refactor: Wave 5 mechanical bundle — Java breadcrumb strip + io_loop verify + api-redesign reconcile + MSRV + semver-checks CI (refs #500)#509
Merged
Conversation
…+ api-redesign reconcile + MSRV + semver-checks CI (refs #500) Five mechanical items batched into one PR + one 9.0.1 patch bump. A. **Java RE breadcrumbs.** Stripped 76 per-line `// Source: PojoMessageUtils...` / `// Java: ...` / `(FPSSClient.foo())` references across `crates/`, `tools/`, `ffi/`. ADR-001 (`docs/architecture/ADR-001-java-terminal-parity.md`) is the institutional anchor; the per-line refs were dead scaffolding from the original RE pass. Module-header parity prose collapses to a single `See ADR-001 (...)` line in `fpss/mod.rs`, `fpss/connection.rs`, `fpss/protocol/mod.rs`, `fpss/protocol/wire.rs`, `mdds/decode/error.rs`, and `config/mdds.rs`. Final scrub returns zero hits — well under the audit's "≤ 5" budget. Three contract codec tests rename `java_parity_*` → `wire_parity_*`. B. **`io_loop.rs` (audit §2.9).** Three concerns: login handshake, main blocking-read + Disruptor-publish + command-drain loop, ping heartbeat scheduler. Split into `io_loop/{mod.rs, login.rs, ping.rs}`. login + ping each lift with their own state and tests; the main loop body stays in mod.rs because it owns the session state machine (frame buffer, `FrameReadState`, delta state, contract cache, reconnect attempt counter, Disruptor producer) which doesn't decompose without leaking state across module boundaries. `pinning.rs` has two callsites (`fpss/connection.rs` + `flatfiles/mdds_spki.rs` reuses the `FPSS_SPKI_SHA256` digest), so it stays separate — folding it into `io_loop` would force every flatfiles consumer to import the FPSS I/O module purely for the SPKI constant. C. **`docs/public-api-redesign.md`.** Fully superseded by v9.0.0: the two-layer exact + ergonomic surface, typed scalars (`Date`, `Year`, `Right`, `Expiration`, `Strike`, `TimeOfDay`, `Interval`), `IntoOptionSpec`, `for_contracts(...)`, and `StrikeSelector` / `ExpirationSelector` wildcards all shipped on the 9.0.x line. The doc's proposed cadence ("v6.x additive façade ... v8.0 remove compat") is moot. Deleted; new `docs/architecture/README.md` indexes the ADR set and records that planning prose for shipped surfaces is intentionally not preserved. E. **MSRV.** True floor is 1.88 (not the prior `1.85` declaration — transitive deps `time 0.3.47`, `time-core 0.1.8`, `time-macros 0.2.27`, the `icu_*` 2.2.0 family already require `>= 1.86` / `>= 1.88`). Bumped `[workspace.package].rust-version = "1.88"`, the four excluded packages (`tools/server`, `tools/mcp`, `sdks/python`, `sdks/typescript`) declare `rust-version = "1.88"` directly. CI `Lint` job grows a `toolchain` matrix axis pinned to `stable + 1.88` on Linux. `README.md` adds a `Requirements` section. While the floor is touched, `tdbe::codec::fie` swaps `len % 2 == 0` for `len.is_multiple_of(2)`, which stable clippy 1.94 flags as `manual_is_multiple_of`. F. **`cargo-semver-checks` CI gate.** New `Semver check` job runs `obi1kenobi/cargo-semver-checks-action@v2` against the `v9.0.0` tag on every PR. Verified locally — both `tdbe` (196 checks) and `thetadatadx` (222 checks) pass with zero breakage and no false-positives, so no `#[doc(hidden)]` suppressions needed. `CONTRIBUTING.md` documents the public-API stability policy and the local invocation. Refs #500.
…depth 0 - tools/server/src/ws/broadcast.rs:135,147 — clippy 1.95 manual_is_multiple_of flagged 'dropped % WARN_EVERY_N == 0'; rewrite to 'dropped.is_multiple_of(...)'. - .github/workflows/ci.yml Semver check — checkout was shallow (fetch-depth 1) so baseline tag v9.0.0 was unreachable; add fetch-depth: 0 for full history.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Five mechanical items from the audit follow-up, batched into one
9.0.1 patch bump. Refs #500. (PR 1 of 3 closing #500; PR 2 ships
property tests, PR 3 ships typed
Error.)A. Java RE breadcrumbs (audit §2.7)
Stripped 76 per-line
// Source: PojoMessageUtils...,// Java: ...,(FPSSClient.foo())references acrosscrates/,tools/,ffi/.ADR-001 (
docs/architecture/ADR-001-java-terminal-parity.md) is theinstitutional anchor; per-line refs were dead scaffolding from the
original RE pass. Module-header parity prose collapses to one
See ADR-001 (...)line infpss/mod.rs,fpss/connection.rs,fpss/protocol/mod.rs,fpss/protocol/wire.rs,mdds/decode/error.rs,config/mdds.rs. Final scrub returns zerohits — well under the audit's "≤ 5" budget. Three contract codec
tests rename
java_parity_*→wire_parity_*so the survivingidentifiers match the rest of the vocabulary.
B.
io_loop.rsverify (audit §2.9)Three concerns: login handshake (
wait_for_login+LoginResult),the main blocking-read + Disruptor-publish + command-drain loop with
auto-reconnect, and the ping heartbeat scheduler. Split into
io_loop/{mod.rs, login.rs, ping.rs}. login + ping each lift withtheir own state and tests; the main loop body stays in
mod.rsbecause it owns the session state machine (frame buffer,
FrameReadState, delta state, contract cache, reconnect attemptcounter, Disruptor producer) which doesn't decompose without leaking
state across module boundaries. Test coverage moves with the
function under test — the eight
wait_for_login_*tests live inio_loop/login.rs, the four reconnect /MAX_RECONNECT_ATTEMPTStests stay in
io_loop/mod.rs.pinning.rshas two callsites (fpss/connection.rs+flatfiles/mdds_spki.rsreuses theFPSS_SPKI_SHA256digest), soit stays separate. Folding it into
io_loopwould force everyflatfiles consumer to import the FPSS I/O module purely for the SPKI
constant — wrong dependency direction.
C.
docs/public-api-redesign.mdFully superseded by v9.0.0: the two-layer exact + ergonomic surface,
typed scalars (
Date,Year,Right,Expiration,Strike,TimeOfDay,Interval),IntoOptionSpec,for_contracts(...), andStrikeSelector/ExpirationSelectorwildcards all shipped on the9.0.x line. The doc's proposed cadence ("v6.x additive façade ...
v8.0 remove compat") is moot. Deleted; new
docs/architecture/README.mdindexes the ADR set and records thatplanning prose for shipped surfaces is intentionally not preserved.
E. MSRV declaration
Empirical floor is rustc 1.88, not the prior
rust-version = "1.85"declaration — transitive depstime 0.3.47,time-core 0.1.8,time-macros 0.2.27, theicu_*2.2.0 family already require>= 1.86/>= 1.88, so acargo +1.85 check --workspaceerrors outat the dep graph. Bumped:
[workspace.package].rust-version = "1.88"coverstdbe,thetadatadx,tools/cli,ffiviarust-version.workspace = true.tools/server,tools/mcp,sdks/python,sdks/typescriptdeclare
rust-version = "1.88"directly (each is excluded from theroot workspace).
Lint (...)job grows atoolchainmatrix axis pinned tostable + 1.88on the Linux runner so dependency bumps that raisethe rustc requirement fail before release.
README.mdadds aRequirementssection.While the floor is touched,
tdbe::codec::fieswapslen % 2 == 0for
len.is_multiple_of(2), which stable clippy 1.94 flags asmanual_is_multiple_of.is_multiple_ofwas stabilized in 1.87, sothe MSRV bump makes the rewrite safe.
F.
cargo-semver-checksCI gateNew
Semver checkjob runsobi1kenobi/cargo-semver-checks-action@v2against the
v9.0.0tag on every PR. Verified locally — bothtdbe(196 checks) and
thetadatadx(222 checks) pass with zero breakageand no false-positives, so no
#[doc(hidden)]suppressions needed.CONTRIBUTING.mddocuments the public-API stability policy and thelocal invocation.
Test plan
cargo fmt --all -- --checkcargo clippy --workspace --all-targets -- -D warnings(stable + 1.88 floor)cargo test --workspace --lockedcargo deny checkcargo run -p thetadatadx --bin generate_sdk_surfaces --features config-file -- --checkcargo check --manifest-path tools/cli/Cargo.toml --lockedcargo check --manifest-path tools/mcp/Cargo.toml --lockedcargo clippy --manifest-path tools/mcp/Cargo.toml --all-targets -- -D warningscargo test --manifest-path tools/mcp/Cargo.toml --no-runcargo check --manifest-path tools/server/Cargo.toml --lockedcargo check --manifest-path sdks/python/Cargo.toml --lockedcargo check --manifest-path sdks/typescript/Cargo.toml --lockedpython3 scripts/check_version_sync.py→version sync: okcargo +1.88 check --workspace --lockedcargo semver-checks check-release --baseline-rev v9.0.0→tdbe: 196 pass,thetadatadx: 222 pass, no breakage.Refs #500.