ci: migrate miri and fuzz to circleci-toolkit orb

- Replace custom miri_tests job with toolkit/rust_miri
- Replace custom fuzz_smoke job with toolkit/rust_fuzz_smoke
- Upgrade toolkit orb from 3.2.0 to 3.3.0
- Reduce audit.yml from 72 to 42 lines (42% reduction)
- Same functionality with better caching and maintainability

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Jeremiah Russell <jerry@jrussell.ie>

Author: gortavoher

.circleci/audit.yml

@@ -5,67 +5,37 @@
 version: 2.1
 
 orbs:
-  toolkit: jerus-org/circleci-toolkit@3.2.0
+  toolkit: jerus-org/circleci-toolkit@3.3.0
 
 parameters:
   min-rust-version:
     type: string
     default: "1.88"
 
-jobs:
-  miri_tests:
-    executor:
-      name: toolkit/rust_env
-      min_rust_version: <<parameters.min_rust_version>>
-
-    parameters:
-      min_rust_version:
-        type: string
-        description: "Required: The minimum version of the rust compiler to use"
-
-    steps:
-      - checkout
-      # - run: rustup toolchain install nightly --profile minimal
-      - run: rustup +nightly component add miri
-      - run: |
-          set -eux
-          # Allow std time/syscalls while still catching UB in Rust code
-          export MIRIFLAGS="-Zmiri-disable-isolation"
-          # Limit to core crate to keep runtime bounded
-          cargo +nightly miri test -p hcaptcha --lib -- \
-            --skip hcaptcha_mock_verify \
-            --skip hcaptcha_mock_verify_request_reuse \
-            --skip hcaptcha_mock_verify_not_found \
-            --skip hcaptcha_mock_verify_client_response \
-            --skip hcaptcha_mock_verify_client_response_not_found \
-            --skip hcaptcha_mock_with_remoteip \
-            --skip hcaptcha_mock_with_sitekey
-
-  fuzz_smoke:
-    executor:
-      name: toolkit/rust_env
-      min_rust_version: <<parameters.min_rust_version>>
-
-    parameters:
-      min_rust_version:
-        type: string
-        description: "Required: The minimum version of the rust compiler to use"
-
-    steps:
-      - checkout
-      # - run: rustup toolchain install nightly --profile minimal
-      - run: cargo +nightly install cargo-fuzz
-      - run: |
-          set -eux
-          # Short fuzz smoke (60s) on the response parser target
-          cargo +nightly fuzz run response_parse -runs=0 -max_total_time=60 || true
-
 workflows:
   audit:
     jobs:
       - toolkit/security:
           sonarcloud: false
-      - miri_tests:
+
+      - toolkit/rust_miri:
+          name: miri_tests
           min_rust_version: << pipeline.parameters.min-rust-version >>
-      - fuzz_smoke:
+          package: "hcaptcha"
+          test_args: "--lib"
+          skip_tests: >
+            hcaptcha_mock_verify
+            hcaptcha_mock_verify_request_reuse
+            hcaptcha_mock_verify_not_found
+            hcaptcha_mock_verify_client_response
+            hcaptcha_mock_verify_client_response_not_found
+            hcaptcha_mock_with_remoteip
+            hcaptcha_mock_with_sitekey
+          miri_flags: "-Zmiri-disable-isolation"
+
+      - toolkit/rust_fuzz_smoke:
+          name: fuzz_smoke
           min_rust_version: << pipeline.parameters.min-rust-version >>
+          fuzz_target: "response_parse"
+          max_total_time: 60
+          fail_on_findings: false