11 files changed, 133 insertions, 94 deletions
diff --git a/src/audit_cleanup.rs b/src/audit_cleanup.rs
index b976b1f..de78b1b 100644
--- a/src/audit_cleanup.rs
+++ b/src/audit_cleanup.rs
@@ -15,7 +15,7 @@
 //!
 //! Runs every `AUDIT_CLEANUP_INTERVAL_SECS` seconds.
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 use std::time::Duration;
 use nostr_sdk::prelude::*;
@@ -46,8 +46,12 @@ pub async fn run_audit_cleanup_loop(database: SharedDatabase, git_data_path: Pat
 }
 /// Perform a single cleanup pass.
-async fn run_audit_cleanup_once(database: &SharedDatabase, git_data_path: &PathBuf) {
+async fn run_audit_cleanup_once(database: &SharedDatabase, git_data_path: &Path) {
-    let cutoff = Timestamp::from(Timestamp::now().as_secs().saturating_sub(AUDIT_CLEANUP_AGE_SECS));
+    let cutoff = Timestamp::from(
+        Timestamp::now()
+            .as_secs()
+            .saturating_sub(AUDIT_CLEANUP_AGE_SECS),
+    );
    // --- Step 1: Find repo announcements to delete git repos for ---
    let repo_filter = Filter::new()
@@ -73,10 +77,7 @@ async fn run_audit_cleanup_once(database: &SharedDatabase, git_data_path: &PathB
                if repo_path.exists() {
                    match std::fs::remove_dir_all(&repo_path) {
                        Ok(()) => {
-                            debug!(
+                            debug!("audit_cleanup: deleted git repo {}", repo_path.display());
-                                "audit_cleanup: deleted git repo {}",
-                                repo_path.display()
-                            );
                            repos_deleted += 1;
                            // Remove the parent npub directory if it is now empty
@@ -131,9 +132,7 @@ async fn run_audit_cleanup_once(database: &SharedDatabase, git_data_path: &PathB
    }
    // --- Step 2: Delete all audit events from the database ---
-    let all_audit_filter = Filter::new()
+    let all_audit_filter = Filter::new().hashtag(AUDIT_TEST_EVENT_TAG).until(cutoff);
-        .hashtag(AUDIT_TEST_EVENT_TAG)
-        .until(cutoff);
    match database.delete(all_audit_filter).await {
        Ok(()) => {
@@ -143,7 +142,10 @@ async fn run_audit_cleanup_once(database: &SharedDatabase, git_data_path: &PathB
            );
        }
        Err(e) => {
-            error!("audit_cleanup: failed to delete audit events from database: {}", e);
+            error!(
+                "audit_cleanup: failed to delete audit events from database: {}",
+                e
+            );
        }
    }
 }
diff --git a/src/git/handlers.rs b/src/git/handlers.rs
index 5ff3a7f..b615251 100644
--- a/src/git/handlers.rs
+++ b/src/git/handlers.rs
@@ -154,13 +154,10 @@ pub async fn handle_upload_pack(
    // Write request to git's stdin
    if let Some(mut stdin) = git.take_stdin() {
-        stdin
+        stdin.write_all(&request_body).await.map_err(|e| {
-            .write_all(&request_body)
+            error!("Failed to write to git upload-pack stdin: {}", e);
-            .await
+            GitError::IoError(e)
-            .map_err(|e| {
+        })?;
-                error!("Failed to write to git upload-pack stdin: {}", e);
-                GitError::IoError(e)
-            })?;
        // Close stdin to signal end of input
        drop(stdin);
    }
@@ -171,24 +168,18 @@ pub async fn handle_upload_pack(
    if let Some(stdout) = git.take_stdout() {
        let mut stdout = stdout;
-        stdout
+        stdout.read_to_end(&mut output).await.map_err(|e| {
-            .read_to_end(&mut output)
+            error!("Failed to read git upload-pack stdout: {}", e);
-            .await
+            GitError::IoError(e)
-            .map_err(|e| {
+        })?;
-                error!("Failed to read git upload-pack stdout: {}", e);
-                GitError::IoError(e)
-            })?;
    }
    if let Some(stderr) = git.take_stderr() {
        let mut stderr = stderr;
-        stderr
+        stderr.read_to_end(&mut stderr_output).await.map_err(|e| {
-            .read_to_end(&mut stderr_output)
+            error!("Failed to read git upload-pack stderr: {}", e);
-            .await
+            GitError::IoError(e)
-            .map_err(|e| {
+        })?;
-                error!("Failed to read git upload-pack stderr: {}", e);
-                GitError::IoError(e)
-            })?;
    }
    // Wait for process
@@ -317,13 +308,10 @@ pub async fn handle_receive_pack(
    // Write request to git's stdin
    if let Some(mut stdin) = git.take_stdin() {
-        stdin
+        stdin.write_all(&request_body).await.map_err(|e| {
-            .write_all(&request_body)
+            error!("Failed to write to git receive-pack stdin: {}", e);
-            .await
+            GitError::IoError(e)
-            .map_err(|e| {
+        })?;
-                error!("Failed to write to git receive-pack stdin: {}", e);
-                GitError::IoError(e)
-            })?;
        drop(stdin);
    }
@@ -333,24 +321,18 @@ pub async fn handle_receive_pack(
    if let Some(stdout) = git.take_stdout() {
        let mut stdout = stdout;
-        stdout
+        stdout.read_to_end(&mut output).await.map_err(|e| {
-            .read_to_end(&mut output)
+            error!("Failed to read git receive-pack stdout: {}", e);
-            .await
+            GitError::IoError(e)
-            .map_err(|e| {
+        })?;
-                error!("Failed to read git receive-pack stdout: {}", e);
-                GitError::IoError(e)
-            })?;
    }
    if let Some(stderr) = git.take_stderr() {
        let mut stderr = stderr;
-        stderr
+        stderr.read_to_end(&mut stderr_output).await.map_err(|e| {
-            .read_to_end(&mut stderr_output)
+            error!("Failed to read git receive-pack stderr: {}", e);
-            .await
+            GitError::IoError(e)
-            .map_err(|e| {
+        })?;
-                error!("Failed to read git receive-pack stderr: {}", e);
-                GitError::IoError(e)
-            })?;
    }
    // Wait for process
diff --git a/src/git/sync.rs b/src/git/sync.rs
index 9a02ad4..05dcbda 100644
--- a/src/git/sync.rs
+++ b/src/git/sync.rs
@@ -814,6 +814,7 @@ pub fn extract_identifier_from_pr_event(event: &Event) -> Option<String> {
 ///
 /// # Returns
 /// A `ProcessResult` describing what was processed
+#[allow(clippy::too_many_arguments)]
 pub async fn process_newly_available_git_data(
    source_repo_path: &Path,
    new_oids: &HashSet<String>,
@@ -1339,6 +1340,7 @@ async fn process_purgatory_pr_events(
 /// When `write_policy` and `rejected_events_index` are provided (git push path),
 /// any maintainer announcements sitting in the hot cache are re-processed immediately
 /// after the owner announcement is promoted, so they don't wait for the next sync cycle.
+#[allow(clippy::too_many_arguments)]
 async fn process_purgatory_announcements(
    identifier: &str,
    source_repo_path: &Path,
diff --git a/src/http/mod.rs b/src/http/mod.rs
index 76ffef3..c397365 100644
--- a/src/http/mod.rs
+++ b/src/http/mod.rs
@@ -105,6 +105,7 @@ struct HttpService {
 }
 impl HttpService {
+    #[allow(clippy::too_many_arguments)]
    fn new(
        relay: LocalRelay,
        config: Config,
diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs
index a0088e1..03132bf 100644
--- a/src/nostr/builder.rs
+++ b/src/nostr/builder.rs
@@ -18,7 +18,6 @@ use crate::nostr::policy::{
    ReferenceResult, RelatedEventPolicy, StatePolicy, StateResult,
 };
 /// Type alias for the shared database used by the relay
 pub type SharedDatabase = Arc<dyn NostrDatabase>;
diff --git a/src/nostr/policy/announcement.rs b/src/nostr/policy/announcement.rs
index b366f0b..aba5181 100644
--- a/src/nostr/policy/announcement.rs
+++ b/src/nostr/policy/announcement.rs
@@ -70,7 +70,10 @@ impl AnnouncementPolicy {
                            .is_some_and(|entry| event.created_at > entry.event.created_at);
                        if should_evict {
-                            self.remove_purgatory_announcement(&event.pubkey, &announcement.identifier);
+                            self.remove_purgatory_announcement(
+                                &event.pubkey,
+                                &announcement.identifier,
+                            );
                        }
                        match self
@@ -145,10 +148,9 @@ impl AnnouncementPolicy {
                        );
                        AnnouncementResult::AcceptPurgatory
                    }
-                    Err(e) => AnnouncementResult::Reject(format!(
+                    Err(e) => {
-                        "Failed to parse announcement: {}",
+                        AnnouncementResult::Reject(format!("Failed to parse announcement: {}", e))
-                        e
+                    }
-                    )),
                }
            }
            // AcceptPurgatory shouldn't come from validate_announcement, but handle it
@@ -161,11 +163,7 @@ impl AnnouncementPolicy {
    /// Called when a replacement announcement arrives for a (pubkey, identifier) pair
    /// that is currently in purgatory. Updates the purgatory entry and extends the
    /// expiry so the new announcement has a fresh waiting window.
-    fn replace_purgatory_announcement(
+    fn replace_purgatory_announcement(&self, event: &Event, announcement: &RepositoryAnnouncement) {
-        &self,
-        event: &Event,
-        announcement: &RepositoryAnnouncement,
-    ) {
        let repo_path = self.ctx.git_data_path.join(announcement.repo_path());
        let relays: HashSet<String> = announcement.relays.iter().cloned().collect();
diff --git a/src/nostr/policy/deletion.rs b/src/nostr/policy/deletion.rs
index 6457c90..c5a52d4 100644
--- a/src/nostr/policy/deletion.rs
+++ b/src/nostr/policy/deletion.rs
@@ -155,7 +155,9 @@ impl DeletionPolicy {
                        author = %author.to_hex(),
                        "Deletion request: removing purgatory state event by event ID"
                    );
-                    self.ctx.purgatory.remove_state_event(&identifier, &entry.event.id);
+                    self.ctx
+                        .purgatory
+                        .remove_state_event(&identifier, &entry.event.id);
                    return; // event IDs are unique
                }
            }
@@ -223,7 +225,9 @@ impl DeletionPolicy {
                    if entry.author == *author
                        && entry.event.created_at.as_secs() <= deletion_created_at
                    {
-                        self.ctx.purgatory.remove_state_event(identifier, &entry.event.id);
+                        self.ctx
+                            .purgatory
+                            .remove_state_event(identifier, &entry.event.id);
                        removed += 1;
                    }
                }
@@ -306,7 +310,10 @@ mod tests {
        EventBuilder::new(Kind::GitRepoAnnouncement, "")
            .tags(vec![
                Tag::identifier(identifier),
-                Tag::custom(TagKind::custom("clone"), vec!["https://example.com/repo.git"]),
+                Tag::custom(
+                    TagKind::custom("clone"),
+                    vec!["https://example.com/repo.git"],
+                ),
            ])
            .sign_with_keys(keys)
            .unwrap()
@@ -331,7 +338,9 @@ mod tests {
        let announcement = make_announcement_event(&keys, identifier);
        add_to_purgatory(&ctx, &announcement, identifier);
-        assert!(ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier));
+        assert!(ctx
+            .purgatory
+            .has_purgatory_announcement(&keys.public_key(), identifier));
        // Build kind 5 deletion event referencing the announcement by event ID
        let deletion = EventBuilder::new(Kind::EventDeletion, "")
@@ -347,7 +356,8 @@ mod tests {
        assert!(matches!(result, WritePolicyResult::Accept));
        assert!(
-            !ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier),
+            !ctx.purgatory
+                .has_purgatory_announcement(&keys.public_key(), identifier),
            "Purgatory entry should have been removed"
        );
    }
@@ -361,7 +371,9 @@ mod tests {
        let announcement = make_announcement_event(&keys, identifier);
        add_to_purgatory(&ctx, &announcement, identifier);
-        assert!(ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier));
+        assert!(ctx
+            .purgatory
+            .has_purgatory_announcement(&keys.public_key(), identifier));
        // Build kind 5 deletion event referencing the announcement by coordinate
        let coord = format!("30617:{}:{}", keys.public_key().to_hex(), identifier);
@@ -378,7 +390,8 @@ mod tests {
        assert!(matches!(result, WritePolicyResult::Accept));
        assert!(
-            !ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier),
+            !ctx.purgatory
+                .has_purgatory_announcement(&keys.public_key(), identifier),
            "Purgatory entry should have been removed"
        );
    }
@@ -407,7 +420,8 @@ mod tests {
        assert!(matches!(result, WritePolicyResult::Accept));
        assert!(
-            ctx.purgatory.has_purgatory_announcement(&owner_keys.public_key(), identifier),
+            ctx.purgatory
+                .has_purgatory_announcement(&owner_keys.public_key(), identifier),
            "Purgatory entry should NOT have been removed by wrong author"
        );
    }
@@ -438,7 +452,8 @@ mod tests {
        assert!(matches!(result, WritePolicyResult::Accept));
        assert!(
-            ctx.purgatory.has_purgatory_announcement(&owner_keys.public_key(), identifier),
+            ctx.purgatory
+                .has_purgatory_announcement(&owner_keys.public_key(), identifier),
            "Purgatory entry should NOT have been removed by wrong author"
        );
    }
@@ -450,11 +465,10 @@ mod tests {
        // No purgatory entry exists — deletion should still be accepted
        let deletion = EventBuilder::new(Kind::EventDeletion, "")
-            .tags(vec![
+            .tags(vec![Tag::custom(
-                Tag::custom(TagKind::custom("a"), vec![
+                TagKind::custom("a"),
-                    format!("30617:{}:nonexistent", keys.public_key().to_hex())
+                vec![format!("30617:{}:nonexistent", keys.public_key().to_hex())],
-                ]),
+            )])
-            ])
            .sign_with_keys(&keys)
            .unwrap();
@@ -491,7 +505,8 @@ mod tests {
        assert!(matches!(result, WritePolicyResult::Accept));
        assert!(
-            ctx.purgatory.has_purgatory_announcement(&keys.public_key(), identifier),
+            ctx.purgatory
+                .has_purgatory_announcement(&keys.public_key(), identifier),
            "Purgatory entry should NOT be removed: entry is newer than deletion request"
        );
    }
diff --git a/src/nostr/policy/pr_event.rs b/src/nostr/policy/pr_event.rs
index 52747a4..e4a64b8 100644
--- a/src/nostr/policy/pr_event.rs
+++ b/src/nostr/policy/pr_event.rs
@@ -7,7 +7,9 @@ use nostr_relay_builder::prelude::Event;
 use super::PolicyContext;
 use crate::git;
-use crate::git::authorization::{collect_authorized_maintainers, fetch_repository_data_excluding_purgatory};
+use crate::git::authorization::{
+    collect_authorized_maintainers, fetch_repository_data_excluding_purgatory,
+};
 /// Policy for validating PR and PR Update events
 #[derive(Clone)]
@@ -131,7 +133,8 @@ impl PrEventPolicy {
            // only be accepted for announcements that have been promoted (validated).
            // If the announcement is still in purgatory, the PR event should also go
            // to purgatory and wait for the announcement to be promoted.
-            let db_repo_data = fetch_repository_data_excluding_purgatory(&self.ctx.database, &identifier).await?;
+            let db_repo_data =
+                fetch_repository_data_excluding_purgatory(&self.ctx.database, &identifier).await?;
            // Extract owner pubkey from source repo path
            let owner_pubkey = crate::git::sync::extract_owner_from_repo_path(
@@ -211,7 +214,8 @@ impl PrEventPolicy {
        // only be accepted for announcements that have been promoted (validated).
        // If the announcement is still in purgatory, the PR event should also go
        // to purgatory and wait for the announcement to be promoted.
-        let db_repo_data = fetch_repository_data_excluding_purgatory(&self.ctx.database, identifier).await?;
+        let db_repo_data =
+            fetch_repository_data_excluding_purgatory(&self.ctx.database, identifier).await?;
        // 3. Extract list of maintainers from "a 30617:<maintainer>:<identifier>" tags
        let mut maintainer_pubkeys = std::collections::HashSet::new();
diff --git a/src/nostr/policy/state.rs b/src/nostr/policy/state.rs
index df743ae..80fe84c 100644
--- a/src/nostr/policy/state.rs
+++ b/src/nostr/policy/state.rs
@@ -158,7 +158,11 @@ impl StatePolicy {
        // authorized it.
        for owner_hex in &authorized_owners {
            if let Ok(owner_pk) = nostr_sdk::PublicKey::from_hex(owner_hex) {
-                if self.ctx.purgatory.has_purgatory_announcement(&owner_pk, &state.identifier) {
+                if self
+                    .ctx
+                    .purgatory
+                    .has_purgatory_announcement(&owner_pk, &state.identifier)
+                {
                    self.ctx.purgatory.extend_announcement_expiry(
                        &owner_pk,
                        &state.identifier,
diff --git a/src/purgatory/mod.rs b/src/purgatory/mod.rs
index bb6ff54..9b370d2 100644
--- a/src/purgatory/mod.rs
+++ b/src/purgatory/mod.rs
@@ -16,8 +16,14 @@ pub mod persistence;
 pub mod sync;
 mod types;
-pub use helpers::{can_apply_state, can_satisfy_state, diagnose_state_mismatch, extract_refs_from_state, get_unpushed_refs};
+pub use helpers::{
-pub use types::{AnnouncementPurgatoryEntry, EventSource, PrPurgatoryEntry, RefPair, RefUpdate, StatePurgatoryEntry};
+    can_apply_state, can_satisfy_state, diagnose_state_mismatch, extract_refs_from_state,
+    get_unpushed_refs,
+};
+pub use types::{
+    AnnouncementPurgatoryEntry, EventSource, PrPurgatoryEntry, RefPair, RefUpdate,
+    StatePurgatoryEntry,
+};
 use dashmap::DashMap;
 use nostr_sdk::prelude::*;
@@ -672,9 +678,15 @@ impl Purgatory {
    ///
    /// # Returns
    /// The announcement entry if found, None otherwise
-    pub fn find_announcement(&self, owner: &PublicKey, identifier: &str) -> Option<AnnouncementPurgatoryEntry> {
+    pub fn find_announcement(
+        &self,
+        owner: &PublicKey,
+        identifier: &str,
+    ) -> Option<AnnouncementPurgatoryEntry> {
        let key = (*owner, identifier.to_string());
-        self.announcement_purgatory.get(&key).map(|entry| entry.clone())
+        self.announcement_purgatory
+            .get(&key)
+            .map(|entry| entry.clone())
    }
    /// Get all announcements in purgatory for a given identifier.
@@ -687,7 +699,10 @@ impl Purgatory {
    ///
    /// # Returns
    /// Vector of announcement entries for this identifier
-    pub fn get_announcements_by_identifier(&self, identifier: &str) -> Vec<AnnouncementPurgatoryEntry> {
+    pub fn get_announcements_by_identifier(
+        &self,
+        identifier: &str,
+    ) -> Vec<AnnouncementPurgatoryEntry> {
        self.announcement_purgatory
            .iter()
            .filter(|entry| entry.key().1 == identifier)
@@ -755,7 +770,12 @@ impl Purgatory {
    /// * `owner` - The owner pubkey
    /// * `identifier` - The repository identifier
    /// * `duration` - Minimum duration to guarantee from now
-    pub fn extend_announcement_expiry(&self, owner: &PublicKey, identifier: &str, duration: Duration) {
+    pub fn extend_announcement_expiry(
+        &self,
+        owner: &PublicKey,
+        identifier: &str,
+        duration: Duration,
+    ) {
        let key = (*owner, identifier.to_string());
        // Collect revival info before taking a mutable borrow
@@ -977,16 +997,24 @@ impl Purgatory {
            .map(|entry| {
                let key = entry.key();
                let v = entry.value();
-                (key.0.clone(), key.1.clone(), v.repo_path.clone(), v.event.id, v.soft_expired)
+                (
+                    key.0,
+                    key.1.clone(),
+                    v.repo_path.clone(),
+                    v.event.id,
+                    v.soft_expired,
+                )
            })
            .collect();
        let mut announcement_removed = 0;
-        for (owner, identifier, repo_path, event_id, already_soft_expired) in expired_announcements {
+        for (owner, identifier, repo_path, event_id, already_soft_expired) in expired_announcements
+        {
            if already_soft_expired {
                // Phase 2: fully remove
                self.mark_expired(event_id);
-                self.announcement_purgatory.remove(&(owner.clone(), identifier.clone()));
+                self.announcement_purgatory
+                    .remove(&(owner, identifier.clone()));
                announcement_removed += 1;
                tracing::info!(
                    owner = %owner,
@@ -1026,7 +1054,10 @@ impl Purgatory {
                if repo_gone {
                    // Mark soft_expired and extend expiry
-                    if let Some(mut entry) = self.announcement_purgatory.get_mut(&(owner.clone(), identifier.clone())) {
+                    if let Some(mut entry) = self
+                        .announcement_purgatory
+                        .get_mut(&(owner, identifier.clone()))
+                    {
                        entry.soft_expired = true;
                        entry.expires_at = now + SOFT_EXPIRY_EXTENDED;
                    }
diff --git a/src/sync/mod.rs b/src/sync/mod.rs
index cd62380..36142e3 100644
--- a/src/sync/mod.rs
+++ b/src/sync/mod.rs
@@ -2406,7 +2406,8 @@ impl SyncManager {
        }
        // Register any new entries in repo_sync_index as StateOnly
-        let mut new_relay_urls: std::collections::HashSet<String> = std::collections::HashSet::new();
+        let mut new_relay_urls: std::collections::HashSet<String> =
+            std::collections::HashSet::new();
        {
            let mut index = self.repo_sync_index.write().await;
            for (repo_id, relays) in &announcements {