fix: harden renderer defaults and add audit regression coverage

- prefer packaged binaries and require explicit PATH opt-in for system fallback
- log renderer stderr server-side while masking client-facing example server errors
- enforce safer map/style limits, Web Mercator latitude bounds, and temp-style reuse checks
- move geopy to an optional extra, pin toolchain inputs, and restore CI pip-audit scanning
- add regression tests and refresh ISSUES.md with the current audit findings

Author: adonm

.github/workflows/ci.yml

@@ -39,7 +39,7 @@ jobs:
       - name: Install Rust
         uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
         with:
-          toolchain: 1.90.0
+          toolchain: 1.94.1
           components: clippy
 
       - name: Run clippy
@@ -88,7 +88,7 @@ jobs:
         run: just ci-setup
 
       - name: Scan locked Python environment
-        run: uv run pip-audit
+        run: uv run --frozen --with pip-audit pip-audit
 
   build-binary:
     name: Build binary ${{ matrix.platform }}

.github/workflows/release.yml

@@ -37,7 +37,7 @@ jobs:
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
         with:
-          toolchain: 1.90.0
+          toolchain: 1.94.1
 
       - name: Setup tools with mise
         uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4
@@ -72,7 +72,7 @@ jobs:
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
         with:
-          toolchain: 1.90.0
+          toolchain: 1.94.1
 
       - name: Setup tools with mise
         uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4
@@ -110,7 +110,7 @@ jobs:
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
         with:
-          toolchain: 1.90.0
+          toolchain: 1.94.1
 
       - name: Setup tools with mise
         uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4

.mise.toml

@@ -1,7 +1,7 @@
 [tools]
-python = "3.12"
-rust = "1.90.0"
-just = "1.46.0"
+python = "3.14.3"
+rust = "1.94.1"
+just = "1.48.1"
 uv = "0.11.3"
 
 [env]

ISSUES.md

@@ -1,95 +1,95 @@
 # Audit Issues
 
-- Date: 2026-04-02
-- Commit: `2ad80ce49f12`
-- Codebase summary (`sloc`): 49 files, 2,470 code LOC, 1,290 documentation LOC, 5,670 total lines; main languages: Python 1,654 LOC, YAML 353 LOC, Rust 249 LOC.
-- Scope: Python wrapper (`mlnative/`), Rust renderer (`rust/`), example servers (`examples/`), CI/release workflows (`.github/workflows/`), and helper scripts (`scripts/`).
+- Date: 2026-04-03
+- Commit: `9bd2eac59da5`
+- Codebase summary (`sloc`): 50 files, 2,696 code LOC, 1,271 documentation LOC, 6,004 total lines; main languages: Python 1,869 LOC, YAML 353 LOC, Rust 259 LOC.
+- Scope: Python wrapper (`mlnative/`), Rust renderer (`rust/`), example servers (`examples/`), CI/release workflows (`.github/workflows/`), packaging/build helpers, and test/runtime container files.
 - Audit references: [OWASP ASVS 5.0](https://owasp.org/www-project-application-security-verification-standard/) with emphasis on [V15 Secure Coding and Architecture](https://raw.githubusercontent.com/OWASP/ASVS/v5.0.0/5.0/en/0x24-V15-Secure-Coding-and-Architecture.md), [V16 Security Logging and Error Handling](https://raw.githubusercontent.com/OWASP/ASVS/v5.0.0/5.0/en/0x25-V16-Security-Logging-and-Error-Handling.md), and [grugbrain.dev](https://grugbrain.dev/).
+- Local dependency lookup: Renovate dry-run succeeded on 2026-04-03; the only actionable delta surfaced was `actions/attest-build-provenance` digest `b3e506e8c389afc651c5bacf2b8f2a1ea0557215` → `a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32`.
 
 ## Prioritized findings
 
-### 1) User-controlled `style` reaches network and filesystem loaders
-- Location: `examples/fastapi_server.py:42-76`, `examples/web_test_server.py:43-126`, `mlnative/map.py:118-136`, `rust/src/main.rs:82-97`
+### 1) Reused temp style file is truncated but not rewound before rewrite
+- Location: `rust/src/main.rs:89-99`, `tests/test_issue_resolutions.py:138-145`
 - Category: security
-- Reference: ASVS `v5.0.0-15.3.2`, `v5.0.0-15.2.5`
-- Recommendation: Do not accept arbitrary style URLs/paths from request data. Expose style IDs from an allowlist, reject local paths/`file://` in server contexts, and keep redirect behavior explicit.
-- Status: open
-
-### 2) Example render endpoints are expensive, unauthenticated, and bind publicly by default
-- Location: `examples/fastapi_server.py:33-101`, `examples/web_test_server.py:96-155`
-- Category: security
-- Reference: ASVS `v5.0.0-15.1.3`, `v5.0.0-15.2.2`
-- Recommendation: Keep demo servers on `127.0.0.1` by default and add auth, rate limits, concurrency caps, request budgets, and caching before any non-local exposure.
-- Status: open
-
-### 3) Errors are leaked to clients while renderer stderr is discarded
-- Location: `examples/fastapi_server.py:82-83`, `examples/web_test_server.py:132-140`, `mlnative/_bridge.py:114-120`
-- Category: security
-- Reference: ASVS `v5.0.0-16.5.1`, `v5.0.0-16.3.4`
-- Recommendation: Return generic client errors, log structured exceptions server-side, and retain renderer stderr behind a debug/logging path instead of dropping it.
+- Reference: ASVS `v5.0.0-16.5.3`
+- Recommendation: Seek to offset 0 before rewriting the reused `NamedTempFile` (or recreate it), then add a regression test that reloads a JSON style twice. As written, repeat `reload_style()` / `set_geojson()` calls can produce a NUL-prefixed style file and break rendering.
 - Status: open
 
-### 4) Native binary resolution still trusts the first `PATH` hit
-- Location: `mlnative/_bridge.py:70-92`
+### 2) Renderer timeouts can desynchronize the daemon protocol and hand late responses to the wrong caller
+- Location: `mlnative/_bridge.py:181-225`, `mlnative/_bridge.py:277-306`
 - Category: security
-- Reference: ASVS `v5.0.0-15.2.4`, `v5.0.0-15.2.5`
-- Recommendation: Prefer packaged binaries only by default. If overrides are needed, gate them behind explicit opt-in and verify ownership/hash/signature.
+- Reference: ASVS `v5.0.0-15.4.1`, `v5.0.0-16.5.3`
+- Recommendation: Treat a timeout as terminal for that daemon instance, or add request IDs and response matching. Today a timed-out command leaves its eventual response in the shared queue, so the next command can consume stale data.
 - Status: open
 
-### 5) Binary download helper executes unverified release artifacts
-- Location: `scripts/download-binary.py:36-74`
+### 3) Example servers still let request data choose arbitrary remote URLs and local style files
+- Location: `examples/fastapi_server.py:42-75`, `examples/web_test_server.py:44-129`, `examples/templates/test_form.html:61-63`, `mlnative/map.py:122-139`, `rust/src/main.rs:82-102`
 - Category: security
-- Reference: ASVS `v5.0.0-15.2.4`
-- Recommendation: Verify checksums/signatures before `chmod +x`, or remove the helper and rely on trusted package distribution only.
+- Reference: ASVS `v5.0.0-15.3.2`, `v5.0.0-15.2.5`
+- Recommendation: In server contexts, expose style IDs from an allowlist instead of raw `style` strings, reject local paths / `file://`, and run the renderer with explicit egress restrictions if any untrusted input remains.
 - Status: open
 
-### 6) CI dependency scanning is currently broken; maintenance updates are also pending
-- Location: `.github/workflows/ci.yml:77-91`, `pyproject.toml:23-40`, `.mise.toml:1-5`, `rust/Cargo.toml:9-15`
+### 4) Render endpoints are expensive but ship without auth, quotas, caching, or concurrency budgets
+- Location: `examples/fastapi_server.py:41-79`, `examples/web_test_server.py:112-129`, `examples/production_deployment.py:38-67`
 - Category: security
-- Reference: ASVS `v5.0.0-15.1.1`, `v5.0.0-15.2.1`
-- Recommendation: Make the scan runnable in CI (`uvx pip-audit`, or add `pip-audit` to the CI environment) and review the local Renovate lookup deltas, notably `tempfile 3.23→3.27`, `rust 1.90.0→1.94.1`, `just 1.46.0→1.48.1`, `python 3.12→3.14.3`, and the `actions/attest-build-provenance` digest refresh.
+- Reference: ASVS `v5.0.0-15.1.3`, `v5.0.0-15.2.2`
+- Recommendation: Before any non-local exposure, add authentication, per-client rate limits, worker/concurrency caps, cache hot responses, and explicit time/size budgets.
 - Status: open
 
-### 7) `fit_bounds()` accepts `-90` latitude then falls into a raw `math domain error`
-- Location: `mlnative/map.py:317-344`
-- Category: security
-- Reference: ASVS `v5.0.0-16.5.3`
-- Recommendation: Reject/clamp to Web Mercator-safe latitude bounds before projection and convert failures to `MlnativeError` consistently.
+### 5) The “production-ready” pool example can block forever and its health check performs a full remote render
+- Location: `examples/production_deployment.py:58-67`, `examples/production_deployment.py:99-104`
+- Category: performance
+- Reference: ASVS `v5.0.0-15.1.3`; grugbrain.dev
+- Recommendation: Use bounded wait times on `Queue.get()`, return overload errors instead of hanging, and split cheap liveness checks from heavyweight render/dependency checks.
 - Status: open
 
-### 8) Batch rendering has no request cap and buffers all PNGs in memory at once
-- Location: `mlnative/map.py:229-278`, `mlnative/_bridge.py:166-176`, `rust/src/main.rs:287-327`
+### 6) Batch rendering still buffers the full response set in memory twice
+- Location: `rust/src/main.rs:301-337`, `mlnative/_bridge.py:197-210`, `mlnative/_bridge.py:338-364`, `mlnative/map.py:238-246`
 - Category: performance
 - Reference: ASVS `v5.0.0-15.1.3`, `v5.0.0-15.2.2`
-- Recommendation: Add view-count/output-size limits and prefer streaming or chunked framing over whole-batch buffering for large jobs.
+- Recommendation: Keep the view/pixel caps, but move to per-image streaming or chunked framing. The Rust side accumulates every PNG before send, and the Python side then reads the combined payload and copies each slice again.
 - Status: open
 
-### 9) JSON style reloads leak temp files for the daemon lifetime
-- Location: `rust/src/main.rs:65-94`, `rust/src/main.rs:140-146`
-- Category: performance
-- Reference: ASVS `v5.0.0-15.1.3`
-- Recommendation: Reuse a single temp style file or drop old `NamedTempFile`s before pushing new ones; repeated `reload_style()`/`set_geojson()` currently grows file descriptors and temp storage monotonically.
+### 7) `set_geojson()` still reloads the entire style document for every source update
+- Location: `mlnative/map.py:438-482`
+- Category: complexity
+- Reference: ASVS `v5.0.0-15.1.3`; grugbrain.dev (“complexity very, very bad”)
+- Recommendation: Add source-level mutation in Rust or separate immutable style from mutable data. The current full-style rewrite is a simple API, but it makes frequent data updates expensive and harder to reason about.
 - Status: open
 
-### 10) `set_geojson()` reloads the entire style for each source update
-- Location: `mlnative/map.py:413-451`
+### 8) Release builds create “platform wheels” by renaming a pure `py3-none-any` wheel
+- Location: `Justfile:96-114`, `.github/workflows/release.yml:83-90`, `pyproject.toml:54-57`
 - Category: complexity
-- Reference: ASVS `v5.0.0-15.1.3`; grugbrain.dev (“complexity very, very bad”)
-- Recommendation: Add source-level mutation in Rust, or clearly document/cap the full-style reload cost for update-heavy workloads.
+- Reference: ASVS `v5.0.0-15.1.2`; grugbrain.dev
+- Recommendation: Use a real platform-wheel pipeline (`cibuildwheel`, `auditwheel`, `delocate`, `maturin`, or equivalent) or rewrite embedded wheel metadata consistently. The current release job renames the filename only; a local build still emits `Root-Is-Purelib: true` and `Tag: py3-none-any`.
 - Status: open
 
-### 11) `geopy` is a required runtime dependency even though the library core does not use it
-- Location: `pyproject.toml:24-29`, `README.md:21-25`, `examples/address_rendering.py:1-26`
+### 9) CI integration tests depend on live third-party network and remote tile/style services
+- Location: `tests/test_render.py:34-39`, `tests/test_render.py:85-95`, `.github/workflows/ci.yml:138-222`, `docs/CI.md:20-33`, `docs/CI.md:128-134`
 - Category: complexity
-- Reference: ASVS `v5.0.0-15.2.3`; grugbrain.dev
-- Recommendation: Move geocoding dependencies into an example/extra (for example `geo` or `examples`) so the core renderer ships with a smaller attack and maintenance surface.
+- Reference: ASVS `v5.0.0-15.1.3`; grugbrain.dev
+- Recommendation: Move CI to local fixtures, a pinned test style, or a local mock tile server. Current smoke/integration coverage is useful, but it is also coupled to OpenFreeMap availability and network latency.
+- Status: open
+
+### 10) Test container still bootstraps toolchain code via `curl | sh`
+- Location: `Dockerfile.test:21`
+- Category: security
+- Reference: ASVS `v5.0.0-15.2.4`
+- Recommendation: Pin a checksum or versioned installer artifact, or use a trusted package source instead of piping a live script directly into `sh`.
+- Status: open
+
+### 11) Release provenance action digest is already stale per local Renovate lookup
+- Location: `.github/workflows/release.yml:161-163`, `.github/workflows/release.yml:200-202`, `renovate.json:1-3`
+- Category: security
+- Reference: ASVS `v5.0.0-15.1.1`, `v5.0.0-15.2.1`
+- Recommendation: Refresh `actions/attest-build-provenance` to digest `a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32` and keep digest refreshes within the repo’s documented remediation window.
 - Status: open
 
 ## Resolved log
-- Previously flagged workflow action drift is resolved in the current tree: committed workflow YAML is digest-pinned (`.github/workflows/ci.yml`, `.github/workflows/release.yml`).
-- Previously flagged predictable temp style filenames are resolved: the Rust daemon now uses `tempfile::NamedTempFile` (`rust/src/main.rs`).
-- Previously flagged unit-test selection drift is resolved: `just test-unit` now excludes only `integration` tests (`Justfile:34-36`).
-- Previously flagged floating tool versions are resolved: `.mise.toml` now pins Python, Rust, Just, and uv (`.mise.toml:1-5`).
-- Previously flagged dead vendored Node renderer surface is resolved in the current tree: the tracked JS renderer/vendor files are gone from `mlnative/`.
-- Previously flagged Rust patch lag is resolved: `maplibre_native` and `image` are already at the looked-up current versions in `rust/Cargo.toml`.
-- Previously flagged PNG base64 transport/thread-per-command issues are resolved: the current bridge uses a persistent reader thread and raw binary payload framing (`mlnative/_bridge.py`, `rust/src/main.rs`).
+- Example servers now bind to loopback by default instead of `0.0.0.0` (`examples/fastapi_server.py:112`, `examples/web_test_server.py:165`).
+- Native binary lookup now prefers packaged binaries and requires explicit opt-in for `PATH` fallback (`mlnative/_bridge.py:101-110`, `tests/test_bridge.py:33-57`).
+- The old binary download helper now fails closed instead of downloading and executing an unverified artifact (`scripts/download-binary.py:36-53`).
+- CI security scanning is wired back in via `uv run --frozen --with pip-audit pip-audit` (`.github/workflows/ci.yml`).
+- `fit_bounds()` now enforces Web Mercator-safe latitude bounds and fails with `MlnativeError` instead of raw projection errors (`mlnative/map.py:333-352`).
+- `geopy` is no longer a core runtime dependency; it lives in the optional `geo` extra (`pyproject.toml:26-33`).

README.md

@@ -18,27 +18,24 @@ pip install mlnative
 
 ```python
 from mlnative import Map
-from geopy.geocoders import ArcGIS
-
-# Geocode an address
-geolocator = ArcGIS()
-location = geolocator.geocode("San Francisco")
 
-# Render map at that location
 with Map(512, 512) as m:
-    png = m.render(
-        center=[location.longitude, location.latitude],
-        zoom=12
-    )
+    png = m.render(center=[-122.4194, 37.7749], zoom=12)
     open("map.png", "wb").write(png)
 ```
 
+For geocoding examples, install the optional extra:
+
+```bash
+pip install 'mlnative[geo]'
+```
+
 ## Features
 
 - **Zero config** - Works out of the box with OpenFreeMap tiles
 - **HiDPI support** - `pixel_ratio=2` for sharp retina displays
 - **Batch rendering** - Efficiently render hundreds of maps
-- **Address geocoding** - Built-in support via geopy
+- **Optional geocoding extra** - Use `mlnative[geo]` for address lookup examples
 - **Custom markers** - Add GeoJSON points, lines, polygons
 
 ## Screenshots
@@ -68,11 +65,11 @@ Both images show the exact same geographic area. The 2x version has 4x more pixe
 
 ## Examples
 
-### Render from address
+### Render from address (optional `geo` extra)
 
 ```python
-from mlnative import Map
 from geopy.geocoders import ArcGIS
+from mlnative import Map
 
 geolocator = ArcGIS()
 location = geolocator.geocode("Sydney Opera House")
@@ -84,6 +81,9 @@ with Map(512, 512) as m:
     )
 ```
 
+Install first with `pip install 'mlnative[geo]'`.
+
+
 ### Fit bounds to show area
 
 ```python
@@ -109,7 +109,7 @@ with Map(800, 600) as m:
     png = m.render(center=center, zoom=zoom)
 ```
 
-### Batch render multiple cities
+### Batch render multiple cities (optional `geo` extra)
 
 ```python
 from geopy.geocoders import ArcGIS
@@ -136,24 +136,15 @@ with Map(512, 512) as m:
 Use `pixel_ratio` to render high-resolution images for crisp display on retina/HiDPI screens.
 
 ```python
-from geopy.geocoders import ArcGIS
-
-geolocator = ArcGIS()
-location = geolocator.geocode("Paris")
+center = [2.3522, 48.8566]  # Paris
 
 # Standard display (1x) - 512x512 image
 with Map(512, 512, pixel_ratio=1) as m:
-    png = m.render(
-        center=[location.longitude, location.latitude],
-        zoom=13
-    )
+    png = m.render(center=center, zoom=13)
 
 # Retina/HiDPI display (2x) - 1024x1024 image
 with Map(512, 512, pixel_ratio=2) as m:
-    png = m.render(
-        center=[location.longitude, location.latitude],
-        zoom=13
-    )
+    png = m.render(center=center, zoom=13)
     # Same geographic area, but text appears sharper
 ```
 
@@ -196,11 +187,12 @@ views = [
 
 # Per-view GeoJSON updates are not supported here. Use set_geojson()
 # and render() in a loop when each image needs different source data.
+# Large batches are capped to keep memory use predictable.
 ```
 
 ### fit_bounds(bounds, padding=0, max_zoom=24)
 
-Calculate center/zoom to fit bounding box.
+Calculate center/zoom to fit bounding box. Bounds must stay within Web Mercator latitude limits (about ±85.0511°).
 
 ```python
 center, zoom = m.fit_bounds((xmin, ymin, xmax, ymax))
@@ -210,6 +202,7 @@ png = m.render(center=center, zoom=zoom)
 ### set_geojson(source_id, geojson)
 
 Update GeoJSON source in style (requires dict style, not URL).
+Each update reloads the full style in the current backend, so keep source payloads modest.
 
 ```python
 m.set_geojson("markers", {"type": "FeatureCollection", "features": [...]})

examples/address_rendering.py

@@ -4,7 +4,10 @@
 maps from addresses without manually looking up coordinates.
 """
 
-from geopy.geocoders import ArcGIS
+try:
+    from geopy.geocoders import ArcGIS
+except ImportError as e:
+    raise SystemExit("Install the optional geo extra to run this example: pip install 'mlnative[geo]'") from e
 
 from mlnative import Map
 

examples/basic.py

@@ -5,7 +5,10 @@
 Renders maps using addresses instead of hardcoded coordinates.
 """
 
-from geopy.geocoders import ArcGIS
+try:
+    from geopy.geocoders import ArcGIS
+except ImportError as e:
+    raise SystemExit("Install the optional geo extra to run this example: pip install 'mlnative[geo]'") from e
 
 from mlnative import Map