fix(ci): resolve three pre-existing CI failures

1. Add desktop/src-tauri to workspace exclude array -- fixes Tauri build
   error "current package believes it's in a workspace when it's not"
   (caused by incomplete workspace decoupling in 314f99f)

2. Update deny.toml: add RUSTSEC-2023-0071 (RSA Marvin Attack, no fix
   available) to ignore list, remove orphaned RUSTSEC-2024-0421, and
   update bytes 1.11.0 -> 1.11.1 to fix RUSTSEC-2026-0007

3. Fix JavaScript indentation in performance-benchmarking.yml -- const
   comment was outside if-block scope, causing immediate workflow
   validation failure on every trigger

Co-Authored-By: Terraphim AI <noreply@anthropic.com>

Author: AlexMikhalev

.github/workflows/performance-benchmarking.yml

@@ -189,18 +189,18 @@ jobs:
             const sloMatch = report.match(/SLO Compliance: (\d+\.?\d*)%/);
             const sloCompliance = sloMatch ? sloMatch[1] : 'N/A';
 
-          const comment = [
-            "## 🚀 Performance Benchmark Results",
-            "",
-            `**SLO Compliance:** ${sloCompliance}%`,
-            "",
-            "### Key Findings:",
-            report.includes('violations')
-              ? '⚠️ Some performance thresholds were not met'
-              : '✅ All performance requirements satisfied',
-            "",
-            `[View full report](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})`,
-          ].join("\\n");
+            const comment = [
+              "## Performance Benchmark Results",
+              "",
+              `**SLO Compliance:** ${sloCompliance}%`,
+              "",
+              "### Key Findings:",
+              report.includes('violations')
+                ? 'Some performance thresholds were not met'
+                : 'All performance requirements satisfied',
+              "",
+              `[View full report](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})`,
+            ].join("\\n");
 
             github.rest.issues.createComment({
               issue_number: context.issue.number,

Cargo.lock

@@ -2,7 +2,7 @@
 [workspace]
 resolver = "2"
 members = ["crates/*", "terraphim_server", "terraphim_firecracker", "terraphim_ai_nodejs"]
-exclude = ["crates/terraphim_agent_application", "crates/terraphim_truthforge", "crates/terraphim_validation", "crates/terraphim_rlm", "crates/terraphim_automata_py"]  # Experimental crates (RLM feature-gated); automata_py is a PyO3 extension module -- build with `maturin develop` instead of cargo
+exclude = ["crates/terraphim_agent_application", "crates/terraphim_truthforge", "crates/terraphim_validation", "crates/terraphim_rlm", "crates/terraphim_automata_py", "desktop/src-tauri"]  # Experimental crates; automata_py needs `maturin develop`; desktop/src-tauri built separately via Tauri CLI
 default-members = ["terraphim_server"]
 
 [workspace.package]

Cargo.toml

@@ -10,10 +10,10 @@ yanked = "warn"
 
 # Ignore specific advisories
 ignore = [
-    # idna vulnerability via trust-dns-proto (transitive dep from terraphim_rlm)
-    # Will be fixed when migrating from trust-dns to hickory-dns
-    # TODO: Track migration in GitHub issue
-    "RUSTSEC-2024-0421",
+    # RSA Marvin Attack - transitive dep via octocrab -> jsonwebtoken -> rsa
+    # No safe upgrade available yet; RustCrypto team migrating to constant-time impl
+    # TODO: Remove once octocrab updates to rsa with constant-time support
+    "RUSTSEC-2023-0071",
     # atty unaligned read - transitive dep, only affects Windows with custom allocators
     "RUSTSEC-2021-0145",
     # atty unmaintained - used by terraphim_agent, should migrate to std::io::IsTerminal