feat(java): provekit-java-self-contracts module + RPC orchestrator + KIT_TABLE wiring (closes #207)#240
Merged
Merged
Conversation
…KIT_TABLE wiring (closes #207) New Maven module `provekit-java-self-contracts` under `implementations/java/` provides the Side A substrate-driven conformance for the java kit per the (A)/(B) split (#176). Imports the just-landed `provekit-claim-envelope` (#208 / PR #228) for native BLAKE3 + JCS + Ed25519 + CBOR + envelope construction; no shell-out to another kit. ## Module shape - `Slab.java`: minimal in-module Collector + ContractDecl + JCS-Value formula DSL (var/const/ctor/atomic/forall/eq/gte/startsWith). Avoids building an authoring surface in `provekit-ir`; the bootstrap doesn't need one and rust hasn't lifted that surface yet. - `JavaKitInvariants.java`: 6 slabs (blake3, cbor, claim_envelope, ed25519, jcs, proof_envelope), 30 `java_*`-prefixed contracts. Mirrors the cross-kit pattern (csharp `*Invariants.Register()`, rust `.invariant.rs` + orchestrator `#[path]`). - `Orchestrator.java`: drains every slab, mints each contract via `ClaimEnvelope.mintContract`, builds the catalog via `ProofEnvelope.build`, computes `contractSetCid` with `ClaimEnvelope.computeContractSetCid`. Mirrors the C# `Program.MintOneRun` flow line-for-line. - `Rpc.java`: lift-plugin protocol (`provekit-lift/1`) on stdio NDJSON. Persistent daemon (handles initialize/lift/N times/shutdown), only exits on shutdown. Matches the daemon-lifecycle pattern established by PR #220 (ts) and the csharp peer. - `Main.java`: arg parse: `--rpc` -> Rpc.run(); else Orchestrator.runCli(). - `run-rpc.sh`: shell wrapper resolving java via `$JAVA`, `$JAVA_HOME`, `$PATH`, then Homebrew openjdk fallback (the macOS `/usr/bin/java` stub refuses to run when no JDK is registered in `/Library/Java/JavaVirtualMachines/`; we bypass it). - Shaded jar via `maven-shade-plugin` (BouncyCastle + claim-envelope bundled, BC signature files stripped so verification doesn't reject the relocated classes). ## Acceptance (#207) - [x] Maven module created, parent reactor updated. - [x] Module walks the kit's own contracts via JavaKitInvariants slabs. - [x] Emits proof-envelope to stdout under canonical `--rpc` framing. - [x] Lift surface manifest at `implementations/java/.provekit/lift/java-self-contracts/manifest.toml`. - [x] KIT_TABLE updated: `("java", "java", "java", "java")` -> `("java", "java", "java-self-contracts", "java")`. - [x] Pinned-CID test 9 in `mint_kit_integration.rs`; java moved from KITS_WITHOUT_LIFTERS to KITS_WITH_LIFTERS. - [x] `make mint-java` produces `contractSetCid: blake3-512:a22c9736...` (content-meaningful, not the empty-set sentinel `d53d18c2...`). - [x] `provekit prove implementations/java` exits 0. - [x] `mvn test` for the module: 5 passing (smoke tests for mint determinism + slab structure). ## mint-java output ``` catalog cid: blake3-512:93dd048300ce9db0454fae4dd9639deca7d200de2edc005672213aec492e75c95c342ad174e3850e8ec31cfe09403c8f772fafff778254ea246367648b3a0e39 contractSetCid: blake3-512:a22c97362e15faf1e848eeb7d668ba50eba8cfb851a72465f2cccb0ca9e12af198ec14cc0e65453a18b1e40bbd17497f8975b6e3625bbf2b6b31e6ca6aacb6e3 30 contracts across 6 slabs ``` ## KIT_TABLE diff ``` - ("java", "java", "java", "java"), + ("java", "java", "java-self-contracts", "java"), ``` ## Daemon-lifecycle adherence `Rpc.run()` reads NDJSON in a `while (line = readLine())` loop, dispatching `initialize`/`lift`/`shutdown`. Only `shutdown` returns from the loop; `initialize` and `lift` may be called any number of times before shutdown. Each `lift` mints into a fresh `Files.createTempDirectory` that's cleaned up before the response is emitted. Matches PR #220's "persistent-daemon-with-explicit-shutdown" contract. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (14)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 12 minutes and 58 seconds.Comment |
There was a problem hiding this comment.
Pull request overview
Adds a Java “self-contracts” lifter surface that can mint a deterministic proof-envelope via lift-plugin RPC, then wires --kit=java in the Rust CLI to use that surface and pins the resulting Java contractSetCid in the Rust integration suite.
Changes:
- Introduce new Maven module
provekit-java-self-contractswith slab authoring, mint orchestrator, and NDJSON JSON-RPC (--rpc) server. - Wire Rust CLI
KIT_TABLEso--kit=javaroutes tojava-self-contracts, and add a pinned JavacontractSetCidintegration test. - Add build + manifest plumbing (Makefile target, lift manifest, and attestation JSON update) so
make mint-javaproduces a content-meaningful CID.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| implementations/rust/provekit-cli/tests/mint_kit_integration.rs | Adds Java to “kits with lifters” and introduces pinned JAVA_CONTRACT_SET_CID test. |
| implementations/rust/provekit-cli/src/cmd_mint.rs | Routes --kit=java to the new java-self-contracts lift surface. |
| implementations/java/provekit-java-self-contracts/src/test/java/com/provekit/selfcontracts/OrchestratorTest.java | Smoke tests for determinism, structure, and naming invariants of authored contracts. |
| implementations/java/provekit-java-self-contracts/src/main/java/com/provekit/selfcontracts/Slab.java | Defines contract declaration model + small DSL for building JCS Value formula trees. |
| implementations/java/provekit-java-self-contracts/src/main/java/com/provekit/selfcontracts/Rpc.java | Implements lift-plugin JSON-RPC (initialize/lift/shutdown) over NDJSON on stdio. |
| implementations/java/provekit-java-self-contracts/src/main/java/com/provekit/selfcontracts/Orchestrator.java | Drives slab authoring, memento minting, proof-envelope build, and contractSetCid computation. |
| implementations/java/provekit-java-self-contracts/src/main/java/com/provekit/selfcontracts/Main.java | Entrypoint supporting standalone mode and --rpc mode. |
| implementations/java/provekit-java-self-contracts/src/main/java/com/provekit/selfcontracts/JavaKitInvariants.java | Authors the 6 slabs / 30 java_* kit-internal contracts. |
| implementations/java/provekit-java-self-contracts/run-rpc.sh | Shell launcher that locates a usable java and executes the shaded jar. |
| implementations/java/provekit-java-self-contracts/pom.xml | New shaded-jar module configuration and dependency on provekit-claim-envelope. |
| implementations/java/pom.xml | Registers the new Maven module in the Java reactor build. |
| implementations/java/.provekit/lift/java-self-contracts/manifest.toml | Declares the java-self-contracts lift surface manifest used by provekit-cli. |
| Makefile | Adds build-java-self-contracts and wires it into build-java/mint-java. |
| .provekit/self-contracts-attestations/java.json | Updates Java’s attestation to the newly minted cid/contractSetCid/signature. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+44
to
+47
| private static final Pattern ID_FIELD = Pattern.compile( | ||
| "\"id\"\\s*:\\s*(\"[^\"]*\"|\\d+|null|true|false)"); | ||
| private static final Pattern METHOD_FIELD = Pattern.compile( | ||
| "\"method\"\\s*:\\s*\"([^\"]*)\""); |
Comment on lines
+24
to
+29
| // Authoring surface: java-self-contracts. Slabs walked: | ||
| // - catalog_format 13 contracts mirroring rust catalog_format.rs | ||
| // | ||
| // Future slabs (lift_plugin_protocol cross-kit bridges, provekit-claim-envelope | ||
| // kit-internal invariants) are bootstrapped separately. This module ships | ||
| // with a content-meaningful contractSetCid as the first deliverable. |
| public final class Orchestrator { | ||
|
|
||
| public static final byte[] FOUNDATION_SEED = Ed25519.FOUNDATION_V0_SEED; | ||
| public static final String DECLARED_AT = "2026-04-30T18:00:00.000Z"; |
Comment on lines
+604
to
+612
| let (ok, stdout, stderr) = run_mint("java"); | ||
| if !ok { | ||
| eprintln!( | ||
| "java kit: mint failed (java/jar may not be available)\n stderr: {stderr}" | ||
| ); | ||
| // Skip rather than fail -- jdk + built jar may not be present in | ||
| // every test environment. CI builds the jar via `make build-java-self-contracts`. | ||
| return; | ||
| } |
This was referenced May 4, 2026
ConstCorrectness
pushed a commit
to ConstCorrectness/provekit
that referenced
this pull request
May 6, 2026
…Savo#325) Pre-fix: cmd_prove duplicated a hardcoded KIT_TABLE that mapped kit_alias → surface=kit_alias (e.g. cpp → cpp). Post all the KIT_TABLE updates in cmd_mint (PRs TSavo#176, TSavo#180, TSavo#183, TSavo#217, TSavo#234, TSavo#240, TSavo#243, TSavo#272, etc.), the canonical mapping is kit_alias → <kit>-self-contracts. Symptoms on main: - prove-cpp: surface `cpp` not in capabilities.authoring_surfaces [`cpp-self-contracts`] — C4 verifier rejects. - prove-swift: lifter binary `provekit-lift-swift` not found (Swift Package builds `mint-swift-self-contracts`, not that). Fix: - Make `cmd_mint::KIT_TABLE` and `cmd_mint::resolve_kit` `pub(crate)` - Delete cmd_prove's duplicate hardcoded table - cmd_prove::resolve_kit now adapts cmd_mint::resolve_kit (drops lang_key field — prove doesn't write attestations) - capture_rpc loads the manifest at the correct surface path (manifest dispatch was already correct; only the surface name resolution was wrong) Tests: 18/18 cmd_prove pass, including new regression tests: - resolve_kit_cpp_uses_self_contracts_surface_issue_325 - resolve_kit_swift_uses_self_contracts_surface_issue_325 - resolve_kit_agrees_with_cmd_mint_for_all_kits (cross-check prove ↔ mint to prevent recurrence) - swift_manifest_command_is_not_hardcoded_provekit_lift_swift Closes TSavo#325. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New Maven module
provekit-java-self-contractsunderimplementations/java/provides Side A substrate-driven conformance for the java kit per the (A)/(B) split (#176). Imports the just-landedprovekit-claim-envelope(PR #228) for native BLAKE3 + JCS + Ed25519 + CBOR + envelope construction; no shell-out to another kit.java_*-prefixed contracts about the kit's own public surfaceRpc.java: persistent-daemon NDJSON handler on stdio. initialize / lift / shutdown; only shutdown exits the loop. Matches PR feat(ts): wire --kit=ts to typescript-self-contracts surface + RPC mode (closes #204) #220's lifecycle patternmaven-shade-plugin(BouncyCastle + claim-envelope bundled, BC signature files stripped)run-rpc.shresolvesjavavia$JAVA->$JAVA_HOME-> PATH -> Homebrew openjdk fallback (works around the macOS/usr/bin/javastub which refuses to run when no JDK is registered in/Library/Java/JavaVirtualMachines/)("java", "java", "java", "java")->("java", "java", "java-self-contracts", "java")JAVA_CONTRACT_SET_CID = blake3-512:a22c9736...; java moved fromKITS_WITHOUT_LIFTERStoKITS_WITH_LIFTERSAcceptance (closes #207)
implementations/java/provekit-java-self-contracts/Maven module (registered in parentpom.xml)provekit-irCollector surface is intentionally out of scope for the bootstrap)--rpclift-protocol framingjava-self-contractslift surface manifest atimplementations/java/.provekit/lift/java-self-contracts/manifest.tomlKIT_TABLEinimplementations/rust/provekit-cli/src/cmd_mint.rsmint_kit_integration.rsmake mint-javaproduces a content-meaningfulcontractSetCidprovekit prove implementations/javaexits 0mint-java output
KIT_TABLE diff
Daemon-lifecycle adherence
Rpc.run()reads NDJSON in awhile (line = readLine())loop, dispatchinginitialize/lift/shutdown. Onlyshutdownreturns from the loop.initializeandliftcan be called any number of times before shutdown. Eachliftmints into a freshFiles.createTempDirectorythat's cleaned up before the response is emitted. This matches PR #220's "persistent-daemon-with-explicit-shutdown" contract.Test plan
mvn -pl provekit-java-self-contracts -am testpasses (5/5: mint determinism, contract uniqueness, slab structure, java_*-prefix invariant, content-meaningful CID)cargo test -p provekit-cli --test mint_kit_integration java_kit_pins_expected_contract_set_cidpassescargo test -p provekit-cli --test mint_kit_integration all_kits_mint_produces_valid_attestation_structurepassescargo test -p provekit-cli --test mint_kit_integration kits_without_lifters_produce_empty_set_cidpasses (java is no longer in that set)cargo test -p provekit-cli --bin provekit cmd_mint9/9 passes (includingresolve_kit_all_11_kits)make mint-javasucceeds; verifier accepts the new signed attestationOut-of-scope notes
lift_plugin_protocolbridges (the phase-2 closed-loop bridge dance go does in PASS 2) are NOT authored in this bootstrap. The Java kit's contract slab list is the kit-internal surface only, mirroring the csharp peer's pattern (substrate API contracts, not protocol-rule contracts). Rust authorscatalog_formatrules; csharp/cpp/go/ts do not. Java aligns with the larger group.provekit provelevel, not at the contract-set CID level. Each kit's contractSetCid is its own content-address; the bridge layer is what connects them.🤖 Generated with Claude Code