cargo-rail: adding the 'rail-substrate' lint package to improve the codebase's safety in production

Author: loadingalias

Cargo.lock

@@ -29,7 +29,7 @@ exclude = [
 
 [dependencies]
 clap = { version = "4.5.53", features = ["derive", "cargo"] }
-clap_complete = "4.5"
+clap_complete = "4.5.62"
 cargo_metadata = "0.23.1"
 petgraph = { version = "0.8.3", default-features = false }
 toml_edit = { version = "0.23.9", features = ["serde"] }
@@ -45,6 +45,25 @@ glob = "0.3.3"
 anyhow = "1.0.100"
 tempfile = "3.23.0"
 
+[workspace.lints.rust]
+unsafe_code = "forbid"
+dangling_pointers_from_locals = "deny"
+integer_to_ptr_transmutes = "deny"
+
+[workspace.lints.clippy]
+correctness = { level = "deny", priority = -1 }
+suspicious = { level = "deny", priority = -1 }
+perf = { level = "deny", priority = -1 }
+
+std_instead_of_core = "warn"
+std_instead_of_alloc = "warn"
+unwrap_used = "allow"
+expect_used = "allow"
+
+[workspace.lints.rustdoc]
+broken_intra_doc_links = "deny"
+private_intra_doc_links = "warn"
+
 [[test]]
 name = "integration"
 path = "tests/integration/mod.rs"

Cargo.toml

@@ -58,9 +58,11 @@ impl ManifestWriter {
     }
 
     // Second pass: write target-specific dependencies
-    for dep in deps.iter().filter(|d| d.target.is_some()) {
+    for dep in deps.iter() {
+      let Some(target) = dep.target.as_ref() else {
+        continue;
+      };
       let entry = manifest_ops::build_dep_entry(dep);
-      let target = dep.target.as_ref().unwrap();
       manifest_ops::insert_target_dependency(&mut doc, target, "dependencies", &dep.name, entry)
         .context("Failed to insert target dependency")?;
     }

src/cargo/manifest_writer.rs

@@ -200,23 +200,21 @@ impl UnifyAnalyzer {
 
       // Always use highest version (cargo's resolver already picks highest compatible)
       // When targets resolve to different versions, we unify to highest
-      let version = if unique_versions.len() > 1 {
-        // Multiple versions found across targets - use highest
-        // This is the "silent win" - we unify duplicates automatically
-        let selected = unique_versions.iter().max().unwrap();
-
-        // Track the cleanup for reporting
-        let mut versions_found: Vec<_> = unique_versions.iter().map(|v| v.to_string()).collect();
-        versions_found.sort();
-        duplicates_cleaned.push(DuplicateCleanup {
-          dep_name: dep_key.name.to_string(),
-          versions_found,
-          selected_version: selected.to_string(),
-        });
-
-        selected
-      } else {
-        unique_versions.iter().next().unwrap()
+      let version = match unique_versions.iter().max() {
+        Some(max) if unique_versions.len() > 1 => {
+          // Multiple versions found across targets - use highest
+          // This is the "silent win" - we unify duplicates automatically
+          let mut versions_found: Vec<_> = unique_versions.iter().map(|v| v.to_string()).collect();
+          versions_found.sort();
+          duplicates_cleaned.push(DuplicateCleanup {
+            dep_name: dep_key.name.to_string(),
+            versions_found,
+            selected_version: max.to_string(),
+          });
+          max
+        }
+        Some(version) => version,
+        None => continue, // Empty set - shouldn't happen given versions check above
       };
 
       // Construct version requirement - preserve exact pins if configured
@@ -227,9 +225,15 @@ impl UnifyAnalyzer {
           .find_map(|u| u.declared_version.as_ref().filter(|v| is_exact_pin(v)))
           .cloned()
           .unwrap_or_else(|| format!("={}", version));
-        VersionReq::parse(&exact_version).unwrap_or_else(|_| VersionReq::parse(&format!("^{}", version)).unwrap())
+        // Try exact version first, fall back to caret format, then ultimate fallback
+        VersionReq::parse(&exact_version)
+          .or_else(|_| VersionReq::parse(&format!("^{}", version)))
+          .unwrap_or_else(|_| VersionReq::default())
       } else {
-        VersionReq::parse(&format!("^{}", version)).unwrap_or_else(|_| VersionReq::parse(&version.to_string()).unwrap())
+        // Try caret format first, fall back to plain version, then ultimate fallback
+        VersionReq::parse(&format!("^{}", version))
+          .or_else(|_| VersionReq::parse(&version.to_string()))
+          .unwrap_or_else(|_| VersionReq::default())
       };
 
       // Check for version mismatches with existing workspace.dependencies

src/cargo/unify_analyzer.rs

@@ -796,8 +796,8 @@ fn sync_targets(editor: &mut TomlEditor, workspace_root: &Path) -> RailResult<Op
     .map_err(|e| RailError::message(format!("Failed to format targets: {}", e)))?;
 
   // Extract the value and insert it
-  if let Some(targets_item) = parsed.get("targets") {
-    editor.doc_mut()["targets"] = Item::Value(targets_item.as_value().unwrap().clone());
+  if let Some(value) = parsed.get("targets").and_then(|item| item.as_value()) {
+    editor.doc_mut()["targets"] = Item::Value(value.clone());
   }
 
   Ok(Some(TargetSyncResult {

src/commands/config.rs

@@ -428,7 +428,10 @@ pub fn run_release_init(ctx: &WorkspaceContext, crates: Option<Vec<String>>, che
 
     new_crates.push(pkg.name.clone());
 
-    let crate_dir = pkg.manifest_path.parent().expect("manifest has parent");
+    let Some(crate_dir) = pkg.manifest_path.parent() else {
+      // manifest_path always has a parent directory - skip if somehow malformed
+      continue;
+    };
     let changelog_path = crate::utils::detect_crate_changelog(crate_dir);
 
     let crate_config = config.crates.entry(pkg.name.to_string()).or_default();

src/commands/release.rs

@@ -276,7 +276,10 @@ fn detect_workspace_splits(
     }
 
     // Get relative path from workspace root to crate directory
-    let crate_dir = pkg.manifest_path.parent().expect("manifest has parent");
+    let Some(crate_dir) = pkg.manifest_path.parent() else {
+      // manifest_path always has a parent directory - skip if somehow malformed
+      continue;
+    };
     // Detect per-crate CHANGELOG file
     let changelog_path = crate::utils::detect_crate_changelog(crate_dir);
     let rel_path = match crate_dir.strip_prefix(workspace_root) {

src/commands/split.rs

@@ -276,8 +276,8 @@ impl WorkspaceGraph {
         if neighbor_node.is_workspace_member
           && let Some(&to_subgraph_idx) = name_to_subgraph_idx.get(&neighbor_node.name)
           && let Some(edge) = self.graph.find_edge(from_graph_idx, neighbor_graph_idx)
+          && let Some(&kind) = self.graph.edge_weight(edge)
         {
-          let kind = *self.graph.edge_weight(edge).unwrap();
           // Skip dev-dependencies - they don't affect publish order and can have cycles
           // Also skip self-references (crate depending on itself for test features)
           if kind != DependencyKind::Development && from_name != &neighbor_node.name {
@@ -321,10 +321,8 @@ impl WorkspaceGraph {
     // Normalize to workspace-relative path
     let relative_path = self.to_workspace_relative(file_path)?;
 
-    let cache = self
-      .path_cache
-      .read()
-      .expect("RwLock poisoned: another thread panicked while holding the lock");
+    // If the lock is poisoned (another thread panicked), return None gracefully
+    let cache = self.path_cache.read().ok()?;
     let cache_ref = cache.as_ref()?;
 
     // Walk up directory tree looking for a crate root
@@ -433,7 +431,11 @@ impl WorkspaceGraph {
       }
     }
 
-    *self.path_cache.write().unwrap() = Some(cache);
+    // If the lock is poisoned (another thread panicked), skip cache update
+    // The cache will be rebuilt on next access attempt
+    if let Ok(mut guard) = self.path_cache.write() {
+      *guard = Some(cache);
+    }
   }
 }
 

src/graph/core.rs

@@ -2,6 +2,8 @@
 
 #![warn(missing_docs)]
 #![cfg_attr(docsrs, feature(doc_cfg))]
+#![cfg_attr(not(test), deny(clippy::unwrap_used))]
+#![cfg_attr(not(test), deny(clippy::expect_used))]
 
 /// Backup and restore for undo operations.
 pub mod backup;

src/lib.rs

@@ -1,6 +1,8 @@
 //! Entry point for cargo-rail
 //!
 //! This is intentionally thin - all logic lives in the library.
+#![cfg_attr(not(test), deny(clippy::unwrap_used))]
+#![cfg_attr(not(test), deny(clippy::expect_used))]
 
 use cargo_rail::commands::cli::{ConfigCommand, UnifyCommand};
 use cargo_rail::commands::{self, CargoCli, Commands, StrictnessMode};