Add wireframe-verification crate with placeholder Stateright model

[leynos]

Summary

Introduce an internal crate for formal verification support: crates/wireframe-verification. It provides a shared Stateright harness, a placeholder connection model, and tests to exercise the verification workflow. This lays the groundwork for roadmap item 15.1.2 and later extensions toward the real ConnectionActor model.

Changes

• New crate: crates/wireframe-verification
  • lib.rs exporting // modules for the verification model and harness
  • connection_model:
    • action.rs: placeholder ConnectionAction enum
    • mod.rs / model.rs / state.rs / properties.rs: placeholder semantic model and helpers
  • harness.rs: shared bounded Stateright checker builder and assertion helpers
  • tests:
    • connection_actor.rs: integration test for the placeholder model
    • verification_harness.rs: integration test for the shared harness with explicit bounds
• Workspace and manifest updates
  • Root Cargo.toml: add crates/wireframe-verification to workspace members; keep default member as root
  • Documentation alignment to reflect new internal crate and its role in the verification roadmap
  • Tests and fixtures updated to reflect the workspace manifest changes (workspace_members now include the verification crate)
• Documentation artifacts
  • Added ExecPlan doc at docs/execplans/15-1-2-wireframe-verification-crate.md describing purpose, constraints, and validation goals
  • Updated docs: docs/formal-verification-methods-in-wireframe.md, docs/roadmap.md, and related sections to reflect the new cradle and its scope

Why

This implements the 15.1.2 milestone: an internal, non-published crate to host Stateright models and a reusable bounded-checker harness, enabling safe, repeatable verification workflows while the real ConnectionActor model matures in follow-up roadmap items.

How to test

• Run crate-specific tests:
  • cargo test -p wireframe-verification
• Run repository tests (workspace):
  • cargo test --workspace
• Verify workspace metadata reflects the new member:
  • cargo metadata --no-deps --format-version 1

Next steps

• Extend the placeholder connection model toward the real ConnectionActor semantics.
• Expand harness coverage and add more rigorous tests as roadmap items progress.
• Keep documentation in-sync with evolving verification capabilities and workspace layout.

Validation plan (from ExecPlan)

• Ensure cargo test -p wireframe-verification passes
• Ensure workspace manifest tests reflect new member and defaults
• Keep crate non-published (publish = false)
• Update developer docs to describe the new verification crate structure

◳ Generated by DevBoxer ◰

---

ℹ️ Tag @devboxerhub to ask questions and address PR feedback

📎 Task: https://www.devboxer.com/task/7849551b-1b21-4381-a196-34d9041706d2

Summary by Sourcery

Introduce an internal wireframe-verification crate for Stateright-based formal models and a shared verification harness, and wire it into the workspace, tests, and documentation as the home for connection-actor verification work.

New Features:

• Add the internal wireframe-verification crate providing a placeholder connection-actor Stateright model and shared bounded-checker harness.

Enhancements:

• Extend workspace manifest tests and BDD scenarios to assert the verification crate is a workspace member while keeping the root package as the sole default member.
• Refine workspace manifest support utilities to fetch generic Cargo package IDs for both the root and verification crates.

Build:

• Update the root Cargo.toml workspace members to include crates/wireframe-verification without changing default members.

Documentation:

• Add an ExecPlan documenting roadmap item 15.1.2 and update formal verification, developer guide, and roadmap docs to describe the new verification crate, workspace layout, and Stateright version.
• Clarify documentation around wireframe dependency features and workspace metadata behavior after adding the verification crate.

Tests:

• Add integration tests for the placeholder connection model and shared verification harness in the new crate using rstest.
• Update workspace manifest regression tests and BDD feature/step definitions to validate the presence of the verification crate in Cargo metadata and workspace membership.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: faceb785-97e6-49ed-b1a0-9e9ce24cdb96

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch plan-wireframe-verification-cgw2wi

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Reviewer's Guide

Introduces a new internal crate crates/wireframe-verification that hosts a shared Stateright verification harness and a placeholder connection model, wires it into the Cargo workspace, and updates workspace-manifest tests and documentation to reflect the new verification crate and roadmap milestone 15.1.2.

Sequence diagram for asserting Stateright properties via the shared harness

sequenceDiagram
    actor Developer
    participant TestRunner
    participant ConnectionActorTest
    participant VerificationHarness as VerificationHarnessHelpers
    participant Model as PlaceholderConnectionModel
    participant Stateright as Checker

    Developer->>TestRunner: cargo test -p wireframe-verification
    TestRunner->>ConnectionActorTest: run tests
    ConnectionActorTest->>Model: create PlaceholderConnectionModel::default()
    ConnectionActorTest->>VerificationHarness: assert_model_properties(model)
    VerificationHarness->>VerificationHarness: create VerificationBounds::default()
    VerificationHarness->>VerificationHarness: checker(model, bounds)
    VerificationHarness->>Stateright: spawn_bfs()
    Stateright-->>VerificationHarness: Checker result
    VerificationHarness->>Stateright: assert_properties()
    Stateright-->>VerificationHarness: all properties hold
    VerificationHarness-->>ConnectionActorTest: return
    ConnectionActorTest-->>TestRunner: test pass
    TestRunner-->>Developer: report success

Loading

Class diagram for wireframe-verification placeholder connection model and harness

classDiagram
    class ActiveOutput {
        <<enum>>
        Idle
        Response
        MultiPacket
    }

    class ConnectionState {
        +u8 steps
        +bool high_priority_queued
        +bool low_priority_queued
        +bool fairness_allows_low
        +ActiveOutput active_output
        +bool shutdown_requested
        +bool emitted_high_priority
        +bool emitted_low_priority
        +bool response_completed
        +bool multi_packet_completed
        +bool shutdown_during_output
        +u8 multi_packet_terminal_count
    }

    class ConnectionAction {
        <<enum>>
        EnqueueHigh
        EnqueueLow
        InstallResponse
        InstallMultiPacket
        EmitQueued
        EmitActiveFrame
        CompleteActiveOutput
        Shutdown
        TickFairness
    }

    class PlaceholderConnectionModel {
        -u8 max_steps
        +PlaceholderConnectionModel()
        +PlaceholderConnectionModel new(max_steps u8)
        +Vec~ConnectionState~ init_states()
        +void actions(state ConnectionState, actions Vec~ConnectionAction~)
        +Option~ConnectionState~ next_state(state ConnectionState, action ConnectionAction)
        +Vec~Property~ properties()
        +bool within_boundary(state ConnectionState)
    }

    class VerificationBounds {
        +usize max_depth
        +usize max_state_count
        +VerificationBounds()
    }

    class VerificationHarnessHelpers {
        <<utility>>
        +CheckerBuilder~PlaceholderConnectionModel~ checker(model PlaceholderConnectionModel, bounds VerificationBounds)
        +void assert_model_properties(model PlaceholderConnectionModel)
        +void assert_model_properties_with_bounds(model PlaceholderConnectionModel, bounds VerificationBounds)
    }

    ActiveOutput <.. ConnectionState : uses
    ConnectionAction <.. PlaceholderConnectionModel : uses
    ConnectionState <.. PlaceholderConnectionModel : uses
    VerificationBounds <.. VerificationHarnessHelpers : uses
    PlaceholderConnectionModel <.. VerificationHarnessHelpers : uses

Loading

File-Level Changes

Change	Details	Files
Add internal wireframe-verification crate providing a Stateright-based placeholder connection model and shared verification harness, with tests.	Create wireframe-verification crate manifest as an internal, non-published package depending on stateright 0.31.0 and the main wireframe crate with test-support features. Implement placeholder connection model types: actions, state, and a PlaceholderConnectionModel implementing stateright::Model with bounded depth and semantic transition rules. Define model properties in terms of simple safety and liveness conditions (fairness, completion, shutdown race) expressed as stateright::Property values. Provide a reusable verification harness module that builds bounded Stateright checkers with standard depth/state limits and assertion helpers. Add integration tests that run the placeholder model through the shared harness with default and explicit verification bounds.	crates/wireframe-verification/Cargo.toml crates/wireframe-verification/src/lib.rs crates/wireframe-verification/src/harness.rs crates/wireframe-verification/src/connection_model/mod.rs crates/wireframe-verification/src/connection_model/action.rs crates/wireframe-verification/src/connection_model/state.rs crates/wireframe-verification/src/connection_model/model.rs crates/wireframe-verification/src/connection_model/properties.rs crates/wireframe-verification/tests/connection_actor.rs crates/wireframe-verification/tests/verification_harness.rs
Wire the verification crate into the Cargo workspace and update workspace manifest regression tests and BDD scenarios to assert the new membership contract.	Update root Cargo.toml workspace members array to include crates/wireframe-verification while keeping default-members = ["."]. Refactor workspace manifest test support to obtain package IDs generically and add helpers to fetch the verification crate package ID. Extend fixture world and test helpers to load and assert on the verification crate package ID and its presence in workspace_members and packages in cargo metadata. Change regression tests and BDD scenarios from expecting the verification crate to be absent to asserting it is a workspace member without changing the sole default member. Rename tests and feature scenario descriptions to the "formal verification workspace" contract tied to roadmap item 15.1.2.	Cargo.toml tests/workspace_manifest.rs tests/common/workspace_manifest_support.rs tests/fixtures/workspace_manifest.rs tests/scenarios/workspace_manifest_scenarios.rs tests/features/workspace_manifest.feature tests/steps/workspace_manifest_steps.rs
Align and extend documentation to describe the verification crate, workspace behavior, and roadmap state, including a new ExecPlan for roadmap item 15.1.2.	Add ExecPlan document for roadmap item 15.1.2 that records purpose, constraints, risks, decisions, progress, and validation outcomes for the verification crate. Update the formal verification methods guide to show the post-15.1.2 workspace layout, the explicit verification crate member, the updated Stateright version, and the actual wireframe dependency feature usage. Adjust the developers guide to describe the hybrid workspace after items 15.1.1 and 15.1.2, mention how to run the verification crate tests, and clarify cargo metadata behavior with both the helper crate and verification crate. Mark roadmap item 15.1.2 as completed and reference the verification crate documentation. Apply minor copy edits and line-wrapping fixes in existing docs to keep them stylistically consistent.	docs/execplans/15-1-2-wireframe-verification-crate.md docs/formal-verification-methods-in-wireframe.md docs/developers-guide.md docs/roadmap.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[leynos]

@coderabbitai Please suggest a fix for this issue and supply a prompt for an AI coding agent to enable it to apply the fix. Include the file and symbol names indicated in the issue at the head of your response.

crates/wireframe-verification/src/connection_model/model.rs

Comment on lines +42 to +122

    fn next_state(&self, state: &Self::State, action: Self::Action) -> Option<Self::State> {
        let mut next = state.clone();
        next.steps = next.steps.saturating_add(1);

        match action {
            ConnectionAction::EnqueueHigh if !state.high_priority_queued => {
                next.high_priority_queued = true;
                Some(next)
            }
            ConnectionAction::EnqueueLow if !state.low_priority_queued => {
                next.low_priority_queued = true;
                Some(next)
            }
            ConnectionAction::InstallResponse
                if !state.shutdown_requested
                    && matches!(state.active_output, ActiveOutput::Idle) =>
            {
                next.active_output = ActiveOutput::Response;
                Some(next)
            }
            ConnectionAction::InstallMultiPacket
                if !state.shutdown_requested
                    && matches!(state.active_output, ActiveOutput::Idle) =>
            {
                next.active_output = ActiveOutput::MultiPacket;
                next.multi_packet_terminal_count = 0;
                Some(next)
            }
            ConnectionAction::EmitQueued if state.high_priority_queued => {
                next.high_priority_queued = false;
                next.emitted_high_priority = true;
                next.fairness_allows_low = true;
                Some(next)
            }
            ConnectionAction::EmitQueued
                if state.low_priority_queued
                    && (!state.high_priority_queued || state.fairness_allows_low) =>
            {
                next.low_priority_queued = false;
                next.emitted_low_priority = true;
                next.fairness_allows_low = false;
                Some(next)
            }
            ConnectionAction::EmitActiveFrame
                if !matches!(state.active_output, ActiveOutput::Idle) =>
            {
                if state.shutdown_requested {
                    next.shutdown_during_output = true;
                }
                Some(next)
            }
            ConnectionAction::CompleteActiveOutput
                if matches!(state.active_output, ActiveOutput::Response) =>
            {
                next.active_output = ActiveOutput::Idle;
                next.response_completed = true;
                Some(next)
            }
            ConnectionAction::CompleteActiveOutput
                if matches!(state.active_output, ActiveOutput::MultiPacket) =>
            {
                next.active_output = ActiveOutput::Idle;
                next.multi_packet_completed = true;
                next.multi_packet_terminal_count =
                    next.multi_packet_terminal_count.saturating_add(1);
                Some(next)
            }
            ConnectionAction::Shutdown if !state.shutdown_requested => {
                next.shutdown_requested = true;
                if !matches!(state.active_output, ActiveOutput::Idle) {
                    next.shutdown_during_output = true;
                }
                Some(next)
            }
            ConnectionAction::TickFairness if state.low_priority_queued => {
                next.fairness_allows_low = true;
                Some(next)
            }
            _ => None,
        }
    }

❌ New issue: Complex Method
Model.next_state has a cyclomatic complexity of 19, threshold = 9

[leynos]

@coderabbitai Please suggest a fix for this issue and supply a prompt for an AI coding agent to enable it to apply the fix. Include the file and symbol names indicated in the issue at the head of your response.

crates/wireframe-verification/src/connection_model/model.rs

Comment on lines +77 to +78

                if state.low_priority_queued
                    && (!state.high_priority_queued || state.fairness_allows_low) =>

❌ New issue: Complex Conditional
Model.next_state has 1 complex conditionals with 2 branches, threshold = 2

[leynos]

@coderabbitai Please suggest a fix for this issue and supply a prompt for an AI coding agent to enable it to apply the fix. Include the file and symbol names indicated in the issue at the head of your response.

crates/wireframe-verification/src/connection_model/model.rs

Comment on lines +42 to +122

    fn next_state(&self, state: &Self::State, action: Self::Action) -> Option<Self::State> {
        let mut next = state.clone();
        next.steps = next.steps.saturating_add(1);

        match action {
            ConnectionAction::EnqueueHigh if !state.high_priority_queued => {
                next.high_priority_queued = true;
                Some(next)
            }
            ConnectionAction::EnqueueLow if !state.low_priority_queued => {
                next.low_priority_queued = true;
                Some(next)
            }
            ConnectionAction::InstallResponse
                if !state.shutdown_requested
                    && matches!(state.active_output, ActiveOutput::Idle) =>
            {
                next.active_output = ActiveOutput::Response;
                Some(next)
            }
            ConnectionAction::InstallMultiPacket
                if !state.shutdown_requested
                    && matches!(state.active_output, ActiveOutput::Idle) =>
            {
                next.active_output = ActiveOutput::MultiPacket;
                next.multi_packet_terminal_count = 0;
                Some(next)
            }
            ConnectionAction::EmitQueued if state.high_priority_queued => {
                next.high_priority_queued = false;
                next.emitted_high_priority = true;
                next.fairness_allows_low = true;
                Some(next)
            }
            ConnectionAction::EmitQueued
                if state.low_priority_queued
                    && (!state.high_priority_queued || state.fairness_allows_low) =>
            {
                next.low_priority_queued = false;
                next.emitted_low_priority = true;
                next.fairness_allows_low = false;
                Some(next)
            }
            ConnectionAction::EmitActiveFrame
                if !matches!(state.active_output, ActiveOutput::Idle) =>
            {
                if state.shutdown_requested {
                    next.shutdown_during_output = true;
                }
                Some(next)
            }
            ConnectionAction::CompleteActiveOutput
                if matches!(state.active_output, ActiveOutput::Response) =>
            {
                next.active_output = ActiveOutput::Idle;
                next.response_completed = true;
                Some(next)
            }
            ConnectionAction::CompleteActiveOutput
                if matches!(state.active_output, ActiveOutput::MultiPacket) =>
            {
                next.active_output = ActiveOutput::Idle;
                next.multi_packet_completed = true;
                next.multi_packet_terminal_count =
                    next.multi_packet_terminal_count.saturating_add(1);
                Some(next)
            }
            ConnectionAction::Shutdown if !state.shutdown_requested => {
                next.shutdown_requested = true;
                if !matches!(state.active_output, ActiveOutput::Idle) {
                    next.shutdown_during_output = true;
                }
                Some(next)
            }
            ConnectionAction::TickFairness if state.low_priority_queued => {
                next.fairness_allows_low = true;
                Some(next)
            }
            _ => None,
        }
    }

❌ New issue: Bumpy Road Ahead
Model.next_state has 3 blocks with nested conditional logic. Any nesting of 2 or deeper is considered. Threshold is 2 blocks per function

[codescene-delta-analysis]

Gates Failed
Enforce advisory code health rules (1 file with Code Duplication)

Gates Passed
5 Quality Gates Passed

See analysis details in CodeScene

Reason for failure

Enforce advisory code health rules	Violations	Code Health Impact
model.rs	1 advisory rule	9.39	Suppress

Quality Gate Profile: Pay Down Tech Debt
Install CodeScene MCP: safeguard and uplift AI-generated code. Catch issues early with our IDE extension and CLI tool.

[codescene-delta-analysis]

❌ New issue: Code Duplication
The module contains 4 functions with similar structure: PlaceholderConnectionModel.apply_emit_active_frame,PlaceholderConnectionModel.apply_emit_high,PlaceholderConnectionModel.apply_emit_low,PlaceholderConnectionModel.apply_shutdown

_Suppress