name: rust-review description: 'Rust audit for unsafe blocks, ownership, and Cargo deps. Use when reviewing Rust code for safety or supply-chain risk.' version: 1.9.3 globs: "**/*.rs" alwaysApply: false category: code-review tags:

• rust
• ownership
• concurrency
• unsafe
• traits
• cargo tools: [] usage_patterns:
• rust-audit
• unsafe-review
• dependency-audit
• concurrency-analysis complexity: advanced model_hint: deep estimated_tokens: 400 progressive_loading: true dependencies:
• pensive:shared
• imbue:proof-of-work modules:
• ownership-analysis.md
• error-handling.md
• concurrency-patterns.md
• unsafe-audit.md
• cargo-dependencies.md
• silent-returns.md
• collection-types.md
• sql-injection.md
• cfg-test-misuse.md
• error-messages.md
• duplicate-validators.md
• builtin-preference.md

Table of Contents

• Quick Start
• When to Use
• Required TodoWrite Items
• Progressive Loading
• Core Workflow
• Rust Quality Checklist
• Safety
• Correctness
• Performance
• Idioms
• Output Format
• Summary
• Ownership Analysis
• Error Handling
• Concurrency
• Unsafe Audit
• [U1] file:line
• Dependencies
• Recommendation
• Exit Criteria

Rust Review Workflow

Expert-level Rust code audits with focus on safety, correctness, and idiomatic patterns.

Quick Start

/rust-review

Verification: Run the command with --help flag to verify availability.

When To Use

• Reviewing Rust code changes
• Auditing unsafe blocks
• Analyzing concurrency patterns
• Dependency security review
• Performance optimization review

When NOT To Use

• General code review without Rust - use unified-review
• Performance profiling - use parseltongue:python-performance pattern

Required TodoWrite Items

1. rust-review:ownership-analysis
2. rust-review:error-handling
3. rust-review:concurrency
4. rust-review:unsafe-audit
5. rust-review:cargo-deps
6. rust-review:evidence-log

Progressive Loading

Load modules as needed based on review scope:

Quick Review (ownership + errors):

• See modules/ownership-analysis.md for borrowing and lifetime analysis
• See modules/error-handling.md for Result/Option patterns

Concurrency Focus:

• See modules/concurrency-patterns.md for async and sync primitives

Safety Audit:

• See modules/unsafe-audit.md for unsafe block documentation

Dependency Review:

• See modules/cargo-dependencies.md for vulnerability scanning

Idiomatic Patterns:

• See modules/builtin-preference.md for conversion traits and builtin preference

Core Workflow

1. Ownership Analysis: Check borrowing, lifetimes, clone patterns
2. Error Handling: Verify Result/Option usage, propagation
3. Concurrency: Review async patterns, sync primitives
4. Unsafe Audit: Document invariants, FFI contracts
5. Dependencies: Scan for vulnerabilities, updates
6. Evidence Log: Record commands and findings

Rust Quality Checklist

Safety

• All unsafe blocks documented with SAFETY comments
• FFI boundaries properly wrapped
• Memory safety invariants maintained

Correctness

• Error handling complete
• Concurrency patterns sound
• Tests cover critical paths

Performance

• No unnecessary allocations
• Borrowing preferred over cloning
• Async properly non-blocking

Idioms

• Standard traits implemented
• Conversion traits preferred over helper functions
• Error types well-designed
• Documentation complete

Output Format

## Summary
Rust audit findings

## Ownership Analysis
[borrowing and lifetime issues]

## Error Handling
[error patterns and issues]

## Concurrency
[async and sync patterns]

## Unsafe Audit
### [U1] file:line
- Invariants: [documented]
- Risk: [assessment]
- Recommendation: [action]

## Dependencies
[cargo audit results]

## Recommendation
Approve / Approve with actions / Block

Verification: Run the command with --help flag to verify availability.

Exit Criteria

• All unsafe blocks audited
• Concurrency patterns verified
• Dependencies scanned
• Evidence logged
• Action items assigned