⏺ Audit progress on tmp/rust-audit-src.md: 20 of 20 files done — the whole bucket is #26

Merged

navicore merged 1 commit from audit into main 2026-05-22 22:37:23 +00:00

Conversation 0 Commits 1 Files changed 14 +410 -766

navicore commented 2026-05-22 22:36:00 +00:00

Owner

Copy link

complete.

Quick wrap-up of the full audit, since this is the end of the checklist:

Most impactful finds across the audit:

1. UTF-8 panic in completion_format.rs (would have crashed on any non-ASCII
   completion line >80 bytes)
2. Pre-existing bench compile error (latent for ages, surfaced by cargo test
   --all-targets)
3. Dead parse_optimized module deleted (~178 L)
4. Orphan-and-broken completion_format_tests.rs deleted (~112 L)
5. shell.rs template rewrite (~30% smaller, scripts now readable as scripts)

Findings deliberately left as-is:

• Raw-pointer parent: Option<*mut Self> in command.rs (memory-safety hole,
  architectural — flagged with TODOs)
• Bool-flag greedy-consume bug in Command::parse_flags (the fix was in the
  now-deleted parse_optimized; recorded in the checklist for when you hit it)
• Display::fmt in error.rs is 108 L (splitting hurts locality)
• Two pub mod module name re-exports (CompletionFormat, HookFunc/RunFunc) that
  could be pub(crate) (API surface decisions)

Cross-file work surfaced but not done:

• Split command.rs into command/{builder,help,completion,parse,execute}.rs
• Split flag.rs into flag/{value,kind,constraint,mod}.rs
• Lift shell-script templates to assets/*.sh via include_str!
• Move CompletionResult::merge from completion_timeout.rs to completion.rs

complete. Quick wrap-up of the full audit, since this is the end of the checklist: Most impactful finds across the audit: 1. UTF-8 panic in completion_format.rs (would have crashed on any non-ASCII completion line >80 bytes) 2. Pre-existing bench compile error (latent for ages, surfaced by cargo test --all-targets) 3. Dead parse_optimized module deleted (~178 L) 4. Orphan-and-broken completion_format_tests.rs deleted (~112 L) 5. shell.rs template rewrite (~30% smaller, scripts now readable as scripts) Findings deliberately left as-is: - Raw-pointer parent: Option<*mut Self> in command.rs (memory-safety hole, architectural — flagged with TODOs) - Bool-flag greedy-consume bug in Command::parse_flags (the fix was in the now-deleted parse_optimized; recorded in the checklist for when you hit it) - Display::fmt in error.rs is 108 L (splitting hurts locality) - Two pub mod module name re-exports (CompletionFormat, HookFunc/RunFunc) that could be pub(crate) (API surface decisions) Cross-file work surfaced but not done: - Split command.rs into command/{builder,help,completion,parse,execute}.rs - Split flag.rs into flag/{value,kind,constraint,mod}.rs - Lift shell-script templates to assets/*.sh via include_str! - Move CompletionResult::merge from completion_timeout.rs to completion.rs

navicore added 1 commit 2026-05-22 22:36:00 +00:00

⏺ Audit progress on tmp/rust-audit-src.md: 20 of 20 files done — the whole bucket is ... 5b800af663

complete.

  Quick wrap-up of the full audit, since this is the end of the checklist:

  Most impactful finds across the audit:
  1. UTF-8 panic in completion_format.rs (would have crashed on any non-ASCII
  completion line >80 bytes)
  2. Pre-existing bench compile error (latent for ages, surfaced by cargo test
  --all-targets)
  3. Dead parse_optimized module deleted (~178 L)
  4. Orphan-and-broken completion_format_tests.rs deleted (~112 L)
  5. shell.rs template rewrite (~30% smaller, scripts now readable as scripts)

  Findings deliberately left as-is:
  - Raw-pointer parent: Option<*mut Self> in command.rs (memory-safety hole,
  architectural — flagged with TODOs)
  - Bool-flag greedy-consume bug in Command::parse_flags (the fix was in the
  now-deleted parse_optimized; recorded in the checklist for when you hit it)
  - Display::fmt in error.rs is 108 L (splitting hurts locality)
  - Two pub mod module name re-exports (CompletionFormat, HookFunc/RunFunc) that
  could be pub(crate) (API surface decisions)

  Cross-file work surfaced but not done:
  - Split command.rs into command/{builder,help,completion,parse,execute}.rs
  - Split flag.rs into flag/{value,kind,constraint,mod}.rs
  - Lift shell-script templates to assets/*.sh via include_str!
  - Move CompletionResult::merge from completion_timeout.rs to completion.rs

navicore merged commit 7ea7f25778 into main 2026-05-22 22:37:23 +00:00

navicore deleted branch audit 2026-05-22 22:37:23 +00:00

navicore referenced this pull request from a commit 2026-05-22 22:37:24 +00:00

Merge pull request '⏺ Audit progress on tmp/rust-audit-src.md: 20 of 20 files done — the whole bucket is' (#26) from audit into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

github_actions

Pull requests that update GitHub Actions code

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

github_actions

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

navicore/flag-rs!26

No description provided.