Skip to content

Comments

Comprehensive safety, correctness, CI, and test improvements#3

Merged
AndrewAltimit merged 1 commit intomainfrom
improvements/comprehensive-plan
Feb 21, 2026
Merged

Comprehensive safety, correctness, CI, and test improvements#3
AndrewAltimit merged 1 commit intomainfrom
improvements/comprehensive-plan

Conversation

@AndrewAltimit
Copy link
Owner

@AndrewAltimit AndrewAltimit commented Feb 21, 2026

Summary

  • Phase 1 -- Critical Safety: PTS overflow protection, frame size overflow checks, seqlock multi-writer detection, GPU fence timeout bounds, video dimension validation
  • Phase 2 -- Robustness: DPI scale/playback rate validation, IPC race condition fix, swapchain handle lifecycle fix (OnceCell to Mutex), clock jump detection, audio wall-clock timeout, URL host-based validation
  • Phase 3 -- CI/DX: Remove duplicate ci.yml, preserve Docker target cache, test parallelization, fix silent cargo-deny install failure, local pre-commit hooks
  • Phase 4 -- Dependency Hygiene: Centralize 6 workspace deps (serde_json, clap, egui, wgpu, winit, once_cell), add openssl ban rule, remove stale advisory
  • Phase 5 -- Lint Enforcement: Add undocumented_unsafe_blocks + missing_safety_doc clippy lints with SAFETY comments on all 13 unsafe blocks, CRC error context, exponential backoff in shmem reads
  • Phase 6 -- Test Coverage: 33 new tests across itk-protocol (14), itk-shmem (7), itk-sync (12) covering edge cases, boundary conditions, and error paths

25 files changed, 806 insertions, 205 deletions. Full CI passes (107 tests, clean clippy/fmt/cargo-deny).

Test plan

  • cargo fmt --all -- --check passes
  • cargo clippy --all-targets -- -D warnings passes
  • cargo test -- 107 tests pass, 0 failures
  • cargo deny check -- advisories, bans, licenses, sources all ok
  • Full Docker CI pipeline (docker compose --profile ci) passes

Generated with Claude Code

@claude
Comprehensive safety, correctness, CI, and test improvements
48ef5b1 
Phase 1 - Critical safety fixes: PTS overflow protection, frame size
overflow checks, video dimension validation, seqlock multi-writer
detection, PTS sentinel fix, GPU fence timeout bounds.

Phase 2 - Robustness: DPI scale range validation, playback rate
validation, clock jump detection, IPC race condition fix, swapchain
handle lifecycle (OnceCell to Mutex), audio ring buffer wall-clock
timeout, URL host-based validation.

Phase 3 - CI/DX: Remove duplicate ci.yml, preserve Docker target cache,
test parallelization, consolidate cleanup, fix silent cargo-deny install
failure, local pre-commit hooks, exclude Cargo.lock from large file
check.

Phase 4 - Dependency hygiene: Centralize workspace deps (serde_json,
clap, egui, wgpu, winit, once_cell), add openssl ban rule, remove stale
bytes advisory.

Phase 5 - Lint enforcement: Add undocumented_unsafe_blocks and
missing_safety_doc clippy lints, add SAFETY comments to all unsafe
blocks, add MessageType context to CRC errors, exponential backoff in
shmem read_frame.

Phase 6 - Test coverage: 33 new tests across itk-protocol (14),
itk-shmem (7), and itk-sync (12) covering edge cases, boundary
conditions, and error paths.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@AndrewAltimit AndrewAltimit merged commit 40f0684 into main Feb 21, 2026
3 checks passed
@AndrewAltimit AndrewAltimit deleted the improvements/comprehensive-plan branch February 21, 2026 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AndrewAltimit