Skip to content

ci: enforce no panics in production code#1087

Merged
ilblackdragon merged 1 commit into
stagingfrom
ci/no-panics-check
Mar 13, 2026
Merged

ci: enforce no panics in production code#1087
ilblackdragon merged 1 commit into
stagingfrom
ci/no-panics-check

Conversation

@ilblackdragon
Copy link
Copy Markdown
Member

@ilblackdragon ilblackdragon commented Mar 12, 2026

Summary

  • Add a no-panics CI job to code_style.yml that diffs the PR against the base branch and blocks .unwrap(), .expect(), assert!(), assert_eq!(), assert_ne!() in src/ and crates/ production code
  • Add pre-commit hook check 6 (PANIC) to pre-commit-safety.sh catching the same patterns in staged diffs
  • Extend check-boundaries.sh Check 2 to also detect assert!() variants

All checks exclude debug_assert (compiled out in release), test annotations (#[cfg(test)], #[test], mod tests), and lines with // safety: <reason> suppression comments.

Test plan

  • Verify CI no-panics job passes on this PR (no production panic calls in the diff)
  • Test pre-commit hook locally: stage a file with .unwrap() in non-test code and confirm it blocks
  • Confirm // safety: <reason> suppression works for legitimate uses
  • Run bash scripts/check-boundaries.sh and verify Check 2 now reports assert!() calls

🤖 Generated with Claude Code

@ilblackdragon @claude
ci: enforce no .unwrap(), .expect(), or assert!() in production code
adab3c2 
Add a diff-based CI job and pre-commit hook check that block
panic-inducing calls (.unwrap(), .expect(), assert!, assert_eq!,
assert_ne!) from entering production Rust code. debug_assert is
excluded (compiled out in release). False positives can be suppressed
with an inline `// safety: <reason>` comment.

- pre-commit-safety.sh: add check 6 (PANIC) for staged diffs
- code_style.yml: add `no-panics` job, wire into roll-up gate
- check-boundaries.sh: extend check 2 to also catch assert!()

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 12, 2026 23:32
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented Mar 12, 2026

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of lines (20,000). Try reducing the number of changed lines and requesting a review from Copilot again.

@github-actions github-actions Bot added size: XL 500+ changed lines scope: agent Agent core (agent loop, router, scheduler) scope: channel/cli TUI / CLI channel scope: channel/web Web gateway channel scope: channel/wasm WASM channel runtime scope: tool Tool infrastructure scope: tool/builtin Built-in tools scope: tool/wasm WASM tool sandbox scope: tool/mcp MCP client scope: db Database trait / abstraction scope: db/postgres PostgreSQL backend scope: safety Prompt injection defense scope: llm LLM integration scope: workspace Persistent memory / workspace scope: extensions Extension management scope: setup Onboarding / setup scope: sandbox Docker sandbox scope: ci CI/CD workflows scope: docs Documentation scope: dependencies Dependency updates risk: high Safety, secrets, auth, or critical infrastructure contributor: core 20+ merged PRs and removed size: XL 500+ changed lines labels Mar 12, 2026
zmanian
zmanian reviewed Mar 12, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@zmanian zmanian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR targets main but appears to be branched from staging, pulling in all staging commits (54 commits, diff too large for GitHub to render).

Should this target staging instead? The actual new content seems to be just the no-panics CI job, pre-commit hook check, and check-boundaries.sh update. Targeting staging would make this much easier to review.

@ilblackdragon ilblackdragon changed the base branch from main to staging March 12, 2026 23:36
@ilblackdragon ilblackdragon requested a review from zmanian March 12, 2026 23:53
zmanian
zmanian approved these changes Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@zmanian zmanian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean and well-scoped. Three changes that all serve the same purpose:

  1. CI job (no-panics): Diffs against base SHA, catches .unwrap(), .expect(), assert!() in src/ and crates/ added lines. Properly excludes debug_assert, test annotations, and // safety: suppressions. Wired into the code-style roll-up gate.

  2. check-boundaries.sh: Extends Check 2 to also catch assert!() variants with the same exclusions.

  3. pre-commit-safety.sh: Adds Check 6 matching the same patterns in staged diffs.

The // safety: <reason> escape hatch is the right approach for legitimate uses (e.g., after infallible operations). The grep patterns correctly use [^_]assert to avoid matching debug_assert.

One minor note: the CI job's grep filters on added lines (^\+[^+]) then excludes lines containing #[test] or mod tests. This works for inline test annotations but won't catch if a .unwrap() is added inside a #[cfg(test)] mod tests { ... } block where the mod tests line itself wasn't in the diff. In practice this is fine since the pre-existing test module boundary won't appear in the diff -- only new unwraps will, and those in test functions will have #[test] nearby. Non-blocking.

LGTM

@github-actions github-actions Bot mentioned this pull request Mar 13, 2026
Open
@ilblackdragon ilblackdragon merged commit 7776d26 into staging Mar 13, 2026
2 checks passed
@ilblackdragon ilblackdragon deleted the ci/no-panics-check branch March 13, 2026 16:36
@ironclaw-ci ironclaw-ci Bot mentioned this pull request Mar 13, 2026
Merged
@standardtoaster standardtoaster mentioned this pull request Mar 13, 2026
Merged
3 tasks
ilblackdragon added a commit that referenced this pull request Mar 14, 2026
@ilblackdragon @claude
ci: enforce no .unwrap(), .expect(), or assert!() in production code (#…
7d10938 
…1087)

Add a diff-based CI job and pre-commit hook check that block
panic-inducing calls (.unwrap(), .expect(), assert!, assert_eq!,
assert_ne!) from entering production Rust code. debug_assert is
excluded (compiled out in release). False positives can be suppressed
with an inline `// safety: <reason>` comment.

- pre-commit-safety.sh: add check 6 (PANIC) for staged diffs
- code_style.yml: add `no-panics` job, wire into roll-up gate
- check-boundaries.sh: extend check 2 to also catch assert!()

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions github-actions Bot mentioned this pull request Mar 16, 2026
Merged
@ironclaw-ci ironclaw-ci Bot mentioned this pull request Mar 17, 2026
Merged
bkutasi pushed a commit to bkutasi/ironclaw that referenced this pull request Mar 28, 2026
@ilblackdragon @claude
ci: enforce no .unwrap(), .expect(), or assert!() in production code (n…
9a4e949 
…earai#1087)

Add a diff-based CI job and pre-commit hook check that block
panic-inducing calls (.unwrap(), .expect(), assert!, assert_eq!,
assert_ne!) from entering production Rust code. debug_assert is
excluded (compiled out in release). False positives can be suppressed
with an inline `// safety: <reason>` comment.

- pre-commit-safety.sh: add check 6 (PANIC) for staged diffs
- code_style.yml: add `no-panics` job, wire into roll-up gate
- check-boundaries.sh: extend check 2 to also catch assert!()

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
drchirag1991 pushed a commit to drchirag1991/ironclaw that referenced this pull request Apr 8, 2026
@ilblackdragon @claude
ci: enforce no .unwrap(), .expect(), or assert!() in production code (n…
8b6b4ac 
…earai#1087)

Add a diff-based CI job and pre-commit hook check that block
panic-inducing calls (.unwrap(), .expect(), assert!, assert_eq!,
assert_ne!) from entering production Rust code. debug_assert is
excluded (compiled out in release). False positives can be suppressed
with an inline `// safety: <reason>` comment.

- pre-commit-safety.sh: add check 6 (PANIC) for staged diffs
- code_style.yml: add `no-panics` job, wire into roll-up gate
- check-boundaries.sh: extend check 2 to also catch assert!()

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zmanian zmanian zmanian approved these changes

Assignees

No one assigned

Labels

contributor: core 20+ merged PRs risk: high Safety, secrets, auth, or critical infrastructure scope: agent Agent core (agent loop, router, scheduler) scope: channel/cli TUI / CLI channel scope: channel/wasm WASM channel runtime scope: channel/web Web gateway channel scope: ci CI/CD workflows scope: db/postgres PostgreSQL backend scope: db Database trait / abstraction scope: dependencies Dependency updates scope: docs Documentation scope: extensions Extension management scope: llm LLM integration scope: safety Prompt injection defense scope: sandbox Docker sandbox scope: setup Onboarding / setup scope: tool/builtin Built-in tools scope: tool/mcp MCP client scope: tool/wasm WASM tool sandbox scope: tool Tool infrastructure scope: workspace Persistent memory / workspace

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ilblackdragon @zmanian