---
last_verified: 2026-05-30
verified_version: 0.1.48
owner: all-teams
freshness_days: 30
---

# Coding Standards — pvtcoms

**Prescriptive rules for every line of code.** "MUST do X" / "NEVER do Y".
Enforced by `enforce_coding_standards.py`. Full list: [`../../.claude/rules/coding-standards.md`](../../.claude/rules/coding-standards.md).

## Non-Negotiable Rules

| # | Rule | Scope | Rationale |
|---|------|-------|-----------|
| 1 | NEVER roll your own crypto; use audited crates only | Core | A primitive/protocol change needs an ADR |
| 2 | NEVER log plaintext, keys, tokens, IPs, onion addrs | All | Logs/crash dumps are a metadata leak |
| 3 | MUST zeroize key material (`zeroize`/`secrecy`) | Core | Shrink memory-scrape window |
| 4 | Key agreement is always hybrid `X25519 + ML-KEM-768` | Core | Never classical-only or PQ-only |
| 5 | MUST fail closed (no Tor→clearnet fallback) | Transport | Silent deanonymization is unacceptable |
| 6 | NEVER `unwrap()`/`panic!` on attacker input in core | Core | Robustness against hostile wire data |
| 7 | Constant-time comparison for secrets (`subtle`) | Core | Timing side-channels |
| 8 | No telemetry/analytics/phone-home | All | Incompatible with anonymity |
| 9 | Pin + audit crypto/transport crates; commit `Cargo.lock` | Infra | Supply-chain integrity |

## Relationship to Patterns

Standards = "MUST do X" (prescriptive rules) · Patterns = full recipes (`docs/patterns/`) · Context = quick-load summaries (`docs/context/`).