fix(antd-rust): regenerate Cargo.lock to unbreak --locked CI#110
Merged
Conversation
The alloy dev-dependency added for the 07-external-signer example
landed in Cargo.toml without a matching Cargo.lock refresh. The
`API contract tests (antd-rust)` job runs `cargo test --locked` and
has been failing on every push to main since then (and on every PR
that triggers the CI path filter) with:
error: cannot update the lock file ... because --locked was passed
Regenerated Cargo.lock with `cargo update` (no flags) and verified
`cargo check --locked --all-targets` is now clean. Diff is large
(+310 packages) but mechanical — it's the alloy transitive graph
that should have been committed alongside the Cargo.toml change.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
6 tasks
Nic-dorman
added a commit
that referenced
this pull request
May 21, 2026
Cuts v0.8.0 atop v0.7.1. Substantial breaking-change roll-up of the put/get rename, the private-file PUT/GET gap close, and several minor surface cleanups -- bundled here so the v1.0 cut can ship stable on top. ## Breaking (antd daemon) - feat(antd)!: bind to 127.0.0.1 by default on REST and gRPC (#107). Previously bound 0.0.0.0; use --bind-rest / --bind-grpc to override. - chore: remove dead graph_entry surface from antd proto + 5 SDKs (#92). GraphService and its 4 RPCs are gone; REST mounts dropped. - chore: remove dir_upload_public / dir_download_public surface (#95). Use file_put_public on a directory path instead; the daemon recurses. - feat(antd)!: normalize put/get convention + close private-file PUT and GET gaps (#115). Method renames across proto + REST + SDKs: data_put_private -> data_put data_get_private -> data_get file_upload_public -> file_put_public file_download_public -> file_get_public New: file_put / file_get for the private file path (previously only the public variant existed). New typed results: DataPutResult, DataPutPublicResult, FilePutResult, FilePutPublicResult; PutResult is now annotated as chunk_put only. ## Additive - feat(antd): honor payment_mode on gRPC put/cost paths and REST cost endpoints (#114). Optional kwarg threaded through every put/cost signature; empty/omitted maps to "auto" so older clients keep working. - feat: external-signer public uploads + single-chunk prepare/finalize across 15 SDKs (#90). - docs+spec: openapi.yaml refreshed for the v1.0 surface, including POST /v1/chunks/prepare and /v1/chunks/finalize for single-chunk external-signer publish (#126). ## SDK fan-out (PaymentMode + put/get convention, all 15) #116 antd-go, #117 antd-py/ruby/elixir, #118 antd-rust, #119 antd-csharp, #120 antd-java, #121 antd-swift, #122 antd-dart, #123 antd-kotlin, #124 antd-cpp, #125 antd-js/php/zig/lua, #127 antd-mcp. ## SDK example + build fixes - fix(antd-go): make 03-files example self-contained and runnable (#91) - fix(examples): make 04-files runnable across cpp/rust/elixir/lua/php/ruby/zig (#93) - fix(examples): runnable dart 04_files + java Example03Files; add java Example03Chunks (#94) - feat: gRPC transport example for antd-py and antd-rust (#113) - feat(antd-py): 07_external_signer example + ant-dev dispatcher entry (#98) - feat(antd-js): 07-external-signer example + antd-py empty-payments fix (#99) - feat(rust/go): 07-external-signer examples (#100) - feat(antd-csharp): 07_external_signer example (#101) - feat(antd-java): 07_external_signer example (#102) - feat(antd-kotlin): 07_external_signer example (#103) - feat(antd-dart): 07_external_signer example (#104) - feat(antd-ruby): 07_external_signer example (#105) - feat(antd-php): 07_external_signer example (#106) - chore(antd-kotlin): drop stale GraphDescendant from local proto copy (#108) ## Docs / infra - docs: external-signer flow reference + ABI + python smoke test (#97) - docs: add SECURITY.md with threat model and disclosure policy (#109) - docs!: refresh per-SDK READMEs + llms-full.txt + openapi.yaml for v1.0 surface (#126) - ci: add Go lint + test + vuln scanning for antd-go (#112) - ci: extend antd-rust to sibling-repo parity (fmt + clippy + audit + doc) (#111) - ci: skip antd/openapi.yaml and llms-full.txt from triggering CI (#128) - chore(scripts): add full-stack + integration sweep helpers (#96) - fix(antd-rust): regenerate Cargo.lock to unbreak --locked CI (#110) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Main has been red since the 07-external-signer rust example landed. That change added the
alloy1.x dev-dependency toantd-rust/Cargo.toml(and[[example]]registration) without committing the matchingCargo.lockrefresh. The CI jobAPI contract tests (antd-rust)runs:…which now bails on every push to main (and on every PR that triggers the CI path filter —
antd/**,antd-rust/**,.github/workflows/ci.yml) with:Nobody saw this because PRs #101–#106 each only touched non-Rust SDKs and the path filter kept the CI workflow from firing. The first PRs to hit the filter again are the v1.0 security gates currently in review (#107, #108, #109).
Fix
Ran
cargo update(no flags) inantd-rust/to regenerate the lockfile against current crates.io, then verifiedcargo check --locked --all-targetspasses locally without triggering a lock-update bailout.Diff is mechanical and large (+3521 / -305 lines, 310 packages added, 26 removed) — that's the
alloytransitive graph that should have been committed alongside the original Cargo.toml change.Test plan
cargo check --locked --all-targetsinantd-rust/— clean, finishes in ~93s, only emits pre-existing unused-import warningsAPI contract tests (antd-rust)job goes green (i.e.cargo test --lockedno longer bails on the lock-update check)