fix(snif): make Wasmex an optional, absence-guarded dependency#46
Merged
Conversation
Burble.Coprocessor.SNIFBackend called Wasmex.start_link/1 and Wasmex.call_function/3 directly, and available?/0 only checked the .wasm file existed — not whether the (undeclared) :wasmex runtime was loadable. Result: a compile-time "Wasmex is undefined" warning, and SNIF kernels routing into Wasmex at runtime only to fail by rescued exception instead of cleanly degrading. Apply the established :quicer / Burble.Bolt.Quic pattern (ADR-0004): * server/mix.exs — document :wasmex in the optional-NIF block (Rust/ wasmtime toolchain; commented like quicer/elmdb). * snif_backend.ex — `@wasmex Wasmex` alias; call via apply/3 (no direct reference => no compile warning); available?/0 now also requires Code.ensure_loaded?(@wasmex) and the function exported, so every kernel transparently uses ZigBackend when Wasmex is absent. * CHANGELOG — Fixed entry. Verified: `mix compile --force` emits no Wasmex warning and no new unused/undefined warnings in snif_backend.ex. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 21 issues detected
View findings[
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action ocaml/setup-ocaml@v3 needs attention",
"type": "unpinned_action",
"file": "affinescript-canary.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "No permissions declaration -- add permissions: read-all",
"type": "missing_permissions",
"file": "elixir-ci.yml",
"action": "add_permissions",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "binary_to_term without :safe option -- deserialization attack (1 occurrences, CWE-502)",
"type": "elixir_send_unsanitised",
"file": "/home/runner/work/burble/burble/server/lib/burble/media/lmdb_playout.ex",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "SSL verify_none disables certificate validation -- MITM risk (1 occurrences, CWE-295)",
"type": "elixir_no_ssl_verify",
"file": "/home/runner/work/burble/burble/server/lib/burble/bridges/mumble.ex",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "believe_me undermines formal verification (2 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/burble/burble/src/interface/abi/Foreign.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "Nickel file missing SPDX-License-Identifier header (1 occurrences, CWE-1104)",
"type": "ncl_missing_spdx",
"file": "/home/runner/work/burble/burble/configs/config.ncl",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "Lock.unwrap() without poison handling (14 occurrences, CWE-754)",
"type": "lock_unwrap",
"file": "/home/runner/work/burble/burble/tools/selur-compose/crates/selur-compose-driver/src/mock.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Burble.Coprocessor.SNIFBackendreferencedWasmex.start_link/1andWasmex.call_function/3directly while:wasmexis not even a declareddependency, and
available?/0only checked the.wasmfile existed.That produced a compile-time
Wasmex … is undefinedwarning and thewrong runtime failure mode (rescued exception per call instead of clean
degradation).
What
Applies the accepted
:quicer/Burble.Bolt.Quicpattern fromADR-0004 to
:wasmex:server/mix.exs—:wasmexdocumented in the existing optional-NIFblock (Rust/wasmtime toolchain), commented like
quicer/elmdb.snif_backend.ex—@wasmex Wasmexalias; calls viaapply/3sothe compiler does not warn when absent;
available?/0now alsorequires
Code.ensure_loaded?(@wasmex)+function_exported?, so theexisting
if available?()guards transparently fall back toZigBackend.Verification
mix compile --force --no-deps-check→ noWasmexwarning, no newunused/undefined warnings in
snif_backend.ex. Pure consistency/bugfix;no behaviour change when Wasmex is present.
🤖 Generated with Claude Code