wireapp · fewerner · Nov 28, 2025 · Nov 28, 2025 · Nov 28, 2025
@@ -1,6 +1,8 @@
 use_try_shorthand = true
 use_field_init_shorthand = true
 max_width = 120
+comment_width = 120
+wrap_comments = true
 newline_style = "Unix"
 merge_derives = true
 condense_wildcard_suffixes = true

@@ -379,7 +379,8 @@ impl CoreCryptoContext {
 
     /// Get all credentials from this client which match the provided parameters.
     ///
-    /// Parameters which are unset or `None` match anything. Those with a particular value find only credentials matching that value.
+    /// Parameters which are unset or `None` match anything. Those with a particular value find only credentials
+    /// matching that value.
     pub async fn find_credentials(
         &self,
         client_id: Option<ClientIdMaybeArc>,

@@ -105,7 +105,8 @@ impl CoreCryptoContext {
         proteus_impl!({ self.inner.proteus_new_prekey(prekey_id).await.map_err(Into::into) })
     }
 
-    /// Creates a new Proteus prekey with an automatically incremented ID and returns the CBOR-serialized version of the prekey bundle
+    /// Creates a new Proteus prekey with an automatically incremented ID and returns the CBOR-serialized version of the
+    /// prekey bundle
     ///
     /// Warning: The Proteus client **MUST** be initialized with `proteus_init` first or an error will be returned
     ///

@@ -10,7 +10,8 @@ use crate::{Ciphersuite, CoreCryptoResult, CredentialType, client_id::ClientIdMa
 /// This is tied to a particular client via either its client id or certificate bundle,
 /// depending on its credential type, but is independent of any client instance or storage.
 ///
-/// To attach to a particular client instance and store, see [`CoreCryptoContext::add_credential`][crate::CoreCryptoContext::add_credential].
+/// To attach to a particular client instance and store, see
+/// [`CoreCryptoContext::add_credential`][crate::CoreCryptoContext::add_credential].
 #[derive(Debug, Clone, derive_more::From, derive_more::Into, uniffi::Object)]
 pub struct Credential(pub(crate) CryptoCredential);
 

@@ -18,7 +18,8 @@ pub struct DecryptedMessage {
     /// Commit delay in seconds.
     ///
     /// When set, clients must delay this long before processing a commit.
-    /// This reduces load on the backend, which otherwise would receive epoch change notifications from all clients simultaneously.
+    /// This reduces load on the backend, which otherwise would receive epoch change notifications from all clients
+    /// simultaneously.
     pub commit_delay: Option<u64>,
     /// [ClientId] of the sender of the message being decrypted. Only present for application messages.
     pub sender_client_id: Option<ClientIdMaybeArc>,
@@ -76,7 +77,8 @@ pub struct BufferedDecryptedMessage {
     /// Commit delay in seconds.
     ///
     /// When set, clients must delay this long before processing a commit.
-    /// This reduces load on the backend, which otherwise would receive epoch change notifications from all clients simultaneously.
+    /// This reduces load on the backend, which otherwise would receive epoch change notifications from all clients
+    /// simultaneously.
     pub commit_delay: Option<u64>,
     /// [ClientId] of the sender of the message being decrypted. Only present for application messages.
     pub sender_client_id: Option<ClientIdMaybeArc>,

@@ -4,12 +4,14 @@
 /// - See [core_crypto::e2e_identity::types::E2eiAcmeChallenge]
 #[derive(Debug, Clone, uniffi::Record)]
 pub struct AcmeChallenge {
-    /// Contains raw JSON data of this challenge. This is parsed by the underlying Rust library hence should not be accessed
+    /// Contains raw JSON data of this challenge. This is parsed by the underlying Rust library hence should not be
+    /// accessed
     pub delegate: Vec<u8>,
     /// URL of this challenge
     pub url: String,
     /// Non-standard, Wire specific claim. Indicates the consumer from where it should get the challenge proof.
-    /// Either from wire-server "/access-token" endpoint in case of a DPoP challenge, or from an OAuth token endpoint for an OIDC challenge
+    /// Either from wire-server "/access-token" endpoint in case of a DPoP challenge, or from an OAuth token endpoint
+    /// for an OIDC challenge
     pub target: String,
 }
 

@@ -15,7 +15,8 @@ pub enum E2eiConversationState {
     Verified = 1,
     /// Some clients are either still Basic or their certificate is expired
     NotVerified,
-    /// All clients are still Basic. If all client have expired certificates, [E2eiConversationState::NotVerified] is returned.
+    /// All clients are still Basic. If all client have expired certificates, [E2eiConversationState::NotVerified] is
+    /// returned.
     NotEnabled,
 }
 

@@ -33,8 +33,8 @@ pub enum MlsError {
     #[error("The received commit is deemed stale and is from an older epoch.")]
     StaleCommit,
     /// This happens when the DS cannot flag KeyPackages as claimed or not. In this scenario, a client
-    /// requests their old KeyPackages to be deleted but one has already been claimed by another client to create a Welcome.
-    /// In that case the only solution is that the client receiving such a Welcome tries to join the group
+    /// requests their old KeyPackages to be deleted but one has already been claimed by another client to create a
+    /// Welcome. In that case the only solution is that the client receiving such a Welcome tries to join the group
     /// with an External Commit instead
     #[error(
         "Although this Welcome seems valid, the local KeyPackage it references has already been deleted locally. Join this group with an external commit"

@@ -1,6 +1,7 @@
 use std::time::{Duration, SystemTime};
 
-/// Represents the parts of [WireIdentity][crate::WireIdentity] that are specific to a X509 certificate (and not a Basic one).
+/// Represents the parts of [WireIdentity][crate::WireIdentity] that are specific to a X509 certificate (and not a Basic
+/// one).
 ///
 /// We don't use an enum here since the sole purpose of this is to be exposed through the FFI (and
 /// union types are impossible to carry over the FFI boundary)

@@ -71,7 +71,8 @@ fn commit_add_n_clients_bench(c: &mut Criterion) {
 }
 
 /// Benchmark to measure the impact of group size on the runtime of creating and merging a remove commit.
-/// Number of removed clients is equal to group size (→ all clients except the initial client from [setup_mls] are removed).
+/// Number of removed clients is equal to group size (→ all clients except the initial client from [setup_mls] are
+/// removed).
 fn commit_remove_bench(c: &mut Criterion) {
     let mut group = c.benchmark_group("Commit remove f(group size)");
     for (case, ciphersuite, credential, in_memory) in MlsTestCase::values() {

@@ -153,7 +153,8 @@ pub async fn setup_mls(
 
 pub async fn new_central(
     ciphersuite: Ciphersuite,
-    // TODO: always None for the moment. Need to update the benches with some realistic certificates. Tracking issue: WPB-9589
+    // TODO: always None for the moment. Need to update the benches with some realistic certificates. Tracking issue:
+    // WPB-9589
     _credential: Option<&CertificateBundle>,
     in_memory: bool,
     with_basic_credential: bool,

@@ -183,8 +183,8 @@ impl E2eiEnrollment {
     /// # Parameters
     /// * `url` - one of the URL in new order's authorizations (from [Self::new_order_response])
     /// * `account` - you got from [Self::new_account_response]
-    /// * `previous_nonce` - `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order`
-    ///   (or from the previous to this method if you are creating the second authorization)
+    /// * `previous_nonce` - `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order` (or from the
+    ///   previous to this method if you are creating the second authorization)
     pub fn new_authz_request(&self, url: String, previous_nonce: String) -> Result<Json> {
         let account = self.account.as_ref().ok_or(Error::OutOfOrderEnrollment(
             "You must first call 'newAccountResponse()'",
@@ -220,8 +220,7 @@ impl E2eiEnrollment {
     ///
     /// # Parameters
     /// * `expiry_secs` - of the client Dpop JWT. This should be equal to the grace period set in Team Management
-    /// * `backend_nonce` - you get by calling `GET /clients/token/nonce` on wire-server.
-    ///   See endpoint [definition](https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce)
+    /// * `backend_nonce` - you get by calling `GET /clients/token/nonce` on wire-server. See endpoint [definition](https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce)
     /// * `expiry` - token expiry
     #[allow(clippy::too_many_arguments)]
     pub fn create_dpop_token(&self, expiry_secs: u32, backend_nonce: String) -> Result<String> {
@@ -337,7 +336,8 @@ impl E2eiEnrollment {
     /// # Parameters
     /// * `order_url` - `location` header from http response you got from [Self::new_order_response]
     /// * `account` - you got from [Self::new_account_response]
-    /// * `previous_nonce` - `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}`
+    /// * `previous_nonce` - `replay-nonce` response header from `POST
+    ///   /acme/{provisioner-name}/challenge/{challenge-id}`
     pub fn check_order_request(&self, order_url: String, previous_nonce: String) -> Result<Json> {
         let account = self.account.as_ref().ok_or(Error::OutOfOrderEnrollment(
             "You must first call 'newAccountResponse()'",
@@ -409,7 +409,8 @@ impl E2eiEnrollment {
     /// # Parameters
     /// * `finalize` - you got from [Self::finalize_response]
     /// * `account` - you got from [Self::new_account_response]
-    /// * `previous_nonce` - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize`
+    /// * `previous_nonce` - `replay-nonce` response header from `POST
+    ///   /acme/{provisioner-name}/order/{order-id}/finalize`
     pub fn certificate_request(&mut self, previous_nonce: String) -> Result<Json> {
         let account = self.account.take().ok_or(Error::OutOfOrderEnrollment(
             "You must first call 'newAccountResponse()'",

@@ -118,7 +118,8 @@ pub(crate) async fn generate_history_secret(ciphersuite: Ciphersuite) -> Result<
         .await
         .map_err(MlsError::wrap("encapsulating key package"))?;
 
-    // we don't need to finish the transaction here--the point of the ephemeral CC was that no mutations would be saved there
+    // we don't need to finish the transaction here--the point of the ephemeral CC was that no mutations would be saved
+    // there
 
     Ok(HistorySecret { client_id, key_package })
 }

@@ -17,7 +17,8 @@ pub type Result<T, E = Error> = core::result::Result<T, E>;
 /// Errors produced by the root module group
 #[derive(Debug, thiserror::Error)]
 pub enum Error {
-    /// Invalid [crate::transaction_context::TransactionContext]. This context has been finished and can no longer be used.
+    /// Invalid [crate::transaction_context::TransactionContext]. This context has been finished and can no longer be
+    /// used.
     #[error("This transaction context has already been finished and can no longer be used.")]
     InvalidTransactionContext,
     /// The proteus client has been called but has not been initialized yet

@@ -118,7 +118,8 @@ pub trait MlsTransport: std::fmt::Debug + Send + Sync {
 
 /// Wrapper superstruct for both [mls::session::Session] and [proteus::ProteusCentral]
 ///
-/// As [std::ops::Deref] is implemented, this struct is automatically dereferred to [mls::session::Session] apart from `proteus_*` calls
+/// As [std::ops::Deref] is implemented, this struct is automatically dereferred to [mls::session::Session] apart from
+/// `proteus_*` calls
 ///
 /// This is cheap to clone as all internal members have `Arc` wrappers or are `Copy`.
 #[derive(Debug, Clone)]

@@ -50,7 +50,8 @@ impl MlsConversation {
         let epoch = self.group.epoch().as_u64();
         let mut own_index = self.group.own_leaf_index().u32() as u64;
 
-        // Look for members that were removed at the left of our tree in order to shift our own leaf index (post-commit tree visualization)
+        // Look for members that were removed at the left of our tree in order to shift our own leaf index (post-commit
+        // tree visualization)
         let left_tree_diff = self
             .group
             .members()
@@ -66,7 +67,8 @@ impl MlsConversation {
 
         // Post-commit visualization of the number of members after remove proposals
         let nb_members = (self.group.members().count() as u64).saturating_sub(removed_index.len() as u64);
-        // This shifts our own leaf index to the left (tree-wise) from as many as there was removed members that have a smaller leaf index than us (older members)
+        // This shifts our own leaf index to the left (tree-wise) from as many as there was removed members that have a
+        // smaller leaf index than us (older members)
         own_index = own_index.saturating_sub(left_tree_diff as u64);
 
         Some(Self::calculate_delay(own_index, epoch, nb_members))

@@ -22,8 +22,8 @@ use crate::{Ciphersuite, MlsError, RecursiveError};
 /// Sets the config in OpenMls for the oldest possible epoch(past current) that a message can be decrypted
 pub(crate) const MAX_PAST_EPOCHS: usize = 3;
 
-/// Window for which decryption secrets are kept within an epoch. Use this with caution since this affects forward secrecy within an epoch.
-/// Use this when the Delivery Service cannot guarantee application messages order
+/// Window for which decryption secrets are kept within an epoch. Use this with caution since this affects forward
+/// secrecy within an epoch. Use this when the Delivery Service cannot guarantee application messages order
 pub(crate) const OUT_OF_ORDER_TOLERANCE: u32 = 2;
 
 /// How many application messages can be skipped. Use this when the Delivery Service can drop application messages

@@ -115,7 +115,8 @@ impl ConversationGuard {
         let signer = credential.signature_key();
         let mut conversation = self.conversation_mut().await;
 
-        // No need to also check pending proposals since they should already have been scanned while decrypting the proposal message
+        // No need to also check pending proposals since they should already have been scanned while decrypting the
+        // proposal message
         let crl_dps = extract_crl_uris_from_credentials(key_packages.iter().filter_map(|kp| {
             let mls_credential = kp.credential().mls_credential();
             matches!(mls_credential, openmls::prelude::MlsCredentialType::X509(_)).then_some(mls_credential)

@@ -154,7 +154,8 @@ mod tests {
         Box::pin(async move {
             let conversation = case.create_conversation([&alice, &bob]).await;
 
-            // Bob creates a commit but won't merge it immediately (e.g, because his app crashes before he receives the success response from the ds)
+            // Bob creates a commit but won't merge it immediately (e.g, because his app crashes before he receives the
+            // success response from the ds)
             let unmerged_commit_guard = conversation.acting_as(&bob).await.update_unmerged().await;
             let unmerged_commit = unmerged_commit_guard.message();
 

@@ -48,8 +48,8 @@ use crate::{
 pub struct MlsConversationDecryptMessage {
     /// Decrypted text message
     pub app_msg: Option<Vec<u8>>,
-    /// Only when decrypted message is a commit, CoreCrypto will renew local proposal which could not make it in the commit.
-    /// This will contain either:
+    /// Only when decrypted message is a commit, CoreCrypto will renew local proposal which could not make it in the
+    /// commit. This will contain either:
     /// * local pending proposal not in the accepted commit
     /// * If there is a pending commit, its proposals which are not in the accepted commit
     pub proposals: Vec<MlsProposalBundle>,
@@ -569,7 +569,8 @@ impl ConversationGuard {
             )
             .await;
             if state != E2eiConversationState::Verified {
-                // FIXME: Uncomment when PKI env can be seeded - the computation is still done to assess performance and impact of the validations. Tracking issue: WPB-9665
+                // FIXME: Uncomment when PKI env can be seeded - the computation is still done to assess performance and
+                // impact of the validations. Tracking issue: WPB-9665
                 // return Err(Error::InvalidCertificateChain);
             }
         }

@@ -80,10 +80,10 @@ impl ConversationGuard {
     /// Disable history sharing by removing history clients from the conversation.
     pub async fn disable_history_sharing(&mut self) -> Result<()> {
         let mut history_client_ids = self.get_client_ids().await;
-        // We're facing a trade-off situation here: do we want to avoid unnecessary iteration and assume that there is always
-        // at most one history client in a conversation?
-        // Then we could use something like `into_iter().find_map()` to lazily evaluate client ids, but this way we're making sure to
-        // remove any history client, and not just the first one we find.
+        // We're facing a trade-off situation here: do we want to avoid unnecessary iteration and assume that there is
+        // always at most one history client in a conversation?
+        // Then we could use something like `into_iter().find_map()` to lazily evaluate client ids, but this way we're
+        // making sure to remove any history client, and not just the first one we find.
         history_client_ids.retain(|client_id| crate::ephemeral::is_history_client(client_id));
 
         if history_client_ids.is_empty() {
@@ -310,8 +310,8 @@ mod tests {
     }
 
     #[apply(all_cred_cipher)]
-    /// In this test, we're testing our mls library. However, our current mls fork doesn't have this test, and we require this behavior
-    /// for history sharing, that's why this test lives here, for now.
+    /// In this test, we're testing our mls library. However, our current mls fork doesn't have this test, and we
+    /// require this behavior for history sharing, that's why this test lives here, for now.
     async fn can_remove_two_and_add_one_member_in_commit(case: TestContext) {
         // This many members are initially in the conversation.
         const INITIAL_MEMBERS_COUNT: usize = 6;

@@ -28,8 +28,8 @@ impl ConversationGuard {
     ///
     /// # Arguments
     /// * `conversation_id` - the group/conversation id
-    /// * `proposal_ref` - unique proposal identifier which is present in [crate::MlsProposalBundle]
-    ///   and returned from all operation creating a proposal
+    /// * `proposal_ref` - unique proposal identifier which is present in [crate::MlsProposalBundle] and returned from
+    ///   all operation creating a proposal
     ///
     /// # Errors
     /// When the conversation is not found or the proposal reference does not identify a proposal

@@ -75,8 +75,8 @@ pub enum Error {
     #[error("caller error: {0}")]
     CallerError(&'static str),
     /// This happens when the DS cannot flag KeyPackages as claimed or not. In this scenario, a client
-    /// requests their old KeyPackages to be deleted but one has already been claimed by another client to create a Welcome.
-    /// In that case the only solution is that the client receiving such a Welcome tries to join the group
+    /// requests their old KeyPackages to be deleted but one has already been claimed by another client to create a
+    /// Welcome. In that case the only solution is that the client receiving such a Welcome tries to join the group
     /// with an External Commit instead
     #[error(
         "Although this Welcome seems valid, the local KeyPackage it references has already been deleted locally. Join this group with an external commit"

@@ -9,7 +9,6 @@
 //! |-------------------|----------------|----------------|
 //! | 0 pend. Proposal  | ❌              | ✅              |
 //! | 1+ pend. Proposal | ❌              | ✅              |
-//!
 
 use core_crypto_keystore::entities::StoredEncryptionKeyPair;
 use mls_crypto_provider::MlsCryptoProvider;