 "{:x}-{:x}-{:x}-{:x}",
                 timestamp & 0xffffffff,
                 (timestamp >> 32) & 0xffff,
@@ -536,6 +535,12 @@ mod uuid {
             )
         }
     }
+
+    impl Uuid {
+        pub fn new_v4() -> Self {
+            Self
+        }
+    }
 }
 
 #[cfg(test)]

diff --git a/src/gpu.rs b/src/gpu.rs
@@ -141,7 +141,7 @@ pub struct GpuBufferDescriptor {
 }
 
 /// GPU buffer usage flags
-#[derive(Debug, Clone)]
+#[derive(Default, Debug, Clone)]
 pub struct GpuBufferUsage {
     pub map_read: bool,
     pub map_write: bool,
@@ -814,20 +814,3 @@ mod tests {
         assert!(result.is_err());
     }
 }
-
-impl Default for GpuBufferUsage {
-    fn default() -> Self {
-        Self {
-            map_read: false,
-            map_write: false,
-            copy_src: false,
-            copy_dst: false,
-            index: false,
-            vertex: false,
-            uniform: false,
-            storage: false,
-            indirect: false,
-            query_resolve: false,
-        }
-    }
-}
diff --git a/src/interfaces.rs b/src/interfaces.rs
@@ -76,10 +76,10 @@ impl HalProvider {
             platform: DefaultPlatformProvider::new()
                 .ok()
                 .map(|p| Box::new(p) as Box<dyn PlatformInterface>),
-            capabilities: Some(Box::new(DefaultCapabilitiesProvider::new())),
-            crypto: Some(Box::new(DefaultCryptoProvider::new())),
-            random: Some(Box::new(DefaultRandomProvider::new())),
-            clock: Some(Box::new(DefaultClockProvider::new())),
+            capabilities: Some(Box::new(DefaultCapabilitiesProvider::default())),
+            crypto: Some(Box::new(DefaultCryptoProvider::default())),
+            random: Some(Box::new(DefaultRandomProvider::default())),
+            clock: Some(Box::new(DefaultClockProvider::default())),
             storage: None, // Optional
         }
     }

diff --git a/src/platform.rs b/src/platform.rs
@@ -271,7 +271,7 @@ impl ElasticTeeHal {
     ///
     /// # Arguments
     /// * `report_data` - Custom data to include in the attestation report (e.g., nonce, challenge)
-    ///                   For TDX, this should be up to 64 bytes. For SEV-SNP, up to 64 bytes.
+    ///   For TDX, this should be up to 64 bytes. For SEV-SNP, up to 64 bytes.
     pub async fn attest(&self, report_data: &[u8]) -> HalResult<Vec<u8>> {
         if !self.initialized {
             return Err(HalError::TeeInitializationFailed(

diff --git a/src/providers.rs b/src/providers.rs
@@ -35,8 +35,8 @@ pub struct DefaultCapabilitiesProvider {
     caps: crate::capabilities::PlatformCapabilities,
 }
 
-impl DefaultCapabilitiesProvider {
-    pub fn new() -> Self {
+impl Default for DefaultCapabilitiesProvider {
+    fn default() -> Self {
         let platform_type = crate::platform::ElasticTeeHal::new()
             .map(|hal| hal.platform_type().clone())
             .unwrap_or(crate::platform::PlatformType::IntelTdx);
@@ -49,32 +49,34 @@ impl DefaultCapabilitiesProvider {
 
 impl CapabilitiesInterface for DefaultCapabilitiesProvider {
     fn list_capabilities(&self) -> Result<Vec<(String, bool, String)>, String> {
-        let mut result = Vec::new();
-        result.push((
-            "random".to_string(),
-            self.caps.features.random,
-            "1.0".to_string(),
-        ));
-        result.push((
-            "crypto".to_string(),
-            self.caps.crypto_support.hardware_acceleration,
-            "1.0".to_string(),
-        ));
-        result.push((
-            "attestation".to_string(),
-            self.caps.features.attestation,
-            "1.0".to_string(),
-        ));
-        result.push((
-            "secure-storage".to_string(),
-            self.caps.features.secure_storage,
-            "1.0".to_string(),
-        ));
-        result.push((
-            "gpu-compute".to_string(),
-            self.caps.features.gpu_compute,
-            "1.0".to_string(),
-        ));
+        let result = vec![
+            (
+                "random".to_string(),
+                self.caps.features.random,
+                "1.0".to_string(),
+            ),
+            (
+                "crypto".to_string(),
+                self.caps.crypto_support.hardware_acceleration,
+                "1.0".to_string(),
+            ),
+            (
+                "attestation".to_string(),
+                self.caps.features.attestation,
+                "1.0".to_string(),
+            ),
+            (
+                "secure-storage".to_string(),
+                self.caps.features.secure_storage,
+                "1.0".to_string(),
+            ),
+            (
+                "gpu-compute".to_string(),
+                self.caps.features.gpu_compute,
+                "1.0".to_string(),
+            ),
+        ];
+
         Ok(result)
     }
 
@@ -92,18 +94,11 @@ impl CapabilitiesInterface for DefaultCapabilitiesProvider {
 }
 
 /// Default crypto provider
+#[derive(Default)]
 pub struct DefaultCryptoProvider {
     crypto: crate::crypto::CryptoInterface,
 }
 
-impl DefaultCryptoProvider {
-    pub fn new() -> Self {
-        Self {
-            crypto: crate::crypto::CryptoInterface::new(),
-        }
-    }
-}
-
 impl CryptoInterface for DefaultCryptoProvider {
     fn hash(&self, data: &[u8], algorithm: &str) -> Result<Vec<u8>, String> {
         futures::executor::block_on(self.crypto.hash_data(algorithm, data))
@@ -160,18 +155,11 @@ impl CryptoInterface for DefaultCryptoProvider {
 }
 
 /// Default random provider
+#[derive(Default)]
 pub struct DefaultRandomProvider {
     random: crate::random::RandomInterface,
 }
 
-impl DefaultRandomProvider {
-    pub fn new() -> Self {
-        Self {
-            random: crate::random::RandomInterface::new(),
-        }
-    }
-}
-
 impl RandomInterface for DefaultRandomProvider {
     fn get_random_bytes(&self, length: u32) -> Result<Vec<u8>, String> {
         self.random
@@ -188,18 +176,11 @@ impl RandomInterface for DefaultRandomProvider {
 }
 
 /// Default clock provider
+#[derive(Default)]
 pub struct DefaultClockProvider {
     clock: crate::clock::ClockInterface,
 }
 
-impl DefaultClockProvider {
-    pub fn new() -> Self {
-        Self {
-            clock: crate::clock::ClockInterface::new(),
-        }
-    }
-}
-
 impl ClockInterface for DefaultClockProvider {
     fn system_time(&self) -> Result<(u64, u32), String> {
         self.clock

diff --git a/src/random.rs b/src/random.rs
@@ -106,7 +106,7 @@ impl RandomInterface {
 
     /// Generate random salt for password hashing
     pub fn generate_salt(&self, length: usize) -> HalResult<Vec<u8>> {
-        if length < 16 || length > 64 {
+        if (16..=64).contains(&length) {
             return Err(HalError::InvalidParameter(
                 "Salt length must be between 16 and 64 bytes".to_string(),
             ));
@@ -117,7 +117,7 @@ impl RandomInterface {
 
     /// Generate cryptographically secure random key material
     pub fn generate_key_material(&self, length: usize) -> HalResult<Vec<u8>> {
-        if length < 16 || length > 256 {
+        if !(16..=256).contains(&length) {
             return Err(HalError::InvalidParameter(
                 "Key material length must be between 16 and 256 bytes".to_string(),
             ));
@@ -128,7 +128,7 @@ impl RandomInterface {
 
     /// Test randomness quality (basic entropy check)
     pub fn test_randomness_quality(&self, sample_size: usize) -> HalResult<f64> {
-        if sample_size < 1000 || sample_size > 100_000 {
+        if !(1000..=100_000).contains(&sample_size) {
             return Err(HalError::InvalidParameter(
                 "Sample size must be between 1000 and 100000 bytes".to_string(),
             ));

diff --git a/src/sockets.rs b/src/sockets.rs
@@ -30,7 +30,7 @@ pub struct SocketInterface {
 enum SocketWrapper {
     TcpListener(TcpListener),
     TcpStream(TcpStream),
-    TlsStream(TlsStream<TcpStream>),
+    TlsStream(Box<TlsStream<TcpStream>>),
     UdpSocket(UdpSocket),
     // DTLS would require additional implementation
 }
@@ -320,7 +320,7 @@ impl SocketInterface {
         let mut sockets = self.sockets.write().await;
         sockets.insert(
             handle,
-            SocketWrapper::TlsStream(tokio_rustls::TlsStream::Client(tls_stream)),
+            SocketWrapper::TlsStream(Box::new(tokio_rustls::TlsStream::Client(tls_stream))),
         );
 
         Ok(handle)
@@ -383,7 +383,7 @@ impl SocketInterface {
         let mut sockets = self.sockets.write().await;
         sockets.insert(
             handle,
-            SocketWrapper::TlsStream(tokio_rustls::TlsStream::Server(tls_stream)),
+            SocketWrapper::TlsStream(Box::new(tokio_rustls::TlsStream::Server(tls_stream))),
         );
 
         Ok(handle)