Skip to content

chore: pin rustsec/audit-check to SHA #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
KooshaPari merged 1 commit into from
May 1, 2026
Merged

chore: pin rustsec/audit-check to SHA #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/cargo-audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
- uses: rustsec/audit-check@v2
- uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998
with:
token: ${{ secrets.GITHUB_TOKEN }}
4 changes: 2 additions & 2 deletions crates/llm-router/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ thiserror = { workspace = true }
reqwest = { version = "0.12", features = ["json", "rustls-tls"] }
async-trait = "0.1"
tracing = "0.1"
dashmap = "7.0"
"tokio::sync" = { version = "1.44", features = ["RwLock"] }
dashmap = "7.0.0-rc2"
Copy link
Copy Markdown

@cursor cursor Bot May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency pinned to unstable release candidate version

Medium Severity

dashmap is pinned to "7.0.0-rc2", a release candidate. The latest stable version is 6.1.0. If the crate truly needs dashmap 7.x features, this is a conscious tradeoff, but RC versions carry stability and API-change risks that are worth acknowledging — especially in a PR described as a routine CI pin.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit a856bb4. Configure here.

"tokio/sync" = { version = "1.44", features = ["RwLock"] }
Comment on lines +16 to +17
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Architect Review — CRITICAL

The llm-router manifest declares a dependency keyed as "tokio/sync" in [dependencies], which is not a valid crate/dependency name and incorrectly models tokio::sync as a separate crate, causing cargo to fail dependency resolution for this manifest.

Suggestion: Remove the "tokio/sync" dependency and instead rely on the existing tokio dependency with appropriate features (already provided via the workspace tokio entry), keeping tokio as a single, correctly specified dependency.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** crates/llm-router/Cargo.toml
**Line:** 16:17
**Comment:**
	*CRITICAL: The `llm-router` manifest declares a dependency keyed as `"tokio/sync"` in `[dependencies]`, which is not a valid crate/dependency name and incorrectly models `tokio::sync` as a separate crate, causing `cargo` to fail dependency resolution for this manifest.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

Copy link
Copy Markdown

@cursor cursor Bot May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Invalid Cargo dependency name "tokio/sync" won't resolve

High Severity

The dependency name "tokio/sync" is not a valid Cargo crate name — slashes are not permitted. The previous value "tokio::sync" was also invalid, and this change appears to be an attempted fix that still doesn't resolve the issue. The sync module (including RwLock) is already available through the workspace-level tokio dependency, which specifies features = ["full"]. This entire line is unnecessary and will cause dependency resolution failure.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit a856bb4. Configure here.

Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Replace this placeholder-like dependency entry with a valid and actually used Tokio dependency setup (or remove it until the corresponding code is implemented), because this declaration is not consumable as-is and indicates unfinished integration. [custom_rule]

Severity Level: Minor ⚠️

Why it matters? 🤔

This is a real issue in the final file state: Cargo dependency names cannot use a slash like "tokio/sync" as a package key. As written, the entry is not a valid consumable dependency declaration, so the suggestion correctly identifies a concrete problem.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is a comment left during a code review.

**Path:** crates/llm-router/Cargo.toml
**Line:** 17:17
**Comment:**
	*Custom Rule: Replace this placeholder-like dependency entry with a valid and actually used Tokio dependency setup (or remove it until the corresponding code is implemented), because this declaration is not consumable as-is and indicates unfinished integration.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
👍 | 👎

Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Architect Review — CRITICAL

The dependency entry with key "tokio/sync" is invalid for Cargo: dependency names are crate names and cannot contain '/', and there is already a proper workspace-level tokio dependency. This invalid entry will cause manifest resolution failures and can break normal workspace builds.

Suggestion: Remove the "tokio/sync" dependency entry and rely on the existing workspace-level tokio dependency (enabling any required features there), keeping only a single valid tokio dependency consistent with the other crates.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** crates/llm-router/Cargo.toml
**Line:** 17:17
**Comment:**
	*CRITICAL: The dependency entry with key "tokio/sync" is invalid for Cargo: dependency names are crate names and cannot contain '/', and there is already a proper workspace-level `tokio` dependency. This invalid entry will cause manifest resolution failures and can break normal workspace builds.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Architect Review — CRITICAL

crates/llm-router/Cargo.toml declares a dependency key "tokio/sync", but Cargo dependency keys must be valid crate names (e.g., tokio); this invalid name will cause Cargo to reject the manifest and break normal dependency resolution/builds.

Suggestion: Remove the "tokio/sync" dependency entry and instead express any required sync features on the existing tokio dependency (or rely on the workspace-provided tokio), and verify the manifest by running cargo check/cargo metadata in CI before merging.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** crates/llm-router/Cargo.toml
**Line:** 17:17
**Comment:**
	*CRITICAL: `crates/llm-router/Cargo.toml` declares a dependency key `"tokio/sync"`, but Cargo dependency keys must be valid crate names (e.g., `tokio`); this invalid name will cause Cargo to reject the manifest and break normal dependency resolution/builds.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Architect Review — CRITICAL

The dependency key "tokio/sync" in crates/llm-router/Cargo.toml is not a valid Cargo package/dependency name (Cargo dependencies are crates, and names cannot contain /), so it refers to a non-existent package and will cause cargo build --workspace / cargo test --workspace to fail for this workspace.

Suggestion: Remove the "tokio/sync" dependency and rely on the existing workspace tokio dependency (which already enables the needed sync features), keeping a single canonical Tokio dependency declaration in crates/llm-router/Cargo.toml.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** crates/llm-router/Cargo.toml
**Line:** 17:17
**Comment:**
	*CRITICAL: The dependency key `"tokio/sync"` in `crates/llm-router/Cargo.toml` is not a valid Cargo package/dependency name (Cargo dependencies are crates, and names cannot contain `/`), so it refers to a non-existent package and will cause `cargo build --workspace` / `cargo test --workspace` to fail for this workspace.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

174 changes: 174 additions & 0 deletions tests/llm_router_test.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
// Integration tests for llm-router crate
// Traces to: FR-001
Comment on lines +1 to +2
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: This integration test file is placed under the workspace root tests/ directory, but the root manifest is a virtual workspace (no [package]), so Cargo will not discover or run these tests. Move this test into crates/llm-router/tests/ (or convert to unit tests inside the crate) so it is actually executed in CI. [logic error]

Severity Level: Major ⚠️ 
- ⚠️ llm-router integration tests never run in workspace CI.
- ⚠️ Regressions possible despite apparently present router tests.
Steps of Reproduction ✅ 
1. Open the workspace manifest at `/workspace/phenoAI/Cargo.toml` and note it only defines
a `[workspace]` with members `crates/llm-router`, `crates/mcp-server`, and
`crates/pheno-embedding` and no `[package]` section (lines 7–12).

2. Observe that the new test file lives at `/workspace/phenoAI/tests/llm_router_test.rs`
(lines 1–174 in that file), directly under the workspace root rather than under any crate
member.

3. In a Cargo virtual workspace without a root `[package]`, the workspace root is not a
crate; only the member crates under `crates/*` are built and tested, so
`/workspace/phenoAI/tests/*.rs` is never compiled or registered as a test target.

4. Running `cargo test` from `/workspace/phenoAI` therefore executes tests in
`crates/llm-router`, `crates/mcp-server`, and `crates/pheno-embedding` only; no tests from
`tests/llm_router_test.rs` appear in the test list or output, so the intended integration
coverage for `llm-router` is silently skipped in CI.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is a comment left during a code review.

**Path:** tests/llm_router_test.rs
**Line:** 1:2
**Comment:**
	*Logic Error: This integration test file is placed under the workspace root `tests/` directory, but the root manifest is a virtual workspace (no `[package]`), so Cargo will not discover or run these tests. Move this test into `crates/llm-router/tests/` (or convert to unit tests inside the crate) so it is actually executed in CI.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
👍 | 👎


use llm_router::{
CompletionRequest, CompletionResponse, LlmError, LlmRouter, LlmProvider, Message, TokenUsage,
};
Comment on lines +1 to +6
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Architect Review — HIGH

New integration tests are added under the workspace-root tests/ in a virtual workspace (root Cargo.toml has only [workspace], no [package]), so cargo test --workspace (the documented/Just/Taskfile test command) never discovers or runs them, leaving the added coverage effectively dead.

Suggestion: Move these tests into the appropriate crate-specific tests/ directories (e.g., crates/llm-router/tests/...) or introduce a real root package so that cargo test --workspace and the documented test commands execute them; verify in CI logs that the new test binaries are built and run.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** tests/llm_router_test.rs
**Line:** 1:6
**Comment:**
	*HIGH: New integration tests are added under the workspace-root `tests/` in a virtual workspace (root `Cargo.toml` has only [workspace], no [package]), so `cargo test --workspace` (the documented/Just/Taskfile test command) never discovers or runs them, leaving the added coverage effectively dead.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

Comment on lines +1 to +6
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Architect Review — HIGH

The new integration tests are placed under the workspace root tests/ directory, but the root Cargo.toml is a virtual workspace (has only [workspace] and no [package]), so these tests are not attached to any Cargo package and will not run under normal cargo test --workspace flows, providing no real execution coverage.

Suggestion: Move each test file into the corresponding crate's crates/<name>/tests/ directory (or add a dedicated root test-harness package) so they are discovered by Cargo, and ensure CI runs cargo test --workspace.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** tests/llm_router_test.rs
**Line:** 1:6
**Comment:**
	*HIGH: The new integration tests are placed under the workspace root `tests/` directory, but the root `Cargo.toml` is a virtual workspace (has only `[workspace]` and no `[package]`), so these tests are not attached to any Cargo package and will not run under normal `cargo test --workspace` flows, providing no real execution coverage.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

Comment on lines +1 to +6
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Architect Review — HIGH

The new "integration tests" have been added under the workspace-root tests/ directory, but the root Cargo.toml is a virtual workspace (it has [workspace] and no [package]), so these tests are not owned by any crate and will not run under the documented cargo test --workspace flow.

Suggestion: Move these tests into per-crate integration test directories (e.g., crates/llm-router/tests, crates/mcp-server/tests, crates/pheno-embedding/tests) or add a real root package that owns /tests, so they execute as part of the existing cargo test --workspace commands.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** tests/llm_router_test.rs
**Line:** 1:6
**Comment:**
	*HIGH: The new "integration tests" have been added under the workspace-root `tests/` directory, but the root `Cargo.toml` is a virtual workspace (it has `[workspace]` and no `[package]`), so these tests are not owned by any crate and will not run under the documented `cargo test --workspace` flow.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix


/// Mock provider for testing
struct MockProvider {
name: String,
should_fail: bool,
}

impl MockProvider {
fn new(name: &str) -> Self {
Self {
name: name.to_string(),
should_fail: false,
}
}

fn failing(name: &str) -> Self {
Self {
name: name.to_string(),
should_fail: true,
}
}
Comment on lines +22 to +27
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Remove the unused MockProvider::failing constructor or add a dedicated failure-path test that uses it, so the test target does not trigger dead_code under clippy with warnings denied. [custom_rule]

Severity Level: Minor ⚠️

Why it matters? 🤔

The MockProvider::failing constructor is defined in the file but never used anywhere in the final file state. That makes the dead_code concern real, so the suggestion correctly identifies an actual lint issue.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is a comment left during a code review.

**Path:** tests/llm_router_test.rs
**Line:** 22:27
**Comment:**
	*Custom Rule: Remove the unused `MockProvider::failing` constructor or add a dedicated failure-path test that uses it, so the test target does not trigger `dead_code` under clippy with warnings denied.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
👍 | 👎

}

#[::async_trait::async_trait]
impl LlmProvider for MockProvider {
async fn complete(
&self,
request: &CompletionRequest,
) -> Result<CompletionResponse, LlmError> {
if self.should_fail {
return Err(LlmError::Provider("Mock failure".to_string()));
}

Ok(CompletionResponse {
content: format!("Mock response for model: {}", request.model),
model: request.model.clone(),
provider: self.name.clone(),
usage: TokenUsage {
prompt_tokens: 10,
completion_tokens: 20,
total_tokens: 30,
},
latency_ms: 100,
})
}

fn provider_name(&self) -> &str {
&self.name
}
}

#[test]
fn test_completion_request_serialization() {
let request = CompletionRequest {
model: "gpt-4".to_string(),
messages: vec![
Message {
role: "user".to_string(),
content: "Hello".to_string(),
},
],
temperature: Some(0.7),
max_tokens: Some(100),
timeout_ms: Some(30000),
};

let json = serde_json::to_string(&request).expect("Should serialize");
assert!(json.contains("gpt-4"));
assert!(json.contains("Hello"));

let deserialized: CompletionRequest =
serde_json::from_str(&json).expect("Should deserialize");
assert_eq!(deserialized.model, "gpt-4");
}

#[test]
fn test_completion_response_serialization() {
let response = CompletionResponse {
content: "Test response".to_string(),
model: "gpt-4".to_string(),
provider: "openai".to_string(),
usage: TokenUsage {
prompt_tokens: 10,
completion_tokens: 20,
total_tokens: 30,
},
latency_ms: 150,
};

let json = serde_json::to_string(&response).expect("Should serialize");
assert!(json.contains("Test response"));

let deserialized: CompletionResponse =
serde_json::from_str(&json).expect("Should deserialize");
assert_eq!(deserialized.content, "Test response");
assert_eq!(deserialized.usage.total_tokens, 30);
}

#[test]
fn test_llm_router_creation() {
let router = LlmRouter::new();
assert!(router.providers.is_empty());
assert!(router.fallback.is_none());
Comment on lines +108 to +109
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: This integration test accesses private internals of LlmRouter (providers and fallback), which are not part of the public API and are inaccessible from tests/. The test will fail to compile; assert behavior through public methods (e.g., complete) instead of direct field reads. [api mismatch]

Severity Level: Critical 🚨 
-`cargo test` fails compiling integration tests.
- ❌ CI pipeline with tests blocked on compilation error.
Steps of Reproduction ✅ 
1. From the workspace root `/workspace/phenoAI`, run `cargo test` to build and execute all
tests, including integration tests in `tests/`.

2. The integration test `tests/llm_router_test.rs` is compiled as an external test crate
which depends on the `llm-router` crate and imports `LlmRouter` at line 4.

3. The Rust compiler resolves `LlmRouter` to the definition in
`crates/llm-router/src/lib.rs:13-17`, where `providers` and `fallback` are private fields
(no `pub` keyword on lines 15-16).

4. During compilation of `test_llm_router_creation` at `tests/llm_router_test.rs:105-110`,
the expressions `router.providers` and `router.fallback` on lines 108-109 attempt to
access these private fields, causing compile-time errors like "no field `providers` on
type `LlmRouter`" and "field `fallback` of struct `LlmRouter` is private", and preventing
the test suite from compiling.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is a comment left during a code review.

**Path:** tests/llm_router_test.rs
**Line:** 108:109
**Comment:**
	*Api Mismatch: This integration test accesses private internals of `LlmRouter` (`providers` and `fallback`), which are not part of the public API and are inaccessible from `tests/`. The test will fail to compile; assert behavior through public methods (e.g., `complete`) instead of direct field reads.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
👍 | 👎

}

#[test]
fn test_llm_router_register_provider() {
use std::sync::Arc;

let router = LlmRouter::new();
let provider = Arc::new(MockProvider::new("test-provider"));

router.register_provider("test", provider);

assert_eq!(router.providers.len(), 1);
assert!(router.providers.contains_key("test"));
}
Comment on lines +106 to +123
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Architect Review — HIGH

The new "integration" tests are placed under the workspace root tests/ of a virtual manifest (no [package]), so they are not built or run by cargo test --workspace or standard Cargo flows, and they also access private LlmRouter fields (providers, fallback) in a way that would not compile as true integration tests. As written, these tests provide no effective coverage.

Suggestion: Move these tests into each crate's own tests/ directory or into #[cfg(test)] modules inside the crates so Cargo will execute them, and adjust them to assert behavior through the public LlmRouter API rather than accessing private fields directly.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** tests/llm_router_test.rs
**Line:** 106:123
**Comment:**
	*HIGH: The new "integration" tests are placed under the workspace root `tests/` of a virtual manifest (no `[package]`), so they are not built or run by `cargo test --workspace` or standard Cargo flows, and they also access private `LlmRouter` fields (`providers`, `fallback`) in a way that would not compile as true integration tests. As written, these tests provide no effective coverage.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix


#[test]
fn test_llm_router_set_fallback() {
use std::sync::Arc;

let router = LlmRouter::new();
let fallback = Arc::new(MockProvider::new("fallback"));

router.set_fallback(fallback);

assert!(router.fallback.is_some());
Comment on lines +109 to +134
Copy link
Copy Markdown

@codeant-ai codeant-ai Bot May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: This assertion depends on direct access to fallback, which is a private field of LlmRouter and cannot be read from integration tests. Validate behavior through public methods instead (for example by exercising routing behavior after setting fallback). [type error]

Severity Level: Major ⚠️ 
- ❌ Fallback behavior tests cannot compile as integration tests.
- ⚠️ No public API-based verification of router fallback logic.
Steps of Reproduction ✅ 
1. In `/workspace/phenoAI/crates/llm-router/src/lib.rs`, `LlmRouter` is defined at lines
123–126 with a private `fallback: Option<Arc<dyn LlmProvider>>` field (no `pub` on the
field), so external crates cannot read or write `fallback` directly.

2. The implementation at lines 128–148 exposes `pub fn set_fallback(&self, provider:
Arc<dyn LlmProvider>)` and routing behavior that uses `self.fallback` internally, but
there is no public accessor or inspector for `fallback`.

3. The new test `/workspace/phenoAI/tests/llm_router_test.rs` performs assertions on the
private `fallback` field at lines 109 and 134: `assert!(router.fallback.is_none());` in
`test_llm_router_creation` and `assert!(router.fallback.is_some());` in
`test_llm_router_set_fallback`.

4. Because this test imports `LlmRouter` from `llm_router` as an external crate (line 4),
any correctly wired integration test crate compiling this code will hit Rust privacy
errors (e.g., `field 'fallback' of struct 'LlmRouter' is private`), so these tests cannot
compile against the current API and are not a valid way to verify fallback behavior.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖 
This is a comment left during a code review.

**Path:** tests/llm_router_test.rs
**Line:** 109:134
**Comment:**
	*Type Error: This assertion depends on direct access to `fallback`, which is a private field of `LlmRouter` and cannot be read from integration tests. Validate behavior through public methods instead (for example by exercising routing behavior after setting fallback).

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
👍 | 👎

}

#[test]
fn test_llm_error_display() {
let err = LlmError::Provider("test error".to_string());
assert_eq!(format!("{}", err), "provider error: test error");

let err = LlmError::RateLimited;
assert_eq!(format!("{}", err), "rate limited");

let err = LlmError::Timeout;
assert_eq!(format!("{}", err), "timeout");

let err = LlmError::InvalidModel("gpt-5".to_string());
assert_eq!(format!("{}", err), "invalid model: gpt-5");
}

#[test]
fn test_message_creation() {
let msg = Message {
role: "assistant".to_string(),
content: "I am here to help".to_string(),
};

assert_eq!(msg.role, "assistant");
assert_eq!(msg.content, "I am here to help");
}

#[test]
fn test_token_usage() {
let usage = TokenUsage {
prompt_tokens: 100,
completion_tokens: 200,
total_tokens: 300,
};

assert_eq!(usage.prompt_tokens, 100);
assert_eq!(usage.completion_tokens, 200);
assert_eq!(usage.total_tokens, 300);
}
Loading
Loading