chore(governance): L4 cargo-modules deny-cyclic + CI step (v14 cycle-4 T2)

[KooshaPari]

User description

Implements v14 cycle-4 T2 (L4 module-deps pillar): adds cargo m-check alias invoking cargo-modules check --deny cyclic --deny dead-code --deny unreachable and a new module-graph CI job.

Changes:

• .cargo/config.toml: new [alias] m-check block (appended)
• .github/workflows/ci.yml: new module-graph job appended after existing jobs (Ubuntu 24.04, installs cargo-modules, runs cargo m-check)

Tracking: v14 cycle-4 T2, L4 pillar.

DO NOT auto-merge. HitL review preferred.

---

CodeAnt-AI Description

Add a CI check for Rust module dependency problems

What Changed

• CI now runs a Rust module graph check on every run to catch cyclic, dead, or unreachable module code
• Added a short command alias so the same module check can be run consistently from the repo

Impact

✅ Earlier detection of Rust module cycles
✅ Fewer broken merges from unused or unreachable code
✅ Consistent module checks in CI and locally

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[coderabbitai]

Warning

Review limit reached

@KooshaPari, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 7 minutes and 15 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 055050e5-cedc-47ec-82fb-a10f316627b5

📥 Commits

Reviewing files that changed from the base of the PR and between 33e49ad and 357883e.

📒 Files selected for processing (2)

• .cargo/config.toml
• .github/workflows/ci.yml

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1)

unknown escape sequence in ".coderabbit.yaml" (41:11)

 38 |       - "async_await_patterns"
 39 |     patterns_to_watch:
 40 |       - "^unsafe "
 41 |       - "\.unwrap\(\)"
----------------^
 42 |       - "\.expect\("
 43 |       - "std::panic"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/L4-cargo-modules-deny-cyclic-2026-06-21

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch chore/L4-cargo-modules-deny-cyclic-2026-06-21

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request adds a new Cargo alias m-check to .cargo/config.toml for running cargo-modules check. However, the alias includes unsupported flags (--deny dead-code and --deny unreachable) which will cause CLI argument parsing errors and command failure. It is recommended to remove these unsupported flags and only use --deny cyclic.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The cargo-modules check command only supports --deny cyclic as a rule. It does not support --deny dead-code or --deny unreachable (which are standard rustc/clippy lints, not module-level dependency rules). Running cargo m-check with these unsupported flags will result in a CLI argument parsing error and fail the command/CI step.

Suggested change

	m-check = "modules check --deny cyclic --deny dead-code --deny unreachable"
	m-check = "modules check --deny cyclic"

[github-actions]

🔒 Snyk Security Scan Results

Snyk vulnerability scan completed. View results in GitHub Code Scanning dashboard.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

🔒 Snyk Security Scan Results

Snyk vulnerability scan completed. View results in GitHub Code Scanning dashboard.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 357883e01f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Use a supported cargo-modules subcommand

This alias is invoked by the new module-graph CI job, but cargo-modules does not provide a check subcommand or --deny cyclic/dead-code/unreachable options, so cargo m-check will fail at argument parsing before doing any module analysis. I checked the current cargo-modules CLI docs, which list only structure, dependencies, and orphans, with cycle enforcement exposed as cargo modules dependencies --acyclic and orphan denial as cargo modules orphans --deny (https://docs.rs/crate/cargo-modules/latest).

Useful? React with 👍 / 👎.