Changed: Move semver checks to matrix-based job

[Sewer56]

Summary

• Moves cargo-semver-checks from inline bash in the CI job to a dedicated matrix-based semver-checks job
• Uses the new Reloaded-Project/devops-cargo-semver-checks-action@v1 wrapper for caching isolation and unpublished-crate filtering
• All feature-group values are now explicit for self-documenting matrix rows

Benefits

• Caching isolation: Each semver surface gets its own rustdoc cache via unique prefix-key, avoiding cross-contamination
• Clean separation: Semver checks run in parallel with the CI matrix rather than embedded in it
• Unpublished crate handling: New workspace crates won't fail CI — the wrapper skips them automatically
• Easier maintenance: Matrix rows are self-documenting; no need to know upstream defaults

Matrix coverage

Each row represents one semver surface (package + feature combination):

Surface	Why
Core async/blocking + linux-bwrap variants	maybe-async changes public signatures; linux-bubblewrap exports extra public items
Serdesai async full + linux-bwrap	Same rationale
Bubblewrap base/tokio/blocking	All feature surfaces exported
Agents + Models Dev default	Grouped async-default surface
Models Dev blocking	Blocking surface

Linux-only coverage is sufficient because Windows/macOS cfg branches are implementation-only today.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.18%. Comparing base (da13169) to head (6977f2a).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #85   +/-   ##
=======================================
  Coverage   81.18%   81.18%           
=======================================
  Files          99       99           
  Lines        4007     4007           
=======================================
  Hits         3253     3253           
  Misses        754      754           

Flag	Coverage Δ
async	80.35% <ø> (ø)
blocking	57.23% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Walkthrough

Removed the inline cargo-semver-checks step from the ci job’s Linux matrix and added a dedicated top-level semver-checks job that runs on pull requests and tag pushes. The new job uses Reloaded-Project/devops-cargo-semver-checks-action@v1, targets x86_64-unknown-linux-gnu, and enumerates a matrix of explicit semver surfaces (package + feature group + features) with prefix-key values wired into rustdoc/cargo cache key suffixes. The publish-crate job now depends on semver-checks in addition to ci and format.

Possibly related PRs

• Sewer56/llm-coding-tools PR 14: Modifies the workflow’s semver-checks logic in .github/workflows/rust.yml, expanding the crates validated by the inline cargo-semver-checks step.
• Sewer56/llm-coding-tools PR 22: Adjusts how cargo-semver-checks is invoked and which crates/features are checked in the CI workflow.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: moving semver checks from inline CI bash to a dedicated matrix-based job, which is the central refactoring effort.
Description check	✅ Passed	The description covers the key changes, benefits, and matrix coverage with clear structure and reasoning; it meets and exceeds the basic template requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor/semver-checks-matrix

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/rust.yml:
- Around line 188-199: The workflow step named "Run semver check surface" is
using a non-existent action value
Reloaded-Project/devops-cargo-semver-checks-action@v1; update the uses entry to
obi1kenobi/cargo-semver-checks-action@v2, and then revise the step inputs to
match that action's interface (e.g., replace
manifest-path/package/feature-group/features/rust-toolchain/rust-target/prefix-key/rust-cache-key-suffix
with the parameters supported by obi1kenobi/cargo-semver-checks-action@v2 such
as cargo-command, baseline-ref, crate-path or other documented inputs), keeping
the step name and placement the same so the "Run semver check surface" step
calls the correct action.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 85dc841c-2033-4ad6-a56f-bf32f49960ec

📥 Commits

Reviewing files that changed from the base of the PR and between da13169 and 354d84f.

📒 Files selected for processing (1)

• .github/workflows/rust.yml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Semver Checks (Serdesai Async Full Linux Bwrap)
• GitHub Check: Semver Checks (Serdesai Async Full)
• GitHub Check: Async Windows
• GitHub Check: Async macOS
• GitHub Check: Async Linux
• GitHub Check: Blocking macOS
• GitHub Check: Blocking Windows

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2026-04-03T23:07:13.237Z

Learnt from: CR
Repo: Sewer56/llm-coding-tools PR: 0
File: src/AGENTS.md:0-0
Timestamp: 2026-04-03T23:07:13.237Z
Learning: After code changes, run `verify` from `.cargo/` before returning

Applied to files:

• .github/workflows/rust.yml

📚 Learning: 2026-04-03T23:07:13.237Z

Learnt from: CR
Repo: Sewer56/llm-coding-tools PR: 0
File: src/AGENTS.md:0-0
Timestamp: 2026-04-03T23:07:13.237Z
Learning: Review-only rules files (`general.md`, `performance.md`, `documentation.md`) live in `.cargo/` alongside the `verify` script

Applied to files:

• .github/workflows/rust.yml

🔇 Additional comments (3)

.github/workflows/rust.yml (3)

155-172: Job configuration and documentation look good.

The job-level setup is well-structured:

• Conditional execution on PRs and tags aligns with when semver checks matter.
• fail-fast: false ensures all surfaces are checked even if one fails.
• The inline comments clearly document the Linux-only rationale and cache strategy.

---

205-205: Correct gate: semver checks must pass before publishing.

Adding semver-checks to the needs array ensures breaking changes are caught before crates are published. The job conditions align properly—both semver-checks and publish-crate run on tag pushes, so the dependency chain is satisfied.

---

174-186: Matrix coverage aligns with package feature structures.

The matrix rows cover the documented public API surfaces. Cross-referencing with the Cargo.toml snippets confirms the feature combinations are valid. The search of serdesai's Cargo.toml and source code confirms it has no blocking feature surface, so the async-only coverage in the matrix is appropriate. No additional rows are needed for serdesai variants.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/rust.yml:
- Around line 174-186: The workflow matrix includes three rows labeled
"Bubblewrap Base", "Bubblewrap Async", and "Bubblewrap Blocking" that reference
the unpublished package llm-coding-tools-bubblewrap, causing the semver check to
fail; either remove these three matrix entries from the matrix.include block
(the rows with package: llm-coding-tools-bubblewrap and prefix_keys
bubblewrap-base, bubblewrap-tokio, bubblewrap-blocking) or publish
llm-coding-tools-bubblewrap to crates.io before running the semver action so
those entries are not filtered out.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e08040e8-13f1-478f-98b2-87e5276eeb53

📥 Commits

Reviewing files that changed from the base of the PR and between 354d84f and 6977f2a.

📒 Files selected for processing (1)

• .github/workflows/rust.yml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Blocking macOS
• GitHub Check: Async Linux
• GitHub Check: Async Windows
• GitHub Check: Async macOS
• GitHub Check: Blocking Windows

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2026-04-03T23:07:13.237Z

Learnt from: CR
Repo: Sewer56/llm-coding-tools PR: 0
File: src/AGENTS.md:0-0
Timestamp: 2026-04-03T23:07:13.237Z
Learning: After code changes, run `verify` from `.cargo/` before returning

Applied to files:

• .github/workflows/rust.yml

📚 Learning: 2026-04-03T23:07:13.237Z

Learnt from: CR
Repo: Sewer56/llm-coding-tools PR: 0
File: src/AGENTS.md:0-0
Timestamp: 2026-04-03T23:07:13.237Z
Learning: Review-only rules files (`general.md`, `performance.md`, `documentation.md`) live in `.cargo/` alongside the `verify` script

Applied to files:

• .github/workflows/rust.yml

🔇 Additional comments (1)

.github/workflows/rust.yml (1)

155-160: Lock down GITHUB_TOKEN on the new semver job.

This job runs a third-party action, and GitHub notes that actions can read github.token even when you do not pass it explicitly; they also recommend granting the token the least required permissions. Add an explicit minimal permissions block to ensure this job does not inherit broader scopes than necessary.

🔒 Proposed hardening

  semver-checks:
    name: Semver Checks (${{ matrix.label }})
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request' || startsWith(github.ref, 'refs/tags/')
+   permissions:
+     contents: read
    strategy: