fix(spm): track artifact bundle options in lock identity

[risu729]

Summary

• include SPM artifact selection options in lock identity so stale locks are not reused across source/artifact modes
• keep filter_bins out of lock identity while still treating it as current install-manifest state
• clarify why SPM option lookup is target-aware for lockfile generation

Option behavior

• provider: part of lock identity because it chooses the release API/provider used to resolve artifacts. Values are canonicalized to lowercase, and the default github is omitted from the lock key.
• api_url: part of lock identity because self-hosted or alternate API endpoints can resolve different releases/assets. Trailing slashes are trimmed so equivalent URLs do not regenerate lock entries.
• artifactbundle: part of lock identity because true, false, and auto mode select different install paths. true requires an artifact bundle, false forces source builds, and auto mode can use artifacts when available.
• artifactbundle_asset: part of lock identity because it pins the exact artifact bundle asset name to select from a release.
• filter_bins: not part of lock identity because it only changes which built executables are exposed after the same source/artifact install. It remains an install-manifest option so changing config overrides stale cached layout state.

Verification

• cargo fmt --check
• cargo test test_lockfile_options
• cargo test test_resolve_artifactbundle_mode
• cargo test test_lockfile_options_include_artifact_inputs_not_filter_bins

Summary by CodeRabbit

• Documentation

  • Clarified documentation for backend configuration caching behavior.

• New Features

  • Swift Package Manager backend now uses target-aware configuration resolution for improved cross-platform builds.
  • Added stricter validation for artifact bundle settings with enhanced error handling.

[gemini-code-assist]

Code Review

This pull request adds target-specific option resolution and lockfile generation for the SPM backend. It refactors SpmOptions to accept an optional PlatformTarget for retrieving configuration values like provider, api_url, and artifactbundle settings, and implements resolve_lockfile_options on SPMBackend. The reviewer suggested normalizing the provider name to lowercase to ensure case-insensitive consistency.

[greptile-apps]

Greptile Summary

This PR fixes stale-lock reuse for SPM by including provider, api_url, artifactbundle, and artifactbundle_asset in lock identity via a new resolve_lockfile_options override, while deliberately keeping filter_bins out of the lock key (it's a post-install layout option). artifactbundle_mode is promoted to eyre::Result so invalid values now propagate as errors at install time instead of silently falling back to Auto.

• lockfile_options is target-aware via PlatformTarget, so platform-scoped config keys are correctly resolved per target when generating cross-platform lockfiles.
• install_time_option_keys for SPM is wired into install_time_option_keys_for_type, covering all five option keys so stale cached values are replaced by current config.
• provider values are canonicalized to lowercase and the default "github" is omitted from the lock key; trailing slashes on api_url are trimmed inside the accessor so callers no longer duplicate that logic.

Confidence Score: 5/5

Safe to merge; the lock-identity fix is well-scoped and the new error propagation path in artifactbundle_mode is an improvement over the previous silent fallback.

All changed code paths are covered by the new and updated unit tests. The artifactbundle_mode error-propagation change is strictly an improvement: callers that previously got a silent Auto on bad input now receive a clear error. The lockfile_options logic is straightforward BTreeMap construction with correct canonicalisation for provider and api_url. No regressions are apparent in the install or lockfile-generation paths.

No files require special attention.

Important Files Changed

Filename	Overview
src/backend/spm.rs	Adds lockfile_options / install_time_option_keys for SPM; artifactbundle_mode now returns eyre::Result so invalid values propagate instead of silently defaulting to Auto; lockfile_options still swallows Err(_) from that path
src/backend/mod.rs	Wires BackendType::Spm into install_time_option_keys_for_type; updates docstring to reflect broader manifest-coverage semantics

_{Reviews (5): Last reviewed commit: "fix(spm): stop locking invalid artifact ..." | Re-trigger Greptile}

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR makes SPM backend option resolution target-aware to prevent host-specific fallback during lockfile generation for alternate platforms. Documentation is clarified, a new public install_time_option_keys() API is added, and artifactbundle validation is stricter with proper error propagation.

Changes

SPM Target-Aware Option Resolution

Layer / File(s)	Summary
Documentation clarification for install-time options src/backend/mod.rs	Doc comments reframed to clarify cached-value replacement semantics and note that backend-specific option lists may include layout options not meant to be reused from stale caches.
Core target-aware option resolution mechanism src/backend/spm.rs	SpmOptions now uses option_string(key, target) to resolve options either for the current host or a specific PlatformTarget. Helper methods for provider, api_url, artifactbundle_asset, and artifactbundle_mode are rewired to this mechanism. artifactbundle_mode now validates truthy/falsey values and returns Result. lockfile_options(target) builds a target-specific BTreeMap without host fallback.
Public install-time option keys API src/backend/spm.rs	New public function install_time_option_keys() declares which options are considered install-time inputs, including filter_bins alongside provider/api_url/artifactbundle fields.
Target-aware lockfile options generation src/backend/spm.rs	resolve_lockfile_options() computes lockfile options by passing the target platform into SpmOptions::lockfile_options(target), enabling platform-specific option resolution.
Installation-time and provider/asset resolution updates src/backend/spm.rs	Installation-time artifact bundle mode parsing uses target-agnostic form (artifactbundle_mode(None)) and propagates parsing errors. Git provider/api_url and artifact bundle asset selection updated to use new target-aware accessors with None for host-agnostic lookup.
Test coverage src/backend/spm.rs	Unit tests validate lockfile option inclusion/exclusion by platform, install_time_option_keys() contents, and that artifactbundle_mode now returns errors on invalid values instead of defaulting.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A rabbit hops through option strings so fine,
Target-aware now, no more host-to-host line!
Lockfiles lock true to each platform's own way,
Artifactbundles validated—hooray, hooray! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 55.56% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: tracking artifact bundle options in lock identity for SPM, which is the core objective of the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/backend/spm.rs`:
- Around line 105-113: The code currently treats Err(_) from
artifactbundle_mode(Some(target)) the same as Auto and drops the option, which
hides invalid inputs; change the Err(_) branch so lock identity reflects invalid
input instead of collapsing to Auto: either propagate the error (return Err with
the artifactbundle error) from the function that builds opts, or insert an
explicit marker into opts (e.g., opts.insert("artifactbundle".to_string(),
format!("invalid:{}", raw_input))) so the invalid value is preserved in the lock
identity; locate the call to artifactbundle_mode and the opts map in the current
function to implement one of these two fixes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: f972e393-6fcc-4cff-b2ba-435d151b4ea9

📥 Commits

Reviewing files that changed from the base of the PR and between a0dd654 and 2edbfb8.

📒 Files selected for processing (2)

• src/backend/mod.rs
• src/backend/spm.rs

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Do not collapse invalid artifactbundle input to Auto in lock identity.

At Line 112, Err(_) is ignored, so invalid values produce the same lock options as unset/auto. That can hide bad config and cause lock identity mismatches across runs.

Suggested direction

-        match self.artifactbundle_mode(Some(target)) {
+        match self.artifactbundle_mode(Some(target)) {
             Ok(ArtifactBundleMode::Required) => {
                 opts.insert("artifactbundle".to_string(), "true".to_string());
             }
             Ok(ArtifactBundleMode::SourceOnly) => {
                 opts.insert("artifactbundle".to_string(), "false".to_string());
             }
-            Ok(ArtifactBundleMode::Auto) | Err(_) => {}
+            Ok(ArtifactBundleMode::Auto) => {}
+            Err(err) => {
+                // Avoid silently collapsing invalid user input into Auto identity.
+                // Prefer propagating this via a Result-returning API if feasible.
+                opts.insert("artifactbundle".to_string(), "__invalid__".to_string());
+                debug!("invalid artifactbundle option for lockfile options: {err}");
+            }
         }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	match self.artifactbundle_mode(Some(target)) {
	Ok(ArtifactBundleMode::Required) => {
	opts.insert("artifactbundle".to_string(), "true".to_string());
	}
	Ok(ArtifactBundleMode::SourceOnly) => {
	opts.insert("artifactbundle".to_string(), "false".to_string());
	}
	Ok(ArtifactBundleMode::Auto) | Err(_) => {}
	}
	match self.artifactbundle_mode(Some(target)) {
	Ok(ArtifactBundleMode::Required) => {
	opts.insert("artifactbundle".to_string(), "true".to_string());
	}
	Ok(ArtifactBundleMode::SourceOnly) => {
	opts.insert("artifactbundle".to_string(), "false".to_string());
	}
	Ok(ArtifactBundleMode::Auto) => {}
	Err(err) => {
	// Avoid silently collapsing invalid user input into Auto identity.
	// Prefer propagating this via a Result-returning API if feasible.
	opts.insert("artifactbundle".to_string(), "__invalid__".to_string());
	debug!("invalid artifactbundle option for lockfile options: {err}");
	}
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/backend/spm.rs` around lines 105 - 113, The code currently treats Err(_)
from artifactbundle_mode(Some(target)) the same as Auto and drops the option,
which hides invalid inputs; change the Err(_) branch so lock identity reflects
invalid input instead of collapsing to Auto: either propagate the error (return
Err with the artifactbundle error) from the function that builds opts, or insert
an explicit marker into opts (e.g., opts.insert("artifactbundle".to_string(),
format!("invalid:{}", raw_input))) so the invalid value is preserved in the lock
identity; locate the call to artifactbundle_mode and the opts map in the current
function to implement one of these two fixes.