feat(config): migrate wallet to use a layered configuration

Cargo.toml

@@ -44,6 +44,7 @@ i18n-embed-fl = "0.9"
 rust-embed = "8"
 
 # Parsing and serialization
+config = { version = "0.15.14", features = ["toml"] }
 hex = "0.4"
 serde = { version = "1", features = ["serde_derive"] }
 serde_json = { version = "1", features = ["arbitrary_precision", "raw_value"] }

supply-chain/audits.toml

@@ -240,6 +240,12 @@ It uses `#![forbid(unsafe_code, unstable_features)]`, and does not have any
 powerful imports.
 """
 
+[[trusted.config]]
+criteria = "safe-to-deploy"
+user-id = 6743 # Ed Page (epage)
+start = "2024-10-23"
+end = "2026-08-21"
+
 [[trusted.equihash]]
 criteria = "safe-to-deploy"
 user-id = 6289

supply-chain/imports.lock

@@ -15,6 +15,34 @@ user-id = 3788
 user-login = "emilio"
 user-name = "Emilio Cobos Álvarez"
 
+[[publisher.config]]
+version = "0.15.13"
+when = "2025-07-09"
+user-id = 6743
+user-login = "epage"
+user-name = "Ed Page"
+
+[[publisher.encoding_rs]]
+version = "0.8.35"
+when = "2024-10-24"
+user-id = 4484
+user-login = "hsivonen"
+user-name = "Henri Sivonen"
+
+[[publisher.equihash]]
+version = "0.2.2"
+when = "2025-03-05"
+user-id = 6289
+user-login = "str4d"
+user-name = "Jack Grigg"
+
+[[publisher.f4jumble]]
+version = "0.1.1"
+when = "2024-12-13"
+user-id = 6289
+user-login = "str4d"
+user-name = "Jack Grigg"
+
 [[publisher.incrementalmerkletree]]
 version = "0.8.2"
 when = "2025-02-01"
@@ -475,6 +503,15 @@ criteria = "safe-to-deploy"
 delta = "2.1.1 -> 2.3.0"
 notes = "Minor refactoring, nothing new."
 
+[[audits.bytecode-alliance.audits.foldhash]]
+who = "Alex Crichton <alex@alexcrichton.com>"
+criteria = "safe-to-deploy"
+version = "0.1.3"
+notes = """
+Only a minor amount of `unsafe` code in this crate related to global per-process
+initialization which looks correct to me.
+"""
+
 [[audits.bytecode-alliance.audits.futures]]
 who = "Joel Dice <joel.dice@gmail.com>"
 criteria = "safe-to-deploy"
@@ -944,6 +981,20 @@ that the RNG here is not cryptographically secure.
 """
 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
 
+[[audits.google.audits.foldhash]]
+who = "Adrian Taylor <adetaylor@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "0.1.3 -> 0.1.4"
+notes = "No changes to safety-relevant code"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.foldhash]]
+who = "Chris Palmer <palmer@google.com>"
+criteria = "safe-to-deploy"
+delta = "0.1.4 -> 0.1.5"
+notes = "No new `unsafe`."
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.glob]]
 who = "George Burgess IV <gbiv@google.com>"
 criteria = "safe-to-deploy"
@@ -2097,6 +2148,15 @@ end = "2024-04-21"
 notes = "No unsafe code, rather straight-forward parser."
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.wildcard-audits.encoding_rs]]
+who = "Henri Sivonen <hsivonen@hsivonen.fi>"
+criteria = "safe-to-deploy"
+user-id = 4484 # Henri Sivonen (hsivonen)
+start = "2019-02-26"
+end = "2025-10-23"
+notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.wildcard-audits.unicode-normalization]]
 who = "Manish Goregaokar <manishsmail@gmail.com>"
 criteria = "safe-to-deploy"
@@ -2177,6 +2237,12 @@ criteria = "safe-to-deploy"
 delta = "1.0.71 -> 1.0.95"
 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.arraydeque]]
+who = "Lars Eggert <lars@eggert.org>"
+criteria = "safe-to-deploy"
+version = "0.5.1"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.basic-toml]]
 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
 criteria = "safe-to-deploy"
@@ -2362,6 +2428,12 @@ version = "0.12.3"
 notes = "This version is used in rust's libstd, so effectively we're already trusting it"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.hashlink]]
+who = "Erich Gubler <erichdongubler@gmail.com>"
+criteria = "safe-to-deploy"
+delta = "0.9.1 -> 0.10.0"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.hex]]
 who = "Simon Friedberger <simon@mozilla.com>"
 criteria = "safe-to-deploy"
@@ -3021,6 +3093,12 @@ criteria = "safe-to-deploy"
 delta = "0.5.4 -> 0.5.5"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.yaml-rust2]]
+who = "Lars Eggert <lars@eggert.org>"
+criteria = "safe-to-deploy"
+version = "0.10.3"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.zeroize]]
 who = "Benjamin Beurdouche <beurdouche@mozilla.com>"
 criteria = "safe-to-deploy"

zallet/Cargo.toml

@@ -75,6 +75,7 @@ assets = [
 [dependencies]
 abscissa_core.workspace = true
 abscissa_tokio.workspace = true
+config.workspace = true
 age.workspace = true
 async-trait.workspace = true
 bip0039.workspace = true

zallet/src/commands.rs

@@ -108,38 +108,49 @@ impl EntryPoint {
                 .map(|base| base.join(".zallet"))
         }
     }
-}
-
-impl Runnable for EntryPoint {
-    fn run(&self) {
-        self.cmd.run()
-    }
-}
 
-impl Configurable<ZalletConfig> for EntryPoint {
-    fn config_path(&self) -> Option<PathBuf> {
-        // Check if the config file exists, and if it does not, ignore it.
-        // If you'd like for a missing configuration file to be a hard error
-        // instead, always return `Some(CONFIG_FILE)` here.
+    /// Returns the config file path relative to the data directory, if it exists.
+    fn config_path(&self) -> Result<Option<PathBuf>, FrameworkError> {
+        let datadir = self.datadir()?;
         let filename = resolve_datadir_path(
-            &self.datadir().ok()?,
+            &datadir,
             self.config
                 .as_deref()
                 .unwrap_or_else(|| Path::new(CONFIG_FILE)),
         );
 
-        if filename.exists() {
+        // Check if the config file exists, and if it does not, ignore it.
+        // If you'd like for a missing configuration file to be a hard error
+        // instead, always return `Some(CONFIG_FILE)` here.
+        Ok(if filename.exists() {
             Some(filename)
         } else {
             None
-        }
+        })
+    }
+}
+
+impl Runnable for EntryPoint {
+    fn run(&self) {
+        self.cmd.run()
     }
+}
+
+impl Configurable<ZalletConfig> for EntryPoint {
+    fn process_config(&self, _config: ZalletConfig) -> Result<ZalletConfig, FrameworkError> {
+        // Load configuration using config-rs
+        let datadir = self.datadir()?;
+        let config_path = self.config_path()?;
+
+        // Convert config-rs error to FrameworkError at the Abscissa boundary
+        let mut config = ZalletConfig::load(config_path.as_deref())
+            .map_err(|e| FrameworkErrorKind::ConfigError.context(e))?;
 
-    fn process_config(&self, mut config: ZalletConfig) -> Result<ZalletConfig, FrameworkError> {
         // Components access top-level CLI settings solely through `ZalletConfig`.
         // Load them in here.
-        config.datadir = Some(self.datadir()?);
+        config.datadir = Some(datadir);
 
+        // Apply command-specific overrides
         match &self.cmd {
             ZalletCmd::Start(cmd) => cmd.override_config(config),
             _ => Ok(config),