0.3.0 C4: Matter verified-core bazel landing — composed graph builds + runs PASE in CI#37
Merged
Merged
Conversation
First increment of the SWARCH-WOHL-008 C4 bazel landing — encode the locally-proven spike2c-compose graph as rules_wasm_component targets. This commit lands the simplest piece (transport shell, exports the seam) to learn the rule's behavior with a multi-world WIT (world=transport), wasi p2 (sync), and std queues, before adding the rs-matter consumer + wac_compose. Source rewritten from the spike's wit_bindgen::generate! to the rule's <crate>_bindings convention (wohl_matter_transport_bindings). CI bazel-build //:all exercises it. Cannot be verified locally (nix + wasi-sdk egress blocked), so this is a high-information CI round. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
CI round 1 learned: rust_wasm_component_bindgen has no 'world' attribute (it forwards kwargs to rust_shared_library). The bound world is selected by the wit_library's world attr (transport), matching the existing wohl-matter-core target which passes no world to the bindgen rule. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…s runner)
Round 2 landed the transport shell green. This adds the rs-matter consumer:
- compose.wit: export run via a `runner` interface (predictable Guest path).
- matter_compose_core_wit: second wit_library bound to world matter-core.
- wohl-matter-core-composed: rust_wasm_component_bindgen, deps
@wohl_crates//:{rs-matter,embassy-futures,embassy-time-driver,
critical-section}. Source is the 2c handshake rewritten to the rule's
<crate>_bindings convention; exports runner.run (block_on the PASE
handshake), imports the wire seam.
- crate-universe seed (wohl-leak/wasm/Cargo.toml): embassy-futures,
embassy-time-driver, critical-section added as DIRECT deps so
@wohl_crates aliases them (they were transitive via rs-matter only).
No wac_compose yet — isolating the consumer-build risk (rs-matter +
embassy + critical-section + import/export bindgen + std + p2) before
composing. CI-only verification.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…port) Round 3 landed both components green. This composes them via wac_plug (socket = the verified core, plugs = the transport shell) — the bazel realisation of the locally-proven `wac plug mcore --plug transport`. The composed component //:wohl-matter-composed exports the runner; a wasmtime CI step (next) invokes `run` to prove the PASE handshake runs across the seam in CI, turning C3 into a live gate. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Verified the invoke recipe locally: `wasmtime run --invoke 'run()'` reaches only TOP-LEVEL world exports, not interface-instance exports. So: - compose.wit: export `run` as a bare world func (dropped the `runner` interface wrapper from the previous round). - mcore.rs: use the world-level Guest (bindings root), not exports::...::runner. - ci.yml: after `bazel build //:all`, install wasmtime and run `wasmtime run --invoke 'run()'` on //:wohl-matter-composed, asserting `true`. This is the C4 execution gate — proves the SPAKE2+ PASE handshake RUNS across the wac-composed seam in CI, not just builds. Promotes the locally-proven spike2c result to a live gate (and SWARCH-WOHL-008 toward approved). Local confirmation of the invoke syntax: a trivial bare-export `run()` component composed with a wire provider returned `true` under wasmtime 41. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ity fix) Two corrections from round 5: 1. Bare world-func exports make the rule's bindgen emit a duplicate __export_world_matter_core_cabi symbol (E0255). Revert to the `runner` interface export — which builds (green round 4) AND is still reachable via `wasmtime run --invoke 'run()'` (verified locally: a trivial interface-export component returns true under wasmtime 41; my earlier "interface not invokable" was a parens mistake — 'run' vs 'run()'). 2. Security: drop `curl … wasmtime.dev/install.sh | bash` (unpinned remote script execution, flagged HIGH). The rules_wasm_component toolchain already fetches wasmtime 43.0.1, integrity-verified by bazel via MODULE.bazel.lock; locate and use that binary instead. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Both promotion criteria are now met and CI-gated: the composed graph builds via rules_wasm_component (//:wohl-matter-composed = transport wac_plug'd into the rs-matter core) and a wasmtime step runs the full SPAKE2+ PASE handshake on it (`--invoke 'run()'` -> true) on every PR. SWARCH-WOHL-008: proposed -> approved, with an explicit refinement note (the landed seam is the simplified `wire` interface, not yet the exact spar matter-world seam; clock/entropy still core-internal). SWV-MATTER-002: C4 marked DONE/CI-GATED; the spar-seam fidelity rebind split out as C4b (still owed), C5 witness MC/DC still owed. rivet validate: PASS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
avrabe
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
0.3.0 C4: Matter verified-core — bazel landing of the composed graph (SWARCH-WOHL-008)
Lands the locally-proven
spike2c-composegraph asrules_wasm_component+wac_plugbazel targets, with a wasmtime execution gate in CI. Step 4's landing (C4) of the feature loop — promotes SWARCH-WOHL-008 toapproved.CI-gated now (every PR)
rules_wasm_component://:wohl-matter-transport(exportswire),//:wohl-matter-core-composed(rs-matter, importswire, exportsrunner.run; deps from@wohl_crates),//:wohl-matter-composed(the two viawac_plug).wasmtime run --invoke 'run()'on the composed component →true= full SPAKE2+ PASE handshake across the wac-composed WIT boundary,PASE-RUNS-OK in CI.Security
Uses the bazel toolchain's own wasmtime (verified via
MODULE.bazel.lock), notcurl | bash— resolves the automated review's HIGH finding.Honest scope (refinement owed)
The landed seam is the simplified channelled
wireinterface, not yet the exact sparmatter-worldseam; clock/entropy stay core-internal. The claim (verified core runs as a composed component built by rules_wasm_component) is proven. Faithful spar-seam rebind = C4b, witness MC/DC = C5, both tracked inSWV-MATTER-002.🤖 Generated with Claude Code