docs(adr): ESC-01 — ADR-018 no raw/FFI escape (typed extern is the only host bridge)#272
Merged
Conversation
…#245 #229) ReScript %%raw injects arbitrary untyped host source; AffineScript has only typed extern fn / extern type. 14 estate %%raw (ESC-01 #245) had no clean target. ADR-018 (accepted): no raw escape by design — typed extern is the SOLE FFI surface; every %%raw ports to a typed extern, host impl to the embedder shim; no untyped extern-raw will be added (an arbitrary-source hole defeats affine/effect tracking — the ADR-012 contortion). No compiler change (extern already exists). ADR-017 = the block-module disposition (#262); this is 018 because main merged ADR-016 = effect-threaded async-boundary (#234/#270). SETTLED-DECISIONS + META.a2ml [[adr]] ADR-018 + RESCRIPT-ELIMINATION cross-linked. Docs-only; gate unaffected by construction. Refs #245 #229 (not Closes — per-repo %%raw->extern port execution remains). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 47 issues detected
View findings[
{
"reason": "Stray AI.a2ml in root -- use 0-AI-MANIFEST.a2ml only",
"type": "banned",
"file": "AI.a2ml",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "high"
},
{
"reason": "Superseded by 0-AI-MANIFEST.a2ml",
"type": "banned",
"file": "AI.djot",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "high"
},
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/checkout@v4 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action denoland/setup-deno@v2 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/example/smoke_driver.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/cli.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
🔍 Hypatia Security ScanFindings: 47 issues detected
View findings[
{
"reason": "Stray AI.a2ml in root -- use 0-AI-MANIFEST.a2ml only",
"type": "banned",
"file": "AI.a2ml",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "high"
},
{
"reason": "Superseded by 0-AI-MANIFEST.a2ml",
"type": "banned",
"file": "AI.djot",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "high"
},
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/checkout@v4 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action denoland/setup-deno@v2 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/example/smoke_driver.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/cli.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
added a commit
that referenced
this pull request
May 19, 2026
#229) AffineScript is strictly one-module-per-file (ADR-011 file=module; grammar parser.mly:130-134 — `module A { }` parse-errors). #229 ports carry ReScript block modules; single-per-file is mechanical (canonical map), multi-block-per-file had no clean target (ESC-04 #262). ADR-017 (accepted): one module per file — split, do not nest. Each `module X { body }` -> its own X.affine with a `module X;` header; N block-modules -> N files. Grammar NOT extended (ADR-011/ADR-012). No compiler change — settles the porting doctrine + #229 canonical-map structural rule. The split-file Resolve.UndefinedModule is cross-module graph coherence (INT-02), tracked in RESCRIPT-ELIMINATION Tier-4, NOT conflated here. ADR-017 is sequential between ADR-016 (effect-threaded async-boundary, #234/#270) and ADR-018 (no-raw-escape, #245/#272); inserted in order in SETTLED-DECISIONS + META.a2ml + RESCRIPT-ELIMINATION ESC-04 row. Reconstructed cleanly on current main (the original branch's ADR-016 ->017 renumber history is collapsed to one in-order commit; supersedes the prior #271 head). Docs-only; gate unaffected. Refs #262 #229. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
that referenced
this pull request
May 19, 2026
#229) (#271) AffineScript is strictly one-module-per-file (ADR-011 file=module; grammar parser.mly:130-134 — `module A { }` parse-errors). #229 ports carry ReScript block modules; single-per-file is mechanical (canonical map), multi-block-per-file had no clean target (ESC-04 #262). ADR-017 (accepted): one module per file — split, do not nest. Each `module X { body }` -> its own X.affine with a `module X;` header; N block-modules -> N files. Grammar NOT extended (ADR-011/ADR-012). No compiler change — settles the porting doctrine + #229 canonical-map structural rule. The split-file Resolve.UndefinedModule is cross-module graph coherence (INT-02), tracked in RESCRIPT-ELIMINATION Tier-4, NOT conflated here. ADR-017 is sequential between ADR-016 (effect-threaded async-boundary, #234/#270) and ADR-018 (no-raw-escape, #245/#272); inserted in order in SETTLED-DECISIONS + META.a2ml + RESCRIPT-ELIMINATION ESC-04 row. Reconstructed cleanly on current main (the original branch's ADR-016 ->017 renumber history is collapsed to one in-order commit; supersedes the prior #271 head). Docs-only; gate unaffected. Refs #262 #229. Co-authored-by: hyperpolymath <hyperpolymath@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ADR-018 settles ESC-01 #245: no
%%rawanalogue, by design. Typedextern fn/extern typeis the SOLE FFI surface; every estate%%rawports to a typedextern(host impl → embedder shim). No untypedextern rawwill be added — an arbitrary-source hole defeats affine/effect tracking (the ADR-012 contortion). No compiler change (externexists). SETTLED-DECISIONS + META.a2ml ADR-018 + RESCRIPT-ELIMINATION cross-linked. (ADR-017 = block-module #262; 018 because main merged ADR-016 = async-boundary #234.) Refs #245 #229 (not Closes — per-repo port execution remains). Note: stacks with #271 (ADR-017) on SETTLED/META tails — rebase on merge-order.🤖 Generated with Claude Code