No Unsafe. No Globals.

We had a meeting about this. The vote was unanimous.

That line sits at the top of every crate in the workspace. Not warn. Not deny. Forbid. As in: the compiler will refuse to build if anyone — including us — tries to sneak in an unsafe block. Even #[allow(unsafe_code)] can't override it.

Every crate. No exceptions.

✓

swink-agent

✓

swink-agent-adapters

✓

swink-agent-memory

✓

swink-agent-local-llm

✓

swink-agent-eval

✓

swink-agent-policies

✓

swink-agent-tui

✓

swink-agent-artifacts

✓

swink-agent-auth

✓

swink-agent-mcp

✓

swink-agent-patterns

✓

swink-agent-plugin-web

✓

swink-agent-macros

No globals either

There are no static mut variables. No lazy_static! singletons holding mysterious state. No thread-local secrets. All state is passed through owned types and Arc-wrapped shared references with explicit lifetimes.

When you read Swink Agent code, you can trace where every piece of data comes from and where it goes. No spooky action at a distance.

What this actually means for you

Memory safety is guaranteed No use-after-free. No data races. No buffer overflows. The compiler proves it, not your test suite.

State is predictable No hidden singletons mutating behind your back. Every function's inputs and outputs tell the full story.

Concurrency is fearless Tokio tasks, parallel tool execution, streaming — all safe by construction. Not by hoping really hard.

Auditing is possible When every crate forbids unsafe, you only need to audit dependencies. The surface area of "things that could go wrong" shrinks dramatically.

Dependencies are audited too

We use cargo-deny with a strict advisory policy. Every known vulnerability in the dependency tree is blocked in CI. API keys are read from environment variables and never logged or serialized.