The workspace clippy configuration in `Cargo.toml` restricts `todo`, `unimplemented`, `unreachable`, and `get_unwrap`, but does NOT restrict `unwrap_used` or `expect_used`. A panic audit shows ~4,300 `.unwrap()` / `.expect()` call sites across the workspace; the vast majority are in test code and a few production sites are proven-safe by local invariants.
The discipline is working today, but it depends on reviewer enforcement. Enabling the two restriction lints turns the discipline into a compiler-enforced ratchet: new panics in production code require an explicit `#[expect(clippy::unwrap_used, reason = "...")]` annotation, which is reviewable.
Scope
- Add to `[workspace.lints.clippy]` in `Cargo.toml`:
```toml
unwrap_used = "warn"
expect_used = "warn"
```
- Sweep existing production-code sites that are proven safe and annotate them with `#[expect(clippy::unwrap_used, reason = "...")]` (the same pattern the project already uses for other clippy restrictions, per `.claude/rules/code-quality.md`). Known sites:
- `crates/cli/src/setup_hooks.rs:854-855` (`find().unwrap()` after `contains()` guards)
- `crates/cli/src/setup_hooks.rs:551` (`expect("rebuilt value must remain an object")`)
- `crates/cli/src/health/coverage.rs:1142` (`expect("temp dir is always initialized above")`)
- `crates/graph/src/graph/cycles.rs` (2 sites in graph layer)
- Allow tests and benches to keep `.unwrap()` freely. Suppress at module level in test files via:
```rust
#![cfg_attr(test, allow(clippy::unwrap_used, clippy::expect_used))]
```
or via per-test-module `#[expect(...)]` blocks. Either approach is fine; pick the one the existing restriction lints already use elsewhere.
Why this matters
- Compiler-enforced panic discipline.
- Every new `#[expect(clippy::unwrap_used)]` annotation forces an explicit reason field, which is reviewable.
- Cheap: one-line lint config + a small annotation sweep.
Verification
- `cargo clippy --workspace --all-targets -- -D warnings` passes after the sweep.
- Deliberately add a new `.unwrap()` to a production source file without an annotation; confirm the clippy build fails.
- Test code remains unaffected.
The workspace clippy configuration in `Cargo.toml` restricts `todo`, `unimplemented`, `unreachable`, and `get_unwrap`, but does NOT restrict `unwrap_used` or `expect_used`. A panic audit shows ~4,300 `.unwrap()` / `.expect()` call sites across the workspace; the vast majority are in test code and a few production sites are proven-safe by local invariants.
The discipline is working today, but it depends on reviewer enforcement. Enabling the two restriction lints turns the discipline into a compiler-enforced ratchet: new panics in production code require an explicit `#[expect(clippy::unwrap_used, reason = "...")]` annotation, which is reviewable.
Scope
```toml
unwrap_used = "warn"
expect_used = "warn"
```
```rust
#![cfg_attr(test, allow(clippy::unwrap_used, clippy::expect_used))]
```
or via per-test-module `#[expect(...)]` blocks. Either approach is fine; pick the one the existing restriction lints already use elsewhere.
Why this matters
Verification