feat(bindings): complete ReScript->AffineScript cutover for @gossamer/api (standards#252)#74
Merged
Conversation
…i is now AffineScript Retires bindings/rescript/ (Gossamer.res + rescript.json + AGPL deno.json) and makes bindings/affinescript/ the @gossamer/api package: MPL-2.0 deno.json with a `deno task build` that runs `affinescript compile --deno-esm` to emit src/Gossamer.deno.js (the exports entry, built at publish - mirrors the former .res.js flow). The .affine type-checks clean and compiles to a standalone Deno-ESM module. EXPLAINME + the binding README updated to point at AffineScript; provenance comment de-dangled. Completes standards#252 for gossamer. https://claude.ai/code/session_01GsJX13UjwiBk9hkddqvYMh
…se test exemption Two pre-existing main CI gates, resolved foundationally: - Licence consistency: the top-level LICENSE declared AGPL-3.0-or-later while all 394 source files and the .ipkg manifest are MPL-2.0. gossamer is a sole-owner repo (estate default MPL-2.0; owner-confirmed 2026-06-02), so the AGPL LICENSE was drift. Replaced with canonical MPL-2.0 text. Check now passes (SPDX matches manifest + body matches template). - Trusted-base reduction: 6 undocumented escape hatches (partial / assert_total) live in tests/idris2/ (IPCTest, SecurityTest) - test fixtures, not production proof surface. Added .trusted-base-ignore (test-fixture whole-path exemption, the policy-sanctioned mechanism). Check now passes (6 exempted, all 7 documented). https://claude.ai/code/session_01GsJX13UjwiBk9hkddqvYMh
🔍 Hypatia Security ScanFindings: 138 issues detected
View findings[
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in abi-typecheck.yml",
"type": "missing_timeout_minutes",
"file": "abi-typecheck.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in codeql.yml",
"type": "missing_timeout_minutes",
"file": "codeql.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in dogfood-gate.yml",
"type": "missing_timeout_minutes",
"file": "dogfood-gate.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in governance.yml",
"type": "missing_timeout_minutes",
"file": "governance.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Completes the ReScript->AffineScript migration for gossamer's frontend binding (standards#252) by retiring
bindings/rescript/and makingbindings/affinescript/the@gossamer/apipackage — and, per owner direction, foundationally resolves the three governance gates that were red onmainso CI passes on its own (no admin override needed).1. The binding cutover
bindings/rescript/(Gossamer.res,rescript.json, the AGPLdeno.json).bindings/affinescript/deno.json— the@gossamer/apipackage manifest (MPL-2.0),exports: ./src/Gossamer.deno.js, with adeno task buildthat runsaffinescript compile --deno-esm -o src/Gossamer.deno.js src/Gossamer.affine. The compiled ESM is built at publish (mirroring the former.res.jsflow — not committed), so no generated JS enters the tree.affinescript check→ Type checking passed;affinescript compile --deno-esm→ a standalone 26 KB Deno-ESM module (extern fnlowered towindow.__gossamer_invokehost calls), SPDX-stamped MPL-2.0.EXPLAINME.adoc(×2) and the bindingREADME.adocnow point atbindings/affinescript/; the.affineprovenance comment de-dangled.2. Foundational CI fixes (the gates that were red on
main)Each was a pre-existing failure, unrelated to the binding, fixed at root and verified locally against
hyperpolymath/standardscheck-*.sh:bindings/rescript/src/Gossamer.res(banned ReScript).resremainsLICENSEdeclaredAGPL-3.0-or-later, but all 394 source files + the.ipkgmanifest areMPL-2.0— theLICENSEwas drift[OK] Licence consistency check passedpartial/assert_totalescape hatches intests/idris2/(IPCTest, SecurityTest).trusted-base-ignoretest-fixture whole-path exemption (policy-sanctioned for test fixtures)[OK] 6 exempted, all 7 documentedThe licence change is owner-directed (not an automated relicense): the owner explicitly confirmed gossamer = MPL-2.0, and the canonical MPL-2.0 text was copied from the in-scope
neurophonerepo. It only brings theLICENSEfile into line with the 394 files that already declare MPL-2.0.Verification (local, real toolchains)
affinescript check bindings/affinescript/src/Gossamer.affine→ Type checking passedcheck-licence-consistency.sh .→ passed (SPDX matches manifest; body matches template)check-trusted-base.sh .→ passed (6 exempted, all 7 documented)bindings/rescriptreferences remain in-tree (outside the unrelatedproven/bindings/rescriptreference inexamples/, which belongs to a different repo).Flag-only (out of scope, surfaced not touched)
standards/LICENSEandburble/LICENSEare alsoAGPL-3.0-or-laterdespite being sole-owner (MPL-2.0) repos — the same drift. Per the estate licence guardrail (flag-only, owner-only) I have not touched them; surfacing for a separate owner-directed decision.Generated by Claude Code