Skip to content

chore(scripts): add feature_dep_audit.sh — Phase 8a baseline tool (refs #195)#292

Merged
githubrobbi merged 1 commit into
mainfrom
chore/feature-dep-audit-phase-8a
May 19, 2026
Merged

chore(scripts): add feature_dep_audit.sh — Phase 8a baseline tool (refs #195)#292
githubrobbi merged 1 commit into
mainfrom
chore/feature-dep-audit-phase-8a

Conversation

@githubrobbi
Copy link
Copy Markdown
Collaborator

@githubrobbi githubrobbi commented May 19, 2026

Summary

Phase 8a baseline tool — mirrors clone_alloc_audit.sh (Phase 6a) and trait_generic_audit.sh (Phase 7a) in shape and rigor. Read-only inventory script. No behavior change.

What it does

Walks every crate's Cargo.toml + src/ tree and emits a Markdown inventory of:

  • Per-crate feature surface — count, default? dep:-gated, optional = true deps, cfg(feature) site count, # Features rustdoc presence.
  • Per-feature contract (playbook §988) — activations, default? use-site count.
  • Optional-dep cross-check — every optional = true dep should be referenced by exactly one feature via dep:foo.
  • Consumer-side default-features = false overrides (skips TOML comment lines so rustdoc mentions of the syntax don't false-flag).
  • deny.toml [bans].skip-tree inventory with rationale.

Optional cargo cross-checks behind flags:

  • --with-cargo runs cargo tree --workspace -d --depth 0 (deduped by (name, version) so same-version doubles aren't reported) and cargo machete, cross-checks duplicates against the skip-tree, surfaces NEW unjustified dups.
  • --with-deny additionally runs cargo deny check and tabulates the four-category pass.

Baseline run @ 33f22b572 (Phase 7 closeout)

Signal Count
Features 3 (uffs-cli, uffs-client, uffs-mcp)
Crates with # Features rustdoc 0 / 3 → Phase 8b fills in
cfg(feature) prod-path use-sites 17
Orphan optional deps 0
Consumer default-features = false overrides 2 (deliberate: uffs-cli → uffs-client, uffs-polars → polars)
Distinct duplicate-version crate groups 12 (4 in skip-tree, 8 warn-only)
cargo machete unused deps 0
cargo deny check 4/4 green ✅

Acceptance

  • ✅ Read-only — no source / Cargo.toml modifications.
  • ✅ Idempotent — rerun yields identical Markdown for the same SHA.
  • ✅ Matches the shape of clone_alloc_audit.sh (Phase 6a) and trait_generic_audit.sh (Phase 7a).
  • shellcheck clean (info-only SC2016 hits matching the pre-existing scripts).
  • ✅ Pre-push gate green (95 s, all 21 checks passed).

Phase-8 rules adherence

    1. No suppression hacks — the script surfaces the 8 warn-only duplicate groups; it does not silence them.
    1. Surgical, correct fixes — pure addition of a tooling script.
    1. Preserve behavior & contracts — read-only, no API or behavior change.
    1. Improve tests, don't dodge them — the script is itself a CI-rerunnable inventory.
    1. Document & commit well — full file-header docs; per-section caveats; cross-refs to Phase 6/7 companions.

Refs #195.

@githubrobbi
chore(scripts): add feature_dep_audit.sh — Phase 8a baseline tool (refs
6251499 
#195)

Mirrors clone_alloc_audit.sh (Phase 6a) and trait_generic_audit.sh
(Phase 7a) in shape and rigor.  Walks every crate's Cargo.toml +
src/ tree and emits a Markdown inventory of:

  * Per-crate feature surface (count, default? dep:-gated, optional
    deps, cfg(feature) site count, # Features rustdoc presence).
  * Per-feature contract (activations, default? use-sites) per
    playbook §988 — what it enables / what deps it adds / public-API
    impact / semver claim.
  * Optional-dep cross-check (every `optional = true` dep should be
    referenced by exactly one feature via `dep:foo`).
  * Consumer-side `default-features = false` overrides (skips TOML
    comment lines so rustdoc mentions of the syntax don't false-flag).
  * `deny.toml [bans].skip-tree` inventory with rationale.

Optional cargo cross-checks behind flags:

  * `--with-cargo` runs `cargo tree --workspace -d --depth 0` and
    `cargo machete`; groups duplicate-version crates by name with
    distinct-version multiplicity, cross-checks against the
    skip-tree, surfaces NEW unjustified dups.
  * `--with-deny` additionally runs `cargo deny check` and
    tabulates the four-category pass.

Baseline run at SHA 33f22b5 (Phase 7 closeout) captures:

  * 3 features across 14 crates (uffs-cli, uffs-client, uffs-mcp);
    none currently has a `# Features` rustdoc section (Phase 8b
    fills this in).
  * 17 cfg(feature) prod-path use-sites.
  * 0 orphan optional deps; 2 deliberate consumer-side
    `default-features = false` overrides (uffs-cli → uffs-client,
    uffs-polars → polars).
  * 12 distinct duplicate-version crate groups: 4 in skip-tree
    (foldhash, getrandom, hashbrown, itertools), 8 surfaced via
    `multiple-versions = \"warn\"` only (RustCrypto family +
    polars-transitive rand_*).
  * 0 unused direct deps (`cargo machete` green).

The script is read-only and idempotent; rerunning on a future SHA
produces a diffable delta.  No suppression hacks, no behavior change.

Refs #195.
@githubrobbi githubrobbi merged commit 4c6ffcf into main May 19, 2026
18 checks passed
@githubrobbi githubrobbi deleted the chore/feature-dep-audit-phase-8a branch May 19, 2026 18:41
@githubrobbi githubrobbi mentioned this pull request May 19, 2026
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@githubrobbi