fix: fix project layout detection

[soul2zimate]

Fixes: #307

fix: fix project layout detection

[qodo-code-review]

Review Summary by Qodo

Fix Cargo single crate layout detection logic

🐞 Bug fix

Walkthroughs

Description

• Fix project layout detection for single crate Cargo projects
• Handle case where cargo metadata includes root crate as workspace member
• Correctly identify single crate projects despite workspace member presence

Diagram

flowchart LR
  A["Cargo Metadata"] --> B["Check Root Crate & Workspace"]
  B --> C["Single Member Equals Root?"]
  C -->|Yes| D["Return SINGLE_CRATE"]
  C -->|No| E["Check Other Conditions"]
  E --> F["Return Appropriate Layout"]

Loading

File Changes

1. src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java 🐞 Bug fix +10/-0

Add single crate detection for workspace metadata

• Added logic to detect single crate projects when workspace has exactly one member
• Compares root crate ID with single workspace member to confirm single crate layout
• Prevents misclassification of single crate projects as workspace projects
• Inserted before existing single crate and workspace detection conditions

src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 📎 Requirement gaps (1)

1. Missing workspace_members==[root] test 📎 Requirement gap ⛯ Reliability

Description

The PR changes CargoProvider.getProjectLayout() behavior for the single-member workspace-members
case but does not add a regression test that asserts CargoProjectLayout.SINGLE_CRATE when
workspace_members contains only the root. This risks reintroducing the original misclassification
without automated detection.

Code

src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java[R76-84]

+    // Check if this is actually a single crate - cargo metadata includes the root crate
+    // as a workspace member even for single crate projects
+    if (hasRootCrate && hasWorkspace && metadata.workspaceMembers().size() == 1) {
+      String rootId = metadata.resolve().root();
+      String singleMember = metadata.workspaceMembers().get(0);
+      if (rootId.equals(singleMember)) {
+        return CargoProjectLayout.SINGLE_CRATE;
+      }
+    }

Evidence

PR Compliance ID 8 requires an automated regression test for cargo metadata where
workspace_members contains only the root and the expected layout is SINGLE_CRATE. The PR adds
logic handling this scenario in getProjectLayout(), but existing Cargo provider tests shown do not
assert project layout classification for this metadata shape.

Add regression coverage for cargo metadata workspace_members containing only root
src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java[76-84]
src/test/java/io/github/guacsec/trustifyda/providers/CargoProviderCargoParsingTest.java[35-73]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
A regression test is required to ensure that cargo metadata where `workspace_members` contains only the root crate is classified as `CargoProjectLayout.SINGLE_CRATE`.

## Issue Context
`CargoProvider.getProjectLayout()` now contains special handling for the `workspace_members.size() == 1` and `workspace_members[0] == resolve.root` scenario, but there is no automated test asserting this behavior.

## Fix Focus Areas
- src/test/java/io/github/guacsec/trustifyda/providers/CargoProviderProjectLayoutTest.java[1-160]
- src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java[71-97]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. SINGLE_CRATE semantics drift 🐞 Bug ✓ Correctness

Description

getProjectLayout() can now return SINGLE_CRATE even when cargo metadata reports non-empty
workspaceMembers, contradicting the enum’s documented meaning (“only [package] section”). This
semantic mismatch is low impact today (both SINGLE_CRATE and WORKSPACE_WITH_ROOT_CRATE are handled
the same), but it’s a maintainability/correctness risk for future logic that treats these layouts
differently.

Code

src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java[R76-83]

+    // Check if this is actually a single crate - cargo metadata includes the root crate
+    // as a workspace member even for single crate projects
+    if (hasRootCrate && hasWorkspace && metadata.workspaceMembers().size() == 1) {
+      String rootId = metadata.resolve().root();
+      String singleMember = metadata.workspaceMembers().get(0);
+      if (rootId.equals(singleMember)) {
+        return CargoProjectLayout.SINGLE_CRATE;
+      }

Evidence

CargoProjectLayout documents SINGLE_CRATE as a project with only a [package] section, but the new
logic explicitly returns SINGLE_CRATE in a scenario where cargo-metadata reports workspace_members
(hasWorkspace == true). Also, current downstream handling in addDependencies() routes both
SINGLE_CRATE and WORKSPACE_WITH_ROOT_CRATE to handleSingleCrate(), meaning this change currently
mostly affects semantics/logging rather than behavior—making the doc/implementation mismatch easy to
miss until a future change depends on it.

src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java[71-94]
src/main/java/io/github/guacsec/trustifyda/providers/CargoProjectLayout.java[19-29]
src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java[126-140]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`getProjectLayout()` now returns `CargoProjectLayout.SINGLE_CRATE` even when `workspaceMembers` is non-empty. This contradicts the enum documentation that defines `SINGLE_CRATE` as “only [package] section”. While current behavior is unchanged (both `SINGLE_CRATE` and `WORKSPACE_WITH_ROOT_CRATE` route to `handleSingleCrate()`), this mismatch can create future bugs when additional layout-specific behavior is introduced.

### Issue Context
The new logic is intentional to normalize cargo-metadata output for single-crate projects. The fix is to make the *contract* clear (docs and/or enum) so that future changes don’t accidentally rely on outdated semantics.

### Fix Focus Areas
- src/main/java/io/github/guacsec/trustifyda/providers/CargoProjectLayout.java[19-30]
- src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java[71-97]
- src/main/java/io/github/guacsec/trustifyda/providers/CargoProvider.java[126-140]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[ruromero]

The AI assumption is wrong.
The enum matches the implementation:

SINGLE_CRATE // only [package]
WORKSPACE_VIRTUAL // only [workspace]
WORKSPACE_WITH_ROOT_CRATE // both