feat: Add WSC (Write-Streaming Columnar) snapshot format

[flyingrobots]

Summary

• Implements the WSC (Write-Streaming Columnar) snapshot format for deterministic serialization of WARP graph state
• Zero-copy mmap-based deserialization via WscFile and WarpView
• 8-byte aligned columnar layout for SIMD-friendly access
• Upgrades canonical state hash from V1 (u32 counts) to V2 (u64 counts)
• Refactors generated file convention from generated/*.rs to *.generated.rs

Test plan

• All 57 warp-core unit tests pass
• WSC module tests cover write/read/validate/view roundtrips
• DIND coverage and permutation invariance tests pass
• Pre-push hooks pass (clippy, rustdoc, banned patterns)

🤖 Generated with Claude Code

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Summary by CodeRabbit

• New Features

  • WSC snapshot format added with deterministic writer/reader/validator APIs and V2 canonical hashing.

• Documentation

  • Comprehensive WARP-GRAPH design and docs updated to describe WSC integration and APIs.

• Chores

  • Enhanced Git hooks: timing/logging, staged-aware checks, markdown lint on commits, stale-artifact sweep, ignore updates, and timing visualization tooling; added a dev dependency for charts.

• Bug Fixes

  • Fixed task-list matching in hook checks.

• Tests

  • Added WSC unit tests and hook verification scripts.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Adds a deterministic, zero-copy WSC snapshot subsystem to warp-core (types, read, view, validate, build, write), bumps canonical state hash to V2 (u64 counts/blobs) and updates testdata, introduces #[repr(transparent)] ID newtypes with as_bytes(), renames generated modules to *.generated.rs, and overhauls git hooks, scripts, and test fixtures.

Changes

Cohort / File(s)	Summary
Git hooks & ignore \.githooks/pre-commit, \.githooks/pre-push, \.githooks/pre-push-parallel, \.githooks/pre-push-sequential, \.gitignore	Rewrote hooks: pre-commit adds staged-file capture, markdownlint step, and sweep trigger; pre-push replaced with timing/logging driver that selects sequential/parallel variants; added parallel/sequential implementations; updated ignore rules for target-* dirs and .githooks/timing.jsonl.
Sweep script scripts/sweep-stale-artifacts.sh	New script to remove stale Rust incremental build caches across multiple target dirs/profiles (configurable age).
Pre-push timing & plotting scripts/plot-prepush-timing.mjs, package.json	New JSONL timing consumer and ASCII chart script; added asciichart devDependency.
Hook test harnesses tests/hooks/test_hook_issues.sh, scripts/test-hook-issues.sh	New automated tests verifying hook behaviors and previously fixed issues across hook scripts.
Echo DIND tests & harness crates/echo-dind-tests/src/lib.rs, crates/echo-dind-tests/src/codecs.generated.rs, crates/echo-dind-tests/src/type_ids.generated.rs, crates/echo-dind-tests/src/rules.rs, crates/echo-dind-harness/src/dind.rs	Replace generated module with codecs/type_ids (*.generated.rs), re-export SCHEMA_HASH, adjust imports/signatures, add lint allowances, switch DIND hash domain to DIND_STATE_HASH_V2.
Test fixtures (DIND) testdata/dind/*.hashes.json	Bulk updates: hash_domain V1→V2 and wholesale replacement of hashes_hex arrays across many fixtures — data changes only.
Bootstrap scripts scripts/bootstrap_*.mjs (several)	Updated source paths to crates/echo-dind-tests/src/codecs.generated.rs, adjusted SCHEMA_HASH regex/messages, added 64-hex validation; some scripts modify deterministic frame content.
Warp-core dependency crates/warp-core/Cargo.toml	Added bytemuck = "1.14" with features ["derive","extern_crate_std"].
Warp-core identity & hashing crates/warp-core/src/ident.rs, crates/warp-core/src/graph.rs	Added #[repr(transparent)] to ID newtypes and as_bytes() accessors; bumped canonical_state_hash header to "DIND_STATE_HASH_V2" and switched node/edge/blob counts from u32→u64; canonical_state_hash now #[must_use].
WSC top-level module crates/warp-core/src/lib.rs, crates/warp-core/src/wsc/mod.rs	New public wsc module with re-exports for build/read/types/validate/view/write and key types.
WSC build (deterministic conversion) crates/warp-core/src/wsc/build.rs	New build_one_warp_input producing deterministic OneWarpInput (sorted nodes/edges, canonical edge indices, 8‑byte aligned blobs); extensive tests added.
WSC types (on-disk layout) crates/warp-core/src/wsc/types.rs	New repr(C) fixed-size row/header types (NodeRow, EdgeRow, Range, OutEdgeRef, AttRow, WscHeader, WarpDirEntry) with LE accessors and Pod/Zeroable derives; size/stability tests.
WSC read primitives & errors crates/warp-core/src/wsc/read.rs	New zero-copy read helpers and comprehensive ReadError enum; validate_header, read_slice, read_bytes implemented with tests.
WSC view (zero-copy API) crates/warp-core/src/wsc/view.rs	New WscFile, WarpView, AttachmentRef providing safe zero-copy accessors and boundary-checked reads; open/from_bytes entry points and tests.
WSC validate crates/warp-core/src/wsc/validate.rs	pub fn validate_wsc(&WscFile) validating index ranges, ordering, attachment tags/reserved bytes, and blob bounds; tests for many error cases.
WSC write crates/warp-core/src/wsc/write.rs	Added OneWarpInput and write_wsc_one_warp to serialize a single WARP deterministically with 8-byte alignment; helpers and tests.
Graph design & docs docs/WARP-GRAPH.md, CHANGELOG.md, README.md, docs/meta/docs-index.md	Large design doc/spec for GraphStore→WSC integration, changelog entries for WSC and V2 hash bump, and docs index/readme updates.
Ban-nondeterminism allowlist .ban-nondeterminism-allowlist	Allowlisted intentional std::fs usage in new wsc modules for native snapshot I/O.
Generated-file naming & build scripts scripts/*bootstrap*.mjs, scripts/bootstrap_*.mjs	Transition from generated/* to *.generated.rs naming; scripts and schema-extraction regex/messages adjusted and validated.
Misc utilities scripts/plot-prepush-timing.mjs, scripts/sweep-stale-artifacts.sh, scripts/plot-prepush-timing.mjs	New timing plotting, sweeping, and assorted bootstrap/validation utilities.

Sequence Diagram(s)

sequenceDiagram
    rect rgba(200,200,255,0.5)
    participant Graph as GraphStore
    participant Build as build_one_warp_input
    participant OneWarp as OneWarpInput
    end
    rect rgba(200,255,200,0.5)
    participant Write as write_wsc_one_warp
    participant Bytes as Vec<u8>
    end
    rect rgba(255,200,200,0.5)
    participant View as WscFile::from_bytes
    participant Validate as validate_wsc
    end

    Graph->>Build: request OneWarpInput(root_node_id)
    Build->>Build: collect nodes/edges, sort, build indices, align blobs
    Build-->>OneWarp: return deterministic OneWarpInput
    OneWarp->>Write: serialize(schema_hash, tick)
    Write-->>Bytes: emit 8-byte aligned WSC bytes
    Bytes->>View: WscFile::from_bytes(bytes)
    View->>Validate: validate_wsc(WscFile)
    Validate-->>View: Result<(), ReadError>

Loading

sequenceDiagram
    participant Consumer as caller
    participant WscFile as WscFile::from_bytes
    participant WarpView as WarpView<'a'>
    participant Data as mmap/bytes

    Consumer->>WscFile: from_bytes(data)
    WscFile->>WscFile: validate_header(), locate WarpDirEntry
    WscFile->>WarpView: construct zero-copy slices (nodes, edges, atts, blobs)
    Consumer->>WarpView: node_ix(node_id) / blob_for_attachment(att)
    WarpView-->>Consumer: Option<usize> / Option<&[u8]> (zero-copy)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• feat(warp-core): Determinism Refactor (Float Audit + CBOR Protocol) #251 — Overlaps on canonical_state_hash V2 bump, DIND harness/testdata updates, and generated-file renaming.
• warp-core: WarpInstances + descended attachments (B1) #159 — Related edits touching ident newtypes (#[repr(transparent)], as_bytes) and canonical hashing changes.
• feat(core): math + engine spike (split PR 1) #7 — Shares surface changes around GraphStore snapshot/hash and identifier newtypes.

Poem

🧩 Align the bytes, let snapshots hum,
Newtypes stand clear—transparent, strict and numb.
V2 widens counts; indices march in line,
Build, write, read — deterministic and fine.
Tests stand watch; the pedant nods: "Design."

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main addition: the WSC (Write-Streaming Columnar) snapshot format implementation. Clear, specific, and directly reflects the primary changeset.
Description check	✅ Passed	The description is well-related to the changeset, covering the key aspects: WSC implementation, zero-copy deserialization, hash upgrade, and file convention refactoring. Provides test coverage evidence and references generated tooling.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch warp-graph

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d5f9b75191

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Reject out-of-bounds ranges instead of returning empty

These accessors use .get(start..start+len).unwrap_or(&[]), so if out_index (or the attachment index tables) contains a range that extends past the backing table, the view silently returns an empty slice. validate_wsc relies on these accessors, which means a corrupted WSC file can pass validation while dropping edges/attachments at read time, yielding an incomplete graph without any error. Consider surfacing range failures (or adding explicit range checks in validation) so invalid index/data tables are rejected instead of silently masked.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 16

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.githooks/pre-commit (1)

80-80: CRITICAL: Regex pattern is broken—will never match the intended files.

In single-quoted strings, bash passes the literal text to grep. The pattern WASM-TASKS\\.md in ERE means:

• \\ = literal backslash character
• . = any single character

So this matches strings like WASM-TASKS\Xmd (backslash + any char + "md"), not WASM-TASKS.md.

To match a literal dot, use a single backslash: \.

🐛 Proposed fix

-  if echo "$STAGED" | grep -E '^(WASM-TASKS\\.md|docs/tasks\\.md)$' >/dev/null; then
+  if echo "$STAGED" | grep -E '^(WASM-TASKS\.md|docs/tasks\.md)$' >/dev/null; then

🤖 Fix all issues with AI agents

In `@crates/echo-dind-tests/src/lib.rs`:
- Around line 8-15: Update the six bootstrap scripts to use the new generated
file paths by replacing any references to
"crates/echo-dind-tests/src/generated/codecs.rs" and
"crates/echo-dind-tests/src/generated/type_ids.rs" with the new filenames
"crates/echo-dind-tests/src/codecs.generated.rs" and
"crates/echo-dind-tests/src/type_ids.generated.rs"; look for usages that expect
the modules declared with #[path = "codecs.generated.rs"] pub mod codecs; and
#[path = "type_ids.generated.rs"] pub mod type_ids; (apply the same replacement
across scripts: bootstrap_dense_rewrite.mjs, bootstrap_dind_log.mjs,
bootstrap_randomized_order.mjs, bootstrap_randomized_convergent.mjs,
bootstrap_error_determinism.mjs, bootstrap_math_determinism.mjs) so they
reference the updated generated file locations and won’t crash at runtime.
- Around line 8-15: The generated modules codecs and type_ids must not suppress
missing_docs; either update the generator to emit rustdoc for all public items
(add doc comments for Theme, MotionV2View, MotionV2Builder, the ops module and
public functions/types, and remove any #![allow(missing_docs)] from the
generated files) or make the generated modules private (change pub mod codecs /
pub mod type_ids to mod codecs / mod type_ids) and provide hand-written,
documented public wrappers exposing the intended API; locate symbols codecs,
type_ids, Theme, MotionV2View, MotionV2Builder, and ops in the generated outputs
to ensure docs are added or the modules are made non-public and wrappers
created.

In `@crates/warp-core/src/wsc/build.rs`:
- Around line 91-98: The loop over bucket currently ignores edges when
edge_ix.get(&e.id) returns None; add a defensive assertion to catch this
invariant violation during development: inside the for e in bucket loop (where
OutEdgeRef is constructed), replace the silent if let Some check with a
debug_assert!(edge_ix.contains_key(&e.id), "...") or use expect on the lookup
(e.g. edge_ix.get(&e.id).expect(...)) so missing entries fail loudly; reference
the variables/functions: bucket, edge_ix, e.id, and OutEdgeRef to locate and
update the code.

In `@crates/warp-core/src/wsc/read.rs`:
- Around line 209-236: Add a test to ensure validate_header handles misaligned
input without panicking: create a Vec<u8> buffer, write WscHeader::MAGIC_V1 into
the buffer starting at offset 1, take a slice from that offset (misaligned for
WscHeader), call validate_header(&misaligned_slice) and assert it returns
Err(ReadError::Alignment(_)); this verifies the from_bytes alignment fix and
prevents panics in validate_header.
- Around line 129-130: validate_header currently uses bytemuck::from_bytes which
can panic on misaligned slices; change it to use bytemuck::try_from_bytes (or
try_from_bytes_mut as appropriate) to safely handle misaligned input and
propagate the Result. Locate validate_header and replace the from_bytes call
that creates a &WscHeader from data[..header_size] with
bytemuck::try_from_bytes<&WscHeader>(&data[..header_size]) (or
try_from_bytes_mut if mut needed), handle the returned Result (map or ?)
consistent with read_slice's use of try_cast_slice, and ensure the function
returns an error instead of panicking on alignment/size issues.

In `@crates/warp-core/src/wsc/validate.rs`:
- Around line 104-107: The reserved-byte check currently ignores non-zero
values; update the att.reserved0 check to fail fast by returning a validation
error (e.g., return Err(ValidateError::NonZeroReservedBytes { field:
"reserved0", value: att.reserved0.clone() }) ) or, if you intend leniency, emit
a clear warning via the crate logger (e.g., tracing::warn!) instead of an empty
block; locate the check on att.reserved0 in validate.rs and replace the empty
branch with one of these actions so non-zero reserved bytes are either rejected
or explicitly logged.
- Around line 44-57: The ordering-validation loops in validate.rs currently
detect but ignore node/edge ordering violations (the loops over nodes.windows(2)
and edges.windows(2)), so change them to return an error when window[0].node_id
>= window[1].node_id or window[0].edge_id >= window[1].edge_id; add (or use) a
specific error variant like OrderingViolation (or extend the existing validation
error enum) and return Err(ValidationError::OrderingViolation{kind:
"node"/"edge", previous_id: ..., current_id: ...}) from the function instead of
leaving the comment, ensuring the validate function fails fast on ordering
problems.
- Around line 127-216: Update the tests in the tests mod to add failing
(negative) cases that assert validate_wsc returns an Err for broken inputs:
create OneWarpInput variants using write_wsc_one_warp/WscFile::from_bytes that
(1) have nodes out-of-order (nodes vector with NodeRow entries not sorted by
node_id), (2) have edges out-of-order, (3) include AttRow with invalid tag
values or non-zero reserved0 bytes, (4) reference blob ranges that are
out-of-bounds (blob_off_le/blob_len_le beyond blobs length), and (5) contain
out_edges indices that point outside the out_edges array; call
validate_wsc(&file) and assert it errors for each case (use the same
helpers/types: OneWarpInput, NodeRow, AttRow, Range, write_wsc_one_warp,
validate_wsc) so the tests cover ordering, reserved-byte, attachment-tag, blob
bounds, and out_edge-index violations.

In `@crates/warp-core/src/wsc/view.rs`:
- Around line 96-131: The warp_view implementation must stop doing u64->usize
casts, unchecked usize arithmetic, and bytemuck::from_bytes() which can panic;
instead call the existing read_slice(self.data, offset, count) helper with
self.header().warp_dir_off() and self.header().warp_count() to get a
Result<&[WarpDirEntry], ReadError>, then use .get(index) to retrieve the single
entry and propagate a SectionOutOfBounds/ WarpIndexOutOfBounds as appropriate;
finally pass that entry reference into WarpView::new(&self.data, entry). This
replaces manual offset arithmetic, prevents overflow/truncation, and converts
alignment/misalignment errors into ReadError via bytemuck::try_cast_slice()
inside read_slice().

In `@crates/warp-core/src/wsc/write.rs`:
- Around line 240-245: The function write_padding pushes zeros one byte at a
time which is fine but can be simplified for clarity and efficiency; replace the
loop in write_padding with a single call to resize the buffer to the target
length (e.g., use buf.resize(target, 0)) so padding is applied in one operation
while preserving behavior and correctness.

In `@docs/WARP-GRAPH.md`:
- Around line 569-575: Fix the markdown lint issues by replacing hard tabs with
spaces and normalizing ordered list prefixes in the "changes" sections of
WARP-GRAPH.md (e.g., the lists that mention NodeId/EdgeId/TypeId/WarpId, as well
as subsequent change lists); convert all tabs to spaces, ensure ordered lists
use sequential numeric prefixes like "1.", "2.", "3." (not mixed tabbed bullets
or broken prefixes), and re-render the affected list blocks so they comply with
MD010/MD029.
- Around line 1-15: The file currently contains Rust source and HTML comments
causing markdownlint errors; add a top-level H1 heading (e.g., "# WARP-GRAPH")
then move the Rust content (including the SPDX and copyright comments and the
module doc lines like "//! Minimal in-memory graph store...") into a fenced code
block using ```rust so the doc renderer treats it as code; alternatively convert
the leading "///" or "//!"" module doc lines into normal prose under the H1 if
you want them as Markdown text. Ensure the Rust items such as the type/derive
lines (#[derive(Debug, Clone)], #[cfg_attr(...)]), and the use/imports (use
std::collections::BTreeMap; use crate::attachment::AttachmentValue; use
crate::ident::{EdgeId, Hash, NodeId, WarpId}; use crate::record::{EdgeRecord,
NodeRecord};) remain inside the fenced block so markdownlint no longer flags
MD041/MD018.

In `@testdata/dind/030_error_determinism.hashes.json`:
- Around line 4-5: Update the mismatched hash domain string: change every
"hash_domain" value from "DIND_STATE_HASH_V1" to "DIND_STATE_HASH_V2" in the
eight fixture JSONs and in the harness code so it matches
canonical_state_hash()'s domain header (b"DIND_STATE_HASH_V2\0"); specifically
replace the literal "DIND_STATE_HASH_V1" occurrences used by the harness (the
constants/strings in the dind.rs module) and the JSON fixtures so consumers
reading the hash_domain see V2 and computed hashes remain consistent with
canonical_state_hash().

In `@testdata/dind/050_randomized_order_small_seed0003.hashes.json`:
- Around line 6-207: The fixture file
testdata/dind/050_randomized_order_small_seed0003.hashes.json contains the same
hash ordering as seed0001; regenerate the seed0003 fixture by re-running the
fixture generator with seed "0003" (or the intended numeric seed) so the RNG is
actually seeded differently, ensure the generator accepts and applies the seed
parameter (wire the seed through the generator invocation you use to produce
050_randomized_order_small_* fixtures), and verify the new file's "hashes_hex"
order differs from seed0001 before committing.

In `@testdata/dind/060_math_determinism.hashes.json`:
- Around line 32-58: The determinism test JSON contains 27 identical entries of
the hash "1916f6730c757d02983ef3d1d3be6a28543c9bf2eb8323c59aacf9bf2bce6dc4" due
to a generation failure; fix by re-running or repairing the testdata generator
to produce the intended varied hashes, replace the repeated "1916f673..."
entries with the properly generated unique hashes, and add a small validation
(in the generator or a test) that asserts the output contains the expected
number of unique hashes and no long runs of identical values to prevent
regressions.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find all potential bootstrap scripts
find . -type f \( -name "*bootstrap*" -o -name "*build*" -o -name "*gen*" \) | head -20

Repository: flyingrobots/echo

Length of output: 1102

---

🏁 Script executed:

# Search for references to the old generated path patterns mentioned in the review
rg "crates/echo-dind-tests/src/generated/(codecs|type_ids)" -t js -t ts -t py --no-heading

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Also check if the old directory exists
ls -la crates/echo-dind-tests/src/generated/ 2>&1 || echo "Directory does not exist"

Repository: flyingrobots/echo

Length of output: 170

---

🏁 Script executed:

# Check the current structure
ls -la crates/echo-dind-tests/src/ | grep -E "(codecs|type_ids)"

Repository: flyingrobots/echo

Length of output: 202

---

🏁 Script executed:

# Check the bootstrap scripts for file path references
cat -n ./scripts/bootstrap_dense_rewrite.mjs

Repository: flyingrobots/echo

Length of output: 4605

---

🏁 Script executed:

cat -n ./scripts/bootstrap_dind_log.mjs

Repository: flyingrobots/echo

Length of output: 3299

---

🏁 Script executed:

# Double-check for any references to old pattern with broader search
rg "generated/(codecs|type_ids)" --no-heading

Repository: flyingrobots/echo

Length of output: 929

---

🏁 Script executed:

# Search for any codecs.rs or type_ids.rs references broadly
rg "codecs\.rs|type_ids\.rs" --no-heading

Repository: flyingrobots/echo

Length of output: 1376

---

Update bootstrap scripts to use new generated file paths.
Six bootstrap scripts still read crates/echo-dind-tests/src/generated/codecs.rs, which no longer exists. The generated files have moved to crates/echo-dind-tests/src/codecs.generated.rs and crates/echo-dind-tests/src/type_ids.generated.rs. These scripts will crash at runtime.

Affected scripts:

• scripts/bootstrap_dense_rewrite.mjs
• scripts/bootstrap_dind_log.mjs
• scripts/bootstrap_randomized_order.mjs
• scripts/bootstrap_randomized_convergent.mjs
• scripts/bootstrap_error_determinism.mjs
• scripts/bootstrap_math_determinism.mjs

Path fix (apply to all bootstrap scripts)

-const codecs = fs.readFileSync("crates/echo-dind-tests/src/generated/codecs.rs", "utf8");
+const codecs = fs.readFileSync("crates/echo-dind-tests/src/codecs.generated.rs", "utf8");

🤖 Prompt for AI Agents

In `@crates/echo-dind-tests/src/lib.rs` around lines 8 - 15, Update the six
bootstrap scripts to use the new generated file paths by replacing any
references to "crates/echo-dind-tests/src/generated/codecs.rs" and
"crates/echo-dind-tests/src/generated/type_ids.rs" with the new filenames
"crates/echo-dind-tests/src/codecs.generated.rs" and
"crates/echo-dind-tests/src/type_ids.generated.rs"; look for usages that expect
the modules declared with #[path = "codecs.generated.rs"] pub mod codecs; and
#[path = "type_ids.generated.rs"] pub mod type_ids; (apply the same replacement
across scripts: bootstrap_dense_rewrite.mjs, bootstrap_dind_log.mjs,
bootstrap_randomized_order.mjs, bootstrap_randomized_convergent.mjs,
bootstrap_error_determinism.mjs, bootstrap_math_determinism.mjs) so they
reference the updated generated file locations and won’t crash at runtime.

---

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, locate and inspect the file in question
find . -name "lib.rs" -path "*/echo-dind-tests/src/*" -type f

Repository: flyingrobots/echo

Length of output: 96

---

🏁 Script executed:

# Once we find it, check lines 8-15 to see the module definitions
cat -n crates/echo-dind-tests/src/lib.rs | head -20

Repository: flyingrobots/echo

Length of output: 834

---

🏁 Script executed:

# Check if the generated files exist at the specified paths
ls -la crates/echo-dind-tests/src/codecs.generated.rs 2>/dev/null || echo "Not found at codecs.generated.rs"
ls -la crates/echo-dind-tests/src/type_ids.generated.rs 2>/dev/null || echo "Not found at type_ids.generated.rs"

Repository: flyingrobots/echo

Length of output: 254

---

🏁 Script executed:

# Search for missing_docs suppression in generated files
if [ -f crates/echo-dind-tests/src/codecs.generated.rs ]; then
  head -50 crates/echo-dind-tests/src/codecs.generated.rs | grep -n "missing_docs"
fi
if [ -f crates/echo-dind-tests/src/type_ids.generated.rs ]; then
  head -50 crates/echo-dind-tests/src/type_ids.generated.rs | grep -n "missing_docs"
fi

Repository: flyingrobots/echo

Length of output: 106

---

🏁 Script executed:

# Check if these are truly public modules and inspect the actual generated files
rg -n "pub (struct|enum|fn|const|type|mod)" crates/echo-dind-tests/src/ | head -30

Repository: flyingrobots/echo

Length of output: 2929

---

🏁 Script executed:

# View the header and structure of codecs.generated.rs
head -30 crates/echo-dind-tests/src/codecs.generated.rs

Repository: flyingrobots/echo

Length of output: 814

---

🏁 Script executed:

# Count public items without docs in generated files
echo "=== codecs.generated.rs public items ==="
rg "pub (struct|enum|fn|const|type)" crates/echo-dind-tests/src/codecs.generated.rs | wc -l
echo "=== type_ids.generated.rs public items ==="
rg "pub (const|struct|enum|fn|type)" crates/echo-dind-tests/src/type_ids.generated.rs | wc -l

Repository: flyingrobots/echo

Length of output: 150

---

🏁 Script executed:

# Check the SPDX and copyright headers
head -5 crates/echo-dind-tests/src/codecs.generated.rs
head -5 crates/echo-dind-tests/src/type_ids.generated.rs

Repository: flyingrobots/echo

Length of output: 470

---

🏁 Script executed:

# Verify rules.rs has proper documentation for its public API
rg -B1 "pub (const|fn|struct)" crates/echo-dind-tests/src/rules.rs | head -50

Repository: flyingrobots/echo

Length of output: 1787

---

🏁 Script executed:

# Check if codecs and type_ids modules are re-exported or used outside lib.rs
rg "echo_dind_tests::(codecs|type_ids)" --type rs

Repository: flyingrobots/echo

Length of output: 87

---

🏁 Script executed:

# Check crate-level documentation and see if the public modules should really be public
grep -n "pub use" crates/echo-dind-tests/src/lib.rs

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Verify the actual violation by running clippy as per the guidelines
cd crates/echo-dind-tests && cargo clippy --all-targets 2>&1 | grep -A 5 "missing_docs\|warning" | head -40

Repository: flyingrobots/echo

Length of output: 43

---

🏁 Script executed:

# Try correct rg syntax without type flag
rg "echo_dind_tests::(codecs|type_ids)"

Repository: flyingrobots/echo

Length of output: 139

---

🏁 Script executed:

# Check the full lib.rs to understand module visibility
cat crates/echo-dind-tests/src/lib.rs

Repository: flyingrobots/echo

Length of output: 4160

---

🏁 Script executed:

# See what's actually exported from codecs.generated.rs
head -100 crates/echo-dind-tests/src/codecs.generated.rs | tail -70

Repository: flyingrobots/echo

Length of output: 1884

---

🏁 Script executed:

# Check if there's a parent crate that re-exports echo-dind-tests public API
find crates -name "Cargo.toml" -exec grep -l "echo.dind.tests" {} \;

Repository: flyingrobots/echo

Length of output: 130

---

🏁 Script executed:

# Look at the full type_ids.generated.rs to understand its size and public surface
cat crates/echo-dind-tests/src/type_ids.generated.rs

Repository: flyingrobots/echo

Length of output: 3228

---

Generated modules must not use #![allow(missing_docs)]; public items require rustdoc regardless of auto-generation.

Lines 8–15 expose codecs and type_ids modules publicly. Both generated files suppress missing_docs with #![allow(...)], violating the crate-wide guideline that public APIs must carry rustdoc and missing docs should fail CI.

type_ids.generated.rs actually documents all public constants (e.g., /// make_type_id("payload/motion/v2")), so the suppression is unnecessary there.

codecs.generated.rs genuinely lacks docs on public items: Theme enum, MotionV2View, MotionV2Builder, and the entire ops module have no rustdoc.

Fix the generator to emit rustdoc for all public items, or make these modules private with documented wrapper APIs in a hand-written module.

🤖 Prompt for AI Agents

In `@crates/echo-dind-tests/src/lib.rs` around lines 8 - 15, The generated modules
codecs and type_ids must not suppress missing_docs; either update the generator
to emit rustdoc for all public items (add doc comments for Theme, MotionV2View,
MotionV2Builder, the ops module and public functions/types, and remove any
#![allow(missing_docs)] from the generated files) or make the generated modules
private (change pub mod codecs / pub mod type_ids to mod codecs / mod type_ids)
and provide hand-written, documented public wrappers exposing the intended API;
locate symbols codecs, type_ids, Theme, MotionV2View, MotionV2Builder, and ops
in the generated outputs to ensure docs are added or the modules are made
non-public and wrappers created.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

CRITICAL: bytemuck::from_bytes panics on misaligned data.

Line 130 uses bytemuck::from_bytes, which panics if the slice is not aligned to WscHeader's alignment requirement. For mmap'd files or arbitrary byte slices, alignment is not guaranteed. The read_slice function correctly uses try_cast_slice (line 178), but validate_header does not.

This is inconsistent and can cause panics on valid-but-misaligned input.

🐛 Proposed fix: Use try_from_bytes

     // Use bytemuck for safe transmutation
-    let header: &WscHeader = bytemuck::from_bytes(&data[..header_size]);
+    let header: &WscHeader = bytemuck::try_from_bytes(&data[..header_size])
+        .map_err(ReadError::Alignment)?;

🤖 Prompt for AI Agents

In `@crates/warp-core/src/wsc/read.rs` around lines 129 - 130, validate_header
currently uses bytemuck::from_bytes which can panic on misaligned slices; change
it to use bytemuck::try_from_bytes (or try_from_bytes_mut as appropriate) to
safely handle misaligned input and propagate the Result. Locate validate_header
and replace the from_bytes call that creates a &WscHeader from
data[..header_size] with
bytemuck::try_from_bytes<&WscHeader>(&data[..header_size]) (or
try_from_bytes_mut if mut needed), handle the returned Result (map or ?)
consistent with read_slice's use of try_cast_slice, and ensure the function
returns an error instead of panicking on alignment/size issues.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Locate DIND hash domain usage and canonical hash versioning.
rg -n "DIND_STATE_HASH_V1|DIND_STATE_HASH_V2" -S
rg -n "canonical_state_hash" -S

Repository: flyingrobots/echo

Length of output: 2457

---

🏁 Script executed:

#!/bin/bash
# Check how canonical_state_hash() is used in validation/testing
rg -n "canonical_state_hash" -B2 -A2 crates/echo-dind-harness/src/dind.rs | head -60
rg -n "hash_domain" -B2 -A2 crates/echo-dind-harness/src/dind.rs | head -80

Repository: flyingrobots/echo

Length of output: 1346

---

🏁 Script executed:

#!/bin/bash
# Check if there's any other hash computation path or if V1 is legacy
rg -n "DIND_STATE_HASH_V1" -B3 -A3 crates/warp-core/src/graph.rs
# Also check git history for canonical_state_hash changes
git log --oneline -n 20 -- crates/warp-core/src/graph.rs | head -20

Repository: flyingrobots/echo

Length of output: 122

---

🏁 Script executed:

#!/bin/bash
# Read the canonical_state_hash implementation
sed -n '420,435p' crates/warp-core/src/graph.rs
# Also check docs to understand the version change rationale
grep -n "DIND_STATE_HASH_V1\|DIND_STATE_HASH_V2" docs/WARP-GRAPH.md | head -20

Repository: flyingrobots/echo

Length of output: 1037

---

Update hash_domain to "DIND_STATE_HASH_V2" in all fixtures and harness code.

The canonical_state_hash() function in crates/warp-core/src/graph.rs computes hashes with the b"DIND_STATE_HASH_V2\0" domain header, but all fixture files and the harness hardcode "DIND_STATE_HASH_V1". This metadata-computation mismatch corrupts fixture integrity—any downstream consumer reading hash_domain from the JSON will expect V1 hashing but receive V2 hashes.

Update:

• All 8 fixture files (testdata/dind/*.hashes.json) at line 4
• crates/echo-dind-harness/src/dind.rs at lines 152, 274, and 301

🤖 Prompt for AI Agents

In `@testdata/dind/030_error_determinism.hashes.json` around lines 4 - 5, Update
the mismatched hash domain string: change every "hash_domain" value from
"DIND_STATE_HASH_V1" to "DIND_STATE_HASH_V2" in the eight fixture JSONs and in
the harness code so it matches canonical_state_hash()'s domain header
(b"DIND_STATE_HASH_V2\0"); specifically replace the literal "DIND_STATE_HASH_V1"
occurrences used by the harness (the constants/strings in the dind.rs module)
and the JSON fixtures so consumers reading the hash_domain see V2 and computed
hashes remain consistent with canonical_state_hash().

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Compare the two seed files
diff -u testdata/dind/050_randomized_order_small_seed0001.hashes.json \
        testdata/dind/050_randomized_order_small_seed0003.hashes.json

Repository: flyingrobots/echo

Length of output: 43

---

Regenerate seed0003 fixture with actual different randomization.
The hashes are identical to seed0001, gutting the entire point of seed-parameterized randomized-order tests. Either the fixture generation consumed the wrong seed, or the RNG is broken. Regenerate with seed0003 actually wired through to produce demonstrably different iteration orders.

🤖 Prompt for AI Agents

In `@testdata/dind/050_randomized_order_small_seed0003.hashes.json` around lines 6
- 207, The fixture file
testdata/dind/050_randomized_order_small_seed0003.hashes.json contains the same
hash ordering as seed0001; regenerate the seed0003 fixture by re-running the
fixture generator with seed "0003" (or the intended numeric seed) so the RNG is
actually seeded differently, ensure the generator accepts and applies the seed
parameter (wire the seed through the generator invocation you use to produce
050_randomized_order_small_* fixtures), and verify the new file's "hashes_hex"
order differs from seed0001 before committing.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@README.md`:
- Line 67: Update the README entry for "WSC (Write-Streaming Columnar) snapshot
format (`wsc::*`)" to mention both deterministic serialization (the
write/streaming side) and zero-copy mmap deserialization (the read side);
specifically, change the short description to state that WSC implements
deterministic, write-streaming serialization for reproducible snapshots and
zero-copy mmap access for fast, zero-copy reads so readers understand both write
and read capabilities.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Incomplete feature description—you're selling WSC short.

The line mentions "zero-copy mmap access" (read side) but completely omits the write side. Per your own PR objectives, WSC implements deterministic serialization (write) and zero-copy deserialization (read). The acronym literally starts with "Write-Streaming" yet your description says nothing about writing.

User-facing documentation demands completeness. Either mention both capabilities or you're misleading readers about what WSC actually does.

📝 Proposed fix

-  - WSC (Write-Streaming Columnar) snapshot format (`wsc::*`) for zero-copy mmap access
+  - WSC snapshot format (`wsc::*`) for deterministic serialization and zero-copy mmap deserialization

Or if you want to keep the expansion:

-  - WSC (Write-Streaming Columnar) snapshot format (`wsc::*`) for zero-copy mmap access
+  - deterministic WSC (Write-Streaming Columnar) snapshot format (`wsc::*`) with zero-copy mmap deserialization

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- WSC (Write-Streaming Columnar) snapshot format (`wsc::*`) for zero-copy mmap access
	- WSC snapshot format (`wsc::*`) for deterministic serialization and zero-copy mmap deserialization

🤖 Prompt for AI Agents

In `@README.md` at line 67, Update the README entry for "WSC (Write-Streaming
Columnar) snapshot format (`wsc::*`)" to mention both deterministic
serialization (the write/streaming side) and zero-copy mmap deserialization (the
read side); specifically, change the short description to state that WSC
implements deterministic, write-streaming serialization for reproducible
snapshots and zero-copy mmap access for fast, zero-copy reads so readers
understand both write and read capabilities.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@crates/warp-core/src/wsc/validate.rs`:
- Around line 79-90: The bounds check currently casts out_edge.edge_ix() to
usize before comparing to edges.len(), which can truncate large u64 indices on
32-bit targets; modify validate logic in the loop using
view.out_edges_for_node(node_ix) so you first compare out_edge.edge_ix() (u64)
against edges.len() as u64, and only cast to usize after the check succeeds;
update the ReadError::SectionOutOfBounds offset/length values to use the
original u64 index when returning the error.

♻️ Duplicate comments (7)

crates/warp-core/src/wsc/validate.rs (4)

48-61: Ordering checks are no-ops — validation is lying.

You detect ordering violations and then silently do nothing. That defeats the entire purpose of validation. Return an error (preferably a dedicated variant like ReadError::OrderingViolation).

🐛 Proposed fix (add a real error on ordering violation)

     // Validate node ordering (must be sorted by node_id for binary search)
     for window in nodes.windows(2) {
         if window[0].node_id >= window[1].node_id {
-            // Note: We could add a specific error type for ordering violations
-            // For now, we just document this as a validation requirement
+            return Err(ReadError::OrderingViolation {
+                kind: "node",
+                previous: window[0].node_id,
+                current: window[1].node_id,
+            });
         }
     }

     // Validate edge ordering (must be sorted by edge_id for binary search)
     for window in edges.windows(2) {
         if window[0].edge_id >= window[1].edge_id {
-            // Note: Could add specific error for ordering violations
+            return Err(ReadError::OrderingViolation {
+                kind: "edge",
+                previous: window[0].edge_id,
+                current: window[1].edge_id,
+            });
         }
     }

---

63-76: Magic-number attachment index will collide.

warp_index * 1000 + … silently collides on large graphs and produces garbage diagnostics. Use a monotonically increasing counter or include node/edge indices.

💡 Safer index computation

-    // Validate node attachments
+    let mut att_index = 0usize;
+    // Validate node attachments
     for (node_ix, _node) in nodes.iter().enumerate() {
         let atts = view.node_attachments(node_ix);
         for (att_ix, att) in atts.iter().enumerate() {
-            validate_attachment(att, view.blobs().len(), warp_index * 1000 + att_ix)?;
+            validate_attachment(att, view.blobs().len(), att_index)?;
+            att_index += 1;
         }
     }

     // Validate edge attachments
     for (edge_ix, _edge) in edges.iter().enumerate() {
         let atts = view.edge_attachments(edge_ix);
         for (att_ix, att) in atts.iter().enumerate() {
-            validate_attachment(att, view.blobs().len(), warp_index * 1000 + 500 + att_ix)?;
+            validate_attachment(att, view.blobs().len(), att_index)?;
+            att_index += 1;
         }
     }

---

108-111: Reserved-byte check is a no-op.

If non-zero reserved bytes matter enough to check, they matter enough to reject or warn. Silent acceptance defeats forward-compat checks.

🐛 Proposed strict validation

     // Validate reserved bytes are zero
     if att.reserved0 != [0u8; 7] {
-        // Could add a specific error, but for now we're lenient on reserved fields
+        return Err(ReadError::NonZeroReservedBytes {
+            index,
+            value: att.reserved0,
+        });
     }

---

131-300: Negative validation cases still missing.

Coverage still skips ordering violations, reserved-byte violations, invalid attachment tags, and out_edges out-of-bounds. Those are exactly the cases that protect against silent corruption.

crates/warp-core/src/wsc/read.rs (2)

132-159: bytemuck::from_bytes can panic on misalignment.

You already have ReadError::Alignment; use try_from_bytes so malformed/misaligned input returns a proper error instead of panicking.

🐛 Proposed fix (alignment-safe header read)

-    // Use bytemuck for safe transmutation
-    let header: &WscHeader = bytemuck::from_bytes(&data[..header_size]);
+    // Use bytemuck for safe transmutation
+    let header: &WscHeader = bytemuck::try_from_bytes(&data[..header_size])?;

---

228-255: Add a misalignment regression test.

Once the alignment fix lands, add a test that feeds a valid header at an odd offset and asserts ReadError::Alignment instead of panicking.

crates/warp-core/src/wsc/view.rs (1)

96-132: warp_view still does unsafe manual parsing and misaligned casts.

You’re reimplementing slice bounds, doing unchecked usize arithmetic, and calling bytemuck::from_bytes() which can panic on misalignment. The existing read_slice() already handles alignment and bounds safely. Use it.

🔧 Proposed fix (reuse read_slice)

-    #[allow(clippy::cast_possible_truncation)] // We bounds-check before casting
     pub fn warp_view(&self, index: usize) -> Result<WarpView<'_>, ReadError> {
-        let count = self.warp_count();
-        if index >= count {
-            return Err(ReadError::WarpIndexOutOfBounds { index, count });
-        }
-
-        // Read directory entry
-        let dir_off = self.header().warp_dir_off() as usize;
-        let entry_size = std::mem::size_of::<WarpDirEntry>();
-        let entry_off = dir_off + index * entry_size;
-
-        if entry_off + entry_size > self.data.len() {
-            return Err(ReadError::SectionOutOfBounds {
-                name: "warp_directory",
-                offset: entry_off as u64,
-                length: entry_size as u64,
-                file_size: self.data.len(),
-            });
-        }
-
-        // Use bytemuck for safe transmutation
-        let entry: &WarpDirEntry =
-            bytemuck::from_bytes(&self.data[entry_off..entry_off + entry_size]);
-
-        WarpView::new(&self.data, entry)
+        let entries = read_slice::<WarpDirEntry>(
+            &self.data,
+            self.header().warp_dir_off(),
+            self.header().warp_count(),
+            "warp_directory",
+        )?;
+
+        let entry = entries.get(index).ok_or(ReadError::WarpIndexOutOfBounds {
+            index,
+            count: entries.len(),
+        })?;
+
+        WarpView::new(&self.data, entry)
     }

[coderabbitai]

Actionable comments posted: 14

🤖 Fix all issues with AI agents

In @.githooks/pre-commit:
- Around line 5-10: The hook defines STAGED="$(git diff --cached --name-only)"
but the PRNG coupling guard still calls git diff directly; change the guard that
currently does git diff --cached --name-only | grep -qx "$PRNG_FILE" to use the
STAGED variable instead (e.g., echo "$STAGED" | grep -qx "$PRNG_FILE"), and
audit other checks that should reuse STAGED so the pre-commit uses the cached
list consistently (referencing STAGED and PRNG_FILE to locate the code to
update).

In `@crates/echo-dind-tests/src/lib.rs`:
- Line 12: The public re-export pub use codecs::SCHEMA_HASH is missing rustdoc
which triggers the missing_docs CI check; add a short /// doc comment
immediately above this re-export explaining what SCHEMA_HASH represents (e.g.,
its purpose, format, and where it comes from in codecs), and include any usage
notes or references to the original definition if helpful so the public API is
documented.

In `@crates/warp-core/src/wsc/build.rs`:
- Around line 198-203: The align8_vec function currently pads by pushing zeros
in a while loop; replace that with a single resize call: compute the target
length as the next multiple of 8 based on v.len() (e.g., ((v.len() + 7) / 8) *
8) and call v.resize(target_len, 0) to append zeros efficiently and
idiomatically in the align8_vec helper.
- Around line 91-103: The loop over `bucket` silently drops edges in release
builds because `debug_assert!` does not run and the `if let Some(&ix) =
edge_ix.get(&e.id)` branch simply skips missing entries; replace this with a
loud failure by calling `edge_ix.get(&e.id).expect(...)` (or match and return a
Result) when constructing `OutEdgeRef` so missing `e.id` panics with a clear
message; update the loop to use `let &ix =
edge_ix.get(&e.id).expect(&format!("missing edge_ix entry for edge id {:?}",
e.id)); out_edges.push(OutEdgeRef { edge_ix_le: ix.to_le(), edge_id: e.id.0 });`
(or alternatively propagate an error from this function) so invariants are
enforced in release builds.

In `@crates/warp-core/src/wsc/write.rs`:
- Line 229: The debug-only check using debug_assert_eq!(buf.len(), total_size)
can let size mismatches silently produce corrupt files in release builds; change
this to a runtime check: replace the debug_assert_eq! with a hard assertion or,
better, return an error when buf.len() != total_size so callers can handle it.
Locate the debug_assert_eq!(buf.len(), total_size) in the write logic (the code
that computes total_size and writes buf) and either use assert_eq!(buf.len(),
total_size) or propagate a Result::Err (create and return a descriptive error)
from the surrounding function when the lengths differ.

In `@docs/WARP-GRAPH.md`:
- Line 633: The markdown file uses 4-space indented code blocks (examples
include the block containing "let node_rows: Vec<NodeRow> = nodes") which
triggers MD046; replace each indented block with a fenced code block using
triple backticks and an appropriate language tag (e.g., ```rust) to wrap the
same code content. Locate occurrences like the "let node_rows: Vec<NodeRow> =
nodes" snippet (and other similar indented snippets at lines called out in the
review) and convert them to fenced code blocks, ensuring you keep the exact code
text and add the language identifier for proper highlighting.
- Line 820: The ordered list prefix "0)" is invalid Markdown and causes
inconsistent numbering; update the list starting with the token "0)" (the "0)
Minimal ident.rs upgrades (recommended)" item) and all similarly formatted items
("2)", "3)", etc.) to use a consistent ordered-list style—either numeric "1.",
"2.", "3." sequence or the auto-numbering style where every item is prefixed
"1."—so the document conforms to markdownlint MD029 and renders consistently;
scan the document for all occurrences of "0)" and other numeric-with-parenthesis
prefixes and normalize them to the chosen style.
- Around line 1-6: Remove the duplicated SPDX and copyright HTML comment block
that appears a second time in the document (the repeated "<!--
SPDX-License-Identifier: Apache-2.0 OR MIND-UCAL-1.0 -->" and copyright line).
Keep the first occurrence at the top and delete the later duplicate so the
header appears only once; verify the top block (first HTML comment pair) remains
unchanged.

In `@scripts/bootstrap_dense_rewrite.mjs`:
- Around line 105-107: The thrown Error message is referencing the old filename
"codecs.rs" while the script reads "codecs.generated.rs"; update the error text
in the block that reads into the codecs variable and checks match (the const
codecs = fs.readFileSync(...) and the if (!match) throw new Error(...) lines) to
mention "codecs.generated.rs" (or a generic "codecs.generated.rs or expected
filename") so the error accurately reflects the source being read.

In `@scripts/bootstrap_dind_log.mjs`:
- Around line 66-68: The regex used to extract SCHEMA_HASH from the codecs file
is inconsistent with other bootstrap scripts; update the pattern used in this
file so it matches the sibling scripts' regex (/pub const SCHEMA_HASH: &str =
"([0-9a-fA-F]+)";/) by replacing the current
/SCHEMA_HASH:\s*&str\s*=\s*"([0-9a-fA-F]+)"/ with that exact pattern where you
construct match from codecs (the code referencing codecs.match and the
subsequent match check should remain unchanged).

In `@scripts/bootstrap_error_determinism.mjs`:
- Around line 89-91: The error message thrown when the regex fails references
the wrong filename; update the thrown Error in the block that reads into the
codecs variable and checks match (the const codecs = fs.readFileSync(...) and if
(!match) throw new Error(...)) so the message names "codecs.generated.rs"
instead of "codecs.rs" to match the actual file being read and stay consistent
with other bootstrap scripts.

In `@scripts/bootstrap_randomized_convergent.mjs`:
- Around line 106-108: The error message thrown when SCHEMA_HASH isn't found
references the stale filename "codecs.rs" and there's duplicated extraction
logic; create a shared helper module (e.g., exports from
scripts/lib/schema_hash.mjs) that exposes a function like
getSchemaHash(filePath) which: reads the given file (used by
bootstrap_randomized_convergent.mjs), applies the regex /pub const SCHEMA_HASH:
&str = "([0-9a-fA-F]+)";/ to extract and validate a 64-hex hash, and throws a
clear error that includes the actual file name (e.g., "Could not find
SCHEMA_HASH in <filePath>"); then replace the inline code that sets codecs,
match, and the throw in bootstrap_randomized_convergent.mjs with a call to
getSchemaHash("crates/echo-dind-tests/src/codecs.generated.rs").

In `@scripts/bootstrap_randomized_order.mjs`:
- Around line 98-100: The error message thrown when the regex match fails still
refers to the old filename "codecs.rs"; update the thrown Error at the match
check (the new Error created when `match` is falsy) to reference
"codecs.generated.rs" so the message matches the actual file read by the
`codecs` variable and aids debugging.

In `@testdata/dind/060_math_determinism.hashes.json`:
- Line 4: The file's metadata field hash_domain is incorrectly set to
"DIND_STATE_HASH_V1" despite the hashes in hashes_hex being regenerated with V2;
update the hash_domain value to "DIND_STATE_HASH_V2" so the metadata matches the
regenerated hashes (verify the hashes_hex array remains unchanged) — look for
the literal "hash_domain" and the "hashes_hex" array in this JSON and change
only the domain string to DIND_STATE_HASH_V2.

♻️ Duplicate comments (3)

testdata/dind/030_error_determinism.hashes.json (1)

4-13: LGTM. V2 migration complete.

The hash_domain is now correctly set to DIND_STATE_HASH_V2, and the hashes_hex array has been regenerated accordingly. This addresses the prior review concern about the V1/V2 mismatch.

crates/warp-core/src/wsc/validate.rs (1)

84-98: Truncation before bounds validation remains a 32-bit time bomb.

Line 88 casts out_edge.edge_ix() (a u64) to usize BEFORE comparing against edges.len(). On 32-bit platforms, a malicious file with edge_ix = 0x0000_0001_0000_0000 truncates to 0 and passes validation, pointing to the wrong edge.

A past review flagged this exact issue. The fix was proposed but not applied.

🐛 Proposed fix: Compare as u64 first

         for out_edge in out_edges {
-            let edge_ix = out_edge.edge_ix() as usize;
-            if edge_ix >= edges.len() {
+            let edge_ix = out_edge.edge_ix();
+            if edge_ix >= edges.len() as u64 {
                 return Err(ReadError::SectionOutOfBounds {
                     name: "out_edge reference",
-                    offset: edge_ix as u64,
+                    offset: edge_ix,
                     length: 1,
                     file_size: edges.len(),
                 });
             }
         }

docs/WARP-GRAPH.md (1)

586-601: Unfenced Rust code triggers a cascade of false-positive markdown lint errors.

Lines 588-601 contain raw Rust code (starting with #[repr(transparent)]) that isn't wrapped in a fenced code block. Markdownlint interprets #[ as malformed ATX headings (MD018). This pattern repeats throughout the document (lines 620+, 740+, etc.).

Wrap ALL Rust code examples in triple-backtick fences with the rust language identifier. The static analysis is screaming at you because you didn't.

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@crates/warp-core/src/wsc/validate.rs`:
- Around line 313-344: Add a new unit test validate_rejects_unordered_edges that
mirrors validate_rejects_unordered_nodes but constructs OneWarpInput with two
EdgeRow entries out of order; call write_wsc_one_warp, parse with
WscFile::from_bytes, run validate_wsc and assert the returned error matches
ReadError::OrderingViolation { kind: "edge", .. } to cover the edge-ordering
validation path (use the same helpers/types: OneWarpInput, EdgeRow,
write_wsc_one_warp, WscFile::from_bytes, validate_wsc).
- Around line 197-231: Add a negative unit test named
validate_rejects_blob_out_of_bounds in the same test module that constructs a
OneWarpInput (use NodeRow, Range and AttRow) where node_atts contains an AttRow
with blob_off_le set to 0 and blob_len_le set to a value larger than the
provided blobs vec, then call write_wsc_one_warp, parse with WscFile::from_bytes
and assert that validate_wsc(&file) returns an Err matching
ReadError::BlobOutOfBounds; this exercises the existing blob bounds check in
validate_wsc.
- Around line 36-39: The parameter _warp_index in function validate_warp_view is
unused; remove the dead parameter from the function signature (change
validate_warp_view(view: &super::view::WarpView<'_>) -> Result<(), ReadError>)
and update every call site that currently passes a warp_index to call the new
two-argument form; if you intentionally want to reserve it, instead add a clear
comment above validate_warp_view explaining it's reserved for future use and
keep the underscore prefix to avoid warnings, but prefer removing the parameter
to eliminate dead code.

[coderabbitai]

Actionable comments posted: 7

🤖 Fix all issues with AI agents

In @.githooks/pre-push-parallel:
- Around line 22-32: The pre-push hook is inconsistent: run_rustdoc uses cargo
+"$PINNED" but run_fmt, run_clippy, and run_tests call cargo directly; update
run_fmt, run_clippy, and run_tests to invoke cargo with the pinned toolchain
(add +"$PINNED" before cargo) so all stages use the same toolchain as
run_rustdoc (or alternatively add a short comment explaining why rustdoc is
special if you intentionally want different behavior).
- Around line 18-19: The current trap only removes LOGDIR but doesn't stop the
background cargo processes; update the trap for LOGDIR to also handle interrupts
(SIGINT/SIGTERM) and kill any child/background jobs before cleanup so Ctrl+C
stops the five cargo processes. Locate the LOGDIR and trap usage, and change the
trap command used with LOGDIR to first kill child processes (e.g., via jobs -p |
xargs -r kill or pkill -P $$) and then remove "$LOGDIR", ensuring the trap is
registered for EXIT, INT and TERM to cover interrupts.
- Around line 9-14: The script currently verifies commands but not that the
pinned Rust toolchain exists, so before invoking cargo +"$PINNED" (used by
run_rustdoc) add a check that the $PINNED toolchain is installed (e.g. run
`rustup toolchain list` and grep for the exact "$PINNED" entry); if it's not
found, print a clear error like "[pre-push] missing toolchain: $PINNED" to
stderr and exit 1 to avoid rustup auto-downloads or confusing runtime errors.
- Around line 34-43: run_rustdoc currently collects command output into a string
and always exits with 0, so cargo doc failures are ignored; modify run_rustdoc
(the function) to capture each cargo invocation's exit status (e.g., check $?
immediately after the cargo +"$PINNED" doc call), accumulate both the per-crate
output and the highest-precedence nonzero exit code (store in a local RUSTDOC_RC
variable), and at the end echo the collected output and return that exit code
(use `return` or `exit` with RUSTDOC_RC) so callers see failures; if you still
need the "[rustdoc] ${krate}" prefixes, append them to the collected output per
crate before updating RUSTDOC_RC.
- Line 4: Add failing-fast behavior to the hook by enabling "set -e" (so the
script exits on any command error) or, if you prefer manual error handling,
validate the mktemp call that sets LOGDIR: after the mktemp invocation check
that LOGDIR is non-empty and mkdir/writeable before using redirects like >
"$LOGDIR/fmt.log"; update the top-level shell flags near set -uo pipefail to
include -e or add an explicit guard that exits with a clear error if LOGDIR is
empty or mktemp fails.
- Around line 45-59: The run_patterns function currently suppresses ripgrep
output by redirecting rg to /dev/null, so callers only see generic "FAIL"
messages; update the two rg invocations in run_patterns (the one checking
"#![allow(...missing_docs...)]" and the one checking
"\#\[unsafe\(no_mangle\)\]") to preserve ripgrep's matched file/line output —
either remove the ">/dev/null 2>&1" redirection or capture rg's stdout/stderr
and print it when rg exits non-zero — so the failing file paths and line numbers
are visible alongside the existing failure messages.

In `@scripts/sweep-stale-artifacts.sh`:
- Around line 20-22: The current SIZE assignment can fail under set -euo
pipefail if du or cut errors; make size-reporting best-effort so the sweep
continues. Replace the SIZE assignment with a safe command substitution that
falls back on a default (e.g. "unknown" or "-") on error, e.g. use SIZE=$( { du
-sh "$subdir" 2>/dev/null | cut -f1; } || echo "unknown") so failures from
du/cut won't abort the script, then continue to echo "rm -rf $subdir ($SIZE)"
and run rm -rf "$subdir".

♻️ Duplicate comments (1)

.githooks/pre-commit (1)

12-18: STAGED still ignored in PRNG guard.
You introduced STAGED, but Line 17 still shells out again. Use the cached list for consistency.

♻️ Minimal fix

-if git diff --cached --name-only | grep -qx "$PRNG_FILE"; then
+if echo "$STAGED" | grep -qx "$PRNG_FILE"; then

[coderabbitai]

Actionable comments posted: 15

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

scripts/bootstrap_math_determinism.mjs (1)

23-39: File descriptor leak on write failure.

If any fs.writeSync call throws (disk full, permissions revoked mid-write, cosmic ray flipping a bit in your NVMe controller), the file descriptor is never closed. Yes, the OS will clean up when the process exits, but that's the "my room is clean because I'll die eventually" school of resource management.

🛠️ Suggested fix with try/finally

 function writeLog(schemaHashHex, frames) {
     const fd = fs.openSync(OUT_PATH, "w");
-    fs.writeSync(fd, MAGIC);
-    fs.writeSync(fd, VERSION);
-    fs.writeSync(fd, FLAGS);
-    fs.writeSync(fd, Buffer.from(schemaHashHex, "hex"));
-    fs.writeSync(fd, RESERVED);
-
-    for (const frame of frames) {
-        const len = Buffer.alloc(4);
-        len.writeUInt32LE(frame.byteLength);
-        fs.writeSync(fd, len);
-        fs.writeSync(fd, frame);
+    try {
+        fs.writeSync(fd, MAGIC);
+        fs.writeSync(fd, VERSION);
+        fs.writeSync(fd, FLAGS);
+        fs.writeSync(fd, Buffer.from(schemaHashHex, "hex"));
+        fs.writeSync(fd, RESERVED);
+
+        for (const frame of frames) {
+            const len = Buffer.alloc(4);
+            len.writeUInt32LE(frame.byteLength);
+            fs.writeSync(fd, len);
+            fs.writeSync(fd, frame);
+        }
+    } finally {
+        fs.closeSync(fd);
     }
-    fs.closeSync(fd);
     console.log(`Wrote ${OUT_PATH}`);
 }

🤖 Fix all issues with AI agents

In @.githooks/pre-push:
- Around line 31-35: The hook currently runs "$SCRIPT" in a pipeline under set
-euo pipefail so a failure causes the shell to exit before RC=${PIPESTATUS[0]}
runs; wrap the pipeline that sets START, runs "$SCRIPT" | tee "$OUTFILE", and
captures RC so the errexit behavior is disabled only for that section (e.g., use
"set +e" before START/PIPE, run "$SCRIPT" 2>&1 | tee "$OUTFILE" and then set
RC=${PIPESTATUS[0]}, then restore "set -e" or "set -euo pipefail"); ensure you
still record START and END timestamps and preserve variables START, RC, OUTFILE,
PIPESTATUS and END as in the original block.
- Around line 32-41: The timing uses GNU-only date (%s.%N) for START and END
which breaks on macOS; replace the START=$(date +%s.%N) and END=$(date +%s.%N)
assignments with a portable timer call (e.g. use python3 to print epoch seconds
with fractional part) so START and END are set via python3 (or another portable
fallback) while leaving the rest of the flow (running "$SCRIPT", capturing RC
from PIPESTATUS, checking OUTFILE for "Compiling", computing DURATION with bc,
and writing to LOGFILE with VARIANT and RC) unchanged; ensure the new START/END
values are plain numeric seconds (float) so the existing DURATION calculation
and JSON log appending continue to work.

In @.githooks/pre-push-parallel:
- Around line 112-117: The current waits (e.g., wait $PID_FMT, wait $PID_CLIPPY,
wait $PID_TESTS, wait $PID_RUSTDOC, wait $PID_PATTERNS, wait $PID_DETERMINISM)
will abort the script early if set -e is in effect; wrap the block of waits with
set +e before they start and restore set -e afterwards, then capture each wait
exit status into FMT_RC, CLIPPY_RC, TESTS_RC, RUSTDOC_RC, PATTERNS_RC,
DETERMINISM_RC as already written and update FAILED when any RC is non‑zero so
you still collect all results and print the summary without prematurely exiting.

In @.githooks/pre-push-sequential:
- Around line 18-25: The pre-push hooks run cargo fmt/clippy/test against the
active toolchain instead of the pinned one; update the three commands (cargo fmt
--all -- --check, cargo clippy --all-targets -- -D warnings -D missing_docs,
cargo test --workspace) to explicitly use the pinned toolchain by prefixing each
cargo invocation with +$PINNED (e.g., cargo +$PINNED fmt ...), matching how
rustdoc uses +"$PINNED" and ensuring consistency with the toolchain extracted
from rust-toolchain.toml.

In @.gitignore:
- Line 48: The .claude/ entry is incorrectly listed under the "# Playwright
artifacts" section in .gitignore; move the ".claude/" line out of that
Playwright block and place it under the "# Editor cruft" section instead (remove
the duplicate from Playwright), so references to the Claude Code artifacts are
correctly grouped with other editor cruft entries.
- Around line 13-16: The .gitignore has inconsistent blank-line grouping between
the "target-*" block and the subsequent entries; make the separation consistent
by adding or removing a blank line so that the group containing
".githooks/timing.jsonl" and "docs/.vitepress/cache" follows the same blank-line
convention as the "target-*" entries—i.e., either insert a blank line between
".githooks/timing.jsonl" and "docs/.vitepress/cache" or remove the blank line
after the "target-*" group to match the other grouping.
- Line 14: Remove the redundant comment line "Pre-push benchmark timing data"
from .gitignore; leave the existing `.githooks/timing.jsonl` entry intact since
the filename is self-documenting. Locate the comment just above
`.githooks/timing.jsonl` and delete that single comment line so the file only
contains the ignore pattern.
- Around line 9-12: Remove any proposed target-* wildcard replacement and keep
the explicit target-fmt, target-clippy, target-test, and target-doc entries
(they are intentionally used by CARGO_TARGET_DIR); also relocate the .claude/
entry out from under the "Playwright artifacts" comment into the "Editor cruft"
section next to .vscode, .idea, and .obsidian (or give it its own category) so
the intent is clear. Ensure comments above each group reflect their purpose
(Playwright artifacts vs Editor cruft) and do not collapse the explicitly named
target directories into a wildcard.

In `@crates/warp-core/src/wsc/build.rs`:
- Around line 27-171: Add a precondition check in build_one_warp_input to assert
the provided root_node_id exists in the GraphStore (e.g., call
store.node(root_node_id) or an equivalent contains/lookup method and
panic/assert if missing) before constructing OneWarpInput, and update the
function rustdoc to state that root_node_id must refer to an existing node in
the store; reference build_one_warp_input and OneWarpInput (and store.node /
GraphStore lookup) so the check is placed early in the function to fail fast on
invalid root IDs.

In `@crates/warp-core/src/wsc/validate.rs`:
- Around line 122-135: Non-ATOM attachments currently ignore blob_off/blob_len
and allow silent corruption; update the validation in validate.rs to check that
for att.is_atom() == false both att.blob_off() and att.blob_len() are zero and
return a new ReadError variant (e.g., BlobFieldsOnNonAtom or
NonAtomHasBlobFields) when they are non‑zero; add the new variant to the
ReadError enum and use it in the existing validation block (alongside the
existing BlobOutOfBounds error) so non‑ATOM DESCEND rows fail explicitly instead
of silently passing.
- Around line 41-63: validate_warp_view currently never checks that
view.root_node_id exists in the nodes array; add an explicit existence check
after the node ordering validation by using
nodes.binary_search_by_key(&view.root_node_id, |n| n.node_id) (or equivalent)
and return a descriptive ReadError (e.g., a new ReadError::MissingRoot { root:
view.root_node_id } or an existing appropriate variant) if the search fails;
update error type definitions if needed so callers can distinguish dangling root
errors.

In `@docs/WARP-GRAPH.md`:
- Around line 853-862: The fenced code block listing crate files in WARP-GRAPH
is missing a language tag; update the opening fence (the triple backticks before
the block containing mod.rs, types.rs, read.rs, view.rs, validate.rs, write.rs,
build.rs) to include a language identifier such as rust or text (e.g., change
``` to ```rust) so the block satisfies MD040 and improves syntax highlighting
and readability.

In `@scripts/bootstrap_math_determinism.mjs`:
- Around line 41-43: The OP_DROP_BALL and OP_ROUTE_PUSH constants are hardcoded
while SCHEMA_HASH is extracted dynamically; update
scripts/bootstrap_math_determinism.mjs to derive OP_DROP_BALL and OP_ROUTE_PUSH
from the same codecs.generated.rs parsing logic that produces SCHEMA_HASH (look
for the SCHEMA_HASH extraction code and mirror its approach to locate the
OP_DROP_BALL and OP_ROUTE_PUSH symbols), or if these opIds are truly stable, add
a clear comment next to OP_DROP_BALL and OP_ROUTE_PUSH stating they are
intentionally fixed and will not be regenerated so future maintainers understand
the exception.

In `@scripts/plot-prepush-timing.mjs`:
- Around line 11-21: The current code maps lines to JSON.parse without guarding
against empty or malformed JSONL (variables: lines, logfile, data), so replace
the single data = lines.map(...) with logic that first filters out empty strings
after trim().split('\n') and then iterates over each line, wrapping
JSON.parse(line) in a try/catch that on error prints a clear message including
logfile and the offending line and exits non-zero; build up data by pushing
parsed objects instead of using map so parse failures are handled per-line.

In `@scripts/sweep-stale-artifacts.sh`:
- Around line 8-10: The DAYS parameter in sweep-stale-artifacts.sh can be
non-numeric which breaks the later find -mtime call; validate DAYS after
assignment (DAYS="${1:-14}") using an integer check (e.g. a regex like ^[0-9]+$
or POSIX-safe test) and either default it to 14 or exit with a clear error if
invalid, ensuring the script won't call find -mtime with non-integer input;
reference the DAYS variable, the find -mtime usage, and the script's set -e
behavior when making the change.

♻️ Duplicate comments (2)

docs/WARP-GRAPH.md (2)

632-640: Indented code blocks still present — switch to fenced.

These trigger MD046 and render inconsistently. Convert to fenced blocks with a language tag (e.g., ```rust).

Also applies to: 747-754

---

849-851: Ordered list prefixes are inconsistent (MD029).

Normalize to a single style (1., 2., 3. or all 1.) across these sections.

Also applies to: 880-882, 911-913, 1082-1084, 1118-1120, 1212-1214

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Inconsistent blank line usage.

Line 13 adds a blank separator after the target-* entries, but there's no corresponding blank line after .githooks/timing.jsonl (line 15) before docs/.vitepress/cache (line 16). Either both logical groups should be separated, or neither.

♻️ Proposed fix for consistency

 target-*

-# Pre-push benchmark timing data
 .githooks/timing.jsonl
+
 docs/.vitepress/cache

(Assuming the comment is removed per the previous suggestion.)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Pre-push benchmark timing data
	.githooks/timing.jsonl
	docs/.vitepress/cache
	.githooks/timing.jsonl
	docs/.vitepress/cache

🤖 Prompt for AI Agents

In @.gitignore around lines 13 - 16, The .gitignore has inconsistent blank-line
grouping between the "target-*" block and the subsequent entries; make the
separation consistent by adding or removing a blank line so that the group
containing ".githooks/timing.jsonl" and "docs/.vitepress/cache" follows the same
blank-line convention as the "target-*" entries—i.e., either insert a blank line
between ".githooks/timing.jsonl" and "docs/.vitepress/cache" or remove the blank
line after the "target-*" group to match the other grouping.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cat -n scripts/plot-prepush-timing.mjs

Repository: flyingrobots/echo

Length of output: 2824

---

Wrap JSON.parse() in error handler—empty files and malformed JSONL will crash silently.

Line 20 executes JSON.parse() on every line with zero guards. An empty file produces [''] after trim().split('\n'), which throws SyntaxError on parse. Any malformed JSONL line crashes identically. The try-catch at lines 12–18 only protects file I/O, not parsing errors.

Replace the map with a loop that catches parse failures:

const data = [];
for (const line of lines) {
  try {
    data.push(JSON.parse(line));
  } catch (e) {
    console.error(`Malformed JSONL in ${logfile}:`, line);
    process.exit(1);
  }
}

Also filter empty lines after split to avoid parsing blank strings.

🤖 Prompt for AI Agents

In `@scripts/plot-prepush-timing.mjs` around lines 11 - 21, The current code maps
lines to JSON.parse without guarding against empty or malformed JSONL
(variables: lines, logfile, data), so replace the single data = lines.map(...)
with logic that first filters out empty strings after trim().split('\n') and
then iterates over each line, wrapping JSON.parse(line) in a try/catch that on
error prints a clear message including logfile and the offending line and exits
non-zero; build up data by pushing parsed objects instead of using map so parse
failures are handled per-line.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cat -n scripts/sweep-stale-artifacts.sh

Repository: flyingrobots/echo

Length of output: 1390

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Test 1: find with non-numeric -mtime value"
find . -maxdepth 0 -mtime +"not_a_number" -print0 2>/dev/null
echo "Exit code: $?"

Repository: flyingrobots/echo

Length of output: 103

---

🏁 Script executed:

#!/bin/bash
echo "Test 2: find with non-numeric -mtime (showing stderr)"
find . -maxdepth 0 -mtime +"not_a_number" -print0
echo "Exit code: $?"

Repository: flyingrobots/echo

Length of output: 195

---

Add integer validation for DAYS parameter to prevent find failure.

Line 8 accepts arbitrary input. Non-numeric DAYS causes find -mtime to fail with exit code 1, aborting the script under set -e (line 6) despite the 2>/dev/null redirection on line 24. A simple integer guard prevents this.

🔧 Proposed fix

 DAYS="${1:-14}"
+if ! [[ "$DAYS" =~ ^[0-9]+$ ]]; then
+  echo "sweep-stale-artifacts: DAYS must be an integer number of days" >&2
+  exit 1
+fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	DAYS="${1:-14}"
	echo "🧹 Sweeping stale incremental cache (>${DAYS} days old)..."
	DAYS="${1:-14}"
	if ! [[ "$DAYS" =~ ^[0-9]+$ ]]; then
	echo "sweep-stale-artifacts: DAYS must be an integer number of days" >&2
	exit 1
	fi
	echo "🧹 Sweeping stale incremental cache (>${DAYS} days old)..."

🤖 Prompt for AI Agents

In `@scripts/sweep-stale-artifacts.sh` around lines 8 - 10, The DAYS parameter in
sweep-stale-artifacts.sh can be non-numeric which breaks the later find -mtime
call; validate DAYS after assignment (DAYS="${1:-14}") using an integer check
(e.g. a regex like ^[0-9]+$ or POSIX-safe test) and either default it to 14 or
exit with a clear error if invalid, ensuring the script won't call find -mtime
with non-integer input; reference the DAYS variable, the find -mtime usage, and
the script's set -e behavior when making the change.

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In @.githooks/pre-push-parallel:
- Around line 36-40: In cleanup(), avoid the GNU-only xargs -r by capturing the
background PIDs first and only invoking kill when non-empty; e.g. store the
output of jobs -p in a variable (or an array), check [ -n "$pids" ] (or length)
and then echo "$pids" | xargs kill 2>/dev/null || true, keeping the existing rm
-rf "$LOGDIR" intact and referencing the cleanup() function and the jobs -p
pipeline so the change is portable to macOS/BSD.

In @.githooks/pre-push-sequential:
- Around line 6-13: After the dependency loop, verify the PINNED toolchain is
installed before using cargo +"$PINNED"; check rustup for the presence of the
$PINNED entry (e.g. via rustup toolchain list | grep -F -- "$PINNED" or rustup
toolchain list and pattern match) and if not found print a clear error like
"[pre-push] missing toolchain: $PINNED. Install it with 'rustup toolchain
install $PINNED'." and exit non-zero; reference the PINNED variable and the
rustup/cargo usage so the check runs prior to running cargo +"$PINNED" doc.
- Around line 74-94: The script currently runs rg twice for each pattern (once
redirecting to /dev/null to test, then again to print matches); change each
check to run rg only once and capture its output (e.g., with a variable or
command substitution) and then test if the captured output is non-empty; for the
'#!\[allow\([^]]*missing_docs[^]]*\)\]' check and the
"\\#\[unsafe\(no_mangle\)\]" check, replace the two rg invocations with a single
rg invocation that stores results, and if non-empty print the stored output to
stderr and exit 1.

♻️ Duplicate comments (2)

.githooks/pre-push-sequential (1)

27-38: Toolchain pinning inconsistency — fmt/clippy/test use active toolchain while rustdoc uses $PINNED.

The script extracts $PINNED on lines 5-6 but then ignores it for the three most critical checks. This defeats the entire point of pinning. A developer with a different default toolchain will pass local checks but fail CI, or worse, introduce formatting/lint drift that only surfaces later.

The echo messages even say "(stable)" — this isn't stable, it's whatever the developer happens to have active.

-echo "[pre-push] fmt (stable)"
-cargo fmt --all -- --check
+echo "[pre-push] fmt (pinned @ $PINNED)"
+cargo +"$PINNED" fmt --all -- --check

-echo "[pre-push] clippy (workspace, stable)"
-cargo clippy --all-targets -- -D warnings -D missing_docs
+echo "[pre-push] clippy (workspace, pinned @ $PINNED)"
+cargo +"$PINNED" clippy --all-targets -- -D warnings -D missing_docs

-echo "[pre-push] tests (workspace, stable)"
+echo "[pre-push] tests (workspace, pinned @ $PINNED)"
 if [[ $USE_NEXTEST -eq 1 ]]; then
-  cargo nextest run --workspace
+  cargo +"$PINNED" nextest run --workspace
 else
-  cargo test --workspace
+  cargo +"$PINNED" test --workspace
 fi

.githooks/pre-push-parallel (1)

122-130: set -e still active during wait — first failure aborts before collecting remaining results.

With set -euo pipefail from line 4, the first wait returning non-zero immediately terminates the script. If fmt fails, you never wait for clippy, tests, rustdoc, patterns, or determinism. Their background processes become orphans (the trap does kill them, but you lose any diagnostic value), and the failure summary on lines 138-143 never runs.

Wrap the wait block with set +e / set -e:

 # Wait and collect results
 FAILED=0
 
+set +e  # Disable errexit so we can collect all exit codes
 wait $PID_FMT;         FMT_RC=$?;         [ $FMT_RC -ne 0 ]         && FAILED=1 && echo "[FAIL] fmt (see log)"
 wait $PID_CLIPPY;      CLIPPY_RC=$?;      [ $CLIPPY_RC -ne 0 ]      && FAILED=1 && echo "[FAIL] clippy (see log)"
 wait $PID_TESTS;       TESTS_RC=$?;       [ $TESTS_RC -ne 0 ]       && FAILED=1 && echo "[FAIL] tests (see log)"
 wait $PID_RUSTDOC;     RUSTDOC_RC=$?;     [ $RUSTDOC_RC -ne 0 ]     && FAILED=1 && echo "[FAIL] rustdoc (see log)"
 wait $PID_PATTERNS;    PATTERNS_RC=$?;    [ $PATTERNS_RC -ne 0 ]    && FAILED=1 && echo "[FAIL] patterns (see log)"
 wait $PID_DETERMINISM; DETERMINISM_RC=$?; [ $DETERMINISM_RC -ne 0 ] && FAILED=1 && echo "[FAIL] determinism (see log)"
+set -e  # Re-enable errexit

[coderabbitai]

Actionable comments posted: 13

🤖 Fix all issues with AI agents

In @.githooks/pre-commit:
- Around line 126-135: The MD_FILES splitting is unsafe for filenames with
spaces; replace the current grep-into-variable approach (MD_FILES=$(echo
"$STAGED" | grep -E '\.md$' || true)) and the SC2086 suppression with a
null-delimited safe iteration: produce null-separated markdown file names from
STAGED and iterate with a while read -r -d '' loop (or pass to xargs -0) to call
npx markdownlint-cli2 per-batch; update the conditional that checks for
non-empty results to use the safer iteration so npx markdownlint-cli2 receives
correctly quoted filenames and no word-splitting occurs when running the lint
step.

In @.githooks/pre-push:
- Around line 10-22: The get_timestamp function currently treats any output from
date +%s.%N as valid because grep -q '.' always matches; change the check to
capture the date output into a variable (e.g., ts=$(date +%s.%N 2>/dev/null))
and test that the fractional part is numeric (use a regex like '\.[0-9]\+$' or
grep -qE '\.[0-9]+$') before echoing it; if the regex fails, fall back to
python3/perl/date branches as currently implemented. Ensure the check and
variable names reference get_timestamp so the behavior only uses date's output
when %N actually produced digits.

In @.githooks/pre-push-parallel:
- Around line 115-138: The timing uses integer seconds by setting START=$(date
+%s) and END=$(date +%s); replace those with the project's higher-resolution
timestamp helper (call get_timestamp() for START and END) so the hook records
sub-second timestamps consistently with pre-push; update references to START and
END variables (used in the final echo "[parallel] completed in $((END -
START))s") to compute and display the elapsed time using the same timestamp
format as get_timestamp().

In @.githooks/pre-push-sequential:
- Around line 4-6: The current PINNED_FROM_FILE extraction misses indented
"channel" keys and retains trailing CRLF; update the awk extraction used to set
PINNED_FROM_FILE so the pattern allows optional leading whitespace before
"channel" and trim any trailing carriage return from the captured field, then
keep the existing PINNED fallback logic that uses PINNED_FROM_FILE or defaults
to 1.90.0; adjust the command that defines PINNED_FROM_FILE and leave the PINNED
assignment (`PINNED="${PINNED:-${PINNED_FROM_FILE:-1.90.0}}"`) unchanged.
- Around line 78-97: The current use of if match_output=$(rg …) treats rg exit
code 2 (errors) like “no matches”; update the two rg invocations (the one
searching for '#!\[allow([^]]*missing_docs[^]]*)\]' and the one for
"\\#\[unsafe\(no_mangle\)\]") to capture both the output and the exit status
(e.g., save $? after running rg into a variable), then branch on that status: if
rc>1 print a clear error message and the stderr/rg output and exit non‑zero
(fail fast on malformed globs/missing paths), if rc==1 print the match_output
and exit 1 (matches found), and if rc==0 continue (no matches). Ensure you still
preserve redirection of stderr for rg so error details are available in the log;
use the existing match_output variable names to locate the code to change.

In @.gitignore:
- Around line 9-12: The four Rust/Cargo build directories (target-clippy,
target-doc, target-fmt, target-test) in .gitignore are out of alphabetical order
and are miscategorized under the "Node modules & build artifacts" header;
reorder them alphabetically as target-clippy, target-doc, target-fmt,
target-test and either rename the section header to a language-agnostic label
like "Build artifacts & dependencies" or move these four entries into a new
"Rust / Cargo artifacts" section so they are correctly grouped and sorted.
- Line 13: Move the `.githooks/timing.jsonl` entry out of the "Node modules &
build artifacts" block in .gitignore and place it under a new "Git hook
artifacts" (or "Generated runtime data") heading so the file is categorized
correctly; specifically locate the `.githooks/timing.jsonl` line and cut/paste
it into the new section with a brief comment header to indicate it's a git hook
timing log.

In @.markdownlint.json:
- Around line 3-5: The MD033 rule configuration contains a non-HTML token "u8"
in the allowed_elements array which is dead/invalid config; open the MD033 entry
(the allowed_elements array) and either remove the "u8" string or replace it
with the intended HTML tag (e.g., "u" for underline or the actual custom element
name) so only valid HTML tag names remain in allowed_elements; ensure the
resulting JSON is valid after the edit.

In `@crates/warp-core/src/wsc/read.rs`:
- Around line 170-197: The rustdoc for validate_header omits the Alignment error
path: when bytemuck::try_from_bytes fails it can return ReadError::Alignment in
addition to FileTooSmall and InvalidMagic, so update the function doc comments
to list all possible errors (FileTooSmall, Alignment, InvalidMagic) and briefly
describe when each occurs (FileTooSmall if data.len() < size_of::<WscHeader>(),
Alignment if the slice isn’t properly aligned for WscHeader when calling
bytemuck::try_from_bytes, and InvalidMagic if header.magic !=
WscHeader::MAGIC_V1) so callers see every outcome.

In `@scripts/bootstrap_math_determinism.mjs`:
- Around line 83-86: The loop uses a magic literal 50 when generating route-push
frames; replace that with a named constant (e.g., PHYSICS_SIMULATION_STEPS) and
use it in the for loop, and add a short comment above the constant explaining
why that number was chosen (e.g., "number of simulation steps to ensure the ball
settles / coverage required for determinism"); update references in the loop
that call encodeRoutePushArgs and makeFrame with OP_ROUTE_PUSH to use the new
constant so future readers won't cargo-cult or change the value without
understanding the rationale.
- Around line 89-91: The regex used to extract SCHEMA_HASH is too strict about
spacing; update the pattern to allow flexible whitespace (e.g., use something
like /pub\s+const\s+SCHEMA_HASH\s*:\s*&str\s*=\s*"([0-9a-fA-F]+)"/) and use that
to capture the hex group from the codecs string variable, and when no match is
found throw an Error that includes the filename string passed to fs.readFileSync
and maybe the first few characters of the codecs content to aid debugging so the
thrown message is descriptive rather than the generic "Could not find
SCHEMA_HASH".

In `@scripts/plot-prepush-timing.mjs`:
- Around line 66-77: The code recomputes medians when calculating speedup;
capture the medians once and reuse them instead of calling median(...) again.
Compute or hoist const seqMed and parMed so they are available when both
seqValid and parValid are non-empty (e.g., declare seqMed and parMed in the
outer scope or compute them before the final if), then use seqMed and parMed in
the speedup calculation rather than recomputing from seqValid and parValid.
- Around line 42-45: The padding logic that fills shorter arrays sequential and
parallel with undefined will break asciichart.plot (and its format callback
x.toFixed(1)). Change the pad to use the last valid value from the respective
array (or 0 if the array is empty) instead of pushing undefined: find the last
numeric entry in sequential/parallel, default to 0 when none, and push that
value until both arrays reach maxLen so asciichart.plot and the format callback
always receive numbers.

♻️ Duplicate comments (1)

scripts/bootstrap_math_determinism.mjs (1)

44-48: Previous concern addressed.

The comment now explicitly documents that these OpIDs are stable FNV-1a hashes derived from operation names. This was the exact clarification requested in the prior review. Good.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Word splitting on $MD_FILES breaks on filenames with spaces.

The shellcheck disable=SC2086 is a band-aid. If anyone ever creates docs/my file.md, this will explode spectacularly. Consider using a while read loop or null-delimited output:

♻️ More robust alternative

-MD_FILES=$(echo "$STAGED" | grep -E '\.md$' || true)
-if [[ -n "$MD_FILES" ]] && command -v npx >/dev/null 2>&1; then
-  echo "pre-commit: linting markdown files"
-  # shellcheck disable=SC2086
-  if ! npx markdownlint-cli2 $MD_FILES; then
+if command -v npx >/dev/null 2>&1; then
+  MD_FILES=()
+  while IFS= read -r f; do
+    [[ "$f" == *.md ]] && MD_FILES+=("$f")
+  done <<< "$STAGED"
+  if [[ ${`#MD_FILES`[@]} -gt 0 ]]; then
+    echo "pre-commit: linting markdown files"
+    if ! npx markdownlint-cli2 "${MD_FILES[@]}"; then

That said, if your repo convention forbids spaces in filenames, this is tolerable. Just don't be surprised when it bites someone.

🤖 Prompt for AI Agents

In @.githooks/pre-commit around lines 126 - 135, The MD_FILES splitting is
unsafe for filenames with spaces; replace the current grep-into-variable
approach (MD_FILES=$(echo "$STAGED" | grep -E '\.md$' || true)) and the SC2086
suppression with a null-delimited safe iteration: produce null-separated
markdown file names from STAGED and iterate with a while read -r -d '' loop (or
pass to xargs -0) to call npx markdownlint-cli2 per-batch; update the
conditional that checks for non-empty results to use the safer iteration so npx
markdownlint-cli2 receives correctly quoted filenames and no word-splitting
occurs when running the lint step.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Bug: macOS detection is broken — grep -q '.' always matches.

On macOS, date +%s.%N outputs literal 1234567890.N (the %N doesn't expand). Your grep -q '.' matches ANY output containing any character, which is... all output. The check always passes, so macOS users get 1234567890.N fed to bc, which promptly chokes.

You need to verify that the fractional part is actually numeric:

🐛 Proposed fix

 get_timestamp() {
-  if date +%s.%N 2>/dev/null | grep -q '\.'; then
-    date +%s.%N
+  # Check if date supports nanoseconds (GNU) by verifying fractional part is numeric
+  local ts
+  ts=$(date +%s.%N 2>/dev/null) || ts=""
+  if [[ "$ts" =~ ^[0-9]+\.[0-9]+$ ]]; then
+    echo "$ts"
   elif command -v python3 >/dev/null 2>&1; then

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Portable high-resolution timestamp (macOS date doesn't support %N)
	get_timestamp() {
	if date +%s.%N 2>/dev/null | grep -q '\.'; then
	date +%s.%N
	elif command -v python3 >/dev/null 2>&1; then
	python3 -c 'import time; print(f"{time.time():.6f}")'
	elif command -v perl >/dev/null 2>&1; then
	perl -MTime::HiRes=time -e 'printf "%.6f\n", time'
	else
	echo "[pre-push] skipping ${krate}: missing crates/${krate}/Cargo.toml"
	# Fallback to integer seconds
	date +%s
	fi
	done
	}
	# Portable high-resolution timestamp (macOS date doesn't support %N)
	get_timestamp() {
	# Check if date supports nanoseconds (GNU) by verifying fractional part is numeric
	local ts
	ts=$(date +%s.%N 2>/dev/null) || ts=""
	if [[ "$ts" =~ ^[0-9]+\.[0-9]+$ ]]; then
	echo "$ts"
	elif command -v python3 >/dev/null 2>&1; then
	python3 -c 'import time; print(f"{time.time():.6f}")'
	elif command -v perl >/dev/null 2>&1; then
	perl -MTime::HiRes=time -e 'printf "%.6f\n", time'
	else
	# Fallback to integer seconds
	date +%s
	fi
	}

🤖 Prompt for AI Agents

In @.githooks/pre-push around lines 10 - 22, The get_timestamp function
currently treats any output from date +%s.%N as valid because grep -q '.' always
matches; change the check to capture the date output into a variable (e.g.,
ts=$(date +%s.%N 2>/dev/null)) and test that the fractional part is numeric (use
a regex like '\.[0-9]\+$' or grep -qE '\.[0-9]+$') before echoing it; if the
regex fails, fall back to python3/perl/date branches as currently implemented.
Ensure the check and variable names reference get_timestamp so the behavior only
uses date's output when %N actually produced digits.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Minor inconsistency: integer-second timing vs. fractional in pre-push.

This hook uses date +%s (integer seconds), while pre-push uses get_timestamp() with nanosecond precision. The parallel hook's timing won't contribute to the JSONL comparison since it doesn't log there, but if you ever want sub-second resolution here, consider reusing get_timestamp().

Not a bug — just noting the divergence.

🤖 Prompt for AI Agents

In @.githooks/pre-push-parallel around lines 115 - 138, The timing uses integer
seconds by setting START=$(date +%s) and END=$(date +%s); replace those with the
project's higher-resolution timestamp helper (call get_timestamp() for START and
END) so the hook records sub-second timestamps consistently with pre-push;
update references to START and END variables (used in the final echo "[parallel]
completed in $((END - START))s") to compute and display the elapsed time using
the same timestamp format as get_timestamp().

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Harden toolchain parsing against whitespace/CRLF.
/^[^]channel/ misses indented keys and CRLF can leave a trailing \r, causing false “missing toolchain” failures. Trim and allow leading whitespace.

🔧 Proposed fix

-PINNED_FROM_FILE=$(awk -F '"' '/^channel/ {print $2}' rust-toolchain.toml 2>/dev/null || echo "")
+PINNED_FROM_FILE=$(awk -F '"' '/^[[:space:]]*channel[[:space:]]*=/ {print $2}' rust-toolchain.toml 2>/dev/null | tr -d '\r' || echo "")

🤖 Prompt for AI Agents

In @.githooks/pre-push-sequential around lines 4 - 6, The current
PINNED_FROM_FILE extraction misses indented "channel" keys and retains trailing
CRLF; update the awk extraction used to set PINNED_FROM_FILE so the pattern
allows optional leading whitespace before "channel" and trim any trailing
carriage return from the captured field, then keep the existing PINNED fallback
logic that uses PINNED_FROM_FILE or defaults to 1.90.0; adjust the command that
defines PINNED_FROM_FILE and leave the PINNED assignment
(`PINNED="${PINNED:-${PINNED_FROM_FILE:-1.90.0}}"`) unchanged.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Don’t silently ignore rg failures.
if match_output=$(rg …) treats exit code 2 as “no matches,” so a malformed glob or missing path can slip by. Fail fast on non‑1 errors.

🔧 Proposed fix

-if match_output=$(rg -n '#!\[allow\([^]]*missing_docs[^]]*\)\]' \
+if match_output=$(rg -n '#!\[allow\([^]]*missing_docs[^]]*\)\]' \
   crates \
   --glob 'crates/**/src/**/*.rs' \
   --glob '!**/telemetry.rs' \
   --glob '!**/tests/**' \
   --glob '!**/build.rs' \
   --glob '!**/*.generated.rs' 2>&1); then
   echo "pre-push: crate-level allow(missing_docs) is forbidden (except telemetry.rs and *.generated.rs)." >&2
   echo "$match_output" >&2
   exit 1
+elif [ $? -ne 1 ]; then
+  echo "pre-push: rg failed while scanning allow(missing_docs)." >&2
+  echo "$match_output" >&2
+  exit 1
 fi
-if match_output=$(rg -n "\\#\[unsafe\(no_mangle\)\]" crates 2>&1); then
+if match_output=$(rg -n "\\#\[unsafe\(no_mangle\)\]" crates 2>&1); then
   echo "pre-push: #[unsafe(no_mangle)] is invalid; use #[no_mangle]." >&2
   echo "$match_output" >&2
   exit 1
+elif [ $? -ne 1 ]; then
+  echo "pre-push: rg failed while scanning unsafe(no_mangle)." >&2
+  echo "$match_output" >&2
+  exit 1
 fi

🤖 Prompt for AI Agents

In @.githooks/pre-push-sequential around lines 78 - 97, The current use of if
match_output=$(rg …) treats rg exit code 2 (errors) like “no matches”; update
the two rg invocations (the one searching for
'#!\[allow([^]]*missing_docs[^]]*)\]' and the one for
"\\#\[unsafe\(no_mangle\)\]") to capture both the output and the exit status
(e.g., save $? after running rg into a variable), then branch on that status: if
rc>1 print a clear error message and the stderr/rg output and exit non‑zero
(fail fast on malformed globs/missing paths), if rc==1 print the match_output
and exit 1 (matches found), and if rc==0 continue (no matches). Ensure you still
preserve redirection of stderr for rg so error details are available in the log;
use the existing match_output variable names to locate the code to change.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, find and examine the target file
fd -t f "read.rs" crates/warp-core/src/wsc/

Repository: flyingrobots/echo

Length of output: 93

---

🏁 Script executed:

# Check the file size and content around the specified lines
cat -n crates/warp-core/src/wsc/read.rs | sed -n '160,210p'

Repository: flyingrobots/echo

Length of output: 1850

---

🏁 Script executed:

# Search for ReadError enum definition to see all variants
fd -t f "*.rs" crates/warp-core/src/ | xargs grep -l "enum ReadError"

Repository: flyingrobots/echo

Length of output: 346

---

🏁 Script executed:

# Fix the fd command syntax
rg "enum ReadError" crates/warp-core/src/

Repository: flyingrobots/echo

Length of output: 114

---

🏁 Script executed:

# Also search for where ReadError is defined and all its variants
rg "ReadError::" crates/warp-core/src/wsc/read.rs | head -30

Repository: flyingrobots/echo

Length of output: 925

---

🏁 Script executed:

# Check the full ReadError enum definition
cat -n crates/warp-core/src/wsc/read.rs | sed -n '1,170p' | tail -80

Repository: flyingrobots/echo

Length of output: 3116

---

🏁 Script executed:

# Verify the file starts with proper SPDX header and copyright
head -5 crates/warp-core/src/wsc/read.rs

Repository: flyingrobots/echo

Length of output: 276

---

🏁 Script executed:

# Check if bytemuck::try_from_bytes documentation or the ? operator behavior on PodCastError
rg "try_from_bytes" crates/warp-core/src/wsc/read.rs -B 2 -A 2

Repository: flyingrobots/echo

Length of output: 228

---

🏁 Script executed:

# Look for any tests that verify the Alignment error path
rg "Alignment" crates/warp-core/src/wsc/read.rs -B 3 -A 3

Repository: flyingrobots/echo

Length of output: 1072

---

Document the alignment error path.

validate_header can return ReadError::Alignment via bytemuck::try_from_bytes, but the rustdoc only documents FileTooSmall and InvalidMagic. Update the docs so callers know all error outcomes.

📝 Suggested doc update

 /// # Errors
 ///
 /// Returns [`ReadError::FileTooSmall`] if the data is shorter than the header size.
 /// Returns [`ReadError::InvalidMagic`] if the magic bytes don't match.
+/// Returns [`ReadError::Alignment`] if the header is misaligned for `WscHeader`.

Per coding guidelines, all possible error outcomes must be documented in rustdoc.

🤖 Prompt for AI Agents

In `@crates/warp-core/src/wsc/read.rs` around lines 170 - 197, The rustdoc for
validate_header omits the Alignment error path: when bytemuck::try_from_bytes
fails it can return ReadError::Alignment in addition to FileTooSmall and
InvalidMagic, so update the function doc comments to list all possible errors
(FileTooSmall, Alignment, InvalidMagic) and briefly describe when each occurs
(FileTooSmall if data.len() < size_of::<WscHeader>(), Alignment if the slice
isn’t properly aligned for WscHeader when calling bytemuck::try_from_bytes, and
InvalidMagic if header.magic != WscHeader::MAGIC_V1) so callers see every
outcome.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Magic number 50 deserves a name.

Why 50? Is it "enough steps for the ball to settle"? "Minimum required for coverage"? "Arbitrary but sufficient"? A named constant like PHYSICS_SIMULATION_STEPS with a comment explaining the rationale would prevent the next developer from cargo-culting or "optimizing" this to 10.

♻️ Suggested refactor

+// Number of physics simulation steps required for the ball to drop from
+// height 400 and settle at y=0 with gravity and initial velocity -5.
+const PHYSICS_SIMULATION_STEPS = 50;
+
 const frames = [];
 
 // 1. Drop Ball (Initiates Motion/Physics)
 frames.push(makeFrame(OP_DROP_BALL));
 
 // 2. Padding steps to allow physics to simulate
-for (let i = 0; i < 50; i++) {
+for (let i = 0; i < PHYSICS_SIMULATION_STEPS; i++) {
     const args = encodeRoutePushArgs(`/physics/step/${i}`);
     frames.push(makeFrame(OP_ROUTE_PUSH, args));
 }

🤖 Prompt for AI Agents

In `@scripts/bootstrap_math_determinism.mjs` around lines 83 - 86, The loop uses a
magic literal 50 when generating route-push frames; replace that with a named
constant (e.g., PHYSICS_SIMULATION_STEPS) and use it in the for loop, and add a
short comment above the constant explaining why that number was chosen (e.g.,
"number of simulation steps to ensure the ball settles / coverage required for
determinism"); update references in the loop that call encodeRoutePushArgs and
makeFrame with OP_ROUTE_PUSH to use the new constant so future readers won't
cargo-cult or change the value without understanding the rationale.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Regex is brittle to whitespace variations.

The regex /pub const SCHEMA_HASH: &str = "([0-9a-fA-F]+)";/ assumes exact spacing. If someone runs rustfmt with different settings or the generator emits pub const SCHEMA_HASH : &str="...", this silently fails with a generic "Could not find SCHEMA_HASH" error.

Consider a more permissive pattern or at minimum improve the error message to include the path that was searched.

♻️ Suggested fix

-const match = codecs.match(/pub const SCHEMA_HASH: &str = "([0-9a-fA-F]+)";/);
-if (!match) throw new Error("Could not find SCHEMA_HASH in codecs.generated.rs");
+const CODECS_PATH = "crates/echo-dind-tests/src/codecs.generated.rs";
+const codecs = fs.readFileSync(CODECS_PATH, "utf8");
+const match = codecs.match(/pub\s+const\s+SCHEMA_HASH\s*:\s*&str\s*=\s*"([0-9a-fA-F]+)"\s*;/);
+if (!match) throw new Error(`Could not find SCHEMA_HASH in ${CODECS_PATH}`);

🤖 Prompt for AI Agents

In `@scripts/bootstrap_math_determinism.mjs` around lines 89 - 91, The regex used
to extract SCHEMA_HASH is too strict about spacing; update the pattern to allow
flexible whitespace (e.g., use something like
/pub\s+const\s+SCHEMA_HASH\s*:\s*&str\s*=\s*"([0-9a-fA-F]+)"/) and use that to
capture the hex group from the codecs string variable, and when no match is
found throw an Error that includes the filename string passed to fs.readFileSync
and maybe the first few characters of the codecs content to aid debugging so the
thrown message is descriptive rather than the generic "Could not find
SCHEMA_HASH".

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat scripts/plot-prepush-timing.mjs | head -60

Repository: flyingrobots/echo

Length of output: 1979

---

🌐 Web query:

asciichart npm documentation undefined values NaN handling

💡 Result:

Short answer: asciichart (npm) does not special-case undefined/NaN values — they propagate through the math and will break the autoscaling/plot. The library computes min/max with Math.min/Math.max and later multiplies/rounds every series value, so any NaN or undefined will produce NaN range/coordinates and corrupt the output. See the implementation (raw asciichart.js) where values are passed directly into Math.min/Math.max and arithmetic without checks. [1][2]

Sources:

• asciichart.js source (shows Math.min/Math.max and direct arithmetic on series values). [1]
• asciichart README / npm page (usage and no mention of NaN-handling). [2]

---

undefined values will break asciichart.plot() and crash at format callback.

asciichart does not guard against undefined/NaN—it passes series values directly into Math.min/Math.max and arithmetic operations. The chart's autoscaling will compute NaN, corrupting the plot. Worse, the format callback x.toFixed(1) on line 51 will throw TypeError: Cannot read property 'toFixed' of undefined.

Pad with the last valid value (or 0 if empty) instead:

🔧 Fix

 // Pad shorter array to match lengths for chart alignment
 const maxLen = Math.max(sequential.length, parallel.length);
-while (sequential.length < maxLen) sequential.push(undefined);
-while (parallel.length < maxLen) parallel.push(undefined);
+const seqLast = sequential[sequential.length - 1] ?? 0;
+const parLast = parallel[parallel.length - 1] ?? 0;
+while (sequential.length < maxLen) sequential.push(seqLast);
+while (parallel.length < maxLen) parallel.push(parLast);

🤖 Prompt for AI Agents

In `@scripts/plot-prepush-timing.mjs` around lines 42 - 45, The padding logic that
fills shorter arrays sequential and parallel with undefined will break
asciichart.plot (and its format callback x.toFixed(1)). Change the pad to use
the last valid value from the respective array (or 0 if the array is empty)
instead of pushing undefined: find the last numeric entry in
sequential/parallel, default to 0 when none, and push that value until both
arrays reach maxLen so asciichart.plot and the format callback always receive
numbers.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Minor redundancy: median calculated twice for speedup.

Lines 67 and 71 compute medians that are already available, then lines 76 recomputes them again. Not a bug, but wasteful for large datasets:

♻️ Optional: cache medians

+let seqMed, parMed;
 if (seqValid.length > 0) {
-  const seqMed = median(seqValid.map(d => d.duration));
+  seqMed = median(seqValid.map(d => d.duration));
   console.log(`  Sequential: ${seqValid.length} runs, median ${seqMed.toFixed(1)}s`);
 }
 if (parValid.length > 0) {
-  const parMed = median(parValid.map(d => d.duration));
+  parMed = median(parValid.map(d => d.duration));
   console.log(`  Parallel:   ${parValid.length} runs, median ${parMed.toFixed(1)}s`);
 }

-if (seqValid.length > 0 && parValid.length > 0) {
-  const speedup = median(seqValid.map(d => d.duration)) / median(parValid.map(d => d.duration));
+if (seqMed !== undefined && parMed !== undefined) {
+  const speedup = seqMed / parMed;
   console.log(`\n  Speedup: ${speedup.toFixed(1)}x`);
 }

🤖 Prompt for AI Agents

In `@scripts/plot-prepush-timing.mjs` around lines 66 - 77, The code recomputes
medians when calculating speedup; capture the medians once and reuse them
instead of calling median(...) again. Compute or hoist const seqMed and parMed
so they are available when both seqValid and parValid are non-empty (e.g.,
declare seqMed and parMed in the outer scope or compute them before the final
if), then use seqMed and parMed in the speedup calculation rather than
recomputing from seqValid and parValid.