Changed: Unify dependency versions across workspace#108
Changed: Unify dependency versions across workspace#108
Conversation
- Expand jargon: "semver surfaces" → "semver-stable APIs", "depth guards" → "recursion depth limits", "provider bridges" → "LLM provider adapters", "last-match-wins rules" → "ordered rules where the last matching rule takes priority" - Expand PSS to "Proportional Set Size (PSS)" in memory tooltips - Add "(LLM serialization framework)" expansion for SerdesAI on first use - Add Cargo.toml deps step to Quick Start, making the code example fully runnable without referring to another page - Add cross-reference to Getting Started after Quick Start code block - Fix misleading comment on .catalog() call - Tighten prose: drop unnecessary comma+pronoun, simplify two-verb chain - Align comparison table cells with comparison.md terminology - Normalize SerdesAI capitalization across the page - Remove unused [SerdesAI] Markdown reference definition - Fix CTA href from trailing-slash form to .md extension - Rename "The Crate Map" → "Crate Map"
- Lead intro with value proposition instead of guide description - Fix "an SerdesAI" grammar error - Add missing migration.md link for OpenCode compatibility note - Standardize "What just happened?" bullets to present tense - Active voice for "resolver skips empty values" instead of passive - Reorder sections: "Run the examples" before "Sandboxing for production" - Rename "Embedding patterns" to "Common deployment profiles" - Add links and parentheticals for sandbox profile names - Expand "mount cache roots" to clear plain language - Remove 2 dead link definitions (CredentialLookup, models.dev) - Remove em-dash
…ce docs - Fix undefined jargon (paths/subjects, framework adapters, shared state handle, slash-command) - Standardize host-side terminology throughout - Replace 5 duplicate inline settings tables with cross-references - Add parameter/output tables for todoread, todowrite, and task - Add missing ? glob pattern to permission rules table - Fix cross-page link: path-security reference now points to sandboxing.md - Fix bash output description (no configurable size limit exists) - Add navigation line and transition prose for readability - Convert tool overview table entries to clickable anchor links
…annability - Unify model format string across frontmatter table and Model specification section - Expand `synthetic/hf:` prefix with inline explanation of provider and model selection - Fix AgentBuildContext attribution from "in [SerdesAI]" to "from llm-coding-tools-serdesai" - Define "framework adapter" inline - Fix catalog loading instruction with link to Models Catalog page - Clarify validation failure behavior - Convert pattern descriptions from prose to a two-column table - Fix ambiguous "non-primary agents" to explicit mode references - Replace double "when" clause and passive voice in task delegation intro - Add transition sentence between Tool settings and Loading agents sections - Fix terminology drift: "hops" changed to "depth"
- Remove "Loading agents" section (API usage belongs in getting-started) - Remove "Building an agent runtime" section (duplicate of getting-started) - Remove "Task delegation" section (runtime behavior, not file format) - Keep file discovery globs as a brief note in the file format section - Update tools.md cross-reference to point to getting-started for delegation model Result: agents.md is now a focused specification for agent markdown files, roughly half the previous length, with no code duplication.
- Add [workspace.dependencies] to root Cargo.toml with 40+ shared dependencies - Convert all 5 crates to use workspace = true for common dependencies - Unify internal crate paths (llm-coding-tools-*) in workspace manifest - Consolidate dev-dependencies (criterion, rstest, serial_test, wiremock, etc.) Benefits: - Single source of truth for dependency versions - Prevents version drift between crates - Cleaner per-crate Cargo.toml files - Faster dependency resolution
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #108 +/- ##
==========================================
- Coverage 81.04% 80.22% -0.83%
==========================================
Files 110 108 -2
Lines 4517 4370 -147
==========================================
- Hits 3661 3506 -155
- Misses 856 864 +8
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
WalkthroughThis pull request establishes comprehensive documentation infrastructure and centralizes workspace dependency management. It introduces a complete MkDocs-based documentation site with configuration, theme styling, and content pages covering agents, tools, models catalog, and getting started guides. Concurrently, it adds a workspace-level Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 8
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
src/llm-coding-tools-core/README.md (1)
276-300:⚠️ Potential issue | 🟡 MinorTwo examples in this section give opposite outcomes for the same conceptual intent — worth a sentence of clarification.
The YAML block (L276-284) ends with
"*": deny, so under last-match-winsorchestrator-reviewresolves to Deny. The Rust block (L292-297) reorders the rules soorchestrator-*is last and assertsorchestrator-review→ Allow. Both are individually correct, but presenting them back-to-back without noting the order flip can mislead readers into thinking "specific overrides catch-all" (specificity wins), when the rule is purely positional.Consider either (a) reordering the YAML so its trailing rule matches the Rust outcome, or (b) adding a one-liner: "Note: the Rust example below intentionally reorders the rules to produce the opposite outcome, because last-match-wins is positional rather than specificity-based."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/llm-coding-tools-core/README.md` around lines 276 - 300, The two examples demonstrate opposite outcomes because matching is positional (last-match-wins); add a one-line clarifying note under the YAML example explaining that the Rust example intentionally reorders rules so the specific "orchestrator-*" rule comes last and therefore yields Allow (i.e., last-match-wins, not specificity), referencing the YAML keys ("task", "*", deny) and the Rust Ruleset/Rule::new ordering to make the positional difference explicit.src/llm-coding-tools-agents/README.md (1)
91-92:⚠️ Potential issue | 🟡 MinorMinor grammar + vague link.
"You can find examples using it in main repo." reads awkwardly and doesn't actually link anywhere. Consider: "See the examples in the main repo."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/llm-coding-tools-agents/README.md` around lines 91 - 92, Update the README sentence that reads "You can find examples using it in main repo." to be grammatically correct and provide a real link; specifically change the line referencing the llm-coding-tools-models-dev crate to something like "See the examples in the main repo" and include the URL https://github.com/Sewer56/llm-coding-tools/tree/main#examples so the mention of llm-coding-tools-models-dev points directly to the examples section in the main repository.
🧹 Nitpick comments (5)
SANDBOX-PROFILES.md (1)
300-301: Optional: both link labels resolve to the same URL.
[NixOS]and[Nix]both point tohttps://nixos.org. That's semantically reasonable (NixOS and the Nix package manager share a homepage), but if you want to differentiate,[Nix]could point tohttps://nixos.org/guides/how-nix-worksorhttps://nix.dev. Non-blocking.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@SANDBOX-PROFILES.md` around lines 300 - 301, The two reference links [NixOS] and [Nix] currently both resolve to https://nixos.org; update the [Nix] reference to a distinct, more appropriate URL (e.g., https://nixos.org/guides/how-nix-works or https://nix.dev) so the labels [NixOS] and [Nix] point to different targets; locate the link definitions for the labels [NixOS] and [Nix] in the markdown and change the URL for [Nix] accordingly.src/Cargo.toml (2)
24-24: Heads-up: workspace-level tokio features propagate to every consumer.The workspace sets
tokiofeatures["fs", "io-util", "process", "time"]. Sinceworkspace = true, features = [...]is additive, dev-dependencies in bubblewrap (["rt", "macros"]) and core (["rt-multi-thread", "macros"]) will end up with the union of all these features even for tests that may not need them. This is a minor compile-time cost, not a correctness issue. If you want tighter feature isolation, a more minimal base set (or no default features at the workspace level) would push feature opt-in to each member. Fine as-is.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/Cargo.toml` at line 24, The workspace Cargo.toml currently sets tokio = { version = "1.51", features = ["fs", "io-util", "process", "time"] }, which causes those features to propagate to every crate (including dev-deps) due to workspace-level feature aggregation; to tighten feature isolation, remove or minimize the features from the workspace-level tokio entry (or omit the workspace features entirely) and instead declare needed features per-crate in each member Cargo.toml (e.g., add ["rt","macros"] to bubblewrap and ["rt-multi-thread","macros"] to core where required) so only crates that opt in get the extra tokio features.
16-16: Update migration path away fromserde_yamlto a maintained fork.
serde_yaml(dtolnay's crate) was archived and marked unmaintained in March 2024. Since this PR centralizes the version as a single source of truth, it's an opportune moment to plan migration to a maintained alternative:
yaml_serde(0.10.4, Mar 2026): Official fork by the YAML organization. Drop-in replacement with easy migration viaserde_yaml = { package = "yaml_serde", version = "0.10" }.serde_norway(0.9.42, Dec 2024): Actively maintained fork with ~3M recent downloads, used in projects like utoipa and eza.serde_yaml_ng(0.10.0, May 2024): Maintained fork, YAML 1.1 compliant, ~1.4M recent downloads.Avoid
serde_yml—it has been identified as unsound and unmaintained per RUSTSEC advisory.Non-blocking for this PR—just flagging for visibility.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/Cargo.toml` at line 16, The crate currently depends on the archived serde_yaml (the dependency key "serde_yaml"); update that dependency to a maintained fork by changing the dependency entry so the key remains serde_yaml but the package is set to a maintained fork and the version is bumped (e.g., set package to "yaml_serde" and version to a 0.10.x release), or alternatively point to "serde_norway" or "serde_yaml_ng" similarly; ensure the dependency key used in code stays as serde_yaml (so existing use statements compile) while switching the underlying package to a maintained fork and adjust the version accordingly in the Cargo.toml dependency entry.docs/requirements.txt (1)
1-5: Consider pinning versions for reproducible docs builds.Unpinned entries mean the Pages deploy job will pick up whatever is latest at build time, so a future breaking release of any of these plugins (notably
mkdocs-materialandmkdocs-minify-plugin) can breakmkdocs buildwithout a code change. Pinning to a known-good minor range makes CI deterministic and lets Dependabot/Renovate surface upgrades as PRs.📌 Proposed pins (adjust to currently resolved versions)
-mkdocs-material -mkdocs-redirects -mkdocs-exclude-unused-files -mkdocs-exclude -mkdocs-minify-plugin +mkdocs-material~=9.5 +mkdocs-redirects~=1.2 +mkdocs-exclude-unused-files~=0.1 +mkdocs-exclude~=1.0 +mkdocs-minify-plugin~=0.8🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/requirements.txt` around lines 1 - 5, The requirements file lists MkDocs plugins without pinned versions, which risks nondeterministic builds; update the entries for mkdocs-material, mkdocs-redirects, mkdocs-exclude-unused-files, mkdocs-exclude, and mkdocs-minify-plugin in docs/requirements.txt to fixed version specifiers (preferably ~= or == to a known-good minor/patch range you verified) so CI installs reproducible dependency versions; use the current resolved versions from a successful local build or lockfile and replace each package line with a pinned specifier (e.g., mkdocs-material ~= X.Y) to ensure deterministic docs builds and enable Dependabot/Renovate to propose future updates.docs/start_docs.py (1)
56-68:venv_dir.exists()check doesn't guarantee a usable venv.If
venv/exists but was partially created (e.g. interrupted, or created with--without-pip),pip_exe/python_exewon't exist and the subsequentrun_command([str(pip_exe), ...])raisesFileNotFoundErrorbefore yourCalledProcessErrorhandler kicks in, producing a stack trace rather than the nice error message.Consider checking that
python_exeexists (and falling back to recreating the venv, or erroring cleanly) before proceeding.Proposed fix
- if not venv_dir.exists(): + python_exe = venv_dir / ("Scripts/python.exe" if os.name == "nt" else "bin/python") + if not python_exe.exists(): print("Creating virtual environment...") run_command([sys.executable, "-m", "venv", "venv"], cwd=script_dir) else: print("Virtual environment already exists.")🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/start_docs.py` around lines 56 - 68, The venv_dir.exists() check can be true while the virtualenv is incomplete, causing later run_command calls using python_exe/pip_exe to raise FileNotFoundError; update the logic after determining python_exe and pip_exe to verify both executables exist (e.g., check python_exe.exists() and pip_exe.exists()), and if either is missing either delete/recreate the venv (call run_command([sys.executable, "-m", "venv", "venv"], cwd=script_dir) again) or raise a clear, user-friendly error before invoking run_command, referencing venv_dir.exists(), python_exe, pip_exe and run_command to locate where to add the checks and fallback.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/deploy-mkdocs.yml:
- Line 19: The workflow is using a mutable tag "uses:
Reloaded-Project/devops-mkdocs@v1" which is supply-chain risky; replace that
reference with the action's immutable full commit SHA (e.g.,
"Reloaded-Project/devops-mkdocs@<full-commit-sha>") in the deploy-mkdocs
workflow so the action is pinned to a specific commit instead of a floating tag.
In `@docs/src/agents.md`:
- Line 121: Remove the unused Markdown link reference "[SerdesAI]:
https://crates.io/crates/serdes-ai" from docs/src/agents.md since it is never
referenced in the document; locate the standalone reference definition (the line
containing [SerdesAI]: ...) and delete it to resolve the MD053 lint warning.
In `@docs/src/assets/landing.css`:
- Line 12: Stylelint flags the quoted font family name in the CSS declaration
`font-family: "Montserrat", Roboto, sans-serif;`; update each occurrence (the
`font-family` declarations that include "Montserrat") to remove the quotes so
they read `font-family: Montserrat, Roboto, sans-serif;` at all five occurrences
to satisfy the `font-family-name-quotes` rule.
In `@docs/src/getting-started.md`:
- Around line 164-169: The docs example uses a non-existent method set_override
on CredentialResolver; update the example to call
CredentialResolver::insert(...) instead of set_override so it matches the API
(see struct CredentialResolver and its insert(&mut self, name: impl
Into<Box<str>>, value: impl Into<Box<str>>) -> Option<Box<str>> signature).
Replace the set_override invocation in the example with insert and keep the same
key/value arguments.
In `@docs/src/index.md`:
- Line 28: The Examples CTA uses a file-style href ("guides/examples.md") which
can break when MkDocs outputs directory-style URLs; update the anchor in
docs/src/index.md to use a stable docs URL like "guides/examples/" (or
"guides/examples") by changing the href attribute on the Examples link so
runtime navigation works correctly.
In `@docs/src/tools.md`:
- Around line 36-37: Update the paragraph that currently states "These are NOT
per-call parameters" to clarify that settings are host-side defaults and upper
bounds while some (notably bash.timeout_ms and webfetch.timeout_ms) can be
overridden per call by the LLM within host-enforced limits (e.g.,
max_timeout_ms); specifically, replace or append that sentence to read something
like: "These settings act as host-side defaults and upper bounds; some fields
(for example bash.timeout_ms and webfetch.timeout_ms) may also be supplied per
call by the LLM but are constrained by host-configured max_* limits (e.g.,
max_timeout_ms)."
In `@docs/src/vendor/Reloaded/Stylesheets/reloaded.css`:
- Around line 119-131: The file contains SCSS interpolation (e.g.,
#{px2rem(4px)}) inside the CSS custom properties --md-shadow-z1, --md-shadow-z2,
--md-shadow-z3 (and the other --md-shadow-z* occurrences called out in the
review) which breaks when served as raw CSS; either replace each interpolation
with pre-computed rem values (e.g., compute px2rem(4px) assuming 16px root and
replace all occurrences with their rem equivalents) for every --md-shadow-z*
declaration, or remove those --md-shadow-z* overrides entirely so the stylesheet
inherits the Material defaults; update every instance listed in the review
(lines around the three shown and the other listed occurrences) to use plain CSS
values or be deleted.
In `@src/llm-coding-tools-models-dev/README.md`:
- Around line 5-23: The README uses the [models.dev] shortcut link label that
was removed, so restore the missing reference or convert the inline occurrences
to valid links: either re-add the reference definition " [models.dev]:
https://models.dev" near the bottom (where other link refs like
[models.dev/api.json] are defined) or replace each `[models.dev]` usage in the
text (lines mentioning Sync, Why this exists, and Usage) with the inline form
`https://models.dev` (or the existing `[models.dev/api.json]` label if
appropriate); update all four occurrences to ensure markdown renders correctly.
---
Outside diff comments:
In `@src/llm-coding-tools-agents/README.md`:
- Around line 91-92: Update the README sentence that reads "You can find
examples using it in main repo." to be grammatically correct and provide a real
link; specifically change the line referencing the llm-coding-tools-models-dev
crate to something like "See the examples in the main repo" and include the URL
https://github.com/Sewer56/llm-coding-tools/tree/main#examples so the mention of
llm-coding-tools-models-dev points directly to the examples section in the main
repository.
In `@src/llm-coding-tools-core/README.md`:
- Around line 276-300: The two examples demonstrate opposite outcomes because
matching is positional (last-match-wins); add a one-line clarifying note under
the YAML example explaining that the Rust example intentionally reorders rules
so the specific "orchestrator-*" rule comes last and therefore yields Allow
(i.e., last-match-wins, not specificity), referencing the YAML keys ("task",
"*", deny) and the Rust Ruleset/Rule::new ordering to make the positional
difference explicit.
---
Nitpick comments:
In `@docs/requirements.txt`:
- Around line 1-5: The requirements file lists MkDocs plugins without pinned
versions, which risks nondeterministic builds; update the entries for
mkdocs-material, mkdocs-redirects, mkdocs-exclude-unused-files, mkdocs-exclude,
and mkdocs-minify-plugin in docs/requirements.txt to fixed version specifiers
(preferably ~= or == to a known-good minor/patch range you verified) so CI
installs reproducible dependency versions; use the current resolved versions
from a successful local build or lockfile and replace each package line with a
pinned specifier (e.g., mkdocs-material ~= X.Y) to ensure deterministic docs
builds and enable Dependabot/Renovate to propose future updates.
In `@docs/start_docs.py`:
- Around line 56-68: The venv_dir.exists() check can be true while the
virtualenv is incomplete, causing later run_command calls using
python_exe/pip_exe to raise FileNotFoundError; update the logic after
determining python_exe and pip_exe to verify both executables exist (e.g., check
python_exe.exists() and pip_exe.exists()), and if either is missing either
delete/recreate the venv (call run_command([sys.executable, "-m", "venv",
"venv"], cwd=script_dir) again) or raise a clear, user-friendly error before
invoking run_command, referencing venv_dir.exists(), python_exe, pip_exe and
run_command to locate where to add the checks and fallback.
In `@SANDBOX-PROFILES.md`:
- Around line 300-301: The two reference links [NixOS] and [Nix] currently both
resolve to https://nixos.org; update the [Nix] reference to a distinct, more
appropriate URL (e.g., https://nixos.org/guides/how-nix-works or
https://nix.dev) so the labels [NixOS] and [Nix] point to different targets;
locate the link definitions for the labels [NixOS] and [Nix] in the markdown and
change the URL for [Nix] accordingly.
In `@src/Cargo.toml`:
- Line 24: The workspace Cargo.toml currently sets tokio = { version = "1.51",
features = ["fs", "io-util", "process", "time"] }, which causes those features
to propagate to every crate (including dev-deps) due to workspace-level feature
aggregation; to tighten feature isolation, remove or minimize the features from
the workspace-level tokio entry (or omit the workspace features entirely) and
instead declare needed features per-crate in each member Cargo.toml (e.g., add
["rt","macros"] to bubblewrap and ["rt-multi-thread","macros"] to core where
required) so only crates that opt in get the extra tokio features.
- Line 16: The crate currently depends on the archived serde_yaml (the
dependency key "serde_yaml"); update that dependency to a maintained fork by
changing the dependency entry so the key remains serde_yaml but the package is
set to a maintained fork and the version is bumped (e.g., set package to
"yaml_serde" and version to a 0.10.x release), or alternatively point to
"serde_norway" or "serde_yaml_ng" similarly; ensure the dependency key used in
code stays as serde_yaml (so existing use statements compile) while switching
the underlying package to a maintained fork and adjust the version accordingly
in the Cargo.toml dependency entry.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 197b43a2-f09f-4303-abb0-d59c7e1181bb
⛔ Files ignored due to path filters (1)
src/Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (38)
.github/workflows/deploy-mkdocs.yml.gitignoreREADME.MDSANDBOX-PROFILES.mddocs/.gitignoredocs/mkdocs.ymldocs/requirements.txtdocs/src/agents.mddocs/src/assets/landing.cssdocs/src/getting-started.mddocs/src/guides/examples.mddocs/src/index.mddocs/src/models-catalog.mddocs/src/tools.mddocs/src/vendor/Reloaded/Images/Nexus-Heart-40.avifdocs/src/vendor/Reloaded/Images/Nexus-Icon-40.avifdocs/src/vendor/Reloaded/Images/Reloaded-Heart-40.avifdocs/src/vendor/Reloaded/Images/Reloaded-Icon-40.avifdocs/src/vendor/Reloaded/Stylesheets/reloaded.cssdocs/start_docs.pysrc/Cargo.tomlsrc/llm-coding-tools-agents/ARCHITECTURE.mdsrc/llm-coding-tools-agents/Cargo.tomlsrc/llm-coding-tools-agents/README.mdsrc/llm-coding-tools-agents/benches/fixtures/orchestrator-quality-gate-gpt5.mdsrc/llm-coding-tools-agents/src/runtime/mod.rssrc/llm-coding-tools-agents/src/runtime/model.rssrc/llm-coding-tools-bubblewrap/ARCHITECTURE.mdsrc/llm-coding-tools-bubblewrap/Cargo.tomlsrc/llm-coding-tools-bubblewrap/README.mdsrc/llm-coding-tools-core/Cargo.tomlsrc/llm-coding-tools-core/README.mdsrc/llm-coding-tools-models-dev/Cargo.tomlsrc/llm-coding-tools-models-dev/README.mdsrc/llm-coding-tools-serdesai/AGENTS-ARCHITECTURE.mdsrc/llm-coding-tools-serdesai/Cargo.tomlsrc/llm-coding-tools-serdesai/README.mdsrc/llm-coding-tools-serdesai/src/agent_ext.rs
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
- GitHub Check: Semver Checks (Serdesai Full)
- GitHub Check: Semver Checks (Serdesai Full+Linux)
- GitHub Check: Blocking macOS
- GitHub Check: Async Windows
- GitHub Check: Async macOS
- GitHub Check: Blocking Windows
🧰 Additional context used
🧠 Learnings (6)
📚 Learning: 2026-04-08T21:35:35.581Z
Learnt from: CR
Repo: Sewer56/llm-coding-tools PR: 0
File: src/AGENTS.md:0-0
Timestamp: 2026-04-08T21:35:35.581Z
Learning: If relevant to your review task, read `.cargo/{general,performance,documentation}.md` for guidance
Applied to files:
docs/src/guides/examples.mddocs/src/models-catalog.mddocs/src/index.mdsrc/llm-coding-tools-agents/Cargo.tomlREADME.MD
📚 Learning: 2026-03-28T02:14:04.465Z
Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 69
File: src/llm-coding-tools-bubblewrap/src/profile/validation.rs:57-67
Timestamp: 2026-03-28T02:14:04.465Z
Learning: In `src/llm-coding-tools-bubblewrap/src/profile/` (Rust, llm-coding-tools-bubblewrap crate), the `Builder` API paths (workspace, synthetic_home, cache_root, mount lists, overlays, etc.) are always set by trusted application/operator code — the library consumer is the trusted party. Path normalization and `..`-component hardening in validators like `validate_absolute_path` is therefore NOT required to defend against traversal attacks. Untrusted input (LLM-generated shell commands) only enters through `wrap_command`/`execute_command_with_mode`, not through the `Builder`.
Applied to files:
src/Cargo.tomlsrc/llm-coding-tools-bubblewrap/ARCHITECTURE.mddocs/src/tools.mdSANDBOX-PROFILES.mdsrc/llm-coding-tools-bubblewrap/README.mdsrc/llm-coding-tools-bubblewrap/Cargo.tomldocs/src/getting-started.mdsrc/llm-coding-tools-core/README.mdsrc/llm-coding-tools-serdesai/README.mdREADME.MDsrc/llm-coding-tools-serdesai/Cargo.toml
📚 Learning: 2026-04-05T18:58:45.211Z
Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 85
File: .github/workflows/rust.yml:188-199
Timestamp: 2026-04-05T18:58:45.211Z
Learning: In this repository, do not treat the GitHub Actions reference `Reloaded-Project/devops-cargo-semver-checks-actionv1` as an invalid/non-existent action. It is a legitimate custom wrapper owned by `Sewer56/Reloaded-Project`, so reviews should not suggest replacing it with `obi1kenobi/cargo-semver-checks-actionv2` due to presumed non-existence.
Applied to files:
.github/workflows/deploy-mkdocs.yml
📚 Learning: 2026-03-11T22:12:27.804Z
Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 54
File: src/llm-coding-tools-models-dev/src/catalog/load_cache.rs:23-29
Timestamp: 2026-03-11T22:12:27.804Z
Learning: In `src/llm-coding-tools-models-dev/src/cache/` (Rust, llm-coding-tools-models-dev crate), the on-disk cache (models.dev.catalog.v1.cache) is assumed to be written only by the local user/process. Malicious or externally-crafted cache files are explicitly out of scope for this threat model, so there is no need to add upper-bound validation on `payload_len_decompressed` before calling `zstd::bulk::decompress`.
Applied to files:
docs/src/models-catalog.mdsrc/llm-coding-tools-models-dev/README.mdsrc/llm-coding-tools-models-dev/Cargo.toml
📚 Learning: 2026-04-11T21:51:39.415Z
Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 101
File: src/llm-coding-tools-agents/src/path/resolver.rs:149-151
Timestamp: 2026-04-11T21:51:39.415Z
Learning: In `src/llm-coding-tools-agents/src/path/resolver.rs`, the `/**` pattern optimization (which selects `AbsolutePathResolver` for unrestricted access) is intentionally Unix-only. On Windows, `/**` is not a valid absolute path and therefore the optimization simply does not trigger, falling through to `AllowedGlobResolver`. This cross-platform behavior is by design, allowing a single permission config to be shared across OSes without platform-specific guards.
Applied to files:
docs/src/tools.mdSANDBOX-PROFILES.mdsrc/llm-coding-tools-core/README.mdsrc/llm-coding-tools-serdesai/README.mdsrc/llm-coding-tools-agents/README.mdREADME.MD
📚 Learning: 2026-04-11T21:51:51.714Z
Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 101
File: src/llm-coding-tools-agents/src/path/resolver.rs:149-151
Timestamp: 2026-04-11T21:51:51.714Z
Learning: In `src/llm-coding-tools-agents/src/path/resolver.rs` (Rust, llm-coding-tools-agents crate), the `/**` optimization in `try_globstar_optimisation` is intentionally Unix-only behavior. On Windows, `/**` is not a valid absolute path pattern, so the literal string match will never trigger there and the resolver safely falls through to `AllowedGlobResolver`. This cross-OS degradation is by design: Unix-authored configs using `/**` do not accidentally grant unrestricted access on Windows. Do not flag this as a missing `#[cfg(unix)]` guard.
Applied to files:
docs/src/tools.mdSANDBOX-PROFILES.mdsrc/llm-coding-tools-core/README.mdREADME.MD
🪛 LanguageTool
docs/src/agents.md
[style] ~63-~63: To form a complete sentence, be sure to include a subject.
Context: ...Both primary and subagent capabilities. Can be used directly or delegated to. | | `...
(MISSING_IT_THERE)
docs/src/tools.md
[uncategorized] ~230-~230: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...ML pages are automatically converted to markdown. Parameters: | Parameter | Typ...
(MARKDOWN_NNP)
docs/src/index.md
[style] ~41-~41: ‘at a fraction of’ might be wordy. Consider a shorter alternative.
Context: ...lar agent format, same system prompts - at a fraction of the resource cost. <div class="landing...
(EN_WORDINESS_PREMIUM_AT_A_FRACTION_OF)
docs/src/getting-started.md
[uncategorized] ~3-~3: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...coding agents in Rust. Define agents in markdown, attach tools with permissions, and run...
(MARKDOWN_NNP)
[style] ~150-~150: Using many exclamation marks might seem excessive (in this case: 6 exclamation marks for a text that’s 2725 characters long)
Context: ...tools, and generates the system prompt !!! tip "Runnable examples" The reposit...
(EN_EXCESSIVE_EXCLAMATION)
src/llm-coding-tools-core/README.md
[style] ~114-~114: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ches src/deep/nested/mod.rs). - /** matches any absolute path on the system (e.g., ...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
README.MD
[style] ~25-~25: ‘at a fraction of’ might be wordy. Consider a shorter alternative.
Context: ...ame agent format, same system prompts - at a fraction of the resource cost. | | Op...
(EN_WORDINESS_PREMIUM_AT_A_FRACTION_OF)
🪛 markdownlint-cli2 (0.22.1)
docs/src/agents.md
[warning] 121-121: Link and image reference definitions should be needed
Unused link or image reference definition: "serdesai"
(MD053, link-image-reference-definitions)
docs/src/tools.md
[warning] 13-13: Reference links and images should use a label that is defined
Missing link or image reference definition: "models.dev"
(MD052, reference-links-images)
docs/src/getting-started.md
[warning] 164-164: Code block style
Expected: indented; Actual: fenced
(MD046, code-block-style)
[warning] 178-178: Code block style
Expected: indented; Actual: fenced
(MD046, code-block-style)
[warning] 202-202: Code block style
Expected: indented; Actual: fenced
(MD046, code-block-style)
[warning] 229-229: Code block style
Expected: indented; Actual: fenced
(MD046, code-block-style)
[warning] 240-240: Link and image reference definitions should be needed
Unused link or image reference definition: "serdesai"
(MD053, link-image-reference-definitions)
[warning] 241-241: Link and image reference definitions should be needed
Unused link or image reference definition: "opencode"
(MD053, link-image-reference-definitions)
src/llm-coding-tools-models-dev/README.md
[warning] 13-13: Reference links and images should use a label that is defined
Missing link or image reference definition: "models.dev"
(MD052, reference-links-images)
🪛 Ruff (0.15.11)
docs/start_docs.py
[error] 20-20: subprocess call: check for execution of untrusted input
(S603)
🪛 Stylelint (17.9.0)
docs/src/assets/landing.css
[error] 12-12: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 63-63: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 91-91: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 119-119: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 145-145: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
docs/src/vendor/Reloaded/Stylesheets/reloaded.css
[error] 524-524: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 530-530: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 536-536: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 542-542: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 548-548: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 558-558: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 564-564: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 570-570: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 576-576: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 582-582: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
[error] 5-5: Expected "url('https://fonts.googleapis.com/css2?family=Montserrat:wght@600&display=swap')" to be "'https://fonts.googleapis.com/css2?family=Montserrat:wght@600&display=swap'" (import-notation)
(import-notation)
🔇 Additional comments (26)
src/llm-coding-tools-agents/benches/fixtures/orchestrator-quality-gate-gpt5.md (1)
27-27: Punctuation normalization looks good.The hyphen replacements on Line 27, Line 51, Line 67, Line 99, Line 104, Line 117, Line 127, Line 136, Line 140, Line 144, and Line 148 preserve meaning and improve plain-text/ASCII compatibility in the template output format.
Also applies to: 51-51, 67-67, 99-99, 104-104, 117-117, 127-127, 136-136, 140-140, 144-144, 148-148
.gitignore (1)
10-10: LGTM!Trailing newline addition; no functional impact.
src/llm-coding-tools-bubblewrap/ARCHITECTURE.md (1)
3-3: LGTM!Reference-style linking for
[bubblewrap]is consistent with the README changes, and the dash-style normalizations are cosmetic.Also applies to: 23-23, 124-124, 158-159
src/llm-coding-tools-bubblewrap/README.md (1)
3-9: LGTM!Reference-style links and the clarified preset description read well. The
[Documentation]target (https://sewer56.github.io/llm-coding-tools/sandboxing) depends on the MkDocs site being published at that path—worth a quick sanity check once deployed, but not a blocker for this PR.Also applies to: 134-134, 163-166
src/Cargo.toml (1)
12-90: LGTM on the centralization.The
[workspace.dependencies]block is well-organized by category and correctly placesdefault-features = falseat the workspace level (reqwest, process-wrap, serdes-ai, serdes-ai-models) where it belongs—members can add features viaworkspace = true, features = [...]but cannot re-disable defaults. Internal crate entries correctly carry bothversionandpathfor mixed publish/local workflows. All dependencies referenced by member crates (per the snippets from serdesai, agents, core, bubblewrap manifests) are covered.src/llm-coding-tools-bubblewrap/Cargo.toml (1)
15-25: LGTM!Clean migration to workspace-managed versions;
optional = trueonprocess-wrapand the additive["rt", "macros"]features on the devtokioare correctly preserved.src/llm-coding-tools-core/Cargo.toml (1)
39-115: LGTM!Complete migration to workspace-managed versions. The feature set in this crate's own
[features]block (e.g.,process-wrap/tokio1,llm-coding-tools-bubblewrap?/tokio) remains consistent with the workspace-leveldefault-features = falseforprocess-wrap, and the optionalllm-coding-tools-bubblewrapdep preserves thelinux-bubblewrapgating.src/llm-coding-tools-agents/Cargo.toml (1)
11-42: LGTM!Straightforward migration; every dependency listed here has a matching entry in the new workspace block. No local feature overrides were lost.
src/llm-coding-tools-models-dev/Cargo.toml (1)
27-63: LGTM — clean migration to workspace deps.Feature wiring is preserved:
reqwest/tokioremainoptional = true, theblockingfeature still enablesreqwest/blocking, and the workspace-levelreqwestcarriesdefault-features = false+ rustls features so TLS behavior matches the removed per-crate configuration. Dropping the localserdederive feature is fine since the workspace enables it globally.src/llm-coding-tools-serdesai/Cargo.toml (1)
54-95: LGTM — workspace dep migration is consistent.Local feature overrides are preserved where required (
llm-coding-tools-corewithtokio,bubblewrapasoptional,tokiodev-dep withrt-multi-thread/macros). Removing the local reqwest rustls config is safe because the workspace spec already carriesdefault-features = falsewithrustls/rustls-native-certs.docs/.gitignore (1)
1-3: LGTM.Appropriate ignores for the new MkDocs workflow (
site/) and the localvenv/created bydocs/start_docs.py.src/llm-coding-tools-serdesai/src/agent_ext.rs (1)
14-14: LGTM — doc-only change.Identifier update aligns with the PR-wide refresh of example model IDs; examples are
no_runso there is no execution risk.Also applies to: 68-68
src/llm-coding-tools-agents/src/runtime/mod.rs (1)
36-36: LGTM — doc-only change.Matches the PR-wide example identifier refresh; no runtime or API impact.
src/llm-coding-tools-agents/ARCHITECTURE.md (1)
46-46: LGTM — doc-only refresh.Using a different provider (
ollama-cloud/...) in the sample frontmatter than in the runtime default (openai/gpt-5.4) is actually a helpful illustration of the agent-override-wins precedence documented in the Model Resolution section.Also applies to: 63-63
src/llm-coding-tools-agents/src/runtime/model.rs (1)
20-21: Docs examples are clear and consistent with the identifier format.The updated model examples still match the documented
provider/model-idcontract and precedence explanation.Also applies to: 199-201
docs/src/guides/examples.md (1)
7-31: Good examples table and runnable commands.The command matrix is practical and maps cleanly to the referenced example files.
src/llm-coding-tools-serdesai/AGENTS-ARCHITECTURE.md (1)
3-7: Nice documentation polish with consistent link references.The [SerdesAI]/[bubblewrap] link-reference conversion improves consistency and discoverability.
Also applies to: 70-71, 97-99, 129-129, 137-137, 181-182, 306-307
docs/src/models-catalog.md (1)
16-33: Well-structured catalog docs with clear load/fallback behavior.The flow, feature-flag notes, and usage snippets are clear and actionable.
Also applies to: 36-79, 81-115
src/llm-coding-tools-serdesai/README.md (1)
5-8: Great README clarification pass.The updated integration summary, resolver guidance, and explicit bash sandboxing behavior improve correctness and set clearer expectations for users.
Also applies to: 91-108, 116-117, 167-170, 217-220
docs/mkdocs.yml (1)
1-79: LGTM.Plugin set matches
docs/requirements.txt(search is built-in; minify frommkdocs-minify-plugin). Nav/theme/markdown extensions are consistent and reference valid Material/pymdownx features.README.MD (2)
82-113: Quick Start code matches the public API surface — LGTM.
AgentLoader::new().add_directory(&mut catalog, ...),ModelsDevCatalog::load().await,AgentRuntimeBuilder::new().catalog(..).defaults(..).build(), andAgentBuildContext::new(Arc<AgentRuntime>, Arc<Catalog>, Arc<CredentialResolver>)line up with the cross-file snippets provided.
135-135: The featurelinux-bubblewrapis properly defined on thellm-coding-tools-serdesaipackage and the command works correctly as written. The example includes appropriate cfg-gating (#[cfg(all(feature = "linux-bubblewrap", target_os = "linux"))]) to ensure sandboxing only runs when the feature is enabled, and displays a clear error message if the feature is missing. The verification script (./src/.cargo/verify.shline 72) validates this exact invocation succeeds. No changes needed.> Likely an incorrect or invalid review comment.src/llm-coding-tools-agents/README.md (1)
106-151: LGTM — pattern semantics are consistent withcore/permissions.rs(last-match-wins, reverse iteration).The
/**vs**vs*distinction matchesbuild_resolver_for_toolselection tiers, and thetaskomission → allow-all-callable-subagents carve-out is called out clearly.docs/src/tools.md (2)
227-239: No changes needed. The documentation table is accurate.The
README.mdstatement "Fetch URL content as text, markdown, or html" describes the tool's output behavior (automatic format conversion for HTML content), not an input parameter. TheWebFetchRequeststruct contains onlyurlandtimeout_msfields, and no format parameter is exposed at the tool schema level. The parameter table indocs/src/tools.mdcorrectly lists all available parameters.> Likely an incorrect or invalid review comment.
293-293: Update link target fromgetting-started.mdtoagents.md.The link text references "full delegation model," but
getting-started.mdonly contains a brief example of multi-agent task delegation (line 191). The comprehensive delegation model—explaining primary vs. subagent modes and how thetasktool enables delegation—is documented inagents.mdunder the "Mode" section.Note:
architecture.mddoes not exist in the repository.> Likely an incorrect or invalid review comment.docs/src/getting-started.md (1)
171-172: Thewithout_env()method exists and is correctly documented. The method is publicly available atCredentialResolver::without_env()and creates a resolver with the generic parameterREAD_ENVset tofalse, which disables environment variable lookup entirely (the compiler eliminates that branch). No changes needed.
| id-token: write | ||
| steps: | ||
| - name: Deploy MkDocs | ||
| uses: Reloaded-Project/devops-mkdocs@v1 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
gh api repos/Reloaded-Project/devops-mkdocs/git/ref/tags/v1 | jq -r '.object.sha'Repository: Sewer56/llm-coding-tools
Length of output: 108
Pin the GitHub Action to a full commit SHA.
At Line 19, using a mutable tag (@v1) increases supply-chain risk. Pin the action to the immutable commit SHA for this tag:
Suggested patch
- uses: Reloaded-Project/devops-mkdocs@v1
+ uses: Reloaded-Project/devops-mkdocs@643c01e4b5253e3046cdeb16a243ad4bdd1cf9cc📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| uses: Reloaded-Project/devops-mkdocs@v1 | |
| uses: Reloaded-Project/devops-mkdocs@643c01e4b5253e3046cdeb16a243ad4bdd1cf9cc |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/deploy-mkdocs.yml at line 19, The workflow is using a
mutable tag "uses: Reloaded-Project/devops-mkdocs@v1" which is supply-chain
risky; replace that reference with the action's immutable full commit SHA (e.g.,
"Reloaded-Project/devops-mkdocs@<full-commit-sha>") in the deploy-mkdocs
workflow so the action is pinned to a specific commit instead of a floating tag.
| Per-tool configuration that overrides defaults. For the full reference with | ||
| types, ranges, and validation rules, see [Tools > Tool Settings](tools.md#tool-settings). | ||
|
|
||
| [SerdesAI]: https://crates.io/crates/serdes-ai |
There was a problem hiding this comment.
Unused [SerdesAI] link reference.
SerdesAI is defined here but never referenced in the page body; markdownlint flags it as MD053. Safe to drop.
Proposed fix
-[SerdesAI]: https://crates.io/crates/serdes-ai
[OpenCode]: https://opencode.ai/
[models.dev]: https://models.dev📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| [SerdesAI]: https://crates.io/crates/serdes-ai | |
| [OpenCode]: https://opencode.ai/ | |
| [models.dev]: https://models.dev |
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 121-121: Link and image reference definitions should be needed
Unused link or image reference definition: "serdesai"
(MD053, link-image-reference-definitions)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/src/agents.md` at line 121, Remove the unused Markdown link reference
"[SerdesAI]: https://crates.io/crates/serdes-ai" from docs/src/agents.md since
it is never referenced in the document; locate the standalone reference
definition (the line containing [SerdesAI]: ...) and delete it to resolve the
MD053 lint warning.
| font-size: 2.8rem; | ||
| font-weight: 700; | ||
| margin-bottom: 0.5rem; | ||
| font-family: "Montserrat", Roboto, sans-serif; |
There was a problem hiding this comment.
Fix Stylelint failures for font-family-name-quotes.
Stylelint flags quoted Montserrat at Line 12, Line 63, Line 91, Line 119, and Line 145. Remove quotes to satisfy the configured rule.
💡 Suggested patch
- font-family: "Montserrat", Roboto, sans-serif;
+ font-family: Montserrat, Roboto, sans-serif;Apply the same replacement at all five occurrences.
Also applies to: 63-63, 91-91, 119-119, 145-145
🧰 Tools
🪛 Stylelint (17.9.0)
[error] 12-12: Expected no quotes around "Montserrat" (font-family-name-quotes)
(font-family-name-quotes)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/src/assets/landing.css` at line 12, Stylelint flags the quoted font
family name in the CSS declaration `font-family: "Montserrat", Roboto,
sans-serif;`; update each occurrence (the `font-family` declarations that
include "Montserrat") to remove the quotes so they read `font-family:
Montserrat, Roboto, sans-serif;` at all five occurrences to satisfy the
`font-family-name-quotes` rule.
| ```rust | ||
| use llm_coding_tools_core::CredentialResolver; | ||
|
|
||
| let mut resolver = CredentialResolver::new(); | ||
| resolver.set_override("OPENAI_API_KEY", "sk-..."); | ||
| ``` |
There was a problem hiding this comment.
Fix the method name: use insert instead of set_override.
The CredentialResolver API uses insert() to add credential overrides, not set_override(). This code example won't compile.
🔧 Corrected code example
```rust
use llm_coding_tools_core::CredentialResolver;
let mut resolver = CredentialResolver::new();
-resolver.set_override("OPENAI_API_KEY", "sk-...");
+resolver.insert("OPENAI_API_KEY", "sk-...");
</details>
Based on the CredentialResolver API in `src/llm-coding-tools-core/src/credentials.rs`, which defines `insert(&mut self, name: impl Into<Box<str>>, value: impl Into<Box<str>>) -> Option<Box<str>>`.
<details>
<summary>🧰 Tools</summary>
<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>
[warning] 164-164: Code block style
Expected: indented; Actual: fenced
(MD046, code-block-style)
</details>
</details>
<details>
<summary>🤖 Prompt for AI Agents</summary>
Verify each finding against the current code and only fix it if needed.
In @docs/src/getting-started.md around lines 164 - 169, The docs example uses a
non-existent method set_override on CredentialResolver; update the example to
call CredentialResolver::insert(...) instead of set_override so it matches the
API (see struct CredentialResolver and its insert(&mut self, name: impl
Into<Box>, value: impl Into<Box>) -> Option<Box> signature).
Replace the set_override invocation in the example with insert and keep the same
key/value arguments.
</details>
<!-- fingerprinting:phantom:triton:puma:cae247ab-4c83-4663-ad22-28836e08dc2f -->
<!-- This is an auto-generated comment by CodeRabbit -->
| <a href="getting-started" class="md-button md-button--primary">Get Started</a> | ||
| <a href="https://github.com/Sewer56/llm-coding-tools" class="md-button">View on GitHub</a> | ||
| <a href="https://docs.rs/llm-coding-tools-core/latest/llm_coding_tools_core/" class="md-button">API Reference</a> | ||
| <a href="guides/examples.md" class="md-button">Examples</a> |
There was a problem hiding this comment.
Use a stable docs URL for the Examples CTA.
At Line 28, href="guides/examples.md" can break in generated MkDocs output when using directory-style URLs. Prefer guides/examples/ (or guides/examples) for runtime navigation.
💡 Suggested patch
- <a href="guides/examples.md" class="md-button">Examples</a>
+ <a href="guides/examples/" class="md-button">Examples</a>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <a href="guides/examples.md" class="md-button">Examples</a> | |
| <a href="guides/examples/" class="md-button">Examples</a> |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/src/index.md` at line 28, The Examples CTA uses a file-style href
("guides/examples.md") which can break when MkDocs outputs directory-style URLs;
update the anchor in docs/src/index.md to use a stable docs URL like
"guides/examples/" (or "guides/examples") by changing the href attribute on the
Examples link so runtime navigation works correctly.
| # These are NOT per-call parameters - they set the limits the agent | ||
| # operates within. The LLM never sees or overrides these. |
There was a problem hiding this comment.
"tool_settings … are NOT per-call parameters" is slightly misleading for timeouts.
bash.timeout_ms and webfetch.timeout_ms are also per-call parameters that the LLM can supply (bounded by max_timeout_ms), as shown in the bash/webfetch parameter tables below (L213-217, L234-237). The wording here implies the LLM never influences these, which contradicts the later tables and could confuse readers debugging why the LLM-supplied timeout_ms is accepted.
Consider: "These are host-side defaults and upper bounds; some (like timeout_ms) can also be overridden per call by the LLM within the host-configured max_* limits."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/src/tools.md` around lines 36 - 37, Update the paragraph that currently
states "These are NOT per-call parameters" to clarify that settings are
host-side defaults and upper bounds while some (notably bash.timeout_ms and
webfetch.timeout_ms) can be overridden per call by the LLM within host-enforced
limits (e.g., max_timeout_ms); specifically, replace or append that sentence to
read something like: "These settings act as host-side defaults and upper bounds;
some fields (for example bash.timeout_ms and webfetch.timeout_ms) may also be
supplied per call by the LLM but are constrained by host-configured max_* limits
(e.g., max_timeout_ms)."
| --md-shadow-z1: | ||
| 0 #{px2rem(4px)} #{px2rem(10px)} hsla(0, 0%, 0%, 0.2), | ||
| 0 0 #{px2rem(1px)} hsla(0, 0%, 0%, 0.1); | ||
|
|
||
| /* Shadow depth 2 */ | ||
| --md-shadow-z2: | ||
| 0 #{px2rem(4px)} #{px2rem(10px)} hsla(0, 0%, 0%, 0.3), | ||
| 0 0 #{px2rem(1px)} hsla(0, 0%, 0%, 0.25); | ||
|
|
||
| /* Shadow depth 3 */ | ||
| --md-shadow-z3: | ||
| 0 #{px2rem(4px)} #{px2rem(10px)} hsla(0, 0%, 0%, 0.4), | ||
| 0 0 #{px2rem(1px)} hsla(0, 0%, 0%, 0.35); |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Confirm file is consumed as-is by MkDocs (no sass step) and check original source.
rg -nP --type=yaml -C2 'reloaded\.css|vendor/Reloaded' docs/mkdocs.yml
fd -e scss -e sass
rg -nP '#\{px2rem' docs/src/vendor/Reloaded/Stylesheets/reloaded.css | head -20Repository: Sewer56/llm-coding-tools
Length of output: 1363
SCSS interpolation (#{px2rem(4px)}) in plain .css file causes shadows to not render under MkDocs
docs/mkdocs.yml includes vendor/Reloaded/Stylesheets/reloaded.css directly in extra_css with no Sass compilation step. The file contains SCSS interpolation syntax at lines 120–121, 125–126, 130–131, 251–252, 256–257, 261–262, 392–393, 397–398, and 402–403. When served as CSS, the browser cannot resolve #{px2rem(...)} and the shadow declarations fail silently.
Fix by either:
- Pre-computing values:
0 0.25rem 0.625rem hsla(0, 0%, 0%, 0.2), 0 0 0.0625rem hsla(0, 0%, 0%, 0.1)(assuming 16px root) - Removing the
--md-shadow-z*overrides and inheriting Material's defaults
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/src/vendor/Reloaded/Stylesheets/reloaded.css` around lines 119 - 131,
The file contains SCSS interpolation (e.g., #{px2rem(4px)}) inside the CSS
custom properties --md-shadow-z1, --md-shadow-z2, --md-shadow-z3 (and the other
--md-shadow-z* occurrences called out in the review) which breaks when served as
raw CSS; either replace each interpolation with pre-computed rem values (e.g.,
compute px2rem(4px) assuming 16px root and replace all occurrences with their
rem equivalents) for every --md-shadow-z* declaration, or remove those
--md-shadow-z* overrides entirely so the stylesheet inherits the Material
defaults; update every instance listed in the review (lines around the three
shown and the other listed occurrences) to use plain CSS values or be deleted.
| Sync the online [models.dev] catalog into a compact `ModelCatalog` with | ||
| ETag caching, zstd compression, and offline fallback. ~3000 models in ~24 KiB. | ||
|
|
||
| [Documentation] · [API Reference] | ||
|
|
||
| ## Why this exists | ||
|
|
||
| If you run coding agents against many providers, you want to have fresh data. | ||
| [models.dev][models.dev] is one such source of data. | ||
|
|
||
| This crate downloads from models.dev, keeps only the fields we need, and | ||
| This crate downloads from [models.dev], keeps only the fields we need, and | ||
| builds a `llm_coding_tools_core::models::ModelCatalog`. | ||
|
|
||
| ## Usage | ||
|
|
||
| ### Load flow (simple) | ||
|
|
||
| 1. Read cache header (if present) and get the old ETag. | ||
| 2. Send request to models.dev with `If-None-Match` when ETag exists. | ||
| 2. Send request to [models.dev] with `If-None-Match` when ETag exists. |
There was a problem hiding this comment.
Broken reference links: [models.dev] label no longer defined.
The old [models.dev]: https://models.dev reference definition was removed, but several occurrences still use [models.dev] as a shortcut/full reference (lines 5, 13, 15, 23). Only [models.dev/api.json] is defined now, so these will render as literal text rather than links. markdownlint flags line 13 (MD052), but the same issue affects the other three.
📝 Proposed fix
Either re-add the reference, or switch the remaining occurrences to an inline link / existing label. Minimal fix — restore the definition:
[models.dev/api.json]: https://models.dev/api.json
+[models.dev]: https://models.dev
[zstd]: https://facebook.github.io/zstd/Alternative — use inline links and drop the shortcut form:
-Sync the online [models.dev] catalog into a compact `ModelCatalog` with
+Sync the online [models.dev](https://models.dev) catalog into a compact `ModelCatalog` with(and analogous edits for lines 13, 15, 23).
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 13-13: Reference links and images should use a label that is defined
Missing link or image reference definition: "models.dev"
(MD052, reference-links-images)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/llm-coding-tools-models-dev/README.md` around lines 5 - 23, The README
uses the [models.dev] shortcut link label that was removed, so restore the
missing reference or convert the inline occurrences to valid links: either
re-add the reference definition " [models.dev]: https://models.dev" near the
bottom (where other link refs like [models.dev/api.json] are defined) or replace
each `[models.dev]` usage in the text (lines mentioning Sync, Why this exists,
and Usage) with the inline form `https://models.dev` (or the existing
`[models.dev/api.json]` label if appropriate); update all four occurrences to
ensure markdown renders correctly.
|
Used own CLI tool for making worktree. It made from current local branch, not main, haha. |
1 participant
Problem
Dependencies were declared independently in each crate's
Cargo.toml, leading to version inconsistencies across the workspace:1.0,1.0.2281.0,1.0.1452.0,2.0.181.51,13.27,39.1,90.5.5,0.56,6.0.0This made it easy for versions to drift apart over time, and required updating multiple files to bump a shared dependency.
Solution
Add
[workspace.dependencies]to the rootsrc/Cargo.tomland convert all 5 crates to reference workspace deps viaworkspace = true.Root Cargo.toml - 40+ shared dependencies defined once:
serde,serde_json,serde_yaml,bitcode,bitflagstokio,maybe-async,async-trait,futuresreqwest,html-to-markdown-rshashbrown,indexmap,tinyvec,lite-strtab,ahash,parking_lotglobset,grep-regex,grep-searcher,memchr,ignoreprocess-wrapllm-coding-tools-core,llm-coding-tools-bubblewrap,llm-coding-tools-agents,llm-coding-tools-models-devcriterion,rstest,serial_test,wiremock,indoc,temp-envPer-crate Cargo.toml - all version strings replaced with
workspace = true; feature overrides preserved locally.Remaining duplicates (unavoidable)
Transitive duplicates from external crates (serdes-ai, AWS SDK) still exist in the lockfile — these are outside our control and would require upstream changes:
thiserrorv1 (serdes-ai) + v2 (our crates)reqwestv0.12 (serdes-ai) + v0.13 (our crates)rustlsv0.21 (AWS SDK) + v0.23 (our crates)hashbrownv0.16 (html-to-markdown-rs) + v0.17 (our crates)Files changed
src/Cargo.toml[workspace.dependencies]src/llm-coding-tools-core/Cargo.tomlsrc/llm-coding-tools-agents/Cargo.tomlsrc/llm-coding-tools-models-dev/Cargo.tomlsrc/llm-coding-tools-serdesai/Cargo.tomlsrc/llm-coding-tools-bubblewrap/Cargo.toml