If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/racer-rust/racer shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• 18 active contributors
• Distributed ownership (top contributor 35% of recent commits)
• MIT licensed
• CI configured
• Tests present
• ⚠ Stale — last commit 2y ago

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live racer-rust/racer repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/racer-rust/racer.

What it runs against: a local clone of racer-rust/racer — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in racer-rust/racer | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 930 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of racer-rust/racer. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/racer-rust/racer.git
#   cd racer
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of racer-rust/racer and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "racer-rust/racer(\\.git)?\\b" \\
  && ok "origin remote is racer-rust/racer" \\
  || miss "origin remote is not racer-rust/racer (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "src/racer/lib.rs" \\
  && ok "src/racer/lib.rs" \\
  || miss "missing critical file: src/racer/lib.rs"
test -f "src/racer/core.rs" \\
  && ok "src/racer/core.rs" \\
  || miss "missing critical file: src/racer/core.rs"
test -f "src/racer/nameres.rs" \\
  && ok "src/racer/nameres.rs" \\
  || miss "missing critical file: src/racer/nameres.rs"
test -f "src/racer/typeinf.rs" \\
  && ok "src/racer/typeinf.rs" \\
  || miss "missing critical file: src/racer/typeinf.rs"
test -f "src/racer/ast.rs" \\
  && ok "src/racer/ast.rs" \\
  || miss "missing critical file: src/racer/ast.rs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 930 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~900d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/racer-rust/racer"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Racer is a Rust code completion engine that provides IDE and editor integration (via the racer binary at src/bin/main.rs) for autocomplete and documentation lookup. It parses Rust source code using custom AST walking (src/racer/ast.rs) and resolves type information by analyzing both user code and the Rust standard library via metadata crates, enabling real-time code intelligence without requiring full compilation. Monorepo with workspace members: core logic in src/racer/ (lib.rs is the main entry), CLI binary at src/bin/main.rs, metadata extraction as a separate crate (metadata/ with Cargo.toml and JSON test fixtures), string interning utility (interner/), and test utilities (testutils/). Name resolution (nameres.rs), code iteration (codeiter.rs), and AST handling (ast.rs, ast_types.rs) are the primary submodules.

Rust developers using editors like Vim, Emacs, or Sublime Text who need code completion and eldoc (function signature help) before rust-analyzer became the standard. Extension maintainers for legacy Rust editor tooling and developers working in constrained environments where rust-analyzer is unavailable.

Racer is unmaintained and deprecated — the README explicitly states 'Racer is not actively developed now' and recommends rust-analyzer instead. It uses nightly Rust (rust-toolchain.toml) and has CI via GitHub Actions (ci.yml), but the lack of active maintenance and shift of the ecosystem to rust-analyzer means new Rust projects should not adopt it.

High risk: the project is explicitly deprecated with no active development. Dependencies include rustc-private features (Cargo.toml metadata.rust-analyzer.rustc_private = true), which are unstable and break across Rust versions; the nightly-only requirement (rust-toolchain.toml) means compilation can fail unpredictably. No clear issue triage or PR process visible, and reliance on system Rust source (via RUST_SRC_PATH environment variable) adds fragile runtime configuration.

No active development — the project is in maintenance mode or archived. The last substantive work appears to be version 2.2.2 (Cargo.toml), with the CI pipeline (ci.yml) still present but likely no recent commits. The README changelog and deprecation notice indicate this is a historical artifact with no ongoing feature work or bug fixes.

git clone https://github.com/racer-rust/racer.git
cd racer
rustup toolchain install nightly
rustup component add rustc-dev --toolchain=nightly
rustup component add rust-src
cargo +nightly build --release
./target/release/racer --version

Daily commands:

cargo +nightly build --release
./target/release/racer complete src/lib.rs 10 20
./target/release/racer find-definition src/lib.rs 10 20
./target/release/racer --help

(The binary expects file path, line, and column as positional arguments; see src/bin/main.rs for full command structure.)

• src/racer/lib.rs — Main library entry point defining the public API for code completion queries and result types
• src/racer/core.rs — Core completion engine implementing the find_definition and complete_from_path logic
• src/racer/nameres.rs — Name resolution engine for module and symbol lookup across crates and scopes
• src/racer/typeinf.rs — Type inference system for resolving variable and expression types needed for completion
• src/racer/ast.rs — AST parsing and traversal logic for extracting Rust syntax structure
• src/bin/main.rs — CLI entry point for the racer command-line tool interface
• metadata/src/lib.rs — Cargo metadata parsing for resolving external crate dependencies

• AST Parser (ast.rs, codeiter.rs) (Rust rustc internals) — Tokenizes and parses Rust source into AST, enabling syntactic analysis
  • Failure mode: Parse errors on non-standard syntax; skips macros or procedural code
• Name Resolver (nameres.rs, fileres.rs) (Cargo metadata, module hierarchy) — Maps identifiers to definitions across modules, crates, and imports
  • Failure mode: Fails on circular dependencies, unresolved paths, or glob import ambiguity
• Type Inference (typeinf.rs) (Rust type system, trait resolution) — Determines types of expressions and enables type-based completion (methods, fields)
  • Failure mode: Cannot infer generic types; limited trait impl resolution
• Scope Analyzer (scopes.rs) (AST traversal, scope stacking) — Tracks variable bindings, lifetimes, and scope boundaries for symbol visibility
  • Failure mode: Misses closure captures; incorrect scope for macros
• Project Model (project_model.rs, metadata/) (Cargo, toml parsing) — Parses Cargo.toml and resolves crate dependencies
  • Failure mode: Fails on workspace manifests, path dependencies with issues
• Completion Engine (core.rs) (All of above) — Orchestrates all components to generate matches and rank results
  • Failure mode: Slow on large codebases; ranking can be unpredictable

• Editor/CLI → racer core.rs — User requests completion at (file_path, line, col)
• core.rs → ast.rs — Parses source file into AST
• core.rs → nameres. — undefined

Add a new completion matcher

1. Define matcher logic in src/racer/matchers.rs using existing CamelCase/snake_case patterns (src/racer/matchers.rs)
2. Integrate matcher into src/racer/core.rs completion_at function (src/racer/core.rs)
3. Add integration test in tests/ directory with test case (tests/YOUR_FEATURE.rs)

Add support for a new language construct

1. Add AST node type to src/racer/ast_types.rs (src/racer/ast_types.rs)
2. Implement parsing logic in src/racer/ast.rs (src/racer/ast.rs)
3. Add type inference rules to src/racer/typeinf.rs if needed (src/racer/typeinf.rs)
4. Add scope/binding handling to src/racer/scopes.rs if needed (src/racer/scopes.rs)

Add support for a new crate resolution method

1. Extend metadata parsing in metadata/src/lib.rs (metadata/src/lib.rs)
2. Update Cargo.toml parsing in src/racer/project_model.rs (src/racer/project_model.rs)
3. Integrate with src/racer/nameres.rs for module lookup (src/racer/nameres.rs)

• Rust + rustc-dev — Racer is a Rust tool that leverages rustc internals for accurate type information and AST parsing
• Cargo metadata crate — Required to parse Cargo.toml and resolve external crate dependencies programmatically
• rls-span (Rust Language Server span types) — Standard types for representing source code locations and ranges used across Rust tooling
• lazy_static / lazycell — Used for caching expensive computations like metadata parsing across multiple completion requests

• Manual AST traversal instead of tree-sitter

  • Why: Direct access to rustc AST structures provides more accurate Rust semantics
  • Consequence: Tightly coupled to rustc versions; requires nightly Rust; harder to maintain as rustc evolves

• Synchronous, blocking completion queries

  • Why: Simpler architecture without async/threading complexity
  • Consequence: Editor responsiveness depends on completion latency; cannot process large crates efficiently

• Single-threaded analysis without incremental compilation

  • Why: Avoids concurrency bugs and simplifies state management
  • Consequence: Slow for large projects; re-parses files on each query

• Real-time as-you-type completion (requires incremental analysis)
• Windows platform support (historically Linux/macOS focused)
• IDE integration (provides CLI only; editors implement their own bindings)
• Refactoring or code transformation (completion-only)
• Cross-project workspace navigation (single-crate focus)

1. Nightly Rust requirement: uses #[feature(rustc_private)] (Cargo.toml metadata) which breaks frequently; Rust version mismatches cause immediate compilation failure. 2. RUST_SRC_PATH env var: stdlib completion fails silently if Rust sources are not installed via rustup component add rust-src and the env var is not set to the correct sysroot path (varies by toolchain version — old paths use /src, new ones use /library). 3. Metadata crate builds separately: metadata/ has its own Cargo.toml and must be built before the main binary; feature flags control metadata support. 4. Interned strings: interner/ crate is used for string pooling; changes to interning can silently break matching logic without compiler errors.

• Recursive descent parsing — Racer's ast.rs uses hand-written token walking instead of parser generators; understanding this pattern is essential to modifying completion detection
• String interning — The interner/ crate pools string allocations for performance; Racer uses interned symbols for fast name comparison during completion matching
• Scope and name resolution — Racer's nameres.rs walks module trees and import declarations to resolve qualified names; this is the core of accurate completion filtering
• Symbol table — Racer builds an implicit symbol table from AST traversal; understanding how names are tracked across scopes is critical for fixing name collision bugs
• Metadata extraction via Cargo — The metadata/ crate parses Cargo.toml and calls cargo as a CLI subprocess to index dependencies without parsing their source; this pattern enables completion for external crates
• Lazy evaluation — Racer uses lazycell for deferred computation (e.g. avoiding AST re-parsing for repeated queries); key to performance on large codebases
• rustc_private unstable API — Racer depends on nightly-only rustc internals (Cargo.toml metadata.rust-analyzer.rustc_private = true) for span tracking and type information; this is a fundamental source of its maintenance burden

• rust-analyzer/rust-analyzer — Modern replacement for Racer — the recommended solution for Rust IDE integration; uses incremental compilation and LSP instead of custom AST walking
• rust-lang/rust — Source of truth for Rust stdlib that Racer indexes; Racer depends on rustc-private APIs and Rust source code availability
• racer-rust/racer-emacs — Emacs frontend for Racer; demonstrates how to integrate Racer binary output into editor completion pipelines (now superseded by lsp-mode + rust-analyzer)
• racer-rust/racer-vim — Vim/Neovim integration for Racer; shows language server pattern pre-LSP standardization (relevant for understanding Racer's CLI design)

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add integration tests for metadata parsing with various Cargo.toml configurations

The metadata module (metadata/src/lib.rs, metadata/src/metadata.rs) has test data files (test-data-full.json, test-data-no-deps.json) but lacks comprehensive integration tests covering edge cases. The README indicates racer recently added metadata features, but there's no test coverage for malformed manifests, missing dependencies, or workspace configurations. Adding tests in metadata/tests/ would catch regressions and improve robustness.

• [ ] Add test cases in metadata/tests/manifest.rs for: workspace with interdependent crates, cyclic dependencies, missing Cargo.toml files
• [ ] Add test cases for metadata parsing errors: invalid JSON, corrupted version strings, missing required fields
• [ ] Verify the test fixtures in fixtures/arst/ and test_project/ are used in these tests
• [ ] Run tests against both simple and complex Cargo workspaces to ensure metadata extraction works correctly

Add CI workflow for testing against multiple Rust nightly versions

The README states 'From 2.1, racer needs nightly rust' and Cargo.toml has rustc_private = true, but .github/workflows/ci.yml likely only tests a single nightly version. Nightly versions can have breaking changes. Adding a matrix strategy to test against multiple recent nightly versions would catch compatibility regressions early and provide confidence for users on different nightly builds.

• [ ] Review current .github/workflows/ci.yml to understand the existing CI setup
• [ ] Extend the workflow with a matrix strategy testing against: current nightly, nightly-2 weeks ago, nightly-4 weeks ago
• [ ] Add conditional failure handling so one nightly version failure doesn't block the entire CI (use allow-failure or separate jobs)
• [ ] Document the tested nightly versions in rust-toolchain.toml comments

Extract and test codecleaner.rs and codeiter.rs with comprehensive unit tests

src/racer/codecleaner.rs and src/racer/codeiter.rs are critical parsing components but have minimal visible test coverage in the file structure. These modules handle source code tokenization and cleaning—bugs here directly impact completion accuracy. Adding dedicated unit tests with edge cases would improve code quality and make future refactoring safer.

• [ ] Create new test module in src/racer/codecleaner.rs for: comments (single-line, multi-line, nested), string literals (raw strings, byte strings), macro invocations
• [ ] Create new test module in src/racer/codeiter.rs for: iterator bounds, cursor positioning at various code locations, handling of different bracket types
• [ ] Add fixture files in fixtures/ for complex real-world code patterns (macros, procedural macros, conditional compilation)
• [ ] Cross-reference tests with existing test_project/src/ test cases to ensure coverage of actual use cases

• Add integration tests for cross-crate imports (src/racer/nameres.rs): currently lacks explicit tests for resolving symbols from external crates listed in Cargo.toml; add test fixture to fixtures/arst/src demonstrating pub struct exported from a dependency and verify completion finds it.
• Improve error messages in metadata parsing (metadata/src/lib.rs): JSON deserialization failures are silent; add structured error types and emit diagnostics when Cargo.toml parsing fails, matching the pattern in src/racer/fileres.rs.
• Document CLI flags and examples in README.md: the README lacks examples of actual racer CLI invocations (position format, output format); add concrete command examples for complete, find-definition, and get-docs with sample output.

Racer is a Rust code completion utility with moderate security concerns. Primary risks include outdated dependencies with potential known vulnerabilities, reliance on unstable Rust compiler internals (rustc_private), and the project's unmaintained status. The codebase shows no obvious injection risks or credential exposure issues. The architectural design (static analysis tool, no network services) limits attack surface. However, the combination of outdated dependencies and lack of active maintenance makes this unsuitable for security-sensitive environments. Immediate actions should include: (1) updating dependencies and running security audits, (2) evaluating alternatives like rust-analyzer, and (3) implementing a security patch policy if continued use is required.

• Medium · Outdated Dependencies with Known Vulnerabilities — Cargo.toml. Several dependencies are pinned to older versions that may contain known security vulnerabilities. Notable examples: clap 2.32 (released 2018), env_logger 0.7.1 (2019), and lazy_static 1.2 (2018). These versions are significantly outdated and may have unpatched security issues. Fix: Update all dependencies to their latest stable versions. Run 'cargo update' and use 'cargo audit' to identify and remediate known vulnerabilities. Consider using cargo-deny or similar tools in CI/CD to prevent vulnerable dependencies.
• Medium · Use of Unstable Rust Features — Cargo.toml (package.metadata.rust-analyzer), README.md. The package metadata indicates use of #[feature(rustc_private)], which requires nightly Rust. This creates a dependency on unstable compiler internals that may change without notice, introducing maintenance and stability risks. Additionally, the README explicitly states the project requires nightly Rust. Fix: Evaluate the necessity of rustc_private features. If possible, migrate to stable Rust APIs. If nightly is required, implement robust error handling and version pinning. Document the specific nightly requirements clearly.
• Low · Project Marked as Not Actively Maintained — README.md. The README explicitly states 'Racer is not actively developped now' and recommends users switch to rust-analyzer. An unmaintained project poses security risks due to lack of security patches and updates. Fix: If using this in production, migrate to an actively maintained alternative (rust-analyzer is recommended). If maintaining internally, establish a security patch policy and regular dependency audit schedule.
• Low · Relaxed Debug Profile in Release Builds — Cargo.toml ([profile.release] section). The release profile explicitly sets 'debug = false', which disables debug symbols. While this reduces binary size, it also removes debugging information that could be valuable for security incident response and vulnerability analysis. Fix: Consider setting 'debug = 1' or 'debug = true' to maintain minimal debug symbols for production builds. This aids in security analysis without significantly impacting performance. Document the reason for the current configuration more thoroughly.
• Low · Missing Security Policy Documentation — Repository root. The repository lacks a SECURITY.md file or documented security vulnerability reporting process. There's no clear guidance for security researchers to responsibly disclose vulnerabilities. Fix: Create a SECURITY.md file that outlines vulnerability disclosure procedures, expected response times, and contact information for security issues. This enables responsible disclosure.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.