From 51843230859ef39344c0b67daa9049ead87ec49c Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Tue, 2 Jun 2026 23:58:38 +0900
Subject: feat(resolver): port SecurityAdvisoryPoolFilter::filter

Implement the security advisory pool filter end to end, plus the
remaining actionable wirings it unblocked.

- Unify the PartialSecurityAdvisory|SecurityAdvisory union as the
  PartialOrFullSecurityAdvisory enum and make the advisory types Clone,
  so advisories can be collected and stored; Pool.security_removed_versions
  now carries the union. This also unblocks PoolOptimizer's clone of the
  security-removed versions.
- Thread the filter result through run_security_advisory_filter/build_pool
  as anyhow::Result.
- Introduce typed PlatformRepositoryHandle and pass platform repos as
  handles through determine_requirements instead of &PlatformRepository.
- Wire RuleSetGenerator's is_unacceptable_fixed_or_locked_package check
  and UpdateCommand's non-locked installed-packages branch.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .../shirabe/src/dependency_resolver/pool_builder.rs  | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'crates/shirabe/src/dependency_resolver/pool_builder.rs')

diff --git a/crates/shirabe/src/dependency_resolver/pool_builder.rs b/crates/shirabe/src/dependency_resolver/pool_builder.rs
index 18d2db4..1bbd51e 100644
--- a/crates/shirabe/src/dependency_resolver/pool_builder.rs
+++ b/crates/shirabe/src/dependency_resolver/pool_builder.rs
@@ -352,7 +352,7 @@ impl PoolBuilder {
 
         // filter vulnerable packages before optimizing the pool otherwise we may end up with inconsistent state where the optimizer took away versions
         // that were not vulnerable and now suddenly the vulnerable ones are removed and we are missing some versions to make it solvable
-        pool = self.run_security_advisory_filter(pool, &repositories, request);
+        pool = self.run_security_advisory_filter(pool, &repositories, request)?;
         pool = self.run_optimizer(request, pool);
 
         Intervals::clear();
@@ -1110,9 +1110,9 @@ impl PoolBuilder {
         pool: Pool,
         repositories: &Vec<RepositoryInterfaceHandle>,
         request: &Request,
-    ) -> Pool {
+    ) -> anyhow::Result<Pool> {
         if self.security_advisory_pool_filter.is_none() {
-            return pool;
+            return Ok(pool);
         }
 
         self.io.debug("Running security advisory pool filter.", &[]);
@@ -1121,16 +1121,16 @@ impl PoolBuilder {
         let total = pool.get_packages().len() as f64;
 
         let repos_owned: Vec<RepositoryInterfaceHandle> = repositories.iter().cloned().collect();
-        let pool =
-            self.security_advisory_pool_filter
-                .as_mut()
-                .unwrap()
-                .filter(pool, repos_owned, request);
+        let pool = self
+            .security_advisory_pool_filter
+            .as_mut()
+            .unwrap()
+            .filter(pool, repos_owned, request)?;
 
         let filtered = total - (pool.get_packages().len() as f64);
 
         if 0.0 == filtered {
-            return pool;
+            return Ok(pool);
         }
 
         self.io.write3(
@@ -1154,6 +1154,6 @@ impl PoolBuilder {
             io_interface::VERY_VERBOSE,
         );
 
-        pool
+        Ok(pool)
     }
 }
-- 
cgit v1.3.1