cargo-rail: updating the workspace graph to include 'visibility'; added the 'quality' engine.

Author: loadingalias

src/checks/mod.rs

@@ -41,6 +41,7 @@ mod remotes;
 mod runner;
 mod security_config;
 mod ssh;
+mod tier_violations;
 mod trait_def;
 mod workspace;
 

src/checks/runner.rs

@@ -82,6 +82,7 @@ pub fn create_default_runner() -> CheckRunner {
   runner.add_check(Arc::new(super::edition_consistency::EditionConsistencyCheck));
   runner.add_check(Arc::new(super::msrv::MSRVCheck));
   runner.add_check(Arc::new(super::patch_replace::PatchReplaceCheck));
+  runner.add_check(Arc::new(super::tier_violations::TierViolationCheck));
   runner.add_check(Arc::new(super::ssh::SshKeyCheck));
   runner.add_check(Arc::new(super::security_config::SecurityConfigCheck));
   runner.add_check(Arc::new(super::git_notes::GitNotesCheck));
@@ -99,6 +100,7 @@ pub fn create_manifest_runner() -> CheckRunner {
   runner.add_check(Arc::new(super::edition_consistency::EditionConsistencyCheck));
   runner.add_check(Arc::new(super::msrv::MSRVCheck));
   runner.add_check(Arc::new(super::patch_replace::PatchReplaceCheck));
+  runner.add_check(Arc::new(super::tier_violations::TierViolationCheck));
 
   runner
 }

src/checks/tier_violations.rs

@@ -0,0 +1,207 @@
+//! Tier violation checks for visibility-based release tiers
+//!
+//! Detects violations where lower-tier releases (e.g., OSS) depend on
+//! higher-tier crates (e.g., enterprise), which would break the release.
+
+use crate::checks::trait_def::{Check, CheckContext, CheckResult, Severity};
+use crate::core::config::{RailConfig, Visibility};
+use crate::core::error::RailResult;
+use crate::graph::workspace_graph::WorkspaceGraph;
+use std::collections::HashSet;
+
+/// Check for tier violations in release configurations.
+///
+/// A tier violation occurs when:
+/// - An OSS release includes or depends on an internal/enterprise crate
+/// - An internal release depends on an enterprise crate
+///
+/// This ensures releases can be published without exposing higher-tier code.
+pub struct TierViolationCheck;
+
+impl Check for TierViolationCheck {
+  fn name(&self) -> &str {
+    "tier-violations"
+  }
+
+  fn description(&self) -> &str {
+    "Checks for tier violations (OSS depending on internal/enterprise)"
+  }
+
+  fn run(&self, ctx: &CheckContext) -> RailResult<CheckResult> {
+    // Load config
+    let config = match RailConfig::load(&ctx.workspace_root) {
+      Ok(c) => c,
+      Err(_) => {
+        // No config = no releases = no tier violations
+        return Ok(CheckResult {
+          check_name: self.name().to_string(),
+          passed: true,
+          message: "No rail.toml found (tier checks require releases config)".to_string(),
+          suggestion: None,
+          severity: Severity::Info,
+          details: None,
+        });
+      }
+    };
+
+    // If no releases configured, skip check
+    if config.releases.is_empty() {
+      return Ok(CheckResult {
+        check_name: self.name().to_string(),
+        passed: true,
+        message: "No releases configured (tier checks require releases)".to_string(),
+        suggestion: None,
+        severity: Severity::Info,
+        details: None,
+      });
+    }
+
+    // Load graph with config to get visibility annotations
+    let graph = WorkspaceGraph::load_with_config(&ctx.workspace_root, Some(&config))?;
+
+    let mut violations = Vec::new();
+
+    // Check each release for tier violations
+    for release in &config.releases {
+      // Get the primary crate for this release
+      let primary_crate = release
+        .crate_path
+        .file_name()
+        .and_then(|n| n.to_str())
+        .unwrap_or(&release.name);
+
+      // Collect all crates in this release (primary + includes)
+      let mut release_crates = HashSet::new();
+      release_crates.insert(primary_crate.to_string());
+      for included in &release.includes {
+        release_crates.insert(included.clone());
+      }
+
+      // For each crate in the release, check its dependencies
+      for crate_name in &release_crates {
+        // Get all transitive dependencies (what this crate depends on)
+        let mut to_check = vec![crate_name.clone()];
+        let mut checked = HashSet::new();
+        let mut all_deps = HashSet::new();
+
+        while let Some(current) = to_check.pop() {
+          if checked.contains(&current) {
+            continue;
+          }
+          checked.insert(current.clone());
+
+          // Get direct dependencies
+          if let Ok(deps) = graph.direct_dependencies(&current) {
+            for dep in deps {
+              if !all_deps.contains(&dep) && graph.workspace_members().contains(&dep) {
+                all_deps.insert(dep.clone());
+                to_check.push(dep);
+              }
+            }
+          }
+        }
+
+        // Check each transitive dependency's visibility
+        for dep in all_deps {
+          let dep_visibilities = graph.crate_visibilities(&dep);
+
+          // Skip if dependency has no visibility (not in any release)
+          if dep_visibilities.is_empty() {
+            continue;
+          }
+
+          // Skip self-references
+          if dep == *crate_name {
+            continue;
+          }
+
+          // Check for violations based on release visibility
+          match release.visibility {
+            Visibility::Oss => {
+              // OSS can't depend on internal or enterprise
+              if dep_visibilities.contains(&Visibility::Internal) || dep_visibilities.contains(&Visibility::Enterprise)
+              {
+                violations.push(format!(
+                  "Release '{}' (OSS) includes '{}' which depends on '{}' ({:?})",
+                  release.name, crate_name, dep, dep_visibilities
+                ));
+              }
+            }
+            Visibility::Internal => {
+              // Internal can't depend on enterprise
+              if dep_visibilities.contains(&Visibility::Enterprise) {
+                violations.push(format!(
+                  "Release '{}' (internal) includes '{}' which depends on '{}' (enterprise)",
+                  release.name, crate_name, dep
+                ));
+              }
+            }
+            Visibility::Enterprise => {
+              // Enterprise can depend on anything
+            }
+          }
+        }
+      }
+    }
+
+    if violations.is_empty() {
+      Ok(CheckResult {
+        check_name: self.name().to_string(),
+        passed: true,
+        message: "No tier violations found".to_string(),
+        suggestion: None,
+        severity: Severity::Info,
+        details: None,
+      })
+    } else {
+      Ok(CheckResult {
+        check_name: self.name().to_string(),
+        passed: false,
+        message: format!(
+          "Found {} tier violation(s):\n  - {}",
+          violations.len(),
+          violations.join("\n  - ")
+        ),
+        suggestion: Some(
+          "Review release configurations and remove higher-tier dependencies, or adjust release visibility".to_string(),
+        ),
+        severity: Severity::Error,
+        details: None,
+      })
+    }
+  }
+}
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+
+  #[test]
+  fn test_check_name() {
+    let check = TierViolationCheck;
+    assert_eq!(check.name(), "tier-violations");
+  }
+
+  #[test]
+  fn test_check_without_config() {
+    use std::env;
+
+    let temp_dir = env::temp_dir().join("cargo-rail-test-tier-no-config");
+    let _ = std::fs::remove_dir_all(&temp_dir);
+    std::fs::create_dir_all(&temp_dir).unwrap();
+
+    let ctx = CheckContext {
+      workspace_root: temp_dir.clone(),
+      crate_name: None,
+      thorough: false,
+    };
+
+    let check = TierViolationCheck;
+    let result = check.run(&ctx).unwrap();
+
+    assert!(result.passed);
+    assert!(result.message.contains("No rail.toml"));
+
+    let _ = std::fs::remove_dir_all(&temp_dir);
+  }
+}

src/commands/mod.rs

@@ -33,6 +33,7 @@ pub mod doctor;
 pub mod init;
 pub mod lint;
 pub mod mappings;
+pub mod quality;
 pub mod release;
 pub mod split;
 pub mod status;
@@ -46,6 +47,7 @@ pub use doctor::run_doctor;
 pub use init::run_init;
 pub use lint::{run_lint_deps, run_lint_manifest, run_lint_versions};
 pub use mappings::run_mappings;
+pub use quality::{apply_fixes, run_quality};
 pub use release::{run_release_apply, run_release_plan};
 pub use split::run_split;
 pub use status::run_status;

src/commands/quality.rs

@@ -0,0 +1,144 @@
+//! Quality analysis command
+//!
+//! Runs unified quality analyses over the workspace.
+
+use crate::core::config::RailConfig;
+use crate::core::context::WorkspaceContext;
+use crate::core::error::{ExitCode, RailError, RailResult};
+use crate::graph::workspace_graph::WorkspaceGraph;
+use crate::quality::{QualityContext, create_default_engine};
+
+/// Run quality analysis
+pub fn run_quality(ctx: &WorkspaceContext, json: bool, analysis: Option<String>) -> RailResult<()> {
+  // Load config
+  let config = RailConfig::load(ctx.workspace_root())?;
+
+  // Build graph with config for visibility annotations
+  let graph = WorkspaceGraph::load_with_config(ctx.workspace_root(), Some(&config))?;
+
+  // Create quality context
+  let quality_ctx = QualityContext::new(ctx, &graph, &config);
+
+  // Create engine with all analyses
+  let engine = create_default_engine();
+
+  // Run analyses
+  let report = if let Some(name) = analysis {
+    // Run specific analysis
+    if let Some(result) = engine.run_one(&quality_ctx, &name)? {
+      crate::quality::QualityReport { results: vec![result] }
+    } else {
+      return Err(RailError::with_help(
+        format!("Unknown analysis: {}", name),
+        format!(
+          "Available analyses: {}",
+          engine
+            .analyses()
+            .iter()
+            .map(|a| a.name())
+            .collect::<Vec<_>>()
+            .join(", ")
+        ),
+      ));
+    }
+  } else {
+    // Run all analyses
+    engine.run_all(&quality_ctx)?
+  };
+
+  // Output results
+  if json {
+    println!("{}", report.to_json()?);
+  } else {
+    print_human_readable(&report, &engine);
+  }
+
+  // Exit with appropriate code
+  if !report.passed() {
+    std::process::exit(ExitCode::Validation.as_i32());
+  }
+
+  Ok(())
+}
+
+/// Print human-readable quality report
+fn print_human_readable(report: &crate::quality::QualityReport, engine: &crate::quality::QualityEngine) {
+  println!("🔍 Running quality analyses...\n");
+
+  // Show registered analyses
+  println!("📋 Registered analyses:");
+  for analysis in engine.analyses() {
+    println!("   • {}: {}", analysis.name(), analysis.description());
+  }
+  println!();
+
+  // Show results
+  for result in &report.results {
+    let icon = if result.passed { "✅" } else { "❌" };
+    println!("{} {}", icon, result.analysis);
+
+    if !result.violations.is_empty() {
+      for violation in &result.violations {
+        let severity_icon = match violation.severity {
+          crate::quality::Severity::Error => "❌",
+          crate::quality::Severity::Warning => "⚠️ ",
+          crate::quality::Severity::Info => "ℹ️ ",
+        };
+
+        println!("   {} [{}] {}", severity_icon, violation.location, violation.message);
+
+        if let Some(ref suggestion) = violation.suggestion {
+          println!("      💡 {}", suggestion);
+        }
+      }
+    }
+    println!();
+  }
+
+  // Summary
+  let (errors, warnings, info) = report.count_violations();
+  println!("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+  println!("Summary: {} errors, {} warnings, {} info", errors, warnings, info);
+
+  if !report.passed() {
+    println!("\n⚠️  Quality checks failed. Please address the violations above.");
+  } else if warnings > 0 {
+    println!("\n⚠️  Some warnings found. Consider addressing them.");
+  } else {
+    println!("\n✨ All quality checks passed!");
+  }
+}
+
+/// Apply auto-fixes for quality violations
+pub fn apply_fixes(ctx: &WorkspaceContext, analysis_name: &str) -> RailResult<()> {
+  // Load config
+  let config = RailConfig::load(ctx.workspace_root())?;
+
+  // Build graph
+  let graph = WorkspaceGraph::load_with_config(ctx.workspace_root(), Some(&config))?;
+
+  // Create quality context
+  let quality_ctx = QualityContext::new(ctx, &graph, &config);
+
+  // Create engine
+  let engine = create_default_engine();
+
+  // Apply fixes
+  let fixed_count = engine.apply_fixes(&quality_ctx, analysis_name)?;
+
+  if fixed_count > 0 {
+    println!("✅ Fixed {} violation(s)", fixed_count);
+  } else {
+    println!("ℹ️  No auto-fixable violations found or analysis doesn't support auto-fix");
+  }
+
+  Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+  #[test]
+  fn test_module_exists() {
+    // Smoke test to ensure module compiles
+  }
+}