dylint: code-quality gotcha sweep (#826) — 5 new lints + websocket hardening

[zackees]

Summary

Implements the code-quality dylint sweep from #826. Lands 5 new dylint crates + a small websockets error-reply hardening as one PR (4 commits).

What's in this PR

Two direct ports from zccache (Tier 1):

Lint	Diagnostic	Allowlist policy
ban_std_pathbuf	"use fbuild_core::path::NormalizedPath instead of std::path::PathBuf"	193 legacy callers grandfathered; migrate over time
ban_unrooted_tempdir	"specify a parent dir explicitly — TempDir::new()/tempdir() land in $TMPDIR which on Windows hits MAX_PATH and on CI may be tmpfs/RAM-disk"	92 legacy callers; tests/benches blanket-allowed

Three net-new fbuild-specific lints (Tier 2):

Lint	Diagnostic	Allowlist
ban_direct_serialport	"direct `serialport::*` reference outside fbuild-serial — route serial access through `fbuild_serial::manager` so the Windows USB-CDC contract is applied"	11 legitimate diagnostic call sites (port-scan, serial-probe, deploy bootloader paths)
ban_file_based_locks	"`OpenOptions::create_new(true)` is the rename-or-fail lock-file pattern; fbuild has no file-based locks (see CLAUDE.md Key Constraints)"	empty — locks in current clean state
ban_deploy_tool_direct_invocation	"`Command::new("esptool")` outside fbuild-deploy bypasses the `fbuild deploy` contract (no post-deploy serial recovery, no emulator routing)"	empty — locks in current clean state

Tier 3 fix (partial):

• crates/fbuild-daemon/src/handlers/websockets.rs lines 119/131/140/173/187 — serde_json::to_string(&err_msg).unwrap() in error-reply paths replaced with a serialize_or_fallback() helper that returns a hardcoded JSON error frame on serialization failure. Prevents a malformed message struct from crashing the WebSocket session (and potentially the daemon) inside the path that's supposed to report errors.

Build glue:

• Cargo.toml workspace exclude extended for the 5 new lint crates (cargo metadata refuses to operate otherwise).
• ci/hooks/crate_guard.py allowlist expanded for the new dylint Cargo.toml files.

What's NOT in this PR (deferred to follow-ups)

From #826:

• Tier 1 Fix ESP32-S3 PSRAM board configuration in board JSON database #3 `ban_std_sync_mutex_in_async` — implementation requires HIR analysis of types-reachable-from-async-fn. ~40 live violations would need fixing before enable; out of scope for one PR.
• Tier 3 Fix ESP32-C2 build: support multiple archive formats in framework extraction #8 `ban_unwrap_in_daemon_handlers` — well-understood but speculative without an active signal; defer until a real handler-panic shows up.
• Tier 4 (Warn on debug build flags (-g1/-g2/-g3) in all profiles, not just quick #10–feat(rp2040): wire up RP2040/RP2350 build orchestrator #13) — all preventive, current state already clean; file as follow-ups.

Test plan

• `soldr cargo check --workspace --all-targets` — clean
• `soldr cargo clippy --workspace --all-targets -- -D warnings` — clean
• `soldr cargo test --workspace --no-fail-fast` — all tests pass on Windows host
• `cargo dylint --all -- --workspace --all-targets` — blocked locally on this Windows host by a Chocolatey-rust-shadows-rustup PATH issue (filed as zackees/soldr#1059). The lints themselves are sound — the lint binaries build cleanly when invoked from inside the lint crate dir; the failure is in cargo-dylint's internal `cargo build` subprocess finding a Chocolatey standalone cargo on PATH instead of rustup's proxy. CI runs on a clean Ubuntu runner without the Chocolatey shadow and validates the lints end-to-end.

Rollout

• New lint crates pinned to `nightly-2026-03-26` matching the existing `ban_raw_subprocess` toolchain pin (workspace stays on stable 1.94.1).
• `[workspace.metadata.dylint] libraries = [{ path = "dylints/*" }]` picks up the new dirs automatically — no metadata edit needed.
• Issue dylint: candidate code-quality lints (gotcha sweep) #826 stays open to track Tier 1 Fix ESP32-S3 PSRAM board configuration in board JSON database #3 + Tier 4 follow-ups.

🤖 Generated with Claude Code

[coderabbitai]

Warning

Review limit reached

@zackees, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 12 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ec01767d-b51e-4076-8acb-4cb7b1b61385

📥 Commits

Reviewing files that changed from the base of the PR and between d3e9658 and 8a79b2e.

⛔ Files ignored due to path filters (1)

• dylints/ban_std_pathbuf/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (37)

• Cargo.toml
• ci/hooks/crate_guard.py
• crates/fbuild-daemon/src/handlers/websockets.rs
• dylints/README.md
• dylints/ban_deploy_tool_direct_invocation/Cargo.toml
• dylints/ban_deploy_tool_direct_invocation/README.md
• dylints/ban_deploy_tool_direct_invocation/rust-toolchain.toml
• dylints/ban_deploy_tool_direct_invocation/src/allowlist.txt
• dylints/ban_deploy_tool_direct_invocation/src/lib.rs
• dylints/ban_direct_serialport/Cargo.toml
• dylints/ban_direct_serialport/README.md
• dylints/ban_direct_serialport/rust-toolchain.toml
• dylints/ban_direct_serialport/src/allowlist.txt
• dylints/ban_direct_serialport/src/lib.rs
• dylints/ban_file_based_locks/Cargo.toml
• dylints/ban_file_based_locks/README.md
• dylints/ban_file_based_locks/rust-toolchain.toml
• dylints/ban_file_based_locks/src/allowlist.txt
• dylints/ban_file_based_locks/src/lib.rs
• dylints/ban_std_pathbuf/.cargo/config.toml
• dylints/ban_std_pathbuf/Cargo.toml
• dylints/ban_std_pathbuf/README.md
• dylints/ban_std_pathbuf/rust-toolchain.toml
• dylints/ban_std_pathbuf/src/README.md
• dylints/ban_std_pathbuf/src/allowlist.txt
• dylints/ban_std_pathbuf/src/lib.rs
• dylints/ban_std_pathbuf/ui/disallowed.rs
• dylints/ban_std_pathbuf/ui/disallowed.stderr
• dylints/ban_unrooted_tempdir/Cargo.toml
• dylints/ban_unrooted_tempdir/README.md
• dylints/ban_unrooted_tempdir/rust-toolchain.toml
• dylints/ban_unrooted_tempdir/src/README.md
• dylints/ban_unrooted_tempdir/src/allowlist.txt
• dylints/ban_unrooted_tempdir/src/lib.rs
• dylints/ban_unrooted_tempdir/ui/README.md
• dylints/ban_unrooted_tempdir/ui/allowed.rs
• dylints/ban_unrooted_tempdir/ui/disallowed.rs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/dylint-gotcha-sweep-826

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}