Add guard for NINJA_ENV overrides

[leynos]

Summary

• guard NINJA_ENV with EnvLock and restoration guard
• add helper to override NINJA_ENV using dependency injection
• test NINJA_ENV override restoration with MockEnv

Testing

• make fmt
• make lint (fails: interrupted; command did not complete)
• make test

---

https://chatgpt.com/codex/tasks/task_e_689d10a97afc83229768883ca3244fb8

Summary by Sourcery

Add a scoped guard for safely overriding the NINJA_ENV environment variable using EnvLock and ensure its original value is restored on drop, with corresponding tests to validate the behavior.

New Features:

• Introduce override_ninja_env function and NinjaEnvGuard type to set and restore the NINJA_ENV variable

Enhancements:

• Serialize NINJA_ENV mutations with EnvLock to confine unsafe global state changes within the guard

Tests:

• Add ninja_env_tests.rs for verifying NINJA_ENV override and restoration with MockEnv
• Update runner_tests.rs to use override_ninja_env helper instead of manual environment manipulation

[sourcery-ai]

Reviewer's Guide

This PR introduces a safe, scoped mechanism to override the NINJA_ENV process variable by wrapping mutations in EnvLock and restoring the original value on guard drop.

File-Level Changes

Change	Details	Files
Introduce NinjaEnvGuard and override_ninja_env helper	Define NinjaEnvGuard struct to store original value Implement override_ninja_env with EnvLock and unsafe set_var Implement Drop for NinjaEnvGuard to restore or remove variable	test_support/src/env.rs
Refactor existing runner test to use the new guard	Replace manual EnvLock and unsafe set_var calls with override_ninja_env Drop the guard to trigger restoration instead of manual reset	tests/runner_tests.rs
Add dedicated tests for NINJA_ENV override behavior	Create ninja_env_tests.rs using MockEnv to simulate and verify restoration Wrap tests in serial and rstest for isolation Perform manual cleanup of process env var before and after test	tests/ninja_env_tests.rs

Possibly linked issues

• Remove unnecessary unsafe blocks from environment variable operations in tests #87: The PR refactors environment variable handling to remove explicit unsafe blocks from tests, as the issue requested.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Warning

Rate limit exceeded

@leynos has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 6 minutes and 46 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 5e02eac and a60869b.

📒 Files selected for processing (2)

• ninja_env/src/lib.rs (1 hunks)
• tests/ninja_env_tests.rs (1 hunks)

Summary by CodeRabbit

• New Features
  • Added a scoped guard to temporarily override the Ninja executable via an environment variable, with automatic restoration.
• Refactor
  • Centralised the Ninja environment variable constant into a shared crate; the variable name and behaviour remain unchanged.
• Tests
  • Added tests to verify environment override and restoration in both set and unset scenarios.
• Chores
  • Introduced a new local dependency to support shared environment configuration.

Walkthrough

Add a scoped, RAII-style API to temporarily override the process-global NINJA_ENV variable and restore it on drop; add tests for set/restore behaviour; move NINJA_ENV into a new ninja_env crate and update test-support and runner tests to use the guard.

Changes

Cohort / File(s)	Summary of Changes
Env guard API test_support/src/env.rs	Add public NinjaEnvGuard { original: Option<OsString> }, override_ninja_env(env: &impl EnvMut, path: &Path) -> NinjaEnvGuard, and impl Drop to reacquire the global lock and restore or remove NINJA_ENV. Confine unsafe env mutation to guard creation and import ninja_env::NINJA_ENV.
New tests for env guard tests/ninja_env_tests.rs	Add tests verifying override and restoration for both existing and absent initial NINJA_ENV values using MockEnv, override_ninja_env, and serialized execution.
Runner tests refactor tests/runner_tests.rs	Replace global unsafe std::env manipulation and manual locking with SystemEnv + override_ninja_env guard usage; remove direct import/use of exported NINJA_ENV and EnvLock in tests.
Test-support manifest test_support/Cargo.toml	Add ninja_env = { path = "../ninja_env" } dependency to the test_support crate.
Workspace Cargo Cargo.toml	Add local path dependency ninja_env = { path = "ninja_env" } to the workspace crate.
New crate: ninja_env ninja_env/Cargo.toml, ninja_env/src/lib.rs	Add new crate ninja_env with pub const NINJA_ENV: &str = "NETSUKE_NINJA", crate metadata and lint settings; re-export this constant from src/runner.rs via pub use ninja_env::NINJA_ENV;.

Sequence Diagram(s)

sequenceDiagram
  participant Test
  participant API as override_ninja_env
  participant Lock as EnvLock
  participant OS as ProcessEnv

  Test->>API: call override_ninja_env(env, path)
  API->>Lock: acquire lock
  API->>OS: set NINJA_ENV = path (unsafe, confined)
  API-->>Test: return NinjaEnvGuard

  Test-->>API: drop NinjaEnvGuard
  API->>Lock: reacquire lock
  alt original existed
    API->>OS: set NINJA_ENV = original
  else no original
    API->>OS: remove NINJA_ENV
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Link Support overriding Ninja executable via NETSUKE_NINJA #83 — Operates on the same NINJA_ENV constant and related runner/test code; link to consolidate the environment-variable constant.
• Link Remove no-op drops and enable parallel test execution by isolating environment #97 — Proposes using NINJA_ENV in tests to avoid PATH mutations; link to align test isolation strategy.
• Link Refactor ninja_with_exit_code fixture to use NINJA_ENV instead of PATH #96 — Targets test fixtures using NINJA_ENV rather than PATH; link because this PR provides the RAII override used by those fixtures.

Possibly related PRs

• Link Refactor env var guard comenq#16 — Introduces a scoped RAII-style env-var guard; link for the shared guard pattern and Drop-based restore semantics.
• Link Limit env lock dead code allowances to test builds #107 — Touched EnvLock/test environment locking; link because this PR replaces direct EnvLock usage with the guard that acquires/releases the same lock.
• Link Refactor CLI build handling into helper functions #82 — Previously introduced local NINJA_ENV usage in runner; link because this PR moves that constant into the new ninja_env crate and re-exports it.

Poem

Hold the Ninja path within the scope,
Set it quick, then let the guard elope. 🥷
Drop the guard and state returns,
No stray env var left to burn.
Tests breathe tidy, bright and dope.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/add-envlock-and-mockable-env-for-ninja_env

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[greptile-apps]

_{3 files reviewed, 4 comments}

_{Edit Code Review Bot Settings | Greptile}

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (5)

tests/ninja_env_tests.rs (4)

4-4: Import NINJA_ENV from test_support instead.

The constant is now duplicated across multiple files. Import it from test_support::env to maintain a single source of truth.

-use netsuke::runner::NINJA_ENV;
+use test_support::env::NINJA_ENV;

Also update test_support/src/env.rs to export the constant:

pub const NINJA_ENV: &str = "NETSUKE_NINJA";

---

20-20: Improve the expect message.

Provide a more descriptive message as per the coding guidelines.

-        let after = std::env::var(NINJA_ENV).expect("env var");
+        let after = std::env::var(NINJA_ENV).expect("NINJA_ENV should be set after override");

---

24-25: Fix test logic inconsistency.

The test expects the mock to return "restored" but then asserts that the real environment variable contains "restored". This creates confusion about what's being tested. The guard's Drop implementation uses std::env::set_var/remove_var directly, not the mock's methods.

The guard should either:

1. Use the mock for restoration (which it doesn't), or
2. The test should verify restoration to the original value captured before the override

-    env.expect_raw()
-        .withf(|k| k == NINJA_ENV)
-        .returning(|_| Ok("restored".to_string()));
+    env.expect_raw()
+        .withf(|k| k == NINJA_ENV)
+        .returning(move |_| before.as_ref().map(|s| s.to_string_lossy().into_owned()).ok_or("not set".to_string()));

And update the assertion:

-    let restored = std::env::var(NINJA_ENV).expect("env var");
-    assert_eq!(restored, "restored");
+    let restored = std::env::var_os(NINJA_ENV);
+    assert_eq!(restored, before);

---

26-34: Remove redundant manual cleanup.

The manual cleanup duplicates the logic already implemented in NinjaEnvGuard::drop(). This code is unnecessary since the test is already wrapped with #[serial] for isolation.

-    let _lock = EnvLock::acquire();
-    // SAFETY: `EnvLock` serialises access while the variable is reset.
-    unsafe {
-        if let Some(val) = before {
-            std::env::set_var(NINJA_ENV, val);
-        } else {
-            std::env::remove_var(NINJA_ENV);
-        }
-    }

test_support/src/env.rs (1)

90-90: Export the constant to avoid duplication.

The NINJA_ENV constant is duplicated from runner.rs. Export it publicly to allow other modules to import it, maintaining a single source of truth.

-const NINJA_ENV: &str = "NETSUKE_NINJA";
+pub const NINJA_ENV: &str = "NETSUKE_NINJA";

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 888fc6b and cc70132.

📒 Files selected for processing (3)

• test_support/src/env.rs (1 hunks)
• tests/ninja_env_tests.rs (1 hunks)
• tests/runner_tests.rs (3 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.rs

📄 CodeRabbit Inference Engine (AGENTS.md)

**/*.rs: Comment why, not what. Explain assumptions, edge cases, trade-offs, or complexity. Don't echo the obvious.
Use functions and composition. Avoid repetition by extracting reusable logic. Prefer generators or comprehensions, and declarative code to imperative repetition when readable.
Small, meaningful functions. Functions must be small, clear in purpose, single responsibility, and obey command/query segregation.
Name things precisely. Use clear, descriptive variable and function names. For booleans, prefer names with is, has, or should.
Every module must begin with a module level (//! ) comment explaining the module's purpose and utility.
Document public APIs using Rustdoc comments (///) so documentation can be generated with cargo doc.
Place function attributes after doc comments.
Do not use return in single-line functions.
Prefer immutable data and avoid unnecessary mut bindings.
Handle errors with the Result type instead of panicking where feasible.
Prefer .expect() over .unwrap().
Use concat!() to combine long string literals rather than escaping newlines with a backslash.
Prefer single line versions of functions where appropriate.
Clippy warnings MUST be disallowed.
Lints must not be silenced except as a last resort.
Lint rule suppressions must be tightly scoped and include a clear reason.
Prefer expect over allow.
Keep file size manageable. No single code file may be longer than 400 lines. Long switch statements or dispatch tables should be broken up by feature and constituents colocated with targets. Large blocks of test data should be moved to external data files.
Illustrate with clear examples. Function documentation must include clear examples demonstrating the usage and outcome of the function. Test documentation should omit examples where the example serves only to reiterate the test logic.
Prefer semantic error enums. Derive std::error::Error (via the thiserror crate) for any condition the caller might inspect, retry, or map to an HTTP status.
...

Files:

• tests/ninja_env_tests.rs
• test_support/src/env.rs
• tests/runner_tests.rs

---

⚙️ CodeRabbit Configuration File

**/*.rs: * Seek to keep the cyclomatic complexity of functions no more than 12.

• Adhere to single responsibility and CQRS

• Place function attributes after doc comments.

• Do not use return in single-line functions.

• Move conditionals with >2 branches into a predicate function.

• Avoid unsafe unless absolutely necessary.

• Every module must begin with a //! doc comment that explains the module's purpose and utility.

• Comments and docs must follow en-GB-oxendict (-ize / -our) spelling and grammar

• Lints must not be silenced except as a last resort.

  • #[allow] is forbidden.
  • Only narrowly scoped #[expect(lint, reason = "...")] is allowed.
  • No lint groups, no blanket or file-wide suppression.
  • Include FIXME: with link if a fix is expected.

• Where code is only used by specific features, it must be conditionally compiled or a conditional expectation for unused_code applied.

• Use rstest fixtures for shared setup and to avoid repetition between tests.

• Replace duplicated tests with #[rstest(...)] parameterised cases.

• Prefer mockall for mocks/stubs.

• Prefer .expect() over .unwrap()

• Ensure that any API or behavioural changes are reflected in the documentation in docs/

• Ensure that any completed roadmap steps are recorded in the appropriate roadmap in docs/

• Files must not exceed 400 lines in length

  • Large modules must be decomposed
  • Long match statements or dispatch tables should be decomposed by domain and collocated with targets
  • Large blocks of inline data (e.g., test fixtures, constants or templates) must be moved to external files and inlined at compile-time or loaded at run-time.

Files:

• tests/ninja_env_tests.rs
• test_support/src/env.rs
• tests/runner_tests.rs

🧬 Code Graph Analysis (3)

tests/ninja_env_tests.rs (3)

tests/env_path_tests.rs (1)

• std (39-41)

test_support/src/env.rs (5)

• override_ninja_env (116-122)
• drop (125-135)
• set_var (24-24)
• set_var (28-30)
• set_var (34-36)

test_support/src/env_lock.rs (1)

• acquire (17-21)

test_support/src/env.rs (2)

test_support/src/env_lock.rs (1)

• acquire (17-21)

test_support/src/path_guard.rs (3)

• drop (75-84)
• set_var (18-18)
• set_var (25-27)

tests/runner_tests.rs (1)

test_support/src/env.rs (2)

• override_ninja_env (116-122)
• drop (125-135)

⏰ Context from checks skipped due to timeout of 120000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-test

🔇 Additional comments (9)

tests/ninja_env_tests.rs (1)

1-1: Add module-level documentation.

Add a module-level comment (//!) explaining the module's purpose and utility, as required by the coding guidelines.

+//! Tests for the NINJA_ENV override guard functionality.
+//!
+//! Validates that the `override_ninja_env` function correctly sets and restores
+//! the NINJA_ENV environment variable using RAII semantics.
 //! Tests for overriding the `NINJA_ENV` variable via a mock environment.

Likely an incorrect or invalid review comment.

tests/runner_tests.rs (4)

2-2: LGTM! Clean refactor to use the new guard API.

The removal of NINJA_ENV from imports aligns with the API change where it's no longer exported from netsuke::runner.

---

8-8: LGTM! Good adoption of the new guard-based API.

The import of override_ninja_env from test_support replaces the previous manual environment manipulation approach.

---

211-212: LGTM! Clean RAII pattern implementation.

The use of SystemEnv and override_ninja_env properly encapsulates the environment override with automatic restoration via the guard's Drop implementation.

---

229-229: LGTM! Explicit drop for clarity.

The explicit drop(guard) makes the restoration point clear, though it would happen automatically at scope end.

test_support/src/env.rs (4)

92-96: LGTM! Well-documented guard struct.

The struct is properly documented and follows the RAII pattern for environment variable restoration.

---

98-115: LGTM! Excellent documentation with example.

The function is well-documented with clear safety notes and a practical example demonstrating usage.

---

116-122: LGTM! Proper synchronisation and safety handling.

The function correctly acquires the lock before mutation and documents the safety invariant.

---

124-136: LGTM! Correct Drop implementation with proper synchronisation.

The Drop implementation properly acquires the lock and restores the original value or removes the variable as appropriate.

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}

[greptile-apps]

_{3 files reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}

[coderabbitai]

Actionable comments posted: 6

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled

You can enable these settings in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between cc70132 and e0490c0.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• test_support/Cargo.toml (1 hunks)
• test_support/src/env.rs (2 hunks)
• tests/ninja_env_tests.rs (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.rs

📄 CodeRabbit Inference Engine (AGENTS.md)

**/*.rs: Comment why, not what. Explain assumptions, edge cases, trade-offs, or complexity. Don't echo the obvious.
Use functions and composition. Avoid repetition by extracting reusable logic. Prefer generators or comprehensions, and declarative code to imperative repetition when readable.
Small, meaningful functions. Functions must be small, clear in purpose, single responsibility, and obey command/query segregation.
Name things precisely. Use clear, descriptive variable and function names. For booleans, prefer names with is, has, or should.
Every module must begin with a module level (//! ) comment explaining the module's purpose and utility.
Document public APIs using Rustdoc comments (///) so documentation can be generated with cargo doc.
Place function attributes after doc comments.
Do not use return in single-line functions.
Prefer immutable data and avoid unnecessary mut bindings.
Handle errors with the Result type instead of panicking where feasible.
Prefer .expect() over .unwrap().
Use concat!() to combine long string literals rather than escaping newlines with a backslash.
Prefer single line versions of functions where appropriate.
Clippy warnings MUST be disallowed.
Lints must not be silenced except as a last resort.
Lint rule suppressions must be tightly scoped and include a clear reason.
Prefer expect over allow.
Keep file size manageable. No single code file may be longer than 400 lines. Long switch statements or dispatch tables should be broken up by feature and constituents colocated with targets. Large blocks of test data should be moved to external data files.
Illustrate with clear examples. Function documentation must include clear examples demonstrating the usage and outcome of the function. Test documentation should omit examples where the example serves only to reiterate the test logic.
Prefer semantic error enums. Derive std::error::Error (via the thiserror crate) for any condition the caller might inspect, retry, or map to an HTTP status.
...

Files:

• test_support/src/env.rs
• tests/ninja_env_tests.rs

---

⚙️ CodeRabbit Configuration File

**/*.rs: * Seek to keep the cyclomatic complexity of functions no more than 12.

• Adhere to single responsibility and CQRS

• Place function attributes after doc comments.

• Do not use return in single-line functions.

• Move conditionals with >2 branches into a predicate function.

• Avoid unsafe unless absolutely necessary.

• Every module must begin with a //! doc comment that explains the module's purpose and utility.

• Comments and docs must follow en-GB-oxendict (-ize / -our) spelling and grammar

• Lints must not be silenced except as a last resort.

  • #[allow] is forbidden.
  • Only narrowly scoped #[expect(lint, reason = "...")] is allowed.
  • No lint groups, no blanket or file-wide suppression.
  • Include FIXME: with link if a fix is expected.

• Where code is only used by specific features, it must be conditionally compiled or a conditional expectation for unused_code applied.

• Use rstest fixtures for shared setup and to avoid repetition between tests.

• Replace duplicated tests with #[rstest(...)] parameterised cases.

• Prefer mockall for mocks/stubs.

• Prefer .expect() over .unwrap()

• Ensure that any API or behavioural changes are reflected in the documentation in docs/

• Ensure that any completed roadmap steps are recorded in the appropriate roadmap in docs/

• Files must not exceed 400 lines in length

  • Large modules must be decomposed
  • Long match statements or dispatch tables should be decomposed by domain and collocated with targets
  • Large blocks of inline data (e.g., test fixtures, constants or templates) must be moved to external files and inlined at compile-time or loaded at run-time.

Files:

• test_support/src/env.rs
• tests/ninja_env_tests.rs

🧬 Code Graph Analysis (2)

test_support/src/env.rs (2)

test_support/src/env_lock.rs (1)

• acquire (17-21)

test_support/src/path_guard.rs (3)

• drop (75-84)
• set_var (18-18)
• set_var (25-27)

tests/ninja_env_tests.rs (2)

test_support/src/env.rs (2)

• override_ninja_env (116-122)
• drop (125-135)

test_support/src/env_lock.rs (1)

• acquire (17-21)

⏰ Context from checks skipped due to timeout of 120000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-test

🔇 Additional comments (1)

test_support/src/env.rs (1)

7-7: Import the source-of-truth constant to avoid drift.

Import NINJA_ENV from netsuke::runner rather than duplicating a local constant to prevent divergence if the value changes upstream.

[leynos]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[leynos]

@coderabbitai Have the following now been resolved?

• Consider centralizing the NINJA_ENV constant in a shared module (instead of redefining it in test_support and in runner) so both the override helper and tests reference the same constant.
• Add a test for when NINJA_ENV is initially unset to verify that dropping the guard correctly removes the variable rather than leaving it set.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

Based on my analysis of the code:

@leynos Yes, both concerns have been resolved:

✅ NINJA_ENV constant centralization: The constant is now centralized in the runner module and imported in test_support. In test_support/src/env.rs, I can see:

use netsuke::runner::NINJA_ENV;

This means both modules reference the same constant definition rather than having duplicate definitions.

✅ Test for unset NINJA_ENV: The test override_ninja_env_unset_removes_variable in tests/ninja_env_tests.rs specifically covers this scenario. The test:

• Removes NINJA_ENV from the environment initially
• Applies the override to set it to /tmp/ninja
• Drops the guard and verifies that NINJA_ENV is completely removed (not just restored to empty)
• Uses assert!(std::env::var(NINJA_ENV).is_err()) to confirm the variable is absent

Both issues from your previous feedback have been properly addressed in this PR.

---

🏁 Script executed:

#!/bin/bash
# Check how NINJA_ENV constant is handled in test_support/src/env.rs
echo "=== Checking NINJA_ENV usage in test_support/src/env.rs ==="
cat test_support/src/env.rs

echo -e "\n=== Checking NINJA_ENV definition in runner module ==="
rg "NINJA_ENV" --type rust -A 2 -B 2

echo -e "\n=== Checking the unset test in ninja_env_tests.rs ==="
cat tests/ninja_env_tests.rs

Length of output: 12052

---

@leynos Yes, both concerns have been fully resolved:

✅ NINJA_ENV constant centralization: The constant is properly centralized in src/runner.rs:

pub const NINJA_ENV: &str = "NETSUKE_NINJA";

And imported in both test modules:

• test_support/src/env.rs: use netsuke::runner::NINJA_ENV;
• tests/ninja_env_tests.rs: use netsuke::runner::NINJA_ENV;

There's no duplication - both modules reference the same constant definition.

✅ Test for unset NINJA_ENV: The test override_ninja_env_unset_removes_variable specifically covers this scenario:

• Removes NINJA_ENV initially: unsafe { std::env::remove_var(NINJA_ENV) };
• Configures MockEnv to return NotPresent for NINJA_ENV queries
• Applies the override to set it to /tmp/ninja
• Crucially verifies removal after guard drop: assert!(std::env::var(NINJA_ENV).is_err());

This test ensures that when NINJA_ENV was initially unset, dropping the guard correctly removes the variable rather than leaving it set to an empty value.

Both issues from your previous feedback have been properly addressed.

[coderabbitai]

Actionable comments posted: 8

🔭 Outside diff range comments (1)

Cargo.toml (1)

1-78: Unify MSRV and lint policy at the workspace level

Add these sections to your root Cargo.toml:

[workspace.package]
rust-version = "1.85.0"

[workspace.lints.clippy]
pedantic                             = { level = "warn", priority = -1 }
allow_attributes_without_reason      = "deny"
blanket_clippy_restriction_lints     = "deny"
unwrap_used                          = "deny"
indexing_slicing                     = "deny"
string_slice                         = "deny"
integer_division                     = "deny"
integer_division_remainder_used      = "deny"
host_endian_bytes                    = "deny"
little_endian_bytes                  = "deny"
big_endian_bytes                     = "deny"
or_fun_call                          = "deny"
option_if_let_else                   = "deny"
use_self                             = "deny"
string_lit_as_bytes                  = "deny"
float_arithmetic                     = "deny"

Cargo supports [workspace.package] rust-version from 1.84.0, and the 2024 edition requires Rust 1.85.0. Ensure CI uses at least Rust 1.85.0.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

💡 Knowledge Base configuration:

• Jira integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e0490c0 and aa0dee7.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (7)

• Cargo.toml (1 hunks)
• ninja_env/Cargo.toml (1 hunks)
• ninja_env/src/lib.rs (1 hunks)
• src/runner.rs (1 hunks)
• test_support/Cargo.toml (1 hunks)
• test_support/src/env.rs (2 hunks)
• tests/ninja_env_tests.rs (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

Cargo.toml

📄 CodeRabbit Inference Engine (AGENTS.md)

Cargo.toml: Use explicit version ranges in Cargo.toml and keep dependencies up-to-date.
Mandate caret requirements for all dependencies. All crate versions specified in Cargo.toml must use SemVer-compatible caret requirements (e.g., some-crate = "1.2.3").
Prohibit unstable version specifiers. The use of wildcard (*) or open-ended inequality (>=) version requirements is strictly forbidden. Tilde requirements (~) should only be used where a dependency must be locked to patch-level updates for a specific, documented reason.

Files:

• Cargo.toml

**/*.rs

📄 CodeRabbit Inference Engine (AGENTS.md)

**/*.rs: Comment why, not what. Explain assumptions, edge cases, trade-offs, or complexity. Don't echo the obvious.
Use functions and composition. Avoid repetition by extracting reusable logic. Prefer generators or comprehensions, and declarative code to imperative repetition when readable.
Small, meaningful functions. Functions must be small, clear in purpose, single responsibility, and obey command/query segregation.
Name things precisely. Use clear, descriptive variable and function names. For booleans, prefer names with is, has, or should.
Every module must begin with a module level (//! ) comment explaining the module's purpose and utility.
Document public APIs using Rustdoc comments (///) so documentation can be generated with cargo doc.
Place function attributes after doc comments.
Do not use return in single-line functions.
Prefer immutable data and avoid unnecessary mut bindings.
Handle errors with the Result type instead of panicking where feasible.
Prefer .expect() over .unwrap().
Use concat!() to combine long string literals rather than escaping newlines with a backslash.
Prefer single line versions of functions where appropriate.
Clippy warnings MUST be disallowed.
Lints must not be silenced except as a last resort.
Lint rule suppressions must be tightly scoped and include a clear reason.
Prefer expect over allow.
Keep file size manageable. No single code file may be longer than 400 lines. Long switch statements or dispatch tables should be broken up by feature and constituents colocated with targets. Large blocks of test data should be moved to external data files.
Illustrate with clear examples. Function documentation must include clear examples demonstrating the usage and outcome of the function. Test documentation should omit examples where the example serves only to reiterate the test logic.
Prefer semantic error enums. Derive std::error::Error (via the thiserror crate) for any condition the caller might inspect, retry, or map to an HTTP status.
...

Files:

• ninja_env/src/lib.rs
• tests/ninja_env_tests.rs
• src/runner.rs
• test_support/src/env.rs

---

⚙️ CodeRabbit Configuration File

**/*.rs: * Seek to keep the cyclomatic complexity of functions no more than 12.

• Adhere to single responsibility and CQRS

• Place function attributes after doc comments.

• Do not use return in single-line functions.

• Move conditionals with >2 branches into a predicate function.

• Avoid unsafe unless absolutely necessary.

• Every module must begin with a //! doc comment that explains the module's purpose and utility.

• Comments and docs must follow en-GB-oxendict (-ize / -our) spelling and grammar

• Lints must not be silenced except as a last resort.

  • #[allow] is forbidden.
  • Only narrowly scoped #[expect(lint, reason = "...")] is allowed.
  • No lint groups, no blanket or file-wide suppression.
  • Include FIXME: with link if a fix is expected.

• Where code is only used by specific features, it must be conditionally compiled or a conditional expectation for unused_code applied.

• Use rstest fixtures for shared setup and to avoid repetition between tests.

• Replace duplicated tests with #[rstest(...)] parameterised cases.

• Prefer mockall for mocks/stubs.

• Prefer .expect() over .unwrap()

• Ensure that any API or behavioural changes are reflected in the documentation in docs/

• Ensure that any completed roadmap steps are recorded in the appropriate roadmap in docs/

• Files must not exceed 400 lines in length

  • Large modules must be decomposed
  • Long match statements or dispatch tables should be decomposed by domain and collocated with targets
  • Large blocks of inline data (e.g., test fixtures, constants or templates) must be moved to external files and inlined at compile-time or loaded at run-time.

Files:

• ninja_env/src/lib.rs
• tests/ninja_env_tests.rs
• src/runner.rs
• test_support/src/env.rs

🧬 Code Graph Analysis (2)

tests/ninja_env_tests.rs (2)

test_support/src/env.rs (4)

• override_ninja_env (116-122)
• set_var (25-25)
• set_var (29-31)
• set_var (35-37)

test_support/src/env_lock.rs (1)

• acquire (17-21)

test_support/src/env.rs (2)

test_support/src/env_lock.rs (1)

• acquire (17-21)

test_support/src/path_guard.rs (3)

• drop (75-84)
• set_var (18-18)
• set_var (25-27)

⏰ Context from checks skipped due to timeout of 120000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-test

🔇 Additional comments (10)

test_support/Cargo.toml (1)

11-11: LGTM: Depend on the shared ninja_env crate.

Depend on ninja_env here to reference the canonical constant and avoid redefinition. This keeps tests in lock-step with the runtime semantics without reintroducing cycles.

Cargo.toml (1)

22-22: LGTM: Introduce a path dependency on ninja_env.

Centralise the NINJA_ENV symbol in a dedicated crate and re-export from the runtime. This preserves the public API while improving cohesion.

src/runner.rs (2)

23-23: LGTM: Re-export NINJA_ENV to preserve the public API while centralising the source.

Re-exporting from ninja_env keeps external users on netsuke::runner::NINJA_ENV without duplication. This avoids drift and clarifies ownership.

---

23-23: Approve centralised NINJA_ENV definition

No other const NINJA_ENV found outside ninja_env/src/lib.rs. All imports reference the single central constant. Keep the pub use ninja_env::NINJA_ENV; in src/runner.rs as is.

test_support/src/env.rs (3)

7-7: Centralise constant import to avoid drift — LGTM

Import NINJA_ENV from the single source of truth. This removes duplication and eliminates divergence risk.

---

116-122: Fix TOCTOU by acquiring the lock before read and set — LGTM

Acquire EnvLock before reading and writing to eliminate races with other well-behaved callers.

---

124-135: Restore under lock with narrowly scoped unsafe — LGTM

Reacquire EnvLock for restoration and keep unsafe tightly scoped to the actual mutations. This aids auditing and correctness.

tests/ninja_env_tests.rs (3)

1-9: Test structure and serialisation — LGTM

Scope the overrides and serialise execution with serial_test. Imports target the public API surface.

---

30-36: Serialise setup that mutates global state — LGTM

Acquire EnvLock and confine the unsafe remove_var to setup. This keeps tests deterministic and isolated.

---

49-59: Restore original environment state at the end — LGTM

Reacquire EnvLock and restore/remove as appropriate to avoid leaking process-global state across tests.

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (1)

ninja_env/Cargo.toml (1)

10-49: Promote pedantic to deny to uphold “no warnings” policy

Eliminate warning chaff from this crate by denying pedantic. This keeps the lint posture consistent with “Clippy warnings MUST be disallowed”.

Apply:

 [lints.clippy]
-pedantic = { level = "warn", priority = -1 }
+pedantic = { level = "deny", priority = -1 }

♻️ Duplicate comments (2)

test_support/src/env.rs (2)

91-96: Enforce RAII correctness by marking the guard #[must_use]

Prevent accidental immediate drop that silently reverts the override.

Apply:

 /// Guard that restores `NINJA_ENV` to its previous value on drop.
-#[derive(Debug)]
+#[derive(Debug)]
+#[must_use = "Dropping this guard immediately defeats the override; bind it for the intended scope"]
 pub struct NinjaEnvGuard {
     original: Option<OsString>,
 }

---

97-116: Clarify lock semantics in docs; keep the example OS-portable

Document that the guard serialises writes during construction/restoration only and does not hold the lock for its lifetime. The example is already portable; keep it as-is.

Apply:

 /// Override the `NINJA_ENV` variable with `path`, returning a guard that resets it.
 ///
 /// In Rust 2024 `std::env::set_var` is `unsafe` because it mutates process-global
 /// state. `EnvLock` serialises the mutation and the guard restores the prior
 /// value, confining the unsafety to the scope of the guard.
 ///
+/// Note: The guard does not hold `EnvLock` for its entire lifetime; it only
+/// serialises writes during construction and on drop. Acquire `EnvLock` around
+/// any other environment mutations while the guard is active to avoid lost updates.
 ///
 /// # Examples

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

💡 Knowledge Base configuration:

• Jira integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between aa0dee7 and d5838ca.

📒 Files selected for processing (3)

• ninja_env/Cargo.toml (1 hunks)
• test_support/src/env.rs (2 hunks)
• tests/ninja_env_tests.rs (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.rs

📄 CodeRabbit Inference Engine (AGENTS.md)

**/*.rs: Comment why, not what. Explain assumptions, edge cases, trade-offs, or complexity. Don't echo the obvious.
Use functions and composition. Avoid repetition by extracting reusable logic. Prefer generators or comprehensions, and declarative code to imperative repetition when readable.
Small, meaningful functions. Functions must be small, clear in purpose, single responsibility, and obey command/query segregation.
Name things precisely. Use clear, descriptive variable and function names. For booleans, prefer names with is, has, or should.
Every module must begin with a module level (//! ) comment explaining the module's purpose and utility.
Document public APIs using Rustdoc comments (///) so documentation can be generated with cargo doc.
Place function attributes after doc comments.
Do not use return in single-line functions.
Prefer immutable data and avoid unnecessary mut bindings.
Handle errors with the Result type instead of panicking where feasible.
Prefer .expect() over .unwrap().
Use concat!() to combine long string literals rather than escaping newlines with a backslash.
Prefer single line versions of functions where appropriate.
Clippy warnings MUST be disallowed.
Lints must not be silenced except as a last resort.
Lint rule suppressions must be tightly scoped and include a clear reason.
Prefer expect over allow.
Keep file size manageable. No single code file may be longer than 400 lines. Long switch statements or dispatch tables should be broken up by feature and constituents colocated with targets. Large blocks of test data should be moved to external data files.
Illustrate with clear examples. Function documentation must include clear examples demonstrating the usage and outcome of the function. Test documentation should omit examples where the example serves only to reiterate the test logic.
Prefer semantic error enums. Derive std::error::Error (via the thiserror crate) for any condition the caller might inspect, retry, or map to an HTTP status.
...

Files:

• test_support/src/env.rs
• tests/ninja_env_tests.rs

---

⚙️ CodeRabbit Configuration File

**/*.rs: * Seek to keep the cyclomatic complexity of functions no more than 12.

• Adhere to single responsibility and CQRS

• Place function attributes after doc comments.

• Do not use return in single-line functions.

• Move conditionals with >2 branches into a predicate function.

• Avoid unsafe unless absolutely necessary.

• Every module must begin with a //! doc comment that explains the module's purpose and utility.

• Comments and docs must follow en-GB-oxendict (-ize / -our) spelling and grammar

• Lints must not be silenced except as a last resort.

  • #[allow] is forbidden.
  • Only narrowly scoped #[expect(lint, reason = "...")] is allowed.
  • No lint groups, no blanket or file-wide suppression.
  • Include FIXME: with link if a fix is expected.

• Where code is only used by specific features, it must be conditionally compiled or a conditional expectation for unused_code applied.

• Use rstest fixtures for shared setup and to avoid repetition between tests.

• Replace duplicated tests with #[rstest(...)] parameterised cases.

• Prefer mockall for mocks/stubs.

• Prefer .expect() over .unwrap()

• Ensure that any API or behavioural changes are reflected in the documentation in docs/

• Ensure that any completed roadmap steps are recorded in the appropriate roadmap in docs/

• Files must not exceed 400 lines in length

  • Large modules must be decomposed
  • Long match statements or dispatch tables should be decomposed by domain and collocated with targets
  • Large blocks of inline data (e.g., test fixtures, constants or templates) must be moved to external files and inlined at compile-time or loaded at run-time.

Files:

• test_support/src/env.rs
• tests/ninja_env_tests.rs

🧬 Code Graph Analysis (2)

test_support/src/env.rs (3)

test_support/src/env_lock.rs (1)

• acquire (17-21)

test_support/src/path_guard.rs (3)

• drop (75-84)
• set_var (18-18)
• set_var (25-27)

tests/env_path_tests.rs (1)

• std (39-41)

tests/ninja_env_tests.rs (2)

test_support/src/env.rs (4)

• override_ninja_env (116-122)
• set_var (25-25)
• set_var (29-31)
• set_var (35-37)

test_support/src/env_lock.rs (1)

• acquire (17-21)

⏰ Context from checks skipped due to timeout of 120000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-test

🔇 Additional comments (8)

ninja_env/Cargo.toml (1)

1-6: Mark crate internal and declare MSRV: LGTM

Keep publish = false and rust-version = "1.85.0" here. This aligns with an internal utility crate and the 2024 edition.

test_support/src/env.rs (3)

7-7: Centralise NINJA_ENV import: LGTM

Use the shared constant from the dedicated crate to avoid drift across modules and tests.

---

116-122: Acquire lock before read and write: LGTM

Read the original value and perform the override while holding EnvLock to avoid TOCTOU races.

---

124-135: Minimise unsafe surface during restoration: LGTM

Restrict unsafe to the exact mutation calls and serialise under EnvLock. This aids auditing and future refactors.

tests/ninja_env_tests.rs (4)

1-7: Serialise tests that mutate process env: LGTM

Gate with serial_test and keep the tests isolated behind the same key constant. This avoids flaky interleavings.

---

12-19: Stub original value correctly and avoid lossy conversions: LGTM

Capture var_os in test 1 and convert fallibly for the mock. This handles non‑UTF‑8 values safely.

---

21-25: Use OS-portable temp path and descriptive expects: LGTM

Build the target from temp_dir() and assert with a clear failure message.

---

52-62: Restore the exact original OS value for test isolation

Restore OsString (if present) under the lock; do not degrade to UTF‑8 only.

Apply:

     // Restore original global state for isolation
     {
         let _lock = EnvLock::acquire();
-        if let Some(val) = before {
+        if let Some(val) = before {
             // SAFETY: `EnvLock` serialises mutations while restoring.
             unsafe { std::env::set_var(NINJA_ENV, val) };
         } else {
             // SAFETY: `EnvLock` serialises mutations while restoring.
             unsafe { std::env::remove_var(NINJA_ENV) };
         }
     }

Likely an incorrect or invalid review comment.

[leynos]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 7

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

💡 Knowledge Base configuration:

• Jira integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d5838ca and 5e02eac.

📒 Files selected for processing (2)

• ninja_env/src/lib.rs (1 hunks)
• tests/ninja_env_tests.rs (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.rs

⚙️ CodeRabbit Configuration File

**/*.rs: * Seek to keep the cyclomatic complexity of functions no more than 12.

• Adhere to single responsibility and CQRS

• Place function attributes after doc comments.

• Do not use return in single-line functions.

• Move conditionals with >2 branches into a predicate function.

• Avoid unsafe unless absolutely necessary.

• Every module must begin with a //! doc comment that explains the module's purpose and utility.

• Comments and docs must follow en-GB-oxendict (-ize / -our) spelling and grammar

• Lints must not be silenced except as a last resort.

  • #[allow] is forbidden.
  • Only narrowly scoped #[expect(lint, reason = "...")] is allowed.
  • No lint groups, no blanket or file-wide suppression.
  • Include FIXME: with link if a fix is expected.

• Where code is only used by specific features, it must be conditionally compiled or a conditional expectation for unused_code applied.

• Use rstest fixtures for shared setup and to avoid repetition between tests.

• Replace duplicated tests with #[rstest(...)] parameterised cases.

• Prefer mockall for mocks/stubs.

• Prefer .expect() over .unwrap()

• Ensure that any API or behavioural changes are reflected in the documentation in docs/

• Ensure that any completed roadmap steps are recorded in the appropriate roadmap in docs/

• Files must not exceed 400 lines in length

  • Large modules must be decomposed
  • Long match statements or dispatch tables should be decomposed by domain and collocated with targets
  • Large blocks of inline data (e.g., test fixtures, constants or templates) must be moved to external files and inlined at compile-time or loaded at run-time.

Files:

• ninja_env/src/lib.rs
• tests/ninja_env_tests.rs

🧬 Code Graph Analysis (1)

tests/ninja_env_tests.rs (2)

test_support/src/env.rs (4)

• override_ninja_env (116-122)
• set_var (25-25)
• set_var (29-31)
• set_var (35-37)

test_support/src/env_lock.rs (1)

• acquire (17-21)

🔇 Additional comments (1)

ninja_env/src/lib.rs (1)

1-1: Good: Forbid unsafe code at the crate level.

Keep this. It enforces the intended safety guarantees for this crate.