Checklist for reviewing changes in this repository. Every gate needs cited evidence: a green CI job, a test name, or a code trace.
These match .github/workflows/ci.yml.
| Gate | Command | When required |
|---|---|---|
| Format | cargo fmt --all --check |
Every Rust PR |
| Lint | cargo clippy --all-targets -- -D warnings |
Every Rust PR |
| Unit tests | cargo test --lib |
Every Rust PR |
| Integration tests | cargo test --test '*' |
Every Rust PR |
| Feature tests | cargo test --all-features |
When touching columnar-ingest or other feature-gated paths |
| Release build | cargo build --release |
Every Rust PR |
| Container build | .github/workflows/container.yml | When changing Dockerfile or image entrypoints |
- No new
unwrap/expecton fallible paths in production code unless justified (startup invariant). - Errors propagate with
?or explicit mapping; library boundaries use typed errors insrc/error.rs. - No
Mutex/RwLockheld across.awaitwithout review. - Public API changes are intentional.
Scope: WAL → metadata → flush → chDB MergeTree.
- WAL ordering and sequence semantics are preserved; flush does not drop acknowledged writes.
- Replication apply is idempotent where the protocol requires it.
- Storage layout matches
src/domain/storage_layout.rs.
Scope: Raft, peer sync, hinted handoff, drain, membership.
- Network failures use configured timeouts, retries, and backoff.
- Raft changes preserve safety (no committed log loss).
Evidence: tests/raft_integration.rs, tests/sync_quorum_integration.rs where applicable.
- Status codes and bodies match API reference for touched endpoints.
- Auth paths stay consistent with
src/adapters/http/auth_middleware.rs.
- Identifiers and literals are quoted/escaped; user input cannot break SQL structure.
- Query timeouts and limits remain enforced for untrusted clients.
- Secrets are not logged.
- Password hashing uses Argon2 (
src/adapters/auth.rs). - Prometheus metrics do not add unbounded cardinality labels.
portstraits remain the boundary between application and adapters.- Domain types do not depend on HTTP or RocksDB directly.
- New or renamed config keys are documented in
docs/user-guide/configuration.mdandconfig.toml.example.
Avoid duplicating coverage across suites.
| Suite | Owns |
|---|---|
cargo test --lib |
Parsers, domain logic, WAL batching, Raft log store hydration |
tests/compat/ |
InfluxDB v1 HTTP, DDL, query, and error compatibility |
tests/integration.rs |
Auth, cardinality, users, metrics, backup manifests, chDB layout |
tests/raft_integration.rs |
Multi-node cluster, membership, replication log |
tests/sync_quorum_integration.rs |
sync_quorum replication mode and ack semantics |
scripts/load.sh + load.js / query.js |
Load and ad-hoc performance smoke (kind setup) |
Before deleting a test, confirm another suite covers the same behavior.
Allowed when you can show:
- Unused dependencies —
cargo macheteclean +cargo check --all-targets+ relevant tests pass. - Dead code — not part of stable
pubAPI; no remaining callers; tests pass. - Duplicate docs — consolidate into one canonical page and update links.
- Obsolete scripts — no references in CI, README, or
deploy/.
Breaking removals (HTTP shape, config keys, features) need an explicit note in the PR description.
Follow Coding standards. The project uses conventions from rust-skills, summarized in .cursorrules for editor hints.