Skip to content

Pin ty to 0.0.56#25

Open
leynos wants to merge 3 commits into
mainfrom
pin-ty
Open

Pin ty to 0.0.56#25
leynos wants to merge 3 commits into
mainfrom
pin-ty

Conversation

@leynos

@leynos leynos commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Rationale

ty 0.0.56 broke estate repositories whose CI installed ty unpinned (uv tool install ty, uvx ty, unpinned dev-dependencies): falcon-correlate and polythene mains were red for days. This pins every ty site in the template repository — both the template tree that generated repositories inherit and the repository's own gates — to 0.0.56, so future upgrades are deliberate rather than incidental.

Sites changed

  • Makefile (repository's own typecheck gate): uvx … ty check tests/uvx … ty@0.0.56 check tests/.
  • template/pyproject.toml.jinja (inherited by generated repositories): dev group "ty""ty==0.0.56". This also pins the generated Makefile's uv run ty --version / uv run ty check invocations, which resolve from the dev group; no change to template/Makefile.jinja is needed. The templated CI (ci.yml.jinja) typechecks via make typecheck, so it is covered by the same pin; its "Install CLI tools" step does not install ty.
  • tests/test_helpers.py and tests/helpers/pyproject_contracts.py: contract assertions updated to expect the pinned forms.

Validation

  • Repository gates: make check-fmt, make lint, make typecheck (now running ty 0.0.56: "All checks passed!"), and the full contract suite make test (33 passed, 2 skipped, 3 snapshots passed).
  • Rendered both toggle states (use_rust=false and use_rust=true): each resolves ty 0.0.56 and passes make typecheck (ty check my_project tests) cleanly, so the pin surfaces no ty 0.0.56 failures in generated projects.

Note for maintainers

Future ty bumps should be deliberate: update the pin in the parent Makefile, the templated dev group, and the contract assertions together, and re-render both toggle states before merging.

🤖 Generated with Claude Code

The ty 0.0.56 release broke estate repositories whose CI installed ty
unpinned (falcon-correlate and polythene mains were red for days). Pin
every ty installation site to 0.0.56 so upgrades become deliberate:

- the parent Makefile's typecheck target now runs uvx ty@0.0.56;
- the templated dev dependency group now declares ty==0.0.56, which
  pins the generated Makefile's `uv run ty` invocations;
- the contract tests assert the pinned forms.

Both rendered toggle states resolve ty 0.0.56 and pass `make
typecheck`, and the template's own gates pass with the pin in place.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @leynos, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 36 minutes

Your organization has reached its usage spending cap. Adjust your spending cap in the billing tab.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: b689401c-8943-41a0-813c-2a66d08bea26

📥 Commits

Reviewing files that changed from the base of the PR and between 3575221 and 67f61f4.

📒 Files selected for processing (1)
  • tests/helpers/pyproject_contracts.py

Walkthrough

Pin ty to version 0.0.56 in the parent Makefile, the generated template’s dev dependency group, the related contract tests, and the developer documentation. Add an ADR describing the version-pinning policy.

Changes

Pin ty dependency version

Layer / File(s) Summary
Pin ty version in Makefile and template
Makefile, template/pyproject.toml.jinja
Pin the typecheck target to ty@0.0.56 and the template dev dependency to ty==0.0.56.
Update test contracts for pinned ty version
tests/helpers/pyproject_contracts.py, tests/test_helpers.py
Update the generated-contract assertion and the Makefile test to require the pinned ty version, including the new subprocess-based invocation check.
Record the ty pinning policy
docs/adr-003-pin-ty-version.md, docs/developers-guide.md, template/docs/developers-guide.md
Document the pinning decision, the bump policy, and the matching guidance for both the parent repository and generated projects.

Compact metadata: 7 files changed, +56/-2 lines.

Possibly related PRs

  • leynos/beatcue#10: Match the same typecheck Makefile area and tool-invocation path.

Poem

Lock ty in place, keep checks aligned,
Let versions stay crisp and easy to find.
One pin for the Makefile, one for the template’s glow,
Docs and tests nod: “yes, that’s the flow.”
🐰📌

🚥 Pre-merge checks | ✅ 20
✅ Passed checks (20 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the PR’s main change: pinning ty to version 0.0.56.
Description check ✅ Passed The description directly describes the same pinning change and its related tests and docs.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Testing (Overall) ✅ Passed Keep the new make typecheck integration test; it exercises the real Makefile boundary via a fake uvx shim and fails on an unpinned or altered ty invocation.
User-Facing Documentation ✅ Passed PASS: This pinning change only affects maintainer gates and template internals; the docs style guide excludes maintainer-only concerns from the user's guide.
Developer Documentation ✅ Passed docs/developers-guide.md and template/docs/developers-guide.md document the ty pin, and ADR-003 records the decision; no roadmap/execplan or locale split exists.
Module-Level Documentation ✅ Passed Both changed Python modules begin with clear module docstrings describing purpose and relationships to other helpers.
Testing (Unit And Behavioural) ✅ Passed PASS: make typecheck is exercised through make plus a fake uvx shim, so the new test hits the CLI boundary and verifies the pinned ty@0.0.56 invocation.
Testing (Property / Proof) ✅ Passed Do not require property tests or proof: this PR pins a single ty version and adds targeted contract/integration checks, not a range-based invariant.
Testing (Compile-Time / Ui) ✅ Passed No Rust/TS compile-time path exists here; the new subprocess test covers the make typecheck boundary, and the pyproject/Makefile assertions pin the expected text.
Unit Architecture ✅ Passed Accept the patch: it only pins ty in config/docs and adds explicit boundary tests with an injected uvx shim; no hidden dependencies or new architectural coupling.
Domain Architecture ✅ Passed Diff only touches Makefile, docs, and test contracts; no domain-layer code or boundary leakage was introduced.
Observability ✅ Passed PASS: the diff only pins ty in build/test tooling and updates docs/tests; no runtime operational path changed, so extra observability is not required.
Security And Privacy ✅ Passed PASS: The changes only pin ty and add tests/docs; no secrets, auth changes, unsafe sinks, or sensitive data exposure are introduced.
Performance And Resource Use ✅ Passed PASS: The change only pins ty and adds one bounded subprocess test; no new loops, caches, unbounded collections, or repeated I/O appear.
Concurrency And State ✅ Passed No shared state, async, locking, ordering, or parallelism changes appear; the PR only pins ty, updates docs, and adds a subprocess-based contract test.
Architectural Complexity And Maintainability ✅ Passed Keep the change simple: it only pins ty, updates docs/contracts, and adds one direct boundary test; introduce no new abstraction, layer, or registry.
Rust Compiler Lint Integrity ✅ Passed Pass: no Rust files changed; the PR only edits Makefile, docs, and Python tests, with no lint suppressions or clone churn.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch pin-ty

Comment @coderabbitai help to get the list of available commands.

@pandalump

Copy link
Copy Markdown
Collaborator

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Address review feedback on the ty pin:

- document the ty==0.0.56 pin in the parent developers' guide and the
  generated developers' guide, including why it exists (unpinned
  installations broke falcon-correlate and polythene mains when ty
  0.0.56 landed) and the policy that bumps are deliberate (update the
  pin and fix any new diagnostics in one pull request);
- record the decision as ADR-003, following the repository's existing
  ADR convention;
- add an integration test that runs the parent `make typecheck` with a
  fake uvx shim on PATH and asserts the captured invocation includes
  the pinned ty@0.0.56 token (POSIX-only, skipped on Windows), keeping
  the existing string-contract assertions.
@leynos

leynos commented Jul 7, 2026

Copy link
Copy Markdown
Owner Author

Both review findings addressed in the latest push (3575221).

Finding 1 (documentation) — valid, fixed. The ty==0.0.56 pin is now documented in docs/developers-guide.md (parent make typecheck bullet plus a note in the Makefile Template section covering the generated dev-group pin) and in template/docs/developers-guide.md (which generated repositories receive), in both cases explaining why it is pinned (unpinned installs broke the falcon-correlate and polythene mains when 0.0.56 landed) and the bump policy (deliberate: update the pin and fix any new diagnostics in one PR). On the ADR suggestion: this repository does keep ADRs (docs/adr-001…, docs/adr-002…), so the decision is recorded in house style as docs/adr-003-pin-ty-version.md.

Finding 2 (behavioural coverage) — valid, fixed. Added test_parent_makefile_typecheck_invokes_pinned_ty in tests/test_helpers.py (alongside the existing parent-Makefile contract tests): it puts a POSIX uvx shim on PATH that captures "$@" to a file and exits 0, runs the repository's root make typecheck, and asserts the captured invocation includes the ty@0.0.56 token and the check subcommand. Skipped on win32. The existing string-contract assertions are retained.

One nearby observation assessed as out of scope: template/docs/developers-guide.md has a pre-existing MD013 over-length line (the make lint bullet); my added lines lint clean and the parent repository has no Markdown gate, so it was left untouched to keep the diff minimal.

Validation: new test passes in isolation; full contract suite 34 passed, 2 skipped (act-gated); make check-fmt, make lint, and make typecheck all green.

@leynos

leynos commented Jul 7, 2026

Copy link
Copy Markdown
Owner Author

@coderabbitai Have the following failed checks now been resolved?

If further work is required, please provide an AI agent prompt for the remaining work to be done to address these failures.

Do not treat warnings as optional or aspirational. Where a change is out of scope for this PR, propose a GitHub issue unless one exists already. (Treat documentation and validation coverage as in scope).

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Developer Documentation ⚠️ Warning The ty pin changes a build requirement, but docs/developers-guide.md and the template guide still describe generic ty check, and no doc/ADR was added. Add the pin to docs/developers-guide.md and the mirrored template developer guide, and record the version-pin decision in an ADR if you treat it as architectural.
Testing (Unit And Behavioural) ⚠️ Warning The updated checks are mostly string-contract assertions; no test exercises the root make typecheck boundary, so the CLI pin is not behaviourally covered. Add an integration test that runs make typecheck with faked uvx/ty and asserts the pinned invocation, while keeping the contract assertions.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== ADR files ==="
fd -i 'adr-00' docs

echo "=== developers-guide.md ty mentions ==="
rg -n 'ty' docs/developers-guide.md | rg -i 'ty(@|==|check|0\.0\.56|pin)'

echo "=== template developers-guide.md ty mentions ==="
rg -n 'ty' template/docs/developers-guide.md | rg -i 'ty(@|==|check|0\.0\.56|pin)'

echo "=== ADR-003 content ==="
fd -i 'adr-003' docs -x cat {}

echo "=== test for pinned ty invocation ==="
rg -n 'test_parent_makefile_typecheck_invokes_pinned_ty' tests/test_helpers.py -A 40

echo "=== git log for commit 3575221 ==="
git log --oneline -5

Length of output: 4709


🏁 Script executed:

#!/bin/bash
set -euo pipefail
sed -n '480,545p' tests/test_helpers.py

Length of output: 2480


@leynos Confirmed — both warnings are resolved in commit 3575221.

Developer Documentation: Verified. docs/developers-guide.md (Lines 19 and 52) and template/docs/developers-guide.md (Line 16) now state the ty@0.0.56 / ty==0.0.56 pin explicitly and explain the rationale (unpinned installs broke the falcon-correlate and polythene mains). docs/adr-003-pin-ty-version.md records the decision with Context, Decision, and Consequences sections, including the bump policy.

Testing (Unit and Behavioural): Verified. test_parent_makefile_typecheck_invokes_pinned_ty in tests/test_helpers.py (Line 499) exercises the actual make typecheck boundary: it installs a POSIX uvx shim on PATH, runs make typecheck as a subprocess, and asserts the captured invocation contains both ty@0.0.56 and check. It's correctly gated with @pytest.mark.skipif(sys.platform == "win32", ...). The existing string-contract assertions remain in place, so behavioural and contract coverage now sit side by side.

No further work is required for these two warnings. No follow-up issue needed.

The MD013 over-length line you flagged as out-of-scope in template/docs/developers-guide.md is a pre-existing lint condition unrelated to this PR's diff, and the parent repository has no Markdown lint gate — leaving it untouched is correct; don't fix it here.

ᕮ(•ᴥ•)ᕮ

@leynos

leynos commented Jul 7, 2026

Copy link
Copy Markdown
Owner Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
tests/helpers/pyproject_contracts.py (1)

35-47: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Make the dev dependency assertion exact.

dependency in dev_dependencies still passes if an unpinned ty stays alongside ty==0.0.56, so this contract can drift without failing.

♻️ Tighten the assertion
-    for dependency in [
-        "pytest",
-        "interrogate",
-        "pip-audit",
-        "ruff",
-        "pyright",
-        "ty==0.0.56",
-        "pytest-timeout",
-        "pytest-xdist",
-    ]:
-        assert dependency in dev_dependencies, (
-            f"expected generated dev dependencies to include {dependency}"
-        )
+    expected_dev_dependencies = {
+        "pytest",
+        "interrogate",
+        "pip-audit",
+        "ruff",
+        "pyright",
+        "ty==0.0.56",
+        "pytest-timeout",
+        "pytest-xdist",
+    }
+    assert set(dev_dependencies) == expected_dev_dependencies, (
+        "expected generated dev dependencies to match the pinned contract"
+    )
+    assert len(dev_dependencies) == len(expected_dev_dependencies), (
+        "expected generated dev dependencies to contain no duplicates"
+    )
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/helpers/pyproject_contracts.py` around lines 35 - 47, The dev
dependency contract in the helper assertion is too loose because `dependency in
dev_dependencies` allows extra or duplicate entries like an unpinned `ty` to
slip through. Update the check in `tests/helpers/pyproject_contracts.py` to use
an exact match against the full expected set for `dev_dependencies`, and add a
duplicate/length guard so the generated list must match the pinned contract
precisely when validating the `dev_dependencies` collection.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@tests/helpers/pyproject_contracts.py`:
- Around line 35-47: The dev dependency contract in the helper assertion is too
loose because `dependency in dev_dependencies` allows extra or duplicate entries
like an unpinned `ty` to slip through. Update the check in
`tests/helpers/pyproject_contracts.py` to use an exact match against the full
expected set for `dev_dependencies`, and add a duplicate/length guard so the
generated list must match the pinned contract precisely when validating the
`dev_dependencies` collection.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: ca2b7544-dd43-4973-8a4d-3a0b4a680d5d

📥 Commits

Reviewing files that changed from the base of the PR and between 09a4d88 and 3575221.

📒 Files selected for processing (7)
  • Makefile
  • docs/adr-003-pin-ty-version.md
  • docs/developers-guide.md
  • template/docs/developers-guide.md
  • template/pyproject.toml.jinja
  • tests/helpers/pyproject_contracts.py
  • tests/test_helpers.py

Replace the loose membership check on `dev_dependencies` with an
exact set equality assertion plus a duplicate-count guard. The old
`dependency in dev_dependencies` loop would silently pass if an
extra unpinned `ty` entry co-existed alongside `ty==0.0.56`. The
new assertion requires the rendered list to match the pinned contract
precisely — no extra entries, no duplicates.
@leynos

leynos commented Jul 8, 2026

Copy link
Copy Markdown
Owner Author

@coderabbitai resume

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
✅ Action performed

Reviews resumed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants