Payload
{
"action": "created",
"issue": {
"url": "https://api.github.com/repos/darkmatter/nixmac/issues/402",
"repository_url": "https://api.github.com/repos/darkmatter/nixmac",
"labels_url": "https://api.github.com/repos/darkmatter/nixmac/issues/402/labels{/name}",
"comments_url": "https://api.github.com/repos/darkmatter/nixmac/issues/402/comments",
"events_url": "https://api.github.com/repos/darkmatter/nixmac/issues/402/events",
"html_url": "https://github.com/darkmatter/nixmac/pull/402",
"id": 4645801092,
"node_id": "PR_kwDOSB6EzM7llM3j",
"number": 402,
"title": "ci: add lean cargo-check tripwire on develop pushes (ENG-550)",
"user": {
"login": "amacbride",
"id": 1263544,
"node_id": "MDQ6VXNlcjEyNjM1NDQ=",
"avatar_url": "https://avatars.githubusercontent.com/u/1263544?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/amacbride",
"html_url": "https://github.com/amacbride",
"followers_url": "https://api.github.com/users/amacbride/followers",
"following_url": "https://api.github.com/users/amacbride/following{/other_user}",
"gists_url": "https://api.github.com/users/amacbride/gists{/gist_id}",
"starred_url": "https://api.github.com/users/amacbride/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/amacbride/subscriptions",
"organizations_url": "https://api.github.com/users/amacbride/orgs",
"repos_url": "https://api.github.com/users/amacbride/repos",
"events_url": "https://api.github.com/users/amacbride/events{/privacy}",
"received_events_url": "https://api.github.com/users/amacbride/received_events",
"type": "User",
"user_view_type": "public",
"site_admin": false
},
"labels": [],
"state": "open",
"locked": false,
"assignees": [],
"milestone": null,
"comments": 4,
"created_at": "2026-06-12T02:46:46Z",
"updated_at": "2026-06-12T02:59:10Z",
"closed_at": null,
"assignee": null,
"author_association": "CONTRIBUTOR",
"issue_field_values": [],
"type": null,
"active_lock_reason": null,
"draft": false,
"pull_request": {
"url": "https://api.github.com/repos/darkmatter/nixmac/pulls/402",
"html_url": "https://github.com/darkmatter/nixmac/pull/402",
"diff_url": "https://github.com/darkmatter/nixmac/pull/402.diff",
"patch_url": "https://github.com/darkmatter/nixmac/pull/402.patch",
"merged_at": null
},
"body": "## Summary\n\nCloses ENG-550 (post-merge safety net portion).\n\n**Finding first:** the pre-merge cargo-check gate ENG-550 asks for already exists — `evaluate.yml`'s `Rust Check` (`cargo check --locked`) has run on PRs since 2026-06-04, and ruleset `15037341` has *required* it (plus `TypeScript`, a PR, and the merge queue, with no bypass actors) on develop since 2026-06-08. The late-May compile breakages predate that gate. So the gate isn't the gap.\n\nThe gap is that **nothing re-checks develop after a commit lands** — notably the periodic `main → develop` merge, which can produce a broken tree from two individually green parents. This PR adds a lightweight post-merge tripwire:\n\n- **`push: [develop]` trigger** runs `cargo check` against the actual post-merge tip. It's a *detector, not a gate* — it can't block, but it flips develop's commit status red within ~1 min so the team sees breakage immediately instead of via a confusing local build failure.\n- **Tripwire = cargo check only.** TypeScript/Treefmt are guarded to the PR/merge-queue path; compile breakage is the failure mode we keep hitting.\n- **Made the Rust Check genuinely light.** It was 9 min — but the `cargo check` itself was only **52s**; the other ~8 min was provisioning the full devenv profile (node/bun/sops/python) to run a Rust-only check. `cargo check` needs just the Rust toolchain + the system C compiler (`libgit2-sys`/`libsqlite3-sys` build their vendored C with `cc`), so this sets `install-devenv: false` + `install-bun-deps: false`. That drops it to a ~1 min toolchain setup **and speeds up the PR check too**. The full build (`build.yaml`) is untouched and still provides heavyweight coverage.\n\n## Test Plan\n\n- [ ] No test plan needed\n\nThis PR validates itself: `evaluate.yml` runs on `pull_request`, so the **Rust Check** job on this PR exercises the devenv-free `cargo check`. If it's green here, the slim setup works (and is now ~1 min instead of ~9). YAML validated locally; per-job `if` guards confirmed (only `rust-check` runs on push).\n\n## Docs\n\n- [ ] Docs updated (companion PR in darkmatter/nixmac-web: #\\_\\_\\_)\n- [x] No docs update needed\n\nCI-only change.\n\n---\n🤖 Generated with [Claude Code](https://claude.com/claude-code)\n",
"reactions": {
"url": "https://api.github.com/repos/darkmatter/nixmac/issues/402/reactions",
"total_count": 0,
"+1": 0,
"-1": 0,
"laugh": 0,
"hooray": 0,
"confused": 0,
"heart": 0,
"rocket": 0,
"eyes": 0
},
"timeline_url": "https://api.github.com/repos/darkmatter/nixmac/issues/402/timeline",
"performed_via_github_app": null,
"state_reason": null
},
"comment": {
"url": "https://api.github.com/repos/darkmatter/nixmac/issues/comments/4686917212",
"html_url": "https://github.com/darkmatter/nixmac/pull/402#issuecomment-4686917212",
"issue_url": "https://api.github.com/repos/darkmatter/nixmac/issues/402",
"id": 4686917212,
"node_id": "IC_kwDOSB6EzM8AAAABF1yuXA",
"user": {
"login": "amacbride",
"id": 1263544,
"node_id": "MDQ6VXNlcjEyNjM1NDQ=",
"avatar_url": "https://avatars.githubusercontent.com/u/1263544?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/amacbride",
"html_url": "https://github.com/amacbride",
"followers_url": "https://api.github.com/users/amacbride/followers",
"following_url": "https://api.github.com/users/amacbride/following{/other_user}",
"gists_url": "https://api.github.com/users/amacbride/gists{/gist_id}",
"starred_url": "https://api.github.com/users/amacbride/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/amacbride/subscriptions",
"organizations_url": "https://api.github.com/users/amacbride/orgs",
"repos_url": "https://api.github.com/users/amacbride/repos",
"events_url": "https://api.github.com/users/amacbride/events{/privacy}",
"received_events_url": "https://api.github.com/users/amacbride/received_events",
"type": "User",
"user_view_type": "public",
"site_admin": false
},
"created_at": "2026-06-12T02:59:10Z",
"updated_at": "2026-06-12T02:59:10Z",
"body": "### ENG-550 summary\n\nInvestigated the current state first, and the headline finding reframes the issue.\n\n**The pre-merge cargo-check gate ENG-550 asks for already exists.** `evaluate.yml`'s `Rust Check` (`cargo check --locked`) has run on PRs since **2026-06-04**, and ruleset `15037341` has *required* it on develop (alongside `TypeScript`, a required PR, and the merge queue — **no bypass actors**) since **2026-06-08**. The late-May compile breakages predate that gate, which is why they landed — there was nothing to bypass, the gate didn't exist yet.\n\n**What was actually missing:** nothing re-checks develop *after* a commit lands. The one path that can still break develop is the recurring **`main → develop` merge**, which can produce a broken tree from two individually-green parents.\n\n**What this PR adds:**\n1. A **post-merge tripwire** — `cargo check` re-runs on every push to develop and flips its commit status red within ~2.5 min if it's broken. A detector, not a gate (the heavyweight `build` already gates the PR path).\n2. Tripwire is **cargo-check only** (compile breakage is the failure mode we keep hitting); TypeScript/Treefmt stay on the PR/merge-queue path.\n3. **Made the check genuinely lightweight.** The old `Rust Check` was ~9 min, but `cargo check` itself was only **52s** — the other ~8 min was provisioning the full devenv profile (node/bun/sops/python) to run a Rust-only check. Skipping it (`install-devenv: false`) drops the job to **2m45s**, validated green on this PR. Bonus: this speeds up the Rust Check on **every PR** too.\n\n**Net:** develop now has both a pre-merge gate (already there) and a fast post-merge safety net (new), at ~52s of real compute.\n\n_(The `Storybook Snapshot Tests` red here is pre-existing develop drift from #373 — unrelated to this CI-only change.)_\n",
"author_association": "MEMBER",
"reactions": {
"url": "https://api.github.com/repos/darkmatter/nixmac/issues/comments/4686917212/reactions",
"total_count": 0,
"+1": 0,
"-1": 0,
"laugh": 0,
"hooray": 0,
"confused": 0,
"heart": 0,
"rocket": 0,
"eyes": 0
},
"performed_via_github_app": null
},
"repository": {
"id": 1209959628,
"node_id": "R_kgDOSB6EzA",
"name": "nixmac",
"full_name": "darkmatter/nixmac",
"private": false,
"owner": {
"login": "darkmatter",
"id": 17834193,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjE3ODM0MTkz",
"avatar_url": "https://avatars.githubusercontent.com/u/17834193?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/darkmatter",
"html_url": "https://github.com/darkmatter",
"followers_url": "https://api.github.com/users/darkmatter/followers",
"following_url": "https://api.github.com/users/darkmatter/following{/other_user}",
"gists_url": "https://api.github.com/users/darkmatter/gists{/gist_id}",
"starred_url": "https://api.github.com/users/darkmatter/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/darkmatter/subscriptions",
"organizations_url": "https://api.github.com/users/darkmatter/orgs",
"repos_url": "https://api.github.com/users/darkmatter/repos",
"events_url": "https://api.github.com/users/darkmatter/events{/privacy}",
"received_events_url": "https://api.github.com/users/darkmatter/received_events",
"type": "Organization",
"user_view_type": "public",
"site_admin": false
},
"html_url": "https://github.com/darkmatter/nixmac",
"description": "Home manager and nix-darwin that understands plain English",
"fork": false,
"url": "https://api.github.com/repos/darkmatter/nixmac",
"forks_url": "https://api.github.com/repos/darkmatter/nixmac/forks",
"keys_url": "https://api.github.com/repos/darkmatter/nixmac/keys{/key_id}",
"collaborators_url": "https://api.github.com/repos/darkmatter/nixmac/collaborators{/collaborator}",
"teams_url": "https://api.github.com/repos/darkmatter/nixmac/teams",
"hooks_url": "https://api.github.com/repos/darkmatter/nixmac/hooks",
"issue_events_url": "https://api.github.com/repos/darkmatter/nixmac/issues/events{/number}",
"events_url": "https://api.github.com/repos/darkmatter/nixmac/events",
"assignees_url": "https://api.github.com/repos/darkmatter/nixmac/assignees{/user}",
"branches_url": "https://api.github.com/repos/darkmatter/nixmac/branches{/branch}",
"tags_url": "https://api.github.com/repos/darkmatter/nixmac/tags",
"blobs_url": "https://api.github.com/repos/darkmatter/nixmac/git/blobs{/sha}",
"git_tags_url": "https://api.github.com/repos/darkmatter/nixmac/git/tags{/sha}",
"git_refs_url": "https://api.github.com/repos/darkmatter/nixmac/git/refs{/sha}",
"trees_url": "https://api.github.com/repos/darkmatter/nixmac/git/trees{/sha}",
"statuses_url": "https://api.github.com/repos/darkmatter/nixmac/statuses/{sha}",
"languages_url": "https://api.github.com/repos/darkmatter/nixmac/languages",
"stargazers_url": "https://api.github.com/repos/darkmatter/nixmac/stargazers",
"contributors_url": "https://api.github.com/repos/darkmatter/nixmac/contributors",
"subscribers_url": "https://api.github.com/repos/darkmatter/nixmac/subscribers",
"subscription_url": "https://api.github.com/repos/darkmatter/nixmac/subscription",
"commits_url": "https://api.github.com/repos/darkmatter/nixmac/commits{/sha}",
"git_commits_url": "https://api.github.com/repos/darkmatter/nixmac/git/commits{/sha}",
"comments_url": "https://api.github.com/repos/darkmatter/nixmac/comments{/number}",
"issue_comment_url": "https://api.github.com/repos/darkmatter/nixmac/issues/comments{/number}",
"contents_url": "https://api.github.com/repos/darkmatter/nixmac/contents/{+path}",
"compare_url": "https://api.github.com/repos/darkmatter/nixmac/compare/{base}...{head}",
"merges_url": "https://api.github.com/repos/darkmatter/nixmac/merges",
"archive_url": "https://api.github.com/repos/darkmatter/nixmac/{archive_format}{/ref}",
"downloads_url": "https://api.github.com/repos/darkmatter/nixmac/downloads",
"issues_url": "https://api.github.com/repos/darkmatter/nixmac/issues{/number}",
"pulls_url": "https://api.github.com/repos/darkmatter/nixmac/pulls{/number}",
"milestones_url": "https://api.github.com/repos/darkmatter/nixmac/milestones{/number}",
"notifications_url": "https://api.github.com/repos/darkmatter/nixmac/notifications{?since,all,participating}",
"labels_url": "https://api.github.com/repos/darkmatter/nixmac/labels{/name}",
"releases_url": "https://api.github.com/repos/darkmatter/nixmac/releases{/id}",
"deployments_url": "https://api.github.com/repos/darkmatter/nixmac/deployments",
"created_at": "2026-04-14T00:37:13Z",
"updated_at": "2026-06-12T00:08:46Z",
"pushed_at": "2026-06-12T02:46:20Z",
"git_url": "git://github.com/darkmatter/nixmac.git",
"ssh_url": "git@github.com:darkmatter/nixmac.git",
"clone_url": "https://github.com/darkmatter/nixmac.git",
"svn_url": "https://github.com/darkmatter/nixmac",
"homepage": "https://nixmac.com",
"size": 681557,
"stargazers_count": 5,
"watchers_count": 5,
"language": "Rust",
"has_issues": true,
"has_projects": false,
"has_downloads": true,
"has_wiki": false,
"has_pages": true,
"has_discussions": false,
"forks_count": 1,
"mirror_url": null,
"archived": false,
"disabled": false,
"open_issues_count": 93,
"license": {
"key": "mit",
"name": "MIT License",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit",
"node_id": "MDc6TGljZW5zZTEz"
},
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [
"home-manager",
"nix",
"nix-darwin",
"nix-flake",
"opencode"
],
"visibility": "public",
"forks": 1,
"open_issues": 93,
"watchers": 5,
"default_branch": "develop",
"custom_properties": {}
},
"organization": {
"login": "darkmatter",
"id": 17834193,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjE3ODM0MTkz",
"url": "https://api.github.com/orgs/darkmatter",
"repos_url": "https://api.github.com/orgs/darkmatter/repos",
"events_url": "https://api.github.com/orgs/darkmatter/events",
"hooks_url": "https://api.github.com/orgs/darkmatter/hooks",
"issues_url": "https://api.github.com/orgs/darkmatter/issues",
"members_url": "https://api.github.com/orgs/darkmatter/members{/member}",
"public_members_url": "https://api.github.com/orgs/darkmatter/public_members{/member}",
"avatar_url": "https://avatars.githubusercontent.com/u/17834193?v=4",
"description": ""
},
"enterprise": {
"id": 469843,
"slug": "darkmatter",
"name": "darkmatter",
"node_id": "E_kgDOAAcrUw",
"avatar_url": "https://avatars.githubusercontent.com/b/469843?v=4",
"description": "",
"website_url": "darkmatter.io",
"html_url": "https://github.com/enterprises/darkmatter",
"created_at": "2025-09-07T16:01:00Z",
"updated_at": "2026-06-07T16:53:26Z"
},
"sender": {
"login": "amacbride",
"id": 1263544,
"node_id": "MDQ6VXNlcjEyNjM1NDQ=",
"avatar_url": "https://avatars.githubusercontent.com/u/1263544?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/amacbride",
"html_url": "https://github.com/amacbride",
"followers_url": "https://api.github.com/users/amacbride/followers",
"following_url": "https://api.github.com/users/amacbride/following{/other_user}",
"gists_url": "https://api.github.com/users/amacbride/gists{/gist_id}",
"starred_url": "https://api.github.com/users/amacbride/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/amacbride/subscriptions",
"organizations_url": "https://api.github.com/users/amacbride/orgs",
"repos_url": "https://api.github.com/users/amacbride/repos",
"events_url": "https://api.github.com/users/amacbride/events{/privacy}",
"received_events_url": "https://api.github.com/users/amacbride/received_events",
"type": "User",
"user_view_type": "public",
"site_admin": false
},
"installation": {
"id": 131074261,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMTMxMDc0MjYx"
}
}