From 17816b82ba22a78bd7ba55f7c4073290eb0d6268 Mon Sep 17 00:00:00 2001
From: Sephyi <me@sephy.io>
Date: Sun, 19 Apr 2026 18:51:58 +0200
Subject: [PATCH] refactor: extract binary to lib.rs and enforce
 forbid(unsafe_code)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The `src/main.rs` binary re-declared `mod app; mod cli; mod config; …`,
which built a second module tree alongside `src/lib.rs`. That second tree
did not inherit the `#![forbid(unsafe_code)]` attribute from `lib.rs`,
leaving the binary half of the crate silently unprotected.

Shrink `main.rs` to a thin entry point that imports from the library
crate (`use commitbee::{App, Cli, error};`) and add
`#![forbid(unsafe_code)]` at its top so both compilation units enforce
the lint. `lib.rs` already declared every module publicly, so no other
file needed updating.

Closes audit entry F-028 from #3.
---
 src/main.rs | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 2358a72..4c4fcc3 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,21 +2,12 @@
 //
 // SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Commercial
 
+#![forbid(unsafe_code)]
+
 use clap::Parser;
+use commitbee::{App, Cli, error};
 use tracing_subscriber::EnvFilter;
 
-mod app;
-mod cli;
-mod config;
-mod domain;
-mod error;
-#[cfg(feature = "eval")]
-mod eval;
-mod services;
-
-use app::App;
-use cli::Cli;
-
 #[tokio::main]
 async fn main() {
     miette::set_hook(Box::new(|_| {