chore(ci): migrate workflow to SyntaxKit structure with strict lint e…

[leogdion]

…nforcement

• Add configure job for dynamic matrix selection (full vs minimal by branch)
• Split build-macos into build-macos (SPM only) + build-macos-full (full platform matrix)
• Add concurrency group with cancel-in-progress
• Update triggers: branches-ignore → push/pull_request with paths-ignore
• Update action versions: checkout@v6, swift-build@v1, swift-coverage-action@v5, codecov@v6
• Move LINT_MODE=STRICT from job env to step env (matches SundialKit fix)
• Update mise-action@v2 → @v4 with simplified config
• Gate coverage steps with contains-code-coverage output check

---

Perform an AI-assisted review on

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b9c9cec-a407-4571-9d00-5b73a9ccff36

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch atleast-v1.0.0-beta.4

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

PR Review: CI Migration to SyntaxKit Structure

This is a well-structured CI refactor with some good improvements. Here's my analysis:

---

✅ Positive Changes

• Concurrency cancellation — cancel-in-progress: true is the right call; it reduces billing costs and avoids stale jobs blocking subsequent pushes.
• paths-ignore — Prevents unnecessary CI runs on doc/markdown-only changes.
• Dynamic matrix (configure job) — Splitting full vs. minimal matrix by branch is a good pattern for faster feedback on feature branches.
• Conditional coverage — Gating coverage steps on steps.build.outputs.contains-code-coverage == 'true' is more robust than running them unconditionally; avoids noisy failures when coverage isn't generated.
• LINT_MODE=STRICT moved to step env — Correct; job-level env can bleed into other steps unintentionally.
• Splitting build-macos / build-macos-full — Cleaner separation of concerns.

---

⚠️ Issues and Concerns

1. Branch-based dependency in Package.swift (Medium)

// Package.swift
.package(url: "https://github.com/brightdigit/SundialKit.git", branch: "atleast-v1.0.0-beta.4")

Branch-pinned dependencies are non-reproducible. While Package.resolved locks the revision today, any future swift package update will silently pull from the tip of atleast-v1.0.0-beta.4. This is fine for development scaffolding, but this PR targets v1.0.0-alpha.2 which may eventually merge toward a release. This should either:

• Stay branch-pinned intentionally (document why in a comment), or
• Be updated to a version constraint once the corresponding SundialKit release is tagged

2. actions/checkout@v6 — verify this version exists

The original used @v4. Jumping to @v6 is a large skip. Please verify this version exists in the actions/checkout registry before merging, as referencing a non-existent major version will silently resolve to nothing or fail.

3. swift-build@v1 vs @v1.4.0 — unpinned major version (Low)

# Before (pinned)
uses: brightdigit/swift-build@v1.4.0

# After (floating)
uses: brightdigit/swift-build@v1

Floating on a major tag means any v1.x release will be picked up automatically. This is a trade-off: you get automatic patch/minor updates but lose reproducibility. For a first-party action this is probably fine, but worth calling out.

4. Nightly Swift builds removed from Ubuntu matrix

The original matrix included:

- version: "6.1"
  nightly: true
- version: "6.2"
  nightly: true

The new matrix (even in full mode) only includes stable releases 6.1, 6.2, 6.3. If nightly builds were catching pre-release issues, removing them reduces forward-compatibility coverage. If this is intentional, a comment explaining why would help.

5. build-ubuntu no longer passes scheme

# Before
uses: brightdigit/swift-build@v1.4.0
with:
  scheme: ${{ env.PACKAGE_NAME }}

# After
uses: brightdigit/swift-build@v1
id: build
# no `scheme` parameter

If swift-build@v1 defaults to scheme detection this is fine, but it's a behavioral change that should be confirmed. The macOS jobs use scheme: ${{ env.PACKAGE_NAME }}-Package — the discrepancy (or the omission) should be intentional.

6. build-macos passes download-platform for SPM-only entry

matrix:
  include:
    - runs-on: macos-26
      xcode: "/Applications/Xcode_26.4.app"
      # no `type`, no `download-platform`

The step then passes download-platform: ${{ matrix.download-platform }}, which evaluates to empty string for this entry. Verify swift-build@v1 handles an empty/undefined download-platform gracefully (the previous version wasn't passed this for SPM builds at all).

7. Missing fail_ci_if_error on macOS codecov steps

Ubuntu correctly has:

uses: codecov/codecov-action@v6
with:
  fail_ci_if_error: true

But both build-macos and build-macos-full omit this, so a Codecov upload failure on macOS will silently pass. This inconsistency existed before, but worth fixing while touching these steps.

---

Minor

• The lint job condition is well-written — !cancelled() && !failure() correctly handles the case where build-macos-full is skipped on feature branches.
• The curl install step on Ubuntu (apt-get install -y curl) is a thoughtful fix for the Codecov action dependency.
• flags: swift-${{ matrix.swift.version }},ubuntu (comma-separated) is the correct Codecov v6 format for multiple flags.

---

Summary

The CI restructuring is solid overall. The two items I'd recommend addressing before merge:

1. Confirm checkout@v6 is a real, published version
2. Document or track the intent to replace the branch dependency in Package.swift with a version constraint

Everything else is either minor or a reasonable trade-off.

[codecov]

Codecov Report

❌ Patch coverage is 89.94845% with 39 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.44%. Comparing base (1837720) to head (650620e).

Files with missing lines	Patch %	Lines
Sources/SundialKitStream/NetworkObserver.swift	83.11%	13 Missing ⚠️
...es/SundialKitStream/NetworkObserver+Handlers.swift	65.38%	9 Missing ⚠️
...rces/SundialKitStream/SundialLogger+Fallback.swift	0.00%	8 Missing ⚠️
Tests/SundialKitStreamTests/MockNetworkPing.swift	36.36%	7 Missing ⚠️
...itStreamTests/NetworkObserverTests+EdgeCases.swift	96.77%	2 Missing ⚠️

Additional details and impacted files

@@                Coverage Diff                 @@
##           v1.0.0-alpha.2       #9      +/-   ##
==================================================
+ Coverage           74.16%   74.44%   +0.28%     
==================================================
  Files                  44       47       +3     
  Lines                1862     1902      +40     
==================================================
+ Hits                 1381     1416      +35     
- Misses                481      486       +5     

Flag	Coverage Δ
spm	74.92% <91.84%> (+0.27%)	⬆️
swift-6.1	70.58% <52.94%> (?)
swift-6.1-jammy	?
swift-6.1-jammy-nightly	?
swift-6.1-noble	?
swift-6.1-noble-nightly	?
swift-6.2	70.58% <52.94%> (?)
swift-6.2-jammy	?
swift-6.2-jammy-nightly	?
swift-6.2-noble	?
swift-6.2-noble-nightly	?
swift-6.3	70.58% <52.94%> (?)
ubuntu	70.58% <52.94%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[leogdion]

missing Wasm types

[leogdion]

remove the macOS and add back older iOS and watchOS

[claude]

PR Review: CI Workflow Migration to SyntaxKit Structure

This is a well-structured CI refactor with several meaningful improvements. A few issues worth addressing before merging.

---

Critical: Branch-Pinned Dependency

Package.swift / Package.resolved — the most significant concern in this PR.

// Before
.package(url: "https://github.com/brightdigit/SundialKit.git", from: "2.0.0-alpha.1")

// After
.package(url: "https://github.com/brightdigit/SundialKit.git", branch: "atleast-v1.0.0-beta.4")

Using a branch reference makes builds non-reproducible. If the branch is rebased, force-pushed, or deleted, all downstream builds break with no warning. The branch name (atleast-v1.0.0-beta.4) reads like a temporary integration branch. This should be pinned to a specific tag or revision before merging. If the tag doesn't exist yet, this PR is likely premature.

---

Issues in the Workflow

1. build-windows and build-android missing cancellation guards

Both jobs use if: needs.configure.outputs.full-matrix == 'true' but lack !cancelled() and needs.configure.result == 'success'. Compare to build-macos:

# build-macos (correct)
if: ${{ !cancelled() && needs.configure.result == 'success' }}

# build-windows / build-android (incomplete)
if: needs.configure.outputs.full-matrix == 'true'

If configure is cancelled or fails, these jobs will receive an empty string for the output and the condition evaluates to false — which skips them rather than failing explicitly. Consistent with build-macos, use:

if: ${{ !cancelled() && needs.configure.result == 'success' && needs.configure.outputs.full-matrix == 'true' }}

2. PR trigger targets version tags as base branches

pull_request:
  branches:
    - main
    - 'v[0-9]*.[0-9]*.[0-9]*'

Tags can't be PR base branches — this branch pattern only matches branches whose names look like version strings. If the intent is to support hotfix branches like v2.1.x, make that explicit. If not, remove the second entry.

3. build-ubuntu no longer passes scheme

The original swift-build@v1.4.0 step included scheme: ${{ env.PACKAGE_NAME }}. The new version drops it. If brightdigit/swift-build@v1 has a different default, this could silently change build behavior on Ubuntu. Worth confirming the action's default is equivalent.

4. Inconsistent fail-on-empty-output coverage setting

The Ubuntu job explicitly sets this:

- uses: sersoft-gmbh/swift-coverage-action@v5
  with:
    fail-on-empty-output: true

But the macOS jobs (build-macos, build-macos-full) omit it. This means macOS coverage jobs will silently succeed even if no coverage data is generated. Either set it consistently, or document why macOS is exempt.

5. Unpinned major version actions

brightdigit/swift-build@v1 and jdx/mise-action@v4 use floating major version tags. These can silently pick up breaking changes. Consider pinning to a specific version (e.g., @v1.5.0) or SHA for reproducibility in CI.

---

Improvements Worth Noting

• The dynamic configure job for full vs. minimal matrix is a good pattern — saves CI time on feature branches.
• Splitting build-macos into SPM-only and full-platform jobs is cleaner.
• Gating coverage upload steps on contains-code-coverage output avoids spurious failures.
• Moving LINT_MODE: STRICT to the step env (rather than the job env) is the right fix.
• The concurrency group with cancel-in-progress: true is a solid addition.
• Expanding to Windows and Android with sensible matrix exclusions is well-structured.

---

Summary: The CI restructuring is solid, but the branch-pinned SundialKit dependency is a blocking concern for reproducibility. The missing cancellation guards on Windows/Android and the fail-on-empty-output inconsistency are smaller but worth fixing before this leaves draft.

[claude]

PR Review

This is a well-structured CI modernization with WASM compatibility additions. Here's my feedback:

---

Issues

Package.swift — Branch dependency is non-reproducible

// Before
.package(url: "https://github.com/brightdigit/SundialKit.git", from: "2.0.0-alpha.1")

// After
.package(url: "https://github.com/brightdigit/SundialKit.git", branch: "atleast-v1.0.0-beta.4")

Branch-pinned dependencies cause non-deterministic builds since the branch can move. This is fine during active co-development, but must be changed to a concrete version tag before merging to main. If the SundialKit beta tag isn't published yet, consider blocking this PR until it is (or merging with a clear TODO to re-pin).

---

CI — build-windows and build-android missing cancellation guard

build-macos and build-macos-full correctly use !cancelled() && needs.configure.result == 'success', but these two jobs use a weaker condition:

# build-windows and build-android
if: needs.configure.outputs.full-matrix == 'true'

If the configure job is cancelled (e.g. by the concurrency group killing a stale run), outputs are undefined, so fromJSON(...) may produce unexpected results. Recommend aligning with the pattern used by build-macos-full:

if: ${{ !cancelled() && needs.configure.result == 'success' && needs.configure.outputs.full-matrix == 'true' }}

---

CI — Redundant PACKAGE_NAME env in build-macos

  build-macos:
    name: Build on macOS
    needs: [configure]
    env:
      PACKAGE_NAME: SundialKitStream   # already set at top-level env

This duplicates the global env.PACKAGE_NAME. Remove the job-level env block.

---

Observations / Minor Notes

.swift-format — FileScopedDeclarationPrivacy: false: Changing from true to false means fileprivate will no longer be reformatted to private. This is a meaningful semantic policy change; a brief commit message note explaining the motivation would be helpful (e.g. WASM compatibility, multi-file types, etc.).

.swift-format — missing trailing newline: The file now ends without a newline. Not a functional issue but inconsistent with POSIX text file conventions and most editors will warn on it.

.swiftlint.yml — removed Sources/MistKit/Generated exclusion: This looks like a stale copy-paste artifact from a different project (MistKit). The removal is correct; just confirming it was intentional.

WASM detection via canImport(Dispatch): Using #if canImport(Dispatch) as a WASM proxy is a reasonable approach. If you want a more explicit and future-proof check, #if canImport(WASILibc) or #if os(WASI) may be more semantically precise, but canImport(Dispatch) works well in practice for this package's platform matrix.

NetworkObserver.start(queue:) conditional availability: Wrapping only start(queue:) in #if canImport(Dispatch) while leaving cancel() and the stream APIs available on WASM is intentional and clean — users can still observe state without starting the monitor. This is a good design choice.

---

What's Working Well

• Dynamic matrix selection via configure job is a clean optimization — avoids spinning up large matrices on feature branches.
• Concurrency group cancel-in-progress: true prevents resource waste from stale runs.
• Coverage steps gated behind steps.build.outputs.contains-code-coverage == 'true' is more robust than unconditional execution.
• SundialLogger+Fallback.swift split cleanly resolves the one_declaration_per_file violation without touching the primary SundialLogger.swift logic.
• WASM test disablement via .disabled(if: isWasm) is idiomatic Swift Testing usage.
• Adding tvOS to the build matrix is a welcome addition given the package's platform support.

---

Summary: The approach is sound. The two required changes before merge to main are: (1) pin Package.swift to a concrete SundialKit version tag, and (2) add cancellation guards to build-windows and build-android.

[claude]

PR Review: CI migration to SyntaxKit structure with strict lint enforcement

This PR is a solid step forward for cross-platform support and CI efficiency.

CI WORKFLOW CHANGES

Positive changes:

• The dynamic configure job reduces CI cost on feature branches while running the full matrix on main/PRs.
• Concurrency group with cancel-in-progress avoids redundant runs.
• Gating coverage steps behind contains-code-coverage output correctly avoids failures on wasm/embedded builds.
• Action version bumps are appropriate housekeeping.

Issues/Concerns:

1. Minor flag inconsistency: build-ubuntu coverage upload has fail_ci_if_error and verbose flags, but the macOS jobs do not. Intentional?

2. Non-standard Codecov parameter: The Windows job passes swift_project: SundialKitStream to codecov/codecov-action. This is not a documented parameter and will likely be silently ignored. Consider removing it.

3. build-windows missing !cancelled() guard: build-macos and build-macos-full check !cancelled() && needs.configure.result == success, but build-windows only checks needs.configure.outputs.full-matrix == true. If configure is cancelled the output will be empty and the condition may behave unexpectedly.

4. pull_request trigger targets version tag branches: pull_request.branches includes v*.. patterns. PRs targeting versioned release branches may not be intentional.

SOURCE CODE CHANGES

NetworkObserver refactor:
The refactor from Task-wrapped pathUpdates() iteration to direct continuation registration is architecturally better. Direct registration avoids creating an intermediate task per subscriber. Adding bufferingPolicy .unbounded makes buffering behavior explicit.

Concern: .unbounded means the buffer can grow without bound if a subscriber is slow. This is a behavioral change from the previous default (.bufferingNewest(1)) and worth documenting on the stream properties.

NetworkObserver+Init.swift:
The reorganization wraps convenience initializers inside the canImport(Network) guard. Since NetworkObserver itself is now only defined under that guard, this is correct. However, the old convenience initializers init(monitor:) and init(monitor:ping:) were previously available on all platforms. This is a narrowing of the public API worth calling out.

Properties changed from private to internal: Necessary to support the file-split to NetworkObserver+Handlers.swift. Acceptable given Swift file-scope semantics for extensions.

TEST CHANGES

Potential WASM compilation issue:

NetworkObserverTests.swift is decorated with .disabled(if: isWasm) which is a runtime check. However, MockPathMonitor is guarded at compile time with canImport(Dispatch). If any test body inside NetworkObserverTests directly references MockPathMonitor, those tests would fail to compile on WASM even though the suite is runtime-disabled.

The .disabled(if:) trait only suppresses test execution; it does not suppress compilation. If test bodies reference MockPathMonitor, they need canImport(Dispatch) compile guards as well, or the entire test file should be wrapped in such a guard.

PACKAGE.SWIFT - BRANCH DEPENDENCY

The dependency is pinned to branch atleast-v1.0.0-beta.4 rather than a version tag. Branch-pinned dependencies are non-reproducible: if the branch is force-pushed or rebased, Package.resolved can become stale and builds can silently change behavior. This looks intentional for in-progress development but should be resolved to a tagged version before merging to main.

SWIFTLINT.YML

• Adding one_declaration_per_file is appropriate given the project file-naming conventions.
• Removing Sources/MistKit/Generated from excluded paths is correct; that path does not exist in this package (leftover from another project config).

SWIFT-FORMAT

• FileScopedDeclarationPrivacy false makes sense given the file-split pattern used in this PR.
• The file is missing a trailing newline. Minor but inconsistent with POSIX and the project linting standards.

SUMMARY

CI structure/efficiency: Solid improvement
Cross-platform support (WASM/Windows/Android): Good
NetworkObserver refactor: Architecturally better
WASM test compilation safety: Needs verification
Branch dependency in Package.swift: Should be a version tag before merge
Windows Codecov swift_project param: Likely dead config, consider removing
Missing newline in .swift-format: Minor

The branch dependency and the potential WASM compile issue are the two items to resolve before this is merge-ready.

[claude]

PR Review: CI Migration + SyntaxKit Structure

This is a solid CI modernization PR. Here are my findings across a few categories:

---

Potential Issues

1. Branch-Pinned SundialKit Dependency (Medium)

// Package.swift
.package(url: "https://github.com/brightdigit/SundialKit.git", branch: "atleast-v1.0.0-beta.4")

Pinning to a branch rather than a version tag makes builds non-reproducible in the long run — the next swift package update will silently advance to whatever the branch tip is. Package.resolved locks the commit hash for now, but this is still fragile for a library. Consider waiting for a stable version tag (e.g. from: "1.0.0-beta.4") or pinning to an exact commit via .exact() if the version isn't tagged yet.

2. Inconsistent !cancelled() Guard in CI Jobs (Minor)

build-macos and build-macos-full include a !cancelled() + needs.configure.result == 'success' guard:

if: ${{ !cancelled() && needs.configure.result == 'success' }}

But build-windows and build-android only check the matrix output:

# build-windows
if: needs.configure.outputs.full-matrix == 'true'
# build-android
if: needs.configure.outputs.full-matrix == 'true'

If the configure job is cancelled (e.g. due to the concurrency group cancel-in-progress), build-windows and build-android will attempt to evaluate needs.configure.outputs.full-matrix which will be empty — causing unexpected behavior. These should match the guard used by build-macos-full.

3. Redundant PACKAGE_NAME env in build-macos (Nit)

build-macos and build-macos-full both define a local env: PACKAGE_NAME: SundialKitStream, but the workflow already declares this at the top-level env: block. The local declarations are harmless but redundant.

---

Code Quality Observations

4. NetworkObserver Properties Widened to internal (Acceptable)

// Before
private let ping: PingType?
private var currentPath: MonitorType.PathType?
// After
internal let ping: PingType?
internal var currentPath: MonitorType.PathType?

This change is required to allow NetworkObserver+Handlers.swift to access these properties in a separate file. The actor boundary still protects concurrent access, so this is safe. Just worth noting the access widening is a side-effect of the refactoring split.

5. Potentially Unused Loggers in SundialLogger+Fallback.swift (Minor)

The fallback logger enum includes combine, binary, messagable, and test static instances:

internal static let combine = FallbackLogger(...)
internal static let binary = FallbackLogger(...)
internal static let messagable = FallbackLogger(...)
internal static let test = FallbackLogger(...)

These appear to be copy-pasted from SundialKit itself but are likely unused in SundialKitStream. Since the project now enforces the one_declaration_per_file SwiftLint rule, also consider whether these warrant individual files or can be pruned.

---

Positive Changes

• Concurrency group (cancel-in-progress: true) is a great addition — prevents redundant CI runs on fast-follow pushes.
• Coverage gating (if: steps.build.outputs.contains-code-coverage == 'true') avoids spurious failures on build types that don't produce coverage data. Cleaner than the previous unconditional approach.
• Dynamic matrix selection (full vs. minimal per branch) is a well-structured optimization — PRs and main get thorough coverage; tag builds stay lean.
• Windows and Android CI additions are valuable for cross-platform reach.
• LINT_MODE=STRICT moved to step-level env is the correct fix (matching the SundialKit pattern) — job-level env vars can be harder to override per-step.
• Splitting SundialLogger fallback into a separate file and removing the file_types_order suppression comment is a nice cleanup.
• .swift-format disabling FileScopedDeclarationPrivacy: consistent with the codebase using internal access in extensions across multiple files.

---

Summary

The main actionable item before merge is the branch-pinned dependency in Package.swift (#1) — everything else is minor or informational. The CI restructuring itself is well thought out.

[claude]

PR Review: chore(ci): migrate workflow to SyntaxKit structure with strict lint enforcement

This is a solid infrastructure PR. The CI restructuring, cross-platform source guards, and observer refactoring are all well-reasoned. A few issues worth addressing before merge:

---

Bugs / Issues

1. Unstable branch dependency in Package.swift

.package(url: "...", branch: "atleast-v1.0.0-beta.4")

Branch-based dependencies are not reproducible — a force-push to that branch would silently break builds. This should be either a tagged version (from: "1.0.0-beta.4") or a pinned revision. The Package.resolved locking by revision helps short-term, but this should be stabilized before the PR merges or a follow-up issue filed.

2. build-windows and build-android missing !cancelled() guard

Both jobs use only:

if: needs.configure.outputs.full-matrix == 'true'

But build-macos-full correctly uses:

if: ${{ !cancelled() && needs.configure.result == 'success' && needs.configure.outputs.full-matrix == 'true' }}

Without !cancelled(), these jobs will attempt to run even if the workflow was manually cancelled mid-run.

3. build-windows Codecov flags have a double swift- prefix

The matrix defines version: swift-6.3-release and the flag is:

flags: swift-${{ matrix.swift.version }},windows

This produces swift-swift-6.3-release,windows. Compare to Ubuntu which produces swift-6.1,ubuntu. Consider using just ${{ matrix.swift.version }},windows for consistency.

4. build-android coverage step is missing swift-coverage-action

build-ubuntu runs swift-coverage-action@v5 before codecov-action@v6 to process raw coverage files. build-android skips that step and goes straight to Codecov. If swift-build@v1 doesn't pre-process coverage for Android, this upload will be empty or malformed.

---

Design Concerns

5. NetworkObserver properties widened from private to internal

Properties like pathContinuations, isExpensiveContinuations, etc. are widened to internal solely to allow NetworkObserver+Handlers.swift to access them. This leaks implementation details to the rest of the module. Since StreamContinuationManager already centralizes continuation management for ConnectivityObserver, eventually migrating NetworkObserver to the same pattern would eliminate this visibility widening — though that's a larger refactor. At minimum, a comment explaining why these are internal would help future readers.

6. Redundant PACKAGE_NAME in build-macos and build-macos-full

Both jobs redeclare PACKAGE_NAME: SundialKitStream at the job level, but this is already set at the top-level workflow env. The job-level declarations are redundant and could cause confusion if the top-level value is ever changed.

---

Minor Nits

7. SupportedModule.swift file header comment mismatch

The file is SupportedModule.swift but the header comment reads // WASMSupport.swift. Looks like a rename that didn't update the header.

8. build-macos references undefined matrix keys

The build step uses type, deviceName, osVersion, and download-platform, but the build-macos matrix only defines runs-on and xcode. These all evaluate to empty string (intentionally, for SPM-only), but a comment like # type omitted = SPM build would clarify intent.

---

What Looks Good

• Dynamic matrix in the configure job cleanly reduces CI cost on feature branches
• Gating coverage steps on contains-code-coverage == 'true' prevents spurious failures for platform builds without coverage support
• Moving LINT_MODE=STRICT to step-level env is more precise and consistent with the SundialKit fix
• #if canImport(Network) guards are consistently applied across all affected source and test files
• SupportedModule OptionSet is an elegant solution for runtime test skipping on platforms without the required frameworks
• Extracting the fallback logger to SundialLogger+Fallback.swift removes the swiftlint:disable file_types_order workaround
• bufferingPolicy: .unbounded on continuations prevents silently dropped values under backpressure
• Adding tvOS to the build matrix is a good addition given it's listed as a supported platform

Overall a well-structured change — the issues above are mostly polish and a couple of correctness gaps in the new CI jobs.