recover(cli): Main.eph subcommand dispatcher (re-targets PR #33 at main)#38
Merged
Merged
Conversation
🔍 Hypatia Security ScanFindings: 31 issues detected
View findings[
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/upload-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/download-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/IPCDispatch.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/ResourceCleanup.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/GrooveTermination.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/HandleLinearity.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/WindowStateMachine.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
Merged
4 tasks
Recovery PR 3/4. Same content as orphaned PR #33 — a dispatcher that exercises sum types, pattern matching, multi-branch conditionals, let bindings, multiple FFI externs, and real calls into libgossamer through the 14a.5b bridges (now on main via #35). Architecture: • pub data Subcommand = NoArg | InfoOrVersion | DevOrRunOrBuild | Init | Bundle | TooMany — classifies the run by argv_count. • dispatchCode(s) match-lowers each variant to a stable status code (100..900). • grooveProbe() calls env::gossamer_groove_discover — proves the 14a.5b libgossamer bridge surface is reachable from Ephapax. • statusCode() composes dispatch + clamped-groove-count into a single I32 the harness reads back. • main() prints statusCode() and returns. Compiles to 1514-byte cli.wasm. 5 host imports (all in the launcher's bridge surface from 14a.5a/5b): print_i32, argv_count, argv_arg_len, gossamer_groove_discover, gossamer_groove_status. Plus the 2 always-on ephapax baseline imports. Documented v2-grammar limits hit during this work (all three addressed in the next recovery PR via launcher-side helpers): 1. No linear-memory reads from user code (no argv[1] string match). 2. No I64 literal (cap_token == 0 can't typecheck). 3. String-typed externs lower to opaque i32 handles, not (ptr, len). Subcommand dispatch via argv_count is the workaround in this PR; the conventional argv[0]-match shape lands in recovery PR 4/4 with the String FFI bridges. Recovery PR 3/4. Lands on top of: • #35 (14a.5b libgossamer bridges) — MERGED • #37 (14a.5c build integration) — open, will merge before this This PR's Main.eph is dead code without #37's build.zig ephapax compile step. Merge order matters: #37 first, then this PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
force-pushed
the
feat/recover-15-step-2-dispatcher
branch
from
f30907a to
f7f81f1
Compare
5 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
Three things were blocking gossamer #38/#39 (the recovery chain) from going green even after rebase: 1. CLI build silently failing (`zig build 2>/dev/null` hides the actual error). Drop the redirect so future failures are diagnosable. 2. "Dangerous Idris2 patterns in ABI" was a false positive — the grep matched doc-comment lines saying *"Zero believe_me. All proofs are constructive."* Tighten the grep to exclude `||| ...` and `-- ...` comment lines so only real code uses fail the test. 3. 18 of 19 src/interface/ffi/src/*.zig files were missing SPDX headers. Added the canonical SPDX-License-Identifier: PMPL-1.0-or-later Copyright (c) 2026 Jonathan D.A. Jewell … prefix to each. Also widened the SPDX check from a 20-file sample to the full FFI source set, so a future regression can't hide in the un-sampled tail. The libwasmtime install gate per session memory: the cli/launcher (Zig wasm host) links wasmtime via /usr/local/lib but CI never installed the C-API release tarball. Add a pinned install step (v44.0.1, SHA256-verified, x86_64) plus a Section 3b probe in tests/e2e.sh that asserts the headers + library are present. The launcher itself isn't built in CI yet because that path also needs the ephapax binary; that wiring is a separate follow-up. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 31 issues detected
View findings[
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/upload-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/download-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/IPCDispatch.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/ResourceCleanup.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/GrooveTermination.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/HandleLinearity.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/gossamer/gossamer/src/interface/abi/WindowStateMachine.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why this PR exists
PR #33 ("feat(cli): Main.eph subcommand dispatcher in v2-grammar Ephapax") shows as MERGED on GitHub but its commit never landed on main — same stacked-PR-into-feature-branch trap as PRs #29/#30. This is recovery PR 3 of 4.
PR 1/4 (#35) is MERGED. PR 2/4 (#37) is open. This PR should merge after #37.
What this PR lands
Single new file: `cli/src/Main.eph` (~109 LOC).
Same content as orphaned #33 — a dispatcher that exercises sum types, pattern matching, multi-branch conditionals, let bindings, multiple FFI externs, and real calls into libgossamer through the 14a.5b bridges (now on main via #35).
Three v2-grammar limits documented (all addressed in PR 4/4)
Recovery PR 4/4 resolves all three via launcher-side bridges (`say_string`, `argv_eq_string`, `i64_is_zero`), upgrading this dispatcher to argv[0]-name matching.
Merge order
Verification
🤖 Generated with Claude Code