Skip to content

fix(ci): configure security audit exceptions and remove Ollama#560

Merged
echobt merged 2 commits intomasterfrom
fix/security-audit-and-remove-ollama-1770035468
Feb 2, 2026
Merged

fix(ci): configure security audit exceptions and remove Ollama#560
echobt merged 2 commits intomasterfrom
fix/security-audit-and-remove-ollama-1770035468

Conversation

@echobt
Copy link
Contributor

@echobt echobt commented Feb 2, 2026

Summary

This PR fixes the security audit CI workflow and removes Ollama provider support.

Changes

Security Audit Configuration

  • Add .cargo/audit.toml to centralize RUSTSEC advisory exceptions
  • Remove continue-on-error: true from CI so audit properly fails on new vulnerabilities
  • Documented exceptions for transitive dependencies (wasmtime, fxhash, paste, lru)

Remove Ollama Provider

  • Remove all Ollama model definitions from cortex-cli
  • Remove related Ollama-specific tests
  • Simplifies codebase by focusing on cloud providers

Testing

  • cargo check -p cortex-cli passes
  • All existing tests pass (Ollama-specific tests removed)

Security Notes

All RUSTSEC exceptions are documented with:

  • Advisory ID and severity
  • Reason why it's acceptable for our use case
  • Most are in wasmtime v29 transitive dependencies

echobt added 2 commits February 2, 2026 12:30
@echobt
fix(ci): configure RUSTSEC advisory exceptions for security audit
3d784b4 
Add .cargo/audit.toml to centralize security advisory exceptions:
- RUSTSEC-2025-0118: wasmtime v29 shared memory API (low severity)
- RUSTSEC-2025-0046: wasmtime v29 fd_renumber panic (low severity)
- RUSTSEC-2026-0006: wasmtime v29 f64.copysign segfault (medium)
- RUSTSEC-2025-0057: fxhash unmaintained (transitive via wasmtime)
- RUSTSEC-2024-0436: paste unmaintained (transitive via wasmtime)
- RUSTSEC-2026-0002: lru unsound iteration (transitive via ratatui)

Remove continue-on-error from security audit CI job so it properly
fails on new unacknowledged vulnerabilities.
@echobt
refactor(cli): remove Ollama provider from models command
113a61e 
Remove all Ollama model definitions and related tests from cortex-cli.
This simplifies the codebase by removing support for the local Ollama
provider, focusing on cloud-based model providers.
@echobt echobt merged commit 682bca8 into master Feb 2, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@echobt