heimdall-rust-unsafe-ffilisted

# Heimdall Rust Unsafe + libc FFI ## Purpose Guide review and authoring of `unsafe` code in heimdall. Apply every rule to every `unsafe` block in a diff — not only the first one. Heimdall is a single-crate project with edition-2024 Rust. ## Unsafe inventory Known `unsafe` locations (verify current state before auditing): | File | Pattern | Notes | |---|---|---| | `src/archive/mod.rs` | `libc::flock` | File locking via libc | | `src/scheduler/daemon.rs` | `libc::getuid` | Process UID check | | `src/scheduler/launchd.rs` | `extern "C"` FFI | launchd service registration | | `src/statusline/mod.rs` | 2 unsafe blocks | Terminal control sequences | | `src/config.rs` | `unsafe { env::set_var }` | Edition-2024 unsafe in test setup | ## SAFETY comment rules Every `unsafe {}` block MUST be immediately preceded by a `// SAFETY:` comment (or `/// # Safety` for `unsafe fn`) that states: 1. What invariant is being upheld. 2. Where that invariant is established (caller contract, local variable, prior check). ```rust // SAFETY: `fd` was opened by our own `open(2)` call above and is still valid; // LOCK_EX | LOCK_NB is a valid flag combination; return value checked below. let ret = unsafe { libc::flock(fd, libc::LOCK_EX | libc::LOCK_NB) }; if ret != 0 { return Err(std::io::Error::last_os_error()); } ``` Missing SAFETY comment on any `unsafe {}` block is a **CRITICAL** finding. ## `env::set_var` in edition 2024 `std::env::set_var` is `unsafe` in Rust edition 2024 because it is