Updating Dependencies at a later point in the app's lifecycle

[LucasVanDongen]

I'm investigating TCA in general and its dependency management in general. In general everything clicked together pretty well but I have trouble switching from log in to authenticated state. The authenticated state has several dependencies that can only work when a token is present.

While I understand there are ways to work around it, like updating a static dependency with the token and clearing it out again when logging out I would like to figure out if it's possible to update the dependency later on, so they will automatically disappear again when the AuthenticatedFeature ends when the user logs out. There are also other more complex scenarios imaginable where you really want to change behavior of a dependency depending on where you are in the application.

According to the docs I should use .dependency to change them, but with ifCaseLet I cannot access that token:

@Reducer(state: .equatable)
enum AppRootFeature {
    case authenticated(AuthenticatedFeature)
    case logIn(LogInFeature)

    public static var body: some ReducerOf<Self> {
        Reduce { state, action in
            switch action {
            case let .logIn(.authenticatedSuccessfully(token)):
                state = .authenticated(AuthenticatedFeature.State(token: token))
                return .none
            case .logIn:
                return .none // Ignore the rest
            case .authenticated:
                return .none // Ignore unless we would have log out functionality
            }
        }
        .ifCaseLet(\.logIn, action: \.logIn) {
            LogInFeature()
        }
        .ifCaseLet(\.authenticated, action: \.authenticated) {
            AuthenticatedFeature()
//                .dependency(\.userManager, UserManager(token: token)
//                .dependency(\.storyFetcher, .StoryFetcher(token: token)
        }._printChanges()
    }
}

I tried using the yet-to-be-merged ReducerReader feature, but I got stuck doing the implementation as the branch seems to be outdated and the examples were not complete working examples.

I think it was the way though.

The whole repo can be found here

Can somebody lend me a hand with this?

[kamcma]

I think ReducerReader is indeed what you want here. But you are right the PR is old and tabled for the time being. If you want to use ReducerReader, you should copy the implementation into your own project (it's one relatively short file). If and when the PR is revisited and merged, you can delete your local implementation then.

Maintainer gave similar advice in the Slack the other day:

I would just copy-paste it into your project. Someday it will make its way into TCA.

[LucasVanDongen]

I already included it in the project:
https://github.com/LucasVanDongen/SwiftDependencyInjectionCompared/blob/main/ComposableDependencies/ComposableDependencies/ReducerReader/ReducerReader.swift

I'll branch the repo with a ReducerReader variant

[mbrandonw]

Hi @LucasVanDongen, thanks for taking the time to create a project with many different styles of dependencies. However, your project does not currently compile due to a missing Package.swift. Can you update it so that it compiles?

[LucasVanDongen]

Somehow my local Package.swift wasn't included? My apologies, didn't do a clean clone check because I didn't consider the repo ready yet. Pushed it, tested it, seems to be working now.

[LucasVanDongen]

I've got it working like this:

struct Features: Reducer {
    @ObservableState
    enum State {
        case logIn(LogInFeature.State)
        case authenticated(AuthenticatedFeature.State)
    }

    enum Action {
        case logIn(LogInFeature.Action)
        case authenticated(AuthenticatedFeature.Action)
    }

    var body: some Reducer<State, Action> {
        CombineReducers {
            Reduce { state, action in
                switch action {
                case let .logIn(.authenticatedSuccessfully(token)):
                    state = .authenticated(AuthenticatedFeature.State(token: token))
                    return .none
                case .logIn:
                    return .none // Ignore the rest
                case let .authenticated(.authenticated(token)):
                    state = .authenticated(AuthenticatedFeature.State(token: token))
                    return .none
                case .authenticated:
                    return .none
                }
            }
            ReducerReader(reader: { state, action in
                switch state {
                case .logIn:
                    Scope(state: /State.logIn, action: /Action.logIn) {
                        let store = Store(initialState: state) {
                            self
                        }
                        LogInFeature(parentStore: store)
                    }
                case let .authenticated(state):
                    Scope(state: /State.authenticated, action: /Action.authenticated) {
                        AuthenticatedFeature()
                            .dependency(\.userManager, UserManager(token: state.token))
                            .dependency(\.storyFetcher, StoryFetcher(token: state.token))
                    }
                }
            })
        }
    }
}

However, the only feature that has these overwritten values is AuthenticatedFeature. I am looking for the best way to propagate these values to UserManagementFeature and StoriesFeature.

- Features
  | - LogInFeature
  | - AuthenticatedFeature
    | - UserManagementFeature
    | - StoriesFeature

So I see the following in may app when I run it:

...but print("Authenticated \(userManager.token)") in my AuthenticatedFeature will give the correct token value from the correct dependency.

---

I'm going to take a break from this and take a fresh breath. The progress up to this point is in the following branch / commit: LucasVanDongen/SwiftDependencyInjectionCompared@82f2e10

[mbrandonw]

Hey @LucasVanDongen, thanks again for taking the time to put this project together. It definitely helps us understand how you are approaching dependencies in a variety of ways.

There is a lot to respond here, so it's tough to know where to start. Let me start with some basics:

---

First, I really like that you have built the same tiny app using a variety of dependency styles. This makes it easy for people to study the differences and even contribute their own styles. However, the project still doesn't really compile cleanly on its own. I would recommend making all the projects iOS instead of macOS so that people don't have to mess with app signing, the Package.swift needs to target iOS 17+, and I recommend using https for git packages rather than SSH (it's more portable).

Also, the needle project still doesn't build. I needed to comment out the needle build script and shoehorn a @MainActor into the code to get Swift to compile it, though there are lots of warnings.

---

Second, you mentioned previously that a goal is to have the concept of a dependency that is somehow unavailable until the user authenticates. I believe that is what the AuthenticatedView is trying to demonstrate by having dependencies on a userManager and storyFetcher that each require a token to do their work.

However, most of the projects don't actually demonstrate that capability. You can create AuthenticatedView just fine without being authenticated, and the app will just be subtly broken without any warning.

The only ones that do have this behavior are "PassedDependencies" and NeedleDependencies", but in each of those projects the dependencies are just being passed around explicitly. I must admit, I don't really understand what needle is accomplishing in this project. It seems to be quite a bit work, and doesn't play nicely with Swift concurrency warnings or SwiftUI.

---

And finally, I have rebuilt your demo app using just our swift-dependencies library and vanilla SwiftUI. I'm not using TCA at all because it's really not necessary to get the benefits of dependencies. Here's the diff with your main (the first few files are just things I needed to do to get everything compiling):

LucasVanDongen/SwiftDependencyInjectionCompared@main...mbrandonw:SwiftDependencyInjectionCompared:main

I tried my hardest to keep the overall app structure true to what you have in the other apps. So I didn't change the dependencies at all, or the logic in the features, but I do think there is more room for simplifications and improvements.

There are some interesting things in this new SwiftDepedencies app target, and a few of the problems pointed out in your comments have actually been fixed.

For example, in the environment style of dependencies you run the risk of forgetting to set up dependencies in the view hierarchy, resulting either in the wrong dependency being silently used, or a loud crash. In particular, you need to make sure to do this:

AuthenticatedView()
  .environment(\.userManager, UserManager(token: token))
  .environment(StoryFetcher(token: token))

…when the app flips to an authenticated state. But also even this isn't ideal, because this only works (as you noted) for stateless dependencies, which is probably not super common.

This is solved in the SwiftDependencies project by creating the AuthenticatedModel model in an altered environment where the userManager and storyFetcher have been set up with tokens:

state = .authenticated(
  withDependencies(from: self) {
    $0.userManager = UserManager(token: token)
    $0.storyFetcher = StoryFetcher(token: token)
  } operation: {
    AuthenticatedModel()
  }
)

This statement runs only a single time, at the moment the app switches to authenticated mode. It doesn't matter how many times the view re-draws itself.

Further, these dependency changes are propagated deeply into the app but in a tree-like fashion. The dependency overrides are only active for AuthenticatedModel and its sub-models. Other models living side-by-side with AuthenticatedModel (such as LoggedOutModel) are not affected by these overrides. This is in stark contrast with singleton-based dependency libraries out there. Our swift-dependencies library does not use a global, mutable singleton.

As another example of a downside, in the Factory demo you have the following comment:

// If I would have these two steps reversed it would be broken, so slightly brittle

…with regards to these lines of code:

// First assign the dependencies
AuthenticatedDependenciesManager.handle(token: token)

// Then flip the UI switch
state = switch token.isEmpty {
case true: .loggedOut
case false: .authenticated(token: token)
}

And this definitely is subtle.

The SwiftDependencies project also fixes this problem, and with the same lines I pasted above:

state = .authenticated(
  withDependencies(from: self) {
    $0.userManager = UserManager(token: token)
    $0.storyFetcher = StoryFetcher(token: token)
  } operation: {
    AuthenticatedModel()
  }
)

This simultaneously populates the state to drive the navigation in the view and overrides dependencies for that child feature. There is no two-step process to get out of order because there is no global, mutable singleton. Everything is held in a TaskLocal which can only be mutated for a specifical lexical scope and propagated under very specific rules.

Next you have a few comments about the various "placeholder" dependencies you have:

// This implementation is used to prevent a `nil` value for this dependency while the user is not authenticated yet

…

// You have an issue if this function would actually be called

…

// If this function would ever be executed, we have a problem

And these comments are just purely aspirational right now. It is completely possible to accidentally use these placeholder dependencies in the environment and Factory projects.

Our swift-dependencies library also solves this problem. When registering the dependency with the library you can provide only a TestDependencyKey conformance, and leave off the DependencyKey conformance. This means you only have to provide a testValue, which is the version of the dependency that will be used in tests, and so it can just do mostly nothing:

struct TestStoryFetcher: StoryFetching {
  func fetchStories() async throws -> [Story] {
    return []
  }
}
private enum StoryFetcherKey: TestDependencyKey {
  static let testValue: any StoryFetching = TestStoryFetcher()
}

However, crucially, if this dependency is accessed in a "live" context (e.g. simulator or device), then a runtime warning will be emitted in Xcode letting you know that the dependency must be overridden.

For example, once the user is authenticated, what if we forgot to override the userManager and storyFetcher dependencies:

state = .authenticated(
  // withDependencies(from: self) {
  //   $0.userManager = UserManager(token: token)
  //   $0.storyFetcher = StoryFetcher(token: token)
  // } operation: {
    AuthenticatedModel()
  // }
)

Go ahead and try it out in my fork. You will find that once you get to the authenticated screen you immediately get purple runtime warnings in Xcode letting you know that the dependencies have not been overridden:

It's worth comparing this to your environment-based project, which will crash if you don't override the dependencies, or the Factory-based project, which will use a placeholder dependency with no warning.

And it technically is possible to structure dependencies in a way with our library that allows you to gain access to a dependency only after the user authenaticates, but it doesn't come for free (just as it doesn't come for free with the PassedDependencies or NeedleDependencies projects). We should get some documentation on this technique so that it can be publicly known.

Sorry this post was so long, but hopefully it helps a bit. And I specifically did not want to talk about TCA because I feel the discussion is about dependencies in general, and really doesn't have anything to do with TCA. However, all of the ideas mentioned above do work with TCA just fine. I did look at your branch a bit, but I can say that you definitely should not approach the problem that way. You should never hold onto a Store inside your reducer. Reducers are created many times, and that will result in creating many stores, and those stores will not actually be composed into the parent domain at all. I can sketch out a TCA version of the SwiftDependencies app if it's helpful.

[mbrandonw]

The only downside of it is that we need to continuously pass forward the token.

Isn't this true of Needle too? When the token is acquired from the logInSwitcher it's used to construct a component, which is used to construct the view:

case let .authenticated(token):
  let authenticatedComponent = rootComponent.authenticatedComponent(token: token)
  return AnyView(authenticatedComponent.authenticatedView)

But if you needed to navigate to another view from AuthenticatedView that needs access to an authenticated dependency, you would have no choice but to keep track of the token and pass it along.

You can simply ask for it and if somebody already added it somewhere back up the tree, it's immediately there to use.

I'm not sure I understand how that is possible in practice, and I don't see it being demonstrated in the demo project. Right now one only gets a authenaticated dependency by passing a token to a method on rootComponent and then passing that dependency to a view. How can one "simply ask for it" with no additional information, and have it provided to you? And how could that be statically contingent on the user being authenticated?

Would withDependencies be a safe way to propagate dependencies? Or would it revert to the default implementation once I forget it for in-between node?

withDependencies is the only way to propagate dependencies, and if you forget withDependencies(from:) to construct a child model it will revert back to the defaults. However, you will get a runtime warning when the child uses its dependency.

But as always, there are trade offs. Our swift-dependencies library is the only one out there (afaict) that truly offers tree-based propagation of dependencies without manually passing dependencies around, but at the cost of remembering to use withDependencies(from:). If that too much of a cost then the other libraries may be a better choice, but of course they have their own downsides too.

At the end of the day, there is no magical solution to dependency injection. It's always a push-pull relationship between safety and ergonomics (I talk about this here if you are interested in more details). Explicitly passing dependencies is the safest and least ergnomic, whereas a global, mutable singleton is the least safe yet super ergonomic. Our dependencies library tries to be somewhere in the middle. It is safe due to its use of TaskLocal, but slightly less ergnomic due to needing to use withDependencies(from:). However, we add additional tools to soften that ergonomic sharp edge, such as the purple runtime warnings in Xcode.

[LucasVanDongen]

Needle

The real difference with Needle is that you don't need to pass forward anything once it's in the tree. Here's an example of the logInSwitcher:

extension AuthenticatedComponent: AuthenticatedViewBuilding {
    var authenticatedView: AuthenticatedView {
        AuthenticatedView(
            logInSwitcher: dependency.logInSwitcher,
            component: self
        )
    }
}

It finds the logInSwitcher by accessing the (slightly magical looking) dependency variable.

It first needs to ask for that dependency through it's protocol:

protocol AuthenticatedDependency: Dependency {
    var logInSwitcher: any LogInSwitching { get }
}

This logInSwitcher is bridged through the generated code at NeedleGenerated.swift:

private class AuthenticatedDependencycda53ef9a0d1fafe1614Provider: AuthenticatedDependency {
    var logInSwitcher: any LogInSwitching {
        return rootComponent.logInSwitcher
    }
    private let rootComponent: RootComponent
    init(rootComponent: RootComponent) {
        self.rootComponent = rootComponent
    }
}

So if my AuthenticatedDependency would create another dependency that also would like to use the userManager it could easily access it by declaring it in its protocol without doing anything else. So the dependency-forwarding boiler plate code is still there, it's just not written by you anymore.

If you don't set up the required dependency in any of the Components toward the root, the build step that generates the could will output an error like this:

warning: ❗️ Could not find a provider for (logInSwitcher: LogInSwitching) which was required by AuthenticatedDependency, along the DI branch of  ^->RootComponent->AuthenticatedComponent.
warning: ❗️ Missing one or more dependencies at scope.

You still need to maintain an hierarchy of Components that are created by Components so they can pass along all of the dependencies closer to the root, so it's basically a Nested Factories Pattern with a bit of help to remove the boiler plate.

withDependencies

I really like the idea of seeing purple warnings when I miss to propagate a properly overridden. I don't see a way to do it better than that when you use a Service Locator type of approach and don't sneak in a build step. I am going to include an example of this.

And remember that in the end when swift-dependencies doesn't include this compile-time security, that doesn't mean a hard "no" for using this library, but it's just me informing the reader about the result of a trade-off, ease-of-use versus reliability. I like Factory (the framework) a lot and it's not better in this department.

[mbrandonw]

Hi @LucasVanDongen, thanks for taking the time to explain more about Needle. That definitely helps me understand more, and I was even able to get the needle build script working so that I could poke around it myself.

However, I still fail to really see what value all of this machinery is bringing. It seems to only bring a slight amount of safety and ergonomics to managing dependencies.

Now I fully admit that I may just not understand all the moving parts of Needle, so here's a very concrete example. Suppose I wanted to be able to navigate to a "settings" view from the "authenticated" view, and the settings view wants access to the loginSwitcher dependency and userManager dependency.

As far as I can tell, one way to start is define a new dependency protocol for all the things the settings feature wants access to:

protocol SettingsDependency: Dependency {
  var logInSwitcher: any LogInSwitching { get }
}

Now one interesting thing already here is that I cannot specify userManager in the protocol:

protocol SettingsDependency: Dependency {
  var logInSwitcher: any LogInSwitching { get }
  var userManager: any UserManaging { get }  // 🛑
}

This is because the userManager needs a token to be constructed, and so it must be put in a "component" where it has access to the token.

Speaking of which, next I can define a component for the settings feature like so:

class SettingsComponent: Component<SettingsDependency> {
  var userManager: any UserManaging {
    return shared { UserManager(token: token) }
  }

  let token: String

  init(
    parent: Scope,
    token: String
  ) {
    self.token = token
    super.init(parent: parent)
  }
}

Now we can express that we want the userManager dependency by holding onto a token. And this unfortunately spreads the dependencies a feature needs across two places: some dependencies in the Dependency conformance, and others in the Component subclass.

Moving on, we next define a way to derive a SettingsComponent from an AuthenticatedComponent by defining a method:

extension AuthenticatedComponent {
  func settingsComponent(token: String) -> SettingsComponent {
    SettingsComponent(parent: self, token: token)
  }
}

And this is what the needle CLI tool picks up in order to generate some code.

Next we can create a SettingsView that holds onto the SettingsComponent, and from that we have access to the logInSwitcher and userManager:

struct SettingsView: View {
  let component: SettingsComponent

  var body: some View {
    Form {
      Text("Token: \(component.token)")
      Button("Logout") {
        Task {
          await component.logInSwitcher.loggedOut()
        }
      }
    }
  }
}

And finally, from the AuthenticatedView I can present the SettingsView in a popover by invoking the settingsComponent method on component:

.popover(isPresented: $isPresented) {
  SettingsView(
    component: component.settingsComponent(token: component.token)
  )
}

I personally think that is actually quite a bit of code to accomplish something so simple. Also, dependencies are being passed around, whether you like it or not. The SettingsView holds onto a SettingsComponent, which must be passed in from the parent. Your code sample tended to use the pattern of defining a computed property on the component to construct a view, but that's just the same: component.featureView versus FeatureView(component: component). There just is no way to not pass these things around if you want static confirmation that a dependency is only available when the user is authenaticated.

And maybe all of this ceremony seems to bring some kind of safety to the situation in that you are not allowed to construct the settings component unless you have a token. But also, it's kind of just smoke and mirrors. There's nothing stopping you from just doing this:

.popover(isPresented: $isPresented) {
  SettingsView(
    component: RootComponent()
      .authenticatedComponent(token: "deadbeef")
      .settingsComponent(token: "deadbeef")
    )
  )
}

Not even the needle CLI tool catches this non-sensical thing.

It's worth pointing out what the equivalent looks like in the swift-dependencies version of the app that I linked to above. You would start by defining an observable object that declares its dependencies using @Dependency. The ones that don't need authentication can use the @Dependency(\.key) syntax, and the ones that do need auth will use a token passed in:

@Observable
class SettingsModel {
  @Dependency var userManager: any UserManaging
  @Dependency(\.logInSwitcher) var logInSwitcher

  init(token: String) {
    _userManager = Dependency(\.[userManagerForToken: token])
  }

  …
}

You define the view that uses the model:

struct SettingsView: View {
  let model: SettingsModel
  …
}

And you present the settings view from the authenticated view:

.popover(isPresented: $isPresented) {
  SettingsView(
    model: SettingsModel(token: model.userManager.token)
  )
}

And, that's it. And I don't think this is any less safe than Needle, but it's definitely a lot more ergonomic.

[LucasVanDongen]

Sorry for (again) leaving you for an answer for such a long time, but I had some severe issues to get Needle to co-operate with me. There is something to be said about great documentation. Did you know that Needle needs you to declare every dependency you want to share up the hierarchy public? Well after a few hours of fruitless What The GoshDarns I decided to check out the existing TicTacToe example they included and noticed every dependency that was shared was declared public.

Notice the complete absence of the word public on the only page of documentation you get: https://github.com/uber/needle/blob/master/API.md

I'm not sure if that example would even work?

But enough for my frustration, let's take a look what I finally got working:

---

This is a very remote Component that uses a dependency from both the RootComponent and AuthenticatedComponent:

protocol RemoteDependency: Dependency {
    var token: String { get }
    var logInSwitcher: any LogInSwitching { get }
}

class RemoteComponent: Component<RemoteDependency> {
    func primaryThing() -> String {
        "\(dependency.token)"
    }

    func buildAnotherThing() -> String {
        "\(dependency.logInSwitcher)"
    }
}

It looks like this in the generated code:

registerProviderFactory("^->RootComponent->AuthenticatedComponent->AnotherComponent->RemoteComponent", factory08e4610575c96545f557751f3184f163fec4c128)

So there's AnotherComponent in-between that I left out for brevity that does absolutely nothing (EmptyDependency, no properties of it's own except the one to generate RemoteComponent), just to make sure we're really looking at a real-life scenarios where Components get dependencies through other Component nodes that have zero knowledge of what they're passing forward dependencies.

RootComponent defines the logInSwitcher:

class RootComponent: BootstrapComponent {
   public var logInSwitcher: any LogInSwitching {
       shared { LogInSwitcher() }
   }
   ```
   
`AuthenticatedComponent` defines the `userManager`:

```swift
class AuthenticatedComponent: Component<AuthenticatedDependency> {
   public var userManager: any UserManaging {
       shared { UserManager(token: token) }
   }

Everything else is handled by the generated code, and by the fact that Needle is able to trace the chain of parents to the node that actually declares it.

---

Obviously in a more complex real-life scenario the AuthenticatedDependency would store a Session type of struct that would allow any child-node to create new dependencies that need a valid Session, or for example compare that a given chat message originates from the currently logged in user so it can be displayed differently.

But it's not necessary to create every instance of for example the userManager with that stored Session, once the userManager is built it will be either re-built from the parent component that has it, or return a shared instance.

####Back to your example

Once AuthenticatedComponent stores the token in a public var, all of the child Components can access it through their chain of parents.

class AuthenticatedComponent: Component<AuthenticatedDependency> {
  public let token: String // From here on, we can access this token in any child component
  
  init(parent: Scope, token: String) {
      self.token = token
  }    
  
  var settingsComponent: SettingsComponent {
    SettingsComponent(parent: self)
  }
}

we need to adjust the protocol a little bit

protocol SettingsDependency: Dependency {
  var logInSwitcher: any LogInSwitching { get }
  var token: String { get }  // this MUST exist as a `public var` in the `AuthenticatedComponent` (or any other parent)
}

...and then we can build UserManager or any other thing we want to build for this Component using the token accessing it through dependency.token.

Reduction of complexity and risk

When the amount of nested components grows, the complexity and/or risk of many other solutions grows exponentially, because either these components / features either need to know about what all of their child nodes need (like nested Factories), or could inadvertently break a child node without knowing (the @Environment(MyDependency.self) way).

When I maintained a widget somewhere deep inside the booking process in Booking.com, we had another team inadvertently cut one of our passed dependencies because they were replacing a certain piece of the booking process and had absolutely no warning we were no longer able to execute network requests. It was something we carried over from right from the start of the booking process to the end, but could not be created without starting a booking first, so it wasn't a service type of dependency.

So while their experiment slowly rolled out, we saw our sales drop slowly, initially thinking "just a bad day?" until it was abnormally low the next day. Lost sales and lost productivity as the other team had to roll back, fix, test, and redeploy while we spent time finding the issue and helping them fix it.

Needle would have:

• Prevented the manual pass-forward steps to begin with
• Stop the compilation of the project if by any chance our dependency was deleted at the parent node that was supposed to create it

[mbrandonw]

Hi @LucasVanDongen, thanks again for taking the time to look into all of this. That public thing is quite the gotcha! I will say that even still with that caveat aside, I'm not sure what Needle is buying over simpler tools.

The sequence of steps to build the settings feature I outlined above only slightly changes with your new found information:

Start by constructing a dependency protocol to list out everything you need:

protocol SettingsDependency: Dependency {
  var logInSwitcher: any LogInSwitching { get }
  var userManager: any UserManaging { get }
  var token: String { get }
}

(Let's also assume that AuthenticatedComponent has a public var token defined on it)

Then you define your SettingsComponent:

class SettingsComponent: Component<SettingsDependency> {
}

And then you define a computed property on AuthenticatedComponent to derive a SettingsComponent:

extension AuthenticatedComponent {
  var settingsComponent: SettingsComponent {
    SettingsComponent(parent: self)
  }
}

And then everything proceeds as before. You define a SettingsView that holds onto a SettingsComponent, and you present the SettingsView by passing along the component from the parent to the child.

But most importantly, you are explicitly passing a value through the feature hierarchy. It's just abstracted as this component thing that inherits from other components. But the component is what grants you access to the dependencies, and there is no way around passing it to any feature that needs dependencies.

And so in my opinion that isn't much different from simply passing along some kind of token that grants access to dependencies as I showed in the swift-dependencies demo of my fork:

@Observable
class SettingsModel {
  @Dependency var userManager: any UserManaging
  @Dependency(\.logInSwitcher) var logInSwitcher

  init(token: String) {
    _userManager = Dependency(\.[userManagerForToken: token])
  }

  …
}

No need to define a separate protocol just for settings dependencies, no need to rely on build tools and their quirks, but you get all the same safety. Child features do not need to pass along dependencies (except for token), and certain dependencies can only be accessed when the token is present.

When the amount of nested components grows, the complexity and/or risk of many other solutions grows exponentially, because either these components / features either need to know about what all of their child nodes need (like nested Factories), or could inadvertently break a child node without knowing (the @Environment(MyDependency.self) way).

FWIW, these concerns are not an issue with our swift-dependencies library. Child features get to declare what dependencies they need to do their job, and parent features can be completely oblivious to that. The only time a parent feature needs to care about what a child depends on is when the child uses a dependency that needs a token to access, and then it must pass along that token. But this really is no different than Needle. You are still passing around components that hold a token on the inside. Needle's CLI tool may cause build failures when it detects a token by used in the incorrect way, but you also get that for free with passing a token around to features like in SettingsModel above. No build tools or code generation necessary.

Needle would have:

• Prevented the manual pass-forward steps to begin with

I agree the situation you outlined at your work is definitely the nightmare scenario of dependencies. We just think that there are simpler solutions to that problem than what Needle proposes. But, can you explain how Needle avoids passing something through the feature hierarchy? That isn't demonstrated in your sample project, e.g. a LogInComponent is needed to construct a LogInView, an AuthenticatedComponent is needed to construct a AuthenticatedView, etc.