fix(cli): wire --kit=cpp to cpp-self-contracts surface (closes #203)#217
Merged
Conversation
KIT_TABLE entry for cpp updated: surface changed from 'cpp' to 'cpp-self-contracts'. The cpp-self-contracts/manifest.toml already existed pointing at ./target/mint_cpp_self_contracts. This makes --kit=cpp invoke the slab-walking binary rather than the generic cpp lifter, producing a content-meaningful contractSetCid (0e17f718...) instead of the empty-set sentinel. Mirrors the go (PR #180) and rust (PR #183) pattern. Adds test 8: cpp_kit_contract_set_cid_is_pinned_to_self_contracts_canonical to mint_kit_integration.rs, pinning the canonical cpp contractSetCid as a regression gate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 16 minutes and 59 seconds.Comment |
4 tasks
There was a problem hiding this comment.
Pull request overview
This PR updates the Rust CLI’s kit routing so provekit mint/prove --kit=cpp uses the canonical C++ self-contracts surface, and adds a regression test that pins the expected C++ contractSetCid to prevent future routing drift.
Changes:
- Route
--kit=cppto thecpp-self-contractslift surface inKIT_TABLE. - Add a pinned-CID integration test asserting
--kit=cppproduces the canonical self-contractscontractSetCid.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| implementations/rust/provekit-cli/src/cmd_mint.rs | Updates KIT_TABLE so cpp resolves to cpp-self-contracts surface. |
| implementations/rust/provekit-cli/tests/mint_kit_integration.rs | Adds a constant + Test 8 pinning the canonical C++ contractSetCid for --kit=cpp. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
97
to
101
| ("rust", "rust", "rust-self-contracts", "rust"), | ||
| ("go", "go", "go-self-contracts", "go"), | ||
| ("cpp", "cpp", "cpp", "cpp"), | ||
| ("cpp", "cpp", "cpp-self-contracts", "cpp"), | ||
| ("ts", "typescript", "typescript", "ts"), | ||
| ("csharp", "csharp", "csharp", "csharp"), |
This was referenced May 4, 2026
TSavo
added a commit
that referenced
this pull request
May 4, 2026
…closes #211) Side A substrate-conformance work for the swift kit. Two related changes, both required for issue #211 acceptance: 1. SwiftSyntax-based lifter (Path B): replaces regex-v0 in `SwiftLifter.swift` with a real AST walker using Apple's official swift-syntax 600.x library. The wire shape (declarations, callEdges, warnings) is byte-preserved; LSPTests' 11 integration tests pass unmodified. Adds InitializerDeclSyntax handling (regex-v0 never matched `init`); the addition is additive and downstream-safe. 2. swift-self-contracts lift surface + RPC mode (Path A): mirrors the PR #220 daemon-lifecycle pattern (ts Side A) and PR #217 (cpp Side A wiring). The swift mint binary now speaks the lift-plugin protocol over NDJSON-on-stdio: initialize -> lift (proof-envelope shape) -> shutdown, with stdin-EOF graceful exit per architect rule #3. * `MintSwiftSelfContracts/main.swift`: thin entry-point that branches on `--rpc` argv. Slab moved to `Slab.swift`; RPC handlers in `RPC.swift`. SPM compiles all three into one module. * `Slab.swift`: pure function `swiftSelfContracts() -> [Declaration]` authoring all 11 lift-plugin-protocol contracts (C1-C8, 11 facets), callable from both human and RPC entry points. * `RPC.swift`: NDJSON loop; `handleLift` walks the slab, computes content-meaningful CIDs, emits a proof-envelope. * `.provekit/lift/swift-self-contracts/manifest.toml`: declares surface + capabilities + binary path. Mirrors the ts/go/cpp peers. * `cmd_mint.rs`: KIT_TABLE swift entry routes to swift-self-contracts. Cross-kit IR byte-equality (per dispatch directive): - contractSetCid: byte-equivalent. Computed via the canonical formula blake3_512(JCS(sorted([contract_cid(c) for c in slab]))) where each contract_cid = blake3_512(JCS({name, outBinding, pre?, post?, inv?})), matching `provekit-claim-envelope::contract_cid` and `provekit-claim-envelope::compute_contract_set_cid` exactly. - proof-envelope bytes: NOT byte-equivalent. The swift kit emits a JCS-JSON catalog with self-identifying `kind: "swift-self-contracts-catalog-phase3-pending"` rather than the cross-kit CBOR-signed catalog. This is consistent with the existing Phase 3 deferral noted in `MintSwiftSelfContracts/main.swift:208-211` (now `main.swift:46-48`); a follow-up PR can land the full CBOR + Ed25519 envelope (mirroring PR #221 for python). The dispatcher only requires `kind:"proof-envelope"`, non-empty `filename_cid`, and decodable `bytes_base64` — all satisfied. The filename_cid changes whenever the slab changes, satisfying acceptance gate #2. Acceptance gate #4 ("provekit prove --kit=swift exits 0"): provekit prove doesn't accept --kit (see `provekit-cli/src/main.rs:119`); the intent is read as "mint pipeline succeeds end-to-end on macOS." `make mint-swift` runs cleanly and `verify-self-contracts` returns OK against the new attestation, demonstrating the full pipeline. - [x] `swift run conformance` (10/10 PASS) - [x] `swift run test-swift-lsp` (11/11 PASS — wire shape preserved) - [x] `swift run mint-swift-self-contracts` human mode (CID matches) - [x] `mint-swift-self-contracts --rpc` direct subprocess (initialize/lift/shutdown trip) - [x] `cargo test cmd_mint` (9/9 unit tests pass) - [x] `cargo test mint_kit_integration swift_kit_pins_expected_contract_set_cid` (PASS) - [x] `make mint-swift` end-to-end: contractSetCid pinned, attestation OK - [x] Three independent paths agree on contractSetCid blake3-512:272543ef... - swift contractSetCid: blake3-512:272543efe7c47b911659e1fc6a7368431b6eaa6010d2560a5d3e6717fcd470b50b24b607b481272941764b731d890d6973ab88e6000bde96fd306163a5742c56 Pre-existing test failures unrelated to #211: rust/cpp self-contracts binaries are not built in this worktree, causing `rust_kit_contract_set_cid_is_pinned_to_self_contracts_canonical` and `cpp_kit_contract_set_cid_is_pinned_to_self_contracts_canonical` to fall back to empty-set CIDs. Not a regression introduced by #211. Closes #211. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
TSavo
added a commit
that referenced
this pull request
May 4, 2026
…ing (closes #205) Side A bootstrap for the Python kit per issue #176. The orchestrator walks the canonical Python slab (5 slabs of 3 contracts each, 15 total: blake3 / jcs / cbor / signing / proof_envelope), mints each contract as a v1.2 layered signed memento under the foundation key, and bundles them into a `.proof` envelope whose filename IS its catalog CID. The KIT_TABLE flip routes `--kit=python` from the placeholder `python` surface to the new `python-self-contracts` surface, mirroring the rust / go / cpp / ts / ruby wiring pattern (PRs #180, #183, #217, #220, #234). The orchestrator imports the python claim-envelope substrate that landed in PR #232 (`ClaimEnvelope.from_contract_decl`, `compute_contract_set_cid`) plus the proof-envelope crypto primitives from PR #221 (`build_proof_envelope`, `Signer.foundation_v0`, `ed25519_pubkey_string`, `blake3_512_of`); no reimplementation. Unlike the ruby PR #234, no inline `mint_contract` port was needed because the python lib already exposes the full layered-mint API. The `--rpc` mode follows the daemon-lifecycle pattern PR #220 established: persistent NDJSON stdio loop, EOF on stdin = graceful shutdown, explicit `shutdown` method acks then exits, JSON-RPC error objects on parse / method-not-found / lift-failed without crashing. - [x] Orchestrator (`provekit-self-contracts.py` + bin shim `bin/mint-python-self-contracts`) walks the python slab, calls `ClaimEnvelope.from_contract_decl`, builds proof envelope via existing primitives. - [x] Speaks the canonical `--rpc` lift-protocol, emits proof-envelope to stdout with `kind`, `filename_cid`, `contract_set_cid`, `bytes_base64`, `diagnostics`. - [x] Add `python-self-contracts` lift surface manifest at `implementations/python/.provekit/lift/python-self-contracts/manifest.toml`. - [x] Update `KIT_TABLE` in `implementations/rust/provekit-cli/src/cmd_mint.rs` python entry surface from `"python"` to `"python-self-contracts"`. - [x] Add a pinned-CID test (`python_kit_pins_expected_contract_set_cid`) in `mint_kit_integration.rs`. Move `python` from `KITS_WITHOUT_LIFTERS` to `KITS_WITH_LIFTERS` AND `KITS_WITH_REAL_CONTRACTS`. - [x] `make mint-python` produces a content-meaningful contractSetCid (`blake3-512:b1de9417...`), not the empty-set sentinel. - [x] `provekit prove implementations/python` exits 0. - [x] Pinned-CID test passes. - [x] LSP daemon lifecycle is explicit (no orphan processes after the run): EOF on stdin or explicit `shutdown` returns 0. ```rust // before ("python", "python", "python", "python"), // after ("python", "python", "python-self-contracts", "python"), ``` ``` >> minting python self-contracts cid: blake3-512:64c8ddf3a7ef02c6d12665866e1c2483b59009830a5f27cee869b123d5ece63cccb7dc8d62002383f348b15cd866857de0c6a053dd2fc02e3d9356bd3295b0a4 contractSetCid: blake3-512:b1de941756d0a3b352ca79ebed8b75644b7c782c3afe4163273220384125ec100457d5e969a921b7ceb277e329a24c5a4ea21ffd54963b51c1756befdb1793dc OK .provekit/self-contracts-attestations/python.json (contractSetCid blake3-512:b1de941756d0a3b352ca79ebed8b75644b7c782c3afe4163273220384125ec100457d5e969a921b7ceb277e329a24c5a4ea21ffd54963b51c1756befdb1793dc) ``` The catalog CID and contractSetCid are byte-deterministic across two consecutive mint runs (orchestrator's built-in determinism check, plus the rust integration test). - Persistent NDJSON stdio loop (one process serves multiple `lift` calls). - `initialize` returns the protocol version, plugin name, and capabilities. - `lift` returns the `proof-envelope` shape with base64-encoded bytes. - `shutdown` writes the ack response and exits 0. - EOF on stdin = graceful shutdown (loop exit returns 0). - Errors emit JSON-RPC error objects (`-32700` parse, `-32601` method-not-found, `1005` LIFT_FAILED) without crashing the process. - [x] Direct CLI smoke (`python3 implementations/python/bin/mint-python-self-contracts /tmp/...`): passes; deterministic across runs. - [x] RPC smoke (initialize / lift / shutdown over stdin pipe): all three responses well-formed. - [x] `provekit mint --kit=python --quiet` (via the dispatcher): passes; emits the same `cid` / `contractSetCid`. - [x] `cargo test --release -p provekit-cli --test mint_kit_integration python_kit_pins_expected_contract_set_cid`: passes. - [x] `cargo test --release -p provekit-cli --test mint_kit_integration all_kits_mint_produces_valid_attestation_structure`: passes (python now in `KITS_WITH_LIFTERS` + `KITS_WITH_REAL_CONTRACTS`). - [x] `provekit prove implementations/python`: exit 0. - [x] All 143 pre-existing python pytest suites in `implementations/python/provekit-lift-py-tests/`: pass. - **Import path**: the bin shim prepends `provekit-lift-py-tests/src` to `sys.path` so the orchestrator works without `pip install -e .` (the `mint-python` Makefile target has no `build-python` dependency, unlike `test-python`). The orchestrator self-injects too as belt-and-suspenders. - **Python wheels**: `blake3`, `pynacl`, `cbor2` are declared dependencies of `provekit-lift-py-tests` and are installed in CI via `make test-python`'s `pip install -e .`. The pinned-CID test skips on toolchain failure (mirrors ruby/cpp/ts), so a missing wheel surfaces as test-skip rather than test-fail. - **No em-dashes** per CLAUDE.md: the docstrings and commit message use commas and parentheses. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
TSavo
added a commit
that referenced
this pull request
May 4, 2026
…loses #209) Side A bootstrap for the Ruby kit per issue #176. Walks the canonical Ruby slab (5 slabs, 15 contracts about blake3 / jcs / cbor / signing / proof_envelope), mints each as a layered signed memento under the foundation key (test seed [0x42; 32]), and bundles the result into a .proof envelope whose filename IS its catalog CID. The orchestrator is wireable through the rust CLI's `--kit=ruby` flow via the new lift surface manifest, then drives the canonical mint-and-attest pipeline (lift-protocol RPC over NDJSON-on-stdio, persistent daemon-with- explicit-shutdown lifecycle per PR #220 ts Side A). Components: - implementations/ruby/lib/provekit/self_contracts.rb — orchestrator with slab authoring, contractCid + contractSetCid + layered-memento mint (port of provekit-claim-envelope `mint_contract`), proof-envelope bundling, byte-determinism check, and `--rpc` mode. - implementations/ruby/bin/mint-ruby-self-contracts — entry point used by the lift surface manifest. Re-execs under Homebrew ruby (>= 3.0) when launched on the macOS system ruby. - implementations/ruby/.provekit/lift/ruby-self-contracts/manifest.toml — lift surface manifest declaring the RPC command, capabilities, and ir_version. - implementations/rust/provekit-cli/src/cmd_mint.rs — KIT_TABLE flip routing `--kit=ruby` from `ruby` to `ruby-self-contracts` (mirrors the rust/go/cpp/ts pattern from PR #180/#183/#217/#220). - implementations/rust/provekit-cli/tests/mint_kit_integration.rs — pinned-CID test for ruby plus list updates moving ruby out of KITS_WITHOUT_LIFTERS into KITS_WITH_LIFTERS / KITS_WITH_REAL_CONTRACTS. - .provekit/self-contracts-attestations/ruby.json — re-minted under the new orchestrator (now content-meaningful, no longer the empty-set sentinel). `make mint-ruby` produces: cid: blake3-512:6358ad54d0535d87be144d765127b7dcdde7fa6d807e27b8d85f4d3549609cd7fb573a711e7668152339753398c68dbb5e23dc2e0083ca5e7dc2c00e439d69da contractSetCid: blake3-512:961be80d8a5ae8f3d8255462fc1845d5b45f30c0b4412c9d8b354078d63096ba363b6ae0dea4f2e35141213dc5c6b855156f434b5620a345bfbc20725bee00ff `provekit prove implementations/ruby` exits 0. The new `ruby_kit_pins_expected_contract_set_cid` integration test passes; existing ruby unit tests under `implementations/ruby/test/` continue to pass on Homebrew ruby 3.x. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 4, 2026
ConstCorrectness
pushed a commit
to ConstCorrectness/provekit
that referenced
this pull request
May 6, 2026
…Savo#325) Pre-fix: cmd_prove duplicated a hardcoded KIT_TABLE that mapped kit_alias → surface=kit_alias (e.g. cpp → cpp). Post all the KIT_TABLE updates in cmd_mint (PRs TSavo#176, TSavo#180, TSavo#183, TSavo#217, TSavo#234, TSavo#240, TSavo#243, TSavo#272, etc.), the canonical mapping is kit_alias → <kit>-self-contracts. Symptoms on main: - prove-cpp: surface `cpp` not in capabilities.authoring_surfaces [`cpp-self-contracts`] — C4 verifier rejects. - prove-swift: lifter binary `provekit-lift-swift` not found (Swift Package builds `mint-swift-self-contracts`, not that). Fix: - Make `cmd_mint::KIT_TABLE` and `cmd_mint::resolve_kit` `pub(crate)` - Delete cmd_prove's duplicate hardcoded table - cmd_prove::resolve_kit now adapts cmd_mint::resolve_kit (drops lang_key field — prove doesn't write attestations) - capture_rpc loads the manifest at the correct surface path (manifest dispatch was already correct; only the surface name resolution was wrong) Tests: 18/18 cmd_prove pass, including new regression tests: - resolve_kit_cpp_uses_self_contracts_surface_issue_325 - resolve_kit_swift_uses_self_contracts_surface_issue_325 - resolve_kit_agrees_with_cmd_mint_for_all_kits (cross-check prove ↔ mint to prevent recurrence) - swift_manifest_command_is_not_hardcoded_provekit_lift_swift Closes TSavo#325. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
KIT_TABLEincmd_mint.rs: cpp entry surface changed from"cpp"to"cpp-self-contracts", so--kit=cpproutes to the slab-walkingmint_cpp_self_contractsbinary rather than the generic cpp liftercpp-self-contracts/manifest.tomlwas already present (pointing at./target/mint_cpp_self_contracts) -- no new manifest neededcpp_kit_contract_set_cid_is_pinned_to_self_contracts_canonical) mirroring the rust (PR fix(cli): wire --kit=rust to walk self-contracts canonical contracts (#176 Tier 1) #183) and go (PR fix(cli): wire --kit=go to go-self-contracts surface (#176 Tier 1) #180) pinning pattern; contractSetCid pinned atblake3-512:0e17f718...Test plan
make build-cppsucceeds, binary atimplementations/cpp/target/mint_cpp_self_contractsmake mint-cppproducescontractSetCid: blake3-512:0e17f718...(not the empty-setd53d18c2...)cargo test -p provekit-cli --test mint_kit_integrationreports 8/8 passCloses #203
🤖 Generated with Claude Code