mxaccess/design/F48-publish-dry-run.md

F48 publish dry-run validation — 2026-05-06

Note (2026-05-06): This project is internal-use only and is not scheduled to publish to crates.io. F48's actual publish goal is out of scope. This document is retained as a workspace-hygiene record — cargo package --list per crate confirms each tarball would assemble cleanly (source + tests + small fixtures only, no captures or big files), which is useful regardless of whether an actual publish ever happens. The "What the actual V1 publish needs" section at the bottom is kept as a recipe in case this ever changes.

This document captures the per-crate cargo publish --dry-run outcome on the workspace at version = "0.0.0". Run from rust/.

Tier 1 — leaves (no internal deps)

$ cargo publish --dry-run -p mxaccess-codec --allow-dirty
    Finished `dev` profile [unoptimized + debuginfo] target(s)
   Uploading mxaccess-codec v0.0.0
warning: aborting upload due to dry run                          ← OK

$ cargo publish --dry-run -p mxaccess-rpc --allow-dirty           ← OK
$ cargo publish --dry-run -p mxaccess-asb-nettcp --allow-dirty    ← OK

All three pass. The cargo package step assembles the source tarball without errors; --dry-run aborts only at the network upload step.

Tiers 2 + 3 — dependent crates

$ cargo publish --dry-run -p mxaccess-galaxy --allow-dirty
Caused by:
  no matching package named `mxaccess-codec` found
  location searched: crates.io index
  required by package `mxaccess-galaxy v0.0.0`

Identical "no matching package" failure for:

• mxaccess-galaxy, mxaccess-callback, mxaccess-asb (tier 2)
• mxaccess-nmx, mxaccess, mxaccess-compat (tier 3)

This is expected — the workspace internal deps are pinned at version = "0.0.0" (placeholder for the as-yet-unpublished V1 cut). Cargo's registry lookup happens even with --no-verify, and 0.0.0 won't exist on crates.io until the leaves are actually published. The dependent crates will dry-run cleanly after each upstream tier lands.

Package contents

cargo package -p <crate> --list confirms each crate's tarball includes only source, tests, and fixture data — no captures, decompiled binaries, or accidental large files.

Crate	File count	Notes
mxaccess-codec	27	source + 2 round-trip fixture binaries (~1KB each)
mxaccess-rpc	16	source only
mxaccess-asb-nettcp	12	source only
mxaccess-galaxy	11	source only
mxaccess-callback	9	source only
mxaccess-asb	14	source only
mxaccess-nmx	7	source only
mxaccess	18	source + 7 examples
mxaccess-compat	varies	source + 5 live tests

If a publish ever does become a goal — recipe

Currently out of scope per maintainer 2026-05-06, but kept here so future-them doesn't have to re-derive the steps:

1. Bump workspace version 0.0.0 → 0.1.0 in rust/Cargo.toml [workspace.package].
2. For each crate's [dependencies] block, bump the workspace-internal version = "0.0.0" pins to version = "0.1.0" (path deps can stay).
3. Publish in tier order (1 → 2 → 3). Wait for crates.io to index each tier (~30–60s) before starting the next.
4. After all 9 are live, run cargo install mxaccess from a fresh checkout — should resolve cleanly without --locked.
5. Tag git tag v0.1.0 && git push origin v0.1.0.

Open observations

• The --allow-dirty flag was used because the workspace has uncommitted edits during this validation pass; the actual publish should run from a clean working tree without that flag.
• Cargo.lock is included in the published tarball for binary-target crates (notably mxaccess ships examples). This is the cargo default for crates with executables; library-only crates don't need it but cargo includes it anyway under the modern resolver.
• No package.exclude rules were tripped: the tests/fixtures/m6-buffered/*.bin files in mxaccess-codec are tiny (round-trip fixtures, not big captures) and are deliberately shipped because the parity tests reference them.