Context
Surfaced while remediating CI on #48 (a docs PR that triggered the full suite).
The Aspect tests job (tests/aspect_tests.sh, the "Route γ aspect-injection"
gate) is a self-imposed SPARK-grade source-quality gate that the current
src/ tree does not yet satisfy. It is pre-existing and unrelated to the docs
change. The other ~98 failing checks on #48 were root-caused and fixed
(echidna path-dep provisioning, ReScript .hypatia-ignore, STATE.a2ml,
examples/inspect.vcl); this gate is the remaining red and is a genuine code
refactor, not a config fix — so it's tracked here rather than changed blindly.
What the gate requires (and current state)
tests/aspect_tests.sh fails the job unless all of these hold:
| Check |
Requirement |
Current |
SPDX headers on all src/ Rust files |
0 missing |
5 missing |
No unsafe { in src/ (FFI belongs in ffi/) |
0 |
20 |
No .unwrap() / .expect() in production src/ |
0 |
61 |
1. Missing SPDX headers (mechanical, safe)
src/interface/dap/src/lib.rs
src/interface/lsp/src/lib.rs
src/interface/lint/src/lib.rs
src/interface/fmt/src/lib.rs
src/core/lib.rs
Prepend // SPDX-License-Identifier: MPL-2.0 (+ the estate copyright line).
2. unsafe blocks in src/ (20) — needs judgement
The gate's intent is that FFI unsafe lives under ffi/, not src/. Each site
needs review: move genuine FFI to ffi/, or justify/relocate. Enumerate with
grep -rn 'unsafe\s*{' src/.
3. .unwrap() / .expect() in src/ (61) — needs proper error handling
Replace with ?-propagation / typed errors (src/errors/). This changes
function signatures (Result returns) and is not a safe blanket
substitution — each site needs the right error path. Enumerate with
grep -rn '\.unwrap()\|\.expect(' src/ | grep -v cfg(test).
Why not auto-fixed here
- (2) and (3) are ~81 semantic edits that alter error/ABI behaviour; a blind
mechanical pass risks regressions and can't be validated beyond "it compiles".
- Some
unwraps may be provably-safe and intentional — that's a maintainer call.
Suggested approach
- Land the 5 SPDX headers (trivial).
- Sweep
unsafe → relocate FFI to ffi/ (or annotate/justify per gate policy).
- Sweep
unwrap/expect → ? + typed errors, module by module, cargo test
after each. The src/interface/parse crate already meets the bar (it's the
trusted boundary parser) — use it as the pattern.
Acceptance: bash tests/aspect_tests.sh → 0 failed.
Refs #48.
Context
Surfaced while remediating CI on #48 (a docs PR that triggered the full suite).
The
Aspect testsjob (tests/aspect_tests.sh, the "Route γ aspect-injection"gate) is a self-imposed SPARK-grade source-quality gate that the current
src/tree does not yet satisfy. It is pre-existing and unrelated to the docschange. The other ~98 failing checks on #48 were root-caused and fixed
(echidna path-dep provisioning, ReScript
.hypatia-ignore,STATE.a2ml,examples/inspect.vcl); this gate is the remaining red and is a genuine coderefactor, not a config fix — so it's tracked here rather than changed blindly.
What the gate requires (and current state)
tests/aspect_tests.shfails the job unless all of these hold:src/Rust filesunsafe {insrc/(FFI belongs inffi/).unwrap()/.expect()in productionsrc/1. Missing SPDX headers (mechanical, safe)
Prepend
// SPDX-License-Identifier: MPL-2.0(+ the estate copyright line).2.
unsafeblocks insrc/(20) — needs judgementThe gate's intent is that FFI
unsafelives underffi/, notsrc/. Each siteneeds review: move genuine FFI to
ffi/, or justify/relocate. Enumerate withgrep -rn 'unsafe\s*{' src/.3.
.unwrap()/.expect()insrc/(61) — needs proper error handlingReplace with
?-propagation / typed errors (src/errors/). This changesfunction signatures (Result returns) and is not a safe blanket
substitution — each site needs the right error path. Enumerate with
grep -rn '\.unwrap()\|\.expect(' src/ | grep -v cfg(test).Why not auto-fixed here
mechanical pass risks regressions and can't be validated beyond "it compiles".
unwraps may be provably-safe and intentional — that's a maintainer call.Suggested approach
unsafe→ relocate FFI toffi/(or annotate/justify per gate policy).unwrap/expect→?+ typed errors, module by module,cargo testafter each. The
src/interface/parsecrate already meets the bar (it's thetrusted boundary parser) — use it as the pattern.
Acceptance:
bash tests/aspect_tests.sh→0 failed.Refs #48.