Fixed: Document # Errors sections for 40 public API functions

[Sewer56]

Description

Adds comprehensive error documentation (# Errors sections) to public functions across 5 crates that were either missing documentation or had vague triggers.

Changes

llm-coding-tools-core (12 functions)

• BashRequest::parse - documents ToolError::Json
• fs::read_to_string, fs::write, fs::create_dir_all, fs::open_buffered (blocking & async)
• AbsolutePathResolver::resolve, AllowedPathResolver::new
• expand_shell - documents ToolError::InvalidPath

llm-coding-tools-agents (12 functions)

• AgentLoader::add_directory, add_directory_with_errors, add_file, add_file_named, add_from_str, add_from_bytes
• Ruleset::from_permission_config, AgentRuntimeBuilder::build
• summarize_callable_targets, callable_targets
• build_resolver_for_tool - now documents ToolError::PermissionDenied

llm-coding-tools-bubblewrap (4 functions)

• wrap_command - documents 3 LinuxBwrapError::InvalidPath conditions
• build_command_wrap (blocking & tokio) - replaces vague docs with specific variant
• resolve_backend_or_error_for - documents LinuxBwrapError::Execution

llm-coding-tools-serdesai (3 functions)

• to_serdes_result - documents SerdesError
• ToolResultExt::with_tool - documents AgentBuildError::ToolSettingsValidation

llm-coding-tools-models-dev (9 functions)

• ModelsDevCatalog::load, load_at - documents all 8 CatalogError variants
• load_catalog_at_path, load_catalog_from_url - documents 8 variants each
• shared_cache_path - added missing CatalogError::Configuration
• parse_api_json, cache_payload_from_api_json_bytes, catalog_from_cache_payload, load_catalog_from_cache_file_data

Format

All error docs follow the required format:

/// # Errors
/// - Returns [`Error::Variant`] when <specific condition>.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.04%. Comparing base (a54cac4) to head (e07185c).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #107   +/-   ##
=======================================
  Coverage   81.04%   81.04%           
=======================================
  Files         110      110           
  Lines        4515     4517    +2     
=======================================
+ Hits         3659     3661    +2     
  Misses        856      856           

Flag	Coverage Δ
async	80.29% <ø> (+<0.01%)	⬆️
blocking	58.12% <ø> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/llm-coding-tools-agents/src/extensions.rs	100.00% <ø> (ø)
src/llm-coding-tools-agents/src/loader.rs	85.08% <ø> (ø)
src/llm-coding-tools-agents/src/path/resolver.rs	81.66% <ø> (ø)
src/llm-coding-tools-agents/src/runtime/builder.rs	79.16% <ø> (ø)
src/llm-coding-tools-agents/src/runtime/task.rs	100.00% <ø> (ø)
src/llm-coding-tools-bubblewrap/src/probe.rs	0.00% <ø> (ø)
...rc/llm-coding-tools-bubblewrap/src/wrap/command.rs	0.00% <ø> (ø)
src/llm-coding-tools-core/src/fs/blocking_impl.rs	100.00% <ø> (ø)
src/llm-coding-tools-core/src/fs/tokio_impl.rs	100.00% <ø> (ø)
src/llm-coding-tools-core/src/path/absolute.rs	100.00% <ø> (ø)
... and 19 more

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Walkthrough

This pull request adds comprehensive error documentation to public APIs across the llm-coding-tools codebase. Rustdoc comments and # Errors sections are added or updated to explicitly enumerate which error variants various functions return under specific failure conditions. Changes span filesystem operations, path resolution, permission validation, tool request parsing, sandbox execution, and catalog loading. No functional logic, control flow, or runtime behavior was modified—only documentation artifacts were added.

Possibly related PRs

• Expand shell patterns in permission rules at construction time #92: Implements eager shell-pattern expansion in permission Rule construction, which is the source of the ExpandError expansion validation failures now documented in this PR.
• Changed: Propagate pattern expansion errors through Rule::new #93: Modified function signatures to return ExpandError from permission-related builders and validators, whose error conditions are now explicitly documented in this PR.
• Add stateless Task tool for subagent delegation #61: Added and expanded callable_targets and summarize_callable_targets functions, which receive updated error documentation in this PR to specify ExpandError on invalid permission patterns.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding error documentation sections to public API functions.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description check	✅ Passed	The pull request description clearly explains the changes, lists all 40 affected functions across 5 crates, and specifies the error documentation improvements made.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/error-documentation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

src/llm-coding-tools-models-dev/src/catalog/mod.rs (1)

80-91: Reorder documentation sections to follow Rust conventions.

The # Errors section appears after # Examples, which is non-standard for Rust documentation. Per Rust API guidelines, documentation sections should follow this order: description → Parameters → Returns → Errors → Panics → Safety → Examples.

This issue also applies to the load_at() function (lines 116-123).

📚 Suggested reordering for `load()` function

Move the # Errors section (currently at lines 80-91) to appear before the # Examples section (currently at lines 56-79). The # Errors section should be placed immediately after the # Returns section (after line 45).

Similarly for load_at(), move the # Errors section (lines 116-123) to before the # Examples section (lines 125-149), placing it after the # Returns section (after line 114).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/llm-coding-tools-models-dev/src/catalog/mod.rs` around lines 80 - 91,
Move the documentation `# Errors` sections for the Catalog functions so they
follow Rust doc conventions: for `load()` and `load_at()` relocate each `#
Errors` block so it appears immediately after the `# Returns` section and before
the `# Examples` section; update the doc comment order around the `load()` and
`load_at()` functions accordingly without changing any content of the error
descriptions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/llm-coding-tools-agents/src/loader.rs`:
- Around line 84-85: The docs claiming "Returns `AgentLoadError::Io` when the
directory cannot be accessed (permissions, etc.)" are too strong; update the doc
comments in src/llm-coding-tools-agents/src/loader.rs (the bullets around the
`AgentLoadError::Io` description at lines ~84 and ~106-108) to state that an
`Io` error is guaranteed only when the path exists but is not a directory, and
clarify that permission/read errors encountered during recursive walking may be
skipped or handled differently by the walker and therefore are not always
surfaced as `Err(AgentLoadError::Io)`; reference `AgentLoadError::Io` and the
directory-loading function (e.g., the loader function that performs the walk) so
readers know which behavior is guaranteed versus implementation-dependent.

In `@src/llm-coding-tools-agents/src/runtime/task.rs`:
- Around line 35-37: The doc comment for summarize_callable_targets (and the
similar comment at the later location) is too narrow—invalid patterns can come
from the entire caller.permission map, not just permission.task; update the
documentation to state that this function builds a ruleset from the full
caller.permission map and will return ExpandError if any permission entry
contains invalid patterns (reference summarize_callable_targets and the
callable_targets/ruleset-building behavior).

---

Nitpick comments:
In `@src/llm-coding-tools-models-dev/src/catalog/mod.rs`:
- Around line 80-91: Move the documentation `# Errors` sections for the Catalog
functions so they follow Rust doc conventions: for `load()` and `load_at()`
relocate each `# Errors` block so it appears immediately after the `# Returns`
section and before the `# Examples` section; update the doc comment order around
the `load()` and `load_at()` functions accordingly without changing any content
of the error descriptions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d67e1dd7-5242-43b7-9026-2817e1e1c122

📥 Commits

Reviewing files that changed from the base of the PR and between a54cac4 and e07185c.

📒 Files selected for processing (31)

• src/llm-coding-tools-agents/src/extensions.rs
• src/llm-coding-tools-agents/src/loader.rs
• src/llm-coding-tools-agents/src/path/resolver.rs
• src/llm-coding-tools-agents/src/runtime/builder.rs
• src/llm-coding-tools-agents/src/runtime/task.rs
• src/llm-coding-tools-bubblewrap/src/probe.rs
• src/llm-coding-tools-bubblewrap/src/wrap/blocking.rs
• src/llm-coding-tools-bubblewrap/src/wrap/command.rs
• src/llm-coding-tools-bubblewrap/src/wrap/tokio.rs
• src/llm-coding-tools-core/src/fs/blocking_impl.rs
• src/llm-coding-tools-core/src/fs/tokio_impl.rs
• src/llm-coding-tools-core/src/path/absolute.rs
• src/llm-coding-tools-core/src/path/allowed.rs
• src/llm-coding-tools-core/src/path/allowed_glob/normalize.rs
• src/llm-coding-tools-core/src/tools/bash/mod.rs
• src/llm-coding-tools-core/src/tools/edit.rs
• src/llm-coding-tools-core/src/tools/glob.rs
• src/llm-coding-tools-core/src/tools/grep.rs
• src/llm-coding-tools-core/src/tools/read.rs
• src/llm-coding-tools-core/src/tools/todo.rs
• src/llm-coding-tools-core/src/tools/webfetch/mod.rs
• src/llm-coding-tools-core/src/tools/write.rs
• src/llm-coding-tools-models-dev/src/api/catalog_sources.rs
• src/llm-coding-tools-models-dev/src/api/schema.rs
• src/llm-coding-tools-models-dev/src/cache/path.rs
• src/llm-coding-tools-models-dev/src/cache/payload.rs
• src/llm-coding-tools-models-dev/src/catalog/load_cache.rs
• src/llm-coding-tools-models-dev/src/catalog/mod.rs
• src/llm-coding-tools-models-dev/src/catalog/sync.rs
• src/llm-coding-tools-serdesai/src/agent_ext.rs
• src/llm-coding-tools-serdesai/src/convert.rs

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Semver Checks (Core Async)
• GitHub Check: Semver Checks (Serdesai Full)
• GitHub Check: Semver Checks (Bubblewrap Blocking)
• GitHub Check: Semver Checks (Serdesai Full+Linux)
• GitHub Check: Semver Checks (Core Blocking)
• GitHub Check: Blocking Linux
• GitHub Check: Async Linux
• GitHub Check: Blocking macOS
• GitHub Check: Async macOS
• GitHub Check: Async Windows
• GitHub Check: Blocking Windows

🧰 Additional context used

🧠 Learnings (6)

📚 Learning: 2026-04-11T21:51:36.623Z

Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 101
File: src/llm-coding-tools-agents/src/path/resolver.rs:149-151
Timestamp: 2026-04-11T21:51:36.623Z
Learning: In `src/llm-coding-tools-agents/src/path/resolver.rs`, the `/**` pattern optimization (which selects `AbsolutePathResolver` for unrestricted access) is intentionally Unix-only. On Windows, `/**` is not a valid absolute path and therefore the optimization simply does not trigger, falling through to `AllowedGlobResolver`. This cross-platform behavior is by design, allowing a single permission config to be shared across OSes without platform-specific guards.

Applied to files:

• src/llm-coding-tools-core/src/path/absolute.rs
• src/llm-coding-tools-agents/src/runtime/builder.rs
• src/llm-coding-tools-core/src/path/allowed_glob/normalize.rs
• src/llm-coding-tools-agents/src/path/resolver.rs
• src/llm-coding-tools-core/src/path/allowed.rs
• src/llm-coding-tools-bubblewrap/src/probe.rs
• src/llm-coding-tools-agents/src/extensions.rs

📚 Learning: 2026-04-11T21:51:49.088Z

Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 101
File: src/llm-coding-tools-agents/src/path/resolver.rs:149-151
Timestamp: 2026-04-11T21:51:49.088Z
Learning: In `src/llm-coding-tools-agents/src/path/resolver.rs` (Rust, llm-coding-tools-agents crate), the `/**` optimization in `try_globstar_optimisation` is intentionally Unix-only behavior. On Windows, `/**` is not a valid absolute path pattern, so the literal string match will never trigger there and the resolver safely falls through to `AllowedGlobResolver`. This cross-OS degradation is by design: Unix-authored configs using `/**` do not accidentally grant unrestricted access on Windows. Do not flag this as a missing `#[cfg(unix)]` guard.

Applied to files:

• src/llm-coding-tools-core/src/path/absolute.rs
• src/llm-coding-tools-agents/src/runtime/builder.rs
• src/llm-coding-tools-core/src/path/allowed_glob/normalize.rs
• src/llm-coding-tools-core/src/tools/glob.rs
• src/llm-coding-tools-agents/src/path/resolver.rs
• src/llm-coding-tools-core/src/path/allowed.rs
• src/llm-coding-tools-core/src/fs/blocking_impl.rs
• src/llm-coding-tools-bubblewrap/src/probe.rs
• src/llm-coding-tools-agents/src/extensions.rs
• src/llm-coding-tools-agents/src/loader.rs

📚 Learning: 2026-03-11T22:12:21.194Z

Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 54
File: src/llm-coding-tools-models-dev/src/catalog/load_cache.rs:23-29
Timestamp: 2026-03-11T22:12:21.194Z
Learning: For src/llm-coding-tools-models-dev/src/catalog/load_cache.rs in this repository, assume the on-disk cache models.dev.catalog.v1.cache is written only by the local user/process. Do not add upper-bound validation on payload_len_decompressed before calling zstd::bulk::decompress, as external/malicious cache files are out of scope for this threat model.

Applied to files:

• src/llm-coding-tools-models-dev/src/catalog/load_cache.rs

📚 Learning: 2026-03-28T02:14:04.465Z

Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 69
File: src/llm-coding-tools-bubblewrap/src/profile/validation.rs:57-67
Timestamp: 2026-03-28T02:14:04.465Z
Learning: In `src/llm-coding-tools-bubblewrap/src/profile/` (Rust, llm-coding-tools-bubblewrap crate), the `Builder` API paths (workspace, synthetic_home, cache_root, mount lists, overlays, etc.) are always set by trusted application/operator code — the library consumer is the trusted party. Path normalization and `..`-component hardening in validators like `validate_absolute_path` is therefore NOT required to defend against traversal attacks. Untrusted input (LLM-generated shell commands) only enters through `wrap_command`/`execute_command_with_mode`, not through the `Builder`.

Applied to files:

• src/llm-coding-tools-bubblewrap/src/wrap/blocking.rs
• src/llm-coding-tools-core/src/path/allowed_glob/normalize.rs
• src/llm-coding-tools-bubblewrap/src/wrap/command.rs
• src/llm-coding-tools-agents/src/path/resolver.rs
• src/llm-coding-tools-core/src/path/allowed.rs
• src/llm-coding-tools-bubblewrap/src/wrap/tokio.rs

📚 Learning: 2026-03-11T22:12:27.804Z

Learnt from: Sewer56
Repo: Sewer56/llm-coding-tools PR: 54
File: src/llm-coding-tools-models-dev/src/catalog/load_cache.rs:23-29
Timestamp: 2026-03-11T22:12:27.804Z
Learning: In `src/llm-coding-tools-models-dev/src/cache/` (Rust, llm-coding-tools-models-dev crate), the on-disk cache (models.dev.catalog.v1.cache) is assumed to be written only by the local user/process. Malicious or externally-crafted cache files are explicitly out of scope for this threat model, so there is no need to add upper-bound validation on `payload_len_decompressed` before calling `zstd::bulk::decompress`.

Applied to files:

• src/llm-coding-tools-models-dev/src/cache/payload.rs
• src/llm-coding-tools-models-dev/src/cache/path.rs
• src/llm-coding-tools-models-dev/src/api/catalog_sources.rs
• src/llm-coding-tools-models-dev/src/catalog/sync.rs
• src/llm-coding-tools-models-dev/src/catalog/mod.rs

📚 Learning: 2026-04-08T21:35:35.581Z

Learnt from: CR
Repo: Sewer56/llm-coding-tools PR: 0
File: src/AGENTS.md:0-0
Timestamp: 2026-04-08T21:35:35.581Z
Learning: If relevant to your review task, read `.cargo/{general,performance,documentation}.md` for guidance

Applied to files:

• src/llm-coding-tools-models-dev/src/cache/payload.rs
• src/llm-coding-tools-models-dev/src/catalog/mod.rs

🔇 Additional comments (27)

src/llm-coding-tools-bubblewrap/src/probe.rs (1)

60-66: LGTM! Comprehensive error documentation.

The error documentation accurately describes all three LinuxBwrapError::Execution scenarios handled by the function implementation (lines 71-77, 81-85, 86-90). The rustdoc format is correct and the conditions are clearly stated.

src/llm-coding-tools-bubblewrap/src/wrap/tokio.rs (1)

16-17: LGTM! Clear error documentation.

The error documentation correctly describes the LinuxBwrapError::InvalidPath conditions that propagate from the underlying wrap_command call. The compact format listing all conditions in a single bullet is appropriate for this wrapper function.

src/llm-coding-tools-bubblewrap/src/wrap/blocking.rs (1)

16-17: LGTM! Consistent error documentation.

The error documentation matches the async variant in tokio.rs and correctly describes the LinuxBwrapError::InvalidPath conditions. The consistency across blocking and async interfaces improves the API's usability.

src/llm-coding-tools-bubblewrap/src/wrap/command.rs (1)

75-80: LGTM! Detailed and well-structured error documentation.

The error documentation provides clear, separated conditions for each LinuxBwrapError::InvalidPath scenario. The three-bullet format is appropriate for this lower-level validation function and provides more detail than the compact versions in the wrapper functions (tokio.rs and blocking.rs), improving overall API documentation consistency.

src/llm-coding-tools-core/src/path/absolute.rs (1)

37-38: Error contract matches implementation.

resolve does return ToolError::InvalidPath for non-absolute input, so this rustdoc addition is accurate.

src/llm-coding-tools-core/src/path/allowed_glob/normalize.rs (1)

44-46: # Errors section is accurate.

This correctly describes the ToolError::InvalidPath mapping when shell expansion fails.

src/llm-coding-tools-core/src/path/allowed.rs (1)

72-74: Good error documentation for constructor validation.

The listed ToolError::InvalidPath cases align with the current checks and canonicalization path.

src/llm-coding-tools-agents/src/path/resolver.rs (1)

90-92: Nice clarification of deny-path behavior.

The added ToolError::PermissionDenied and the documented pattern/path error cases match the actual control flow.

src/llm-coding-tools-agents/src/extensions.rs (1)

46-47: # Errors section is aligned with implementation.

Rule::new(...) propagates ExpandError, so documenting invalid pattern failures here is correct.

src/llm-coding-tools-agents/src/runtime/builder.rs (1)

74-75: Build error contract is well documented.

The new # Errors section is clear and matches the Result<_, ExpandError> build path.

src/llm-coding-tools-core/src/tools/read.rs (1)

27-31: Error contract docs match implementation.

Nice addition — the # Errors section accurately documents the ToolError::Json path from serde_json::from_value.

src/llm-coding-tools-core/src/tools/webfetch/mod.rs (1)

24-27: Clear and accurate parse error documentation.

The added # Errors section is precise and consistent with the parser behavior.

src/llm-coding-tools-core/src/tools/grep.rs (1)

36-40: Good # Errors coverage for request parsing.

This matches the actual ToolError::Json conversion path and improves API clarity.

src/llm-coding-tools-core/src/tools/glob.rs (1)

24-28: Accurate deserialization error docs.

The new section correctly communicates when ToolError::Json is returned.

src/llm-coding-tools-core/src/fs/tokio_impl.rs (1)

7-10: Async fs helpers now have solid error contracts.

These # Errors sections are consistent across helpers and correctly describe ToolError::Io outcomes.

Also applies to: 16-19, 25-28, 34-37

src/llm-coding-tools-core/src/tools/bash/mod.rs (1)

81-84: Parse error docs are clear and correct.

Good addition documenting ToolError::Json for malformed/invalid request payloads.

src/llm-coding-tools-core/src/tools/edit.rs (2)

49-52: EditRequest::parse error docs are accurate.

The mapping to ToolError::Json is documented correctly.

---

102-114: edit_file now has strong, explicit error documentation.

Great coverage of validation, path/I/O, and ambiguity/not-found cases with concrete variants.

src/llm-coding-tools-core/src/fs/blocking_impl.rs (1)

7-10: Blocking fs error docs are consistent and correct.

The added sections clearly document ToolError::Io behavior and align with the implementation.

Also applies to: 16-19, 25-28, 34-37

src/llm-coding-tools-core/src/tools/todo.rs (3)

78-85: LGTM! Clear and accurate error documentation.

The error documentation correctly identifies that ToolError::Json is returned on deserialization failures, and provides helpful context about the kinds of failures that can occur (missing fields, invalid structure).

---

94-100: LGTM! Consistent error documentation.

The error documentation follows the same clear pattern as TodoWriteRequest::parse and accurately describes the deserialization failure case.

---

114-137: LGTM! Comprehensive validation error documentation.

The error documentation accurately describes both validation error cases and aligns perfectly with the implementation. The documentation is specific about when each ToolError::Validation is returned (empty/whitespace-only id and content).

src/llm-coding-tools-core/src/tools/write.rs (2)

18-25: LGTM! Clear and accurate error documentation.

The error documentation correctly identifies ToolError::Json for deserialization failures and provides helpful examples of failure cases (missing required fields, invalid types). The documentation format is consistent with the project's rustdoc conventions.

---

45-78: LGTM! Comprehensive error documentation for file operations.

The error documentation accurately maps to all three fallible operations in the implementation:

• Path resolution errors (resolver.resolve())
• Parent directory creation errors (fs::create_dir_all())
• File write errors (fs::write())

The documentation provides helpful context for when each error type occurs, making the API contract clear to users.

src/llm-coding-tools-serdesai/src/convert.rs (1)

50-53: LGTM! Clear and accurate error documentation.

The # Errors section correctly documents that to_serdes_result returns SerdesError when the input CoreResult contains an error, and accurately references the core_error_to_serdes conversion function. The documentation follows Rust conventions and aligns with the implementation on lines 59-61.

src/llm-coding-tools-serdesai/src/agent_ext.rs (2)

107-110: LGTM! Accurate error documentation for trait method.

The # Errors section correctly documents that with_tool returns AgentBuildError::ToolSettingsValidation when converting a ToolError, and accurately describes that both the tool name and original error are preserved (as shown in the implementation on line 119).

---

115-117: LGTM! Consistent error documentation in implementation.

The error documentation in the impl block correctly mirrors the trait documentation and accurately describes the behavior of the error conversion on line 119. Good practice to document both the trait and implementation.