feat(clippy): SCRC Phase 1 lint escalation — restriction family at warn#195
Merged
feat(clippy): SCRC Phase 1 lint escalation — restriction family at warn#195
Conversation
Lands Phase 1 of the DD-058 roadmap: the full Safety-Critical Rust
Consortium restriction-lint family is now declared at `warn` in
`[workspace.lints.clippy]`, and every workspace member inherits via
`[lints] workspace = true`.
Lints enabled (15):
unwrap_used, expect_used, indexing_slicing, arithmetic_side_effects,
as_conversions, cast_possible_truncation, cast_sign_loss,
wildcard_enum_match_arm, match_wildcard_for_single_variants,
panic, todo, unimplemented, dbg_macro, print_stdout, print_stderr.
Baseline: 5,204 violations across 95 files (1,260 unwrap_used,
1,191 arithmetic_side_effects, 1,175 indexing_slicing, 517
print_stdout, 404 expect_used, 249 as_conversions, 207 print_stderr,
115 wildcard_enum_match_arm, 35 panic, 34 cast_possible_truncation,
8 match_wildcard_for_single_variants, 6 cast_sign_loss).
Phase 1 strategy (per DD-059): grandfathered via file-scope
`#![allow(...)]` blocks carrying a `SAFETY-REVIEW (SCRC Phase 1,
DD-058)` rationale. Per-site rewrite deferred to Phase 2 — the
5.2k-site backlog would take weeks to clear inline and risks the
team disabling the lints out of fatigue (exactly the failure mode
DD-058 is designed to prevent).
Scope of the blanket allow:
* Production sources under rivet-core/src, rivet-cli/src, etch/src
(64 files) — each carries a file-scope block with a per-lint
rationale covering parser-offset math, BTreeMap lookups by key
just-inserted, tolerant enum catch-alls, etc.
* All integration tests and benches (31 files) — tests legitimately
use unwrap/expect/panic/assert-indexing patterns.
* rivet-cli binary — print_stdout/print_stderr are legitimate CLI
output; kept denied elsewhere.
Two incidental fixes to unblock -D warnings:
* rivet-core/src/validate.rs:765 — pre-existing unused_must_use on
`store.insert(art)` silently swallowed a Result. Wrapped in
`let _ =` (test-only code; Result is Ok in practice but
needed explicit discard).
* rivet-core/src/reqif.rs:1864 — `get(...).is_none()` clippy-
refactored to `!contains_key(...)` per the
unnecessary_get_then_check lint (not in SCRC family; would
otherwise block -D warnings).
* rivet-core/src/doc_check.rs — added regex_creation_in_loops to
the file-scope allow (intentional per-file pattern binding).
Verification:
cargo clippy --all-targets --workspace -- -D warnings: exits 0
(sole residual warning is the pre-existing MSRV mismatch between
clippy.toml 1.85.0 and Cargo.toml 1.89 — unrelated to SCRC).
cargo test --workspace: all 36 test binaries green.
rivet docs check: PASS (41 files scanned, 0 violations).
rivet validate: unchanged error count (6 pre-existing spar:*
external-import errors untouched by this change).
Candidates for downgrade (see DD-060): arithmetic_side_effects,
indexing_slicing, and as_conversions account for 2,712 of the 5,204
sites. In a userspace tool like rivet the signal-to-noise ratio of
these three lints is worth revisiting at Phase 2 kickoff — the SCRC
embedded rationale doesn't map 1:1 to a YAML parser and dashboard.
Artifact record: artifacts/v043-artifacts.yaml (DD-059, DD-060,
FEAT-129, REQ-061). CHANGELOG [Unreleased] section documents the
scope for external readers.
Refs: DD-058
Implements: REQ-004
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
VersionConsistency invariant rejected the "(v0.4.4 target)" text in the Phase 2 plan because the workspace version is still 0.4.2. Phase 2 is tracked in DD-060 — no need to bake a specific version into the prose. Keeps `rivet docs check` PASS. Refs: DD-059 Trace: skip Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
📐 Rivet artifact delta
Graphgraph LR
DD_059["DD-059"]:::added
DD_060["DD-060"]:::added
FEAT_129["FEAT-129"]:::added
REQ_061["REQ-061"]:::added
classDef added fill:#d4edda,stroke:#28a745,color:#155724
classDef removed fill:#f8d7da,stroke:#dc3545,color:#721c24
classDef modified fill:#fff3cd,stroke:#ffc107,color:#856404
classDef overflow fill:#e2e3e5,stroke:#6c757d,color:#495057,stroke-dasharray: 3 3
Added
Posted by |
avrabe
added a commit
that referenced
this pull request
Apr 23, 2026
* feat(variant): rivet variant explain for debugging solve outcomes Answers "why did my variant pick/skip feature X?" — a dev/debug UX gap called out in the v0.4.3 scope. Two modes: # Full audit: every effective feature + origin, unselected features, # and the constraint list rivet variant explain --model fm.yaml --variant prod.yaml # Single-feature focus: origin, attribute values, and every # constraint that mentions the feature rivet variant explain --model fm.yaml --variant prod.yaml asil-c Each effective feature carries an origin: - `selected` — user listed it under `selects:` - `mandatory` — parent group is mandatory, or is the root - `implied by <X>` — a constraint forced it in once <X> was selected - `allowed` — present but not proven mandatory `--format json` emits a structured audit for scripts (dashboard uses the same shape for the variant sidebar). Coverage: - explain_single_feature_shows_origin_and_attrs (text mode) - explain_single_feature_json_mode - explain_full_variant_audit_lists_origins_and_unselected Docs: new "Debugging" subsection in docs/getting-started.md under the variant management chapter, with an origin table. Implements: REQ-046 Refs: DD-050 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(variant): enrich eu-adas-c example + per-format smoke on realistic model Adds realistic `attributes:` to examples/variant/feature-model.yaml for every market (eu/us/cn with compliance+locale) and every ASIL level (asil-numeric + required analysis techniques). These match the worked examples in docs/getting-started.md so users can run the snippets against the shipped fixture and see the same output. New integration test `every_format_renders_realistic_example` exercises all 7 --format values against the enriched example and asserts each output contains the variant name and the asil-c marker (in whatever casing the format uses). Catches regressions that pass on toy models but break on constraint-driven inclusion, multi-attr features, or non-trivial tree depth. Implements: REQ-046 Refs: DD-050 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(release): v0.4.3 Workspace version bump 0.4.2 → 0.4.3, CHANGELOG entry covering the v0.4.3 changes that have already landed on main: - rivet variant features/value/attr for 7 build systems (#197) - docs: variant emitter walkthrough + exit-code contract (#198) - rivet variant explain for debugging solve outcomes (#199) - test: enrich eu-adas-c example + per-format smoke (#199) - sexpr count-compare + matches parse-time regex (#196) - SCRC Phase 1 clippy restriction lint escalation (#195) - Rivet Delta SVG render for email/mobile (#193) - stamp --missing-provenance filter + warn-skip (#192) v043-artifacts.yaml gains five new entries matching the implementations: - DD-061 build-system emitters are namespaced and loud-on-failure - FEAT-130 rivet variant features/value/attr - FEAT-131 rivet variant explain - DD-062 matches regex + count-compare validated at lower time - FEAT-132 count-compare lowering + matches parse-time regex - FEAT-133 Rivet Delta SVG render for email/mobile - FEAT-134 rivet stamp filter + warn-skip All 41 test binaries green. rivet validate: only pre-existing SPAR aadl-component schema errors remain (unrelated to this release). Implements: REQ-046 Refs: REQ-004, REQ-010, DD-050, DD-058 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 1 of the Safety-Critical Rust Consortium (SCRC) clippy lint escalation commitment from DD-058 (v0.4.2 CHANGELOG). Enables 13 restriction lints at
warnlevel workspace-wide; future violations in new code will fail CI without an explicit per-site#[allow(...)]carrying a// SAFETY-REVIEW:rationale.Scope
Lints enabled:
unwrap_used,expect_used,indexing_slicing,arithmetic_side_effects,as_conversions,cast_possible_truncation,cast_sign_loss,wildcard_enum_match_arm,match_wildcard_for_single_variants,panic,todo,unimplemented,dbg_macro,print_stdout,print_stderr.Baseline: 5,204 warnings across 95 files.
Resolution:
#![allow(...)]grandfathering with per-lint SAFETY-REVIEW rationaleResults:
cargo clippy --all-targets --workspace -- -D warningsexits 0cargo test --workspace— 36/36 binaries greenrivet docs check— PASSOpen decision — DD-060
Three lint classes account for 52% of the sites (2,712):
arithmetic_side_effects(1,191) — trivial counter math in parser loopsindexing_slicing(1,175) — CST offset work where bounds were already checkedas_conversions(249) — usize↔u32/u64 on bounded byte offsetsDD-060 records these as deferred decisions. Options for Phase 2:
Ship this PR as-is; take the Phase 2 decision in a follow-up.
New artifacts
artifacts/v043-artifacts.yaml— DD-059, DD-060, FEAT-129, REQ-061CHANGELOG.md[Unreleased]sectionTest plan
cargo clippy --all-targets --workspace -- -D warnings— exits 0cargo test --workspace— 36/36 greenrivet docs check— PASSunwrap()/expect()/panic!()in follow-up PRsImplements: REQ-004
Refs: DD-058
🤖 Generated with Claude Code