mxaccess/design/F48-publish-dry-run.md

F48 publish dry-run validation — 2026-05-06

This document captures the per-crate cargo publish --dry-run outcome on the V1-pre-cut workspace state. Run from rust/ against the workspace at version = "0.0.0".

Tier 1 — leaves (no internal deps)

$ cargo publish --dry-run -p mxaccess-codec --allow-dirty
    Finished `dev` profile [unoptimized + debuginfo] target(s)
   Uploading mxaccess-codec v0.0.0
warning: aborting upload due to dry run                          ← OK

$ cargo publish --dry-run -p mxaccess-rpc --allow-dirty           ← OK
$ cargo publish --dry-run -p mxaccess-asb-nettcp --allow-dirty    ← OK

All three pass. The cargo package step assembles the source tarball without errors; --dry-run aborts only at the network upload step.

Tiers 2 + 3 — dependent crates

$ cargo publish --dry-run -p mxaccess-galaxy --allow-dirty
Caused by:
  no matching package named `mxaccess-codec` found
  location searched: crates.io index
  required by package `mxaccess-galaxy v0.0.0`

Identical "no matching package" failure for:

• mxaccess-galaxy, mxaccess-callback, mxaccess-asb (tier 2)
• mxaccess-nmx, mxaccess, mxaccess-compat (tier 3)

This is expected — the workspace internal deps are pinned at version = "0.0.0" (placeholder for the as-yet-unpublished V1 cut). Cargo's registry lookup happens even with --no-verify, and 0.0.0 won't exist on crates.io until the leaves are actually published. The dependent crates will dry-run cleanly after each upstream tier lands.

Package contents

cargo package -p <crate> --list confirms each crate's tarball includes only source, tests, and fixture data — no captures, decompiled binaries, or accidental large files.

Crate	File count	Notes
mxaccess-codec	27	source + 2 round-trip fixture binaries (~1KB each)
mxaccess-rpc	16	source only
mxaccess-asb-nettcp	12	source only
mxaccess-galaxy	11	source only
mxaccess-callback	9	source only
mxaccess-asb	14	source only
mxaccess-nmx	7	source only
mxaccess	18	source + 7 examples
mxaccess-compat	varies	source + 5 live tests

What the actual V1 publish needs

Per F48's "Resolves when":

1. Bump workspace version 0.0.0 → 0.1.0 in rust/Cargo.toml [workspace.package].
2. For each crate's [dependencies] block, bump the workspace-internal version = "0.0.0" pins to version = "0.1.0" (path deps can stay).
3. Publish in tier order (1 → 2 → 3). Wait for crates.io to index each tier (~30–60s) before starting the next.
4. After all 9 are live, run cargo install mxaccess from a fresh checkout — should resolve cleanly without --locked.
5. Tag git tag v0.1.0 && git push origin v0.1.0.

Open observations

• The --allow-dirty flag was used because the workspace has uncommitted edits during this validation pass; the actual publish should run from a clean working tree without that flag.
• Cargo.lock is included in the published tarball for binary-target crates (notably mxaccess ships examples). This is the cargo default for crates with executables; library-only crates don't need it but cargo includes it anyway under the modern resolver.
• No package.exclude rules were tripped: the tests/fixtures/m6-buffered/*.bin files in mxaccess-codec are tiny (round-trip fixtures, not big captures) and are deliberately shipped because the parity tests reference them.