feat(validation): guard README dependency snippets

[acgetchell]

• Add a generic docs-version sync check that compares Markdown dependency snippets against the Cargo package name and version
• Run the docs-version check from the repository Semgrep policy lane
• Refresh README determinant examples with explicit fallible handling and hidden doctest mirrors
• Update CI uv pins to 0.11.19

Summary by CodeRabbit

• Documentation

  • Updated README with improved examples demonstrating error handling and version bumping to v0.4.2
  • Added doctest guidelines for optional features in contributor documentation
  • Updated benchmarking quick-reference guide

• Examples

  • Improved const_det example with better compile-time error handling

• Testing

  • Added validation to ensure documentation code examples stay synchronized with crate versions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.47%. Comparing base (f473ec5) to head (7137fee).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #140   +/-   ##
=======================================
  Coverage   99.47%   99.47%           
=======================================
  Files           5        5           
  Lines        2838     2838           
=======================================
  Hits         2823     2823           
  Misses         15       15           

Flag	Coverage Δ
unittests	99.47% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

📝 Walkthrough

Walkthrough

PR bumps crate version to 0.4.2, adds automated validation for documentation version consistency via a new Python CLI tool, integrates it into CI workflows and build recipes, and updates all user-facing examples and documentation to reflect the new version with improved error-handling patterns.

Changes

Documentation v0.4.2 Update with Version-Sync Validation

Layer / File(s)	Summary
Documentation version-sync validator tool scripts/check_docs_version_sync.py, scripts/tests/test_check_docs_version_sync.py	New Python CLI scans Markdown files for dependency snippets and verifies versions match Cargo.toml. Includes parsing, recursive file discovery, regex-based snippet extraction, mismatch detection, and tests covering both matching and stale scenarios.
Validator wiring and CI tooling pyproject.toml, justfile, .github/workflows/ci.yml, .github/workflows/semgrep-sarif.yml	Registers check-docs-version-sync as CLI entry point in pyproject.toml and Python modules, adds validation step to justfile semgrep recipe, and bumps UV_VERSION from 0.11.18 to 0.11.19 across CI workflows.
Documentation and examples for v0.4.2 README.md, src/lib.rs, examples/const_det_4x4.rs, AGENTS.md, docs/BENCHMARKING.md	Updates all dependency snippets and examples to version 0.4.2; refactors const_det_4x4.rs to use Result-based error handling instead of panics; improves LDLT and exact-determinant examples with explicit error matching; adds const-evaluation and exact-overflow examples; documents README/doctest alignment guidelines; and removes hardcoded baseline references.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• acgetchell/la-stack#34: The main PR updates README.md and examples/const_det_4x4.rs to use the const/Option-based Matrix::det_direct() API and its D ≤ 4 behavior introduced by this PR.
• acgetchell/la-stack#47: The main PR updates doctests and examples to exercise exact-determinant APIs (det_exact_f64, det_sign_exact) including LaError::Overflow behavior introduced by this PR.
• acgetchell/la-stack#121: This PR adds the check-docs-version-sync validation to the justfile semgrep recipe and bumps shared UV_VERSION in workflows.

Suggested labels

documentation, testing, enhancement

Poem

🐰 A version that drifts in the docs? Not on our watch!
New check-docs-version-sync sniffs out each mismatch—
0.4.2 shines bright in examples and guides,
With error-safe patterns and const compile rides.
Clean workflows and tests keep the code in the kin! 🌙

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(validation): guard README dependency snippets' directly reflects the PR's main objective of adding a validation check for README dependency snippets against Cargo versions.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/readme-version-sync

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

scripts/check_docs_version_sync.py (1)

70-71: ⚡ Quick win

Skip directories should be pruned during traversal, not filtered after rglob.

Current traversal still descends into skipped trees (e.g., target, .venv) and only drops matches afterward. Pruning during walk will reduce CI time and I/O.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/check_docs_version_sync.py` around lines 70 - 71, The current
_iter_markdown_files uses root.rglob and filters matches post-traversal which
still descends into skipped directories; change it to prune during traversal by
iterating the tree (e.g., use os.walk or a recursive Path.iterdir approach) and
remove/skip entries whose relative path parts intersect SKIP_DIRS so they are
not descended into; return the same sorted list[Path] of .md files but ensure
directories matching SKIP_DIRS are removed from the walk (modify the dirs list
in-place when using os.walk) so traversal avoids visiting target/.venv etc.

scripts/tests/test_check_docs_version_sync.py (1)

31-57: ⚡ Quick win

Add a regression test where inline-table version is not the first key.

This scenario is valid TOML and currently untested, but it’s essential for the docs-version guard’s correctness.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/tests/test_check_docs_version_sync.py` around lines 31 - 57, Add a
regression test to cover inline-table dependency entries where the version key
is not the first key (valid TOML) by extending or creating a test in
test_find_version_mismatches_reports_stale_dependency_snippets (or a new test
function) that writes a Cargo.toml with package other-crate version "1.2.3" and
a docs/install.md containing an inline-table like 'other-crate = { features =
["exact"], version = "1.2.2" }', then call
check_docs_version_sync.find_version_mismatches(tmp_path) and assert a single
mismatch with snippet.path == docs/install.md, snippet.line == 1,
snippet.version == "1.2.2", package.name == "other-crate", and package.version
== "1.2.3" so the parser correctly finds version when it is not the first key.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/check_docs_version_sync.py`:
- Line 76: The current regex returned for matching dependency versions uses a
table branch that only matches when version is the first key; update the pattern
returned by the function that builds/returns the compiled regex (the line with
return re.compile(rf'(?<![\w.-]){escaped_name}...')) so the table alternative
allows arbitrary keys before or after version (e.g. match
\{[^}]*version\s*=\s*"(?P<table>[^"]+)"[^}]*\}) while still anchoring on the
dependency name via escaped_name and preserving the plain-string branch; replace
the table-part of the alternation accordingly so inline tables like `{ features
= ["exact"], version = "0.4.2" }` are captured.

In `@scripts/tests/test_check_docs_version_sync.py`:
- Line 6: Annotate the tmp_path parameter as Path in the test signatures to
satisfy typing rules: update
test_find_version_mismatches_accepts_matching_dependency_snippets(tmp_path) ->
None to tmp_path: Path and do the same for the other test referenced at line 31;
also add the necessary import (from pathlib import Path) at the top of the test
file so the Path type is available.

---

Nitpick comments:
In `@scripts/check_docs_version_sync.py`:
- Around line 70-71: The current _iter_markdown_files uses root.rglob and
filters matches post-traversal which still descends into skipped directories;
change it to prune during traversal by iterating the tree (e.g., use os.walk or
a recursive Path.iterdir approach) and remove/skip entries whose relative path
parts intersect SKIP_DIRS so they are not descended into; return the same sorted
list[Path] of .md files but ensure directories matching SKIP_DIRS are removed
from the walk (modify the dirs list in-place when using os.walk) so traversal
avoids visiting target/.venv etc.

In `@scripts/tests/test_check_docs_version_sync.py`:
- Around line 31-57: Add a regression test to cover inline-table dependency
entries where the version key is not the first key (valid TOML) by extending or
creating a test in
test_find_version_mismatches_reports_stale_dependency_snippets (or a new test
function) that writes a Cargo.toml with package other-crate version "1.2.3" and
a docs/install.md containing an inline-table like 'other-crate = { features =
["exact"], version = "1.2.2" }', then call
check_docs_version_sync.find_version_mismatches(tmp_path) and assert a single
mismatch with snippet.path == docs/install.md, snippet.line == 1,
snippet.version == "1.2.2", package.name == "other-crate", and package.version
== "1.2.3" so the parser correctly finds version when it is not the first key.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 076989eb-9cc9-453c-a85c-267976c7e9d0

📥 Commits

Reviewing files that changed from the base of the PR and between f473ec5 and 7137fee.

📒 Files selected for processing (11)

• .github/workflows/ci.yml
• .github/workflows/semgrep-sarif.yml
• AGENTS.md
• README.md
• docs/BENCHMARKING.md
• examples/const_det_4x4.rs
• justfile
• pyproject.toml
• scripts/check_docs_version_sync.py
• scripts/tests/test_check_docs_version_sync.py
• src/lib.rs

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Inline-table parsing misses valid version fields unless they are first.

The table-form regex only matches { version = "..." } when version appears first, so snippets like { features = ["exact"], version = "0.4.2" } are silently skipped and stale versions can pass undetected.

Suggested fix

 def _dependency_regex(package_name: str) -> re.Pattern[str]:
     escaped_name = re.escape(package_name)
-    return re.compile(rf'(?<![\w.-]){escaped_name}\s*=\s*(?:"(?P<plain>[^"]+)"|\{{\s*version\s*=\s*"(?P<table>[^"]+)")')
+    return re.compile(
+        rf'(?<![\w.-]){escaped_name}\s*=\s*'
+        rf'(?:"(?P<plain>[^"]+)"|\{{[^}}]*\bversion\s*=\s*"(?P<table>[^"]+)"[^}}]*\}})'
+    )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	return re.compile(rf'(?<![\w.-]){escaped_name}\s*=\s*(?:"(?P<plain>[^"]+)"|\{{\s*version\s*=\s*"(?P<table>[^"]+)")')
	return re.compile(
	rf'(?<![\w.-]){escaped_name}\s*=\s*'
	rf'(?:"(?P<plain>[^"]+)"|\{{[^}}]*\bversion\s*=\s*"(?P<table>[^"]+)"[^}}]*\}})'
	)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/check_docs_version_sync.py` at line 76, The current regex returned
for matching dependency versions uses a table branch that only matches when
version is the first key; update the pattern returned by the function that
builds/returns the compiled regex (the line with return
re.compile(rf'(?<![\w.-]){escaped_name}...')) so the table alternative allows
arbitrary keys before or after version (e.g. match
\{[^}]*version\s*=\s*"(?P<table>[^"]+)"[^}]*\}) while still anchoring on the
dependency name via escaped_name and preserving the plain-string branch; replace
the table-part of the alternation accordingly so inline tables like `{ features
= ["exact"], version = "0.4.2" }` are captured.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add type annotations for tmp_path in new tests.

Please annotate tmp_path as Path in both test signatures to match the repository’s Python typing rule for new code.

As per coding guidelines: **/*.py: Add type hints to new Python code. Type checking via just python-check is blocking — all code must pass type checks.

Also applies to: 31-31

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/tests/test_check_docs_version_sync.py` at line 6, Annotate the
tmp_path parameter as Path in the test signatures to satisfy typing rules:
update
test_find_version_mismatches_accepts_matching_dependency_snippets(tmp_path) ->
None to tmp_path: Path and do the same for the other test referenced at line 31;
also add the necessary import (from pathlib import Path) at the top of the test
file so the Path type is available.