Skip to content

ci: make CI genuinely green — rust-ci toolchain pin + canonical Julia ABI-FFI gate + workflow-lint#40

Merged
hyperpolymath merged 8 commits into
mainfrom
claude/new-session-znxgm7
Jun 28, 2026
Merged

ci: make CI genuinely green — rust-ci toolchain pin + canonical Julia ABI-FFI gate + workflow-lint#40
hyperpolymath merged 8 commits into
mainfrom
claude/new-session-znxgm7

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Summary

Make CI genuinely green. The shared rust-ci pin on main predates standards#439, so the SHA-pinned dtolnay/rust-toolchain step errors out before the job runs. This bumps the pin so rust-ci actually runs, replaces the estate-banned Python ABI-FFI gate with the canonical Julia gate (matches verisimiser), and fixes a workflow-lint finding. The Rust sources are already fmt + clippy(-D warnings) clean.

Changes

  • rust-ci: bump rust-ci-reusable.yml pin d135b058dc2bf0 (current standards HEAD; includes #439 toolchain fix + #441/#442).
  • ABI-FFI gate: remove scripts/abi-ffi-gate.py (Python banned estate-wide); add scripts/abi-ffi-gate.jl (behaviour-identical Julia port); workflow installs Julia 1.11.5. Matches verisimiser's canonical gate.
  • workflow-lint: add SPDX header + least-privilege permissions: { contents: read } to .github/workflows/k9-svc-validation.yml.

RSR Quality Checklist

Required

  • Tests pass (cargo test --locked --all-targets)
  • Code is formatted (cargo fmt --all -- --check)
  • Linter is clean (cargo clippy --locked --all-targets -- -D warnings)
  • No banned language patterns (removes the last Python file from CI)
  • SPDX license headers present on new/modified files
  • No secrets, credentials, or .env files included

As Applicable

  • ABI/FFI changes validated (gate logic preserved; conformance OK)

Testing

Verified locally with the toolchain CI uses (cargo 1.94.1, rustfmt 1.8.0): cargo fmt --check, clippy -D warnings, cargo check --locked, cargo test --locked all pass.

🤖 Generated with Claude Code


Generated by Claude Code

claude and others added 7 commits June 27, 2026 19:44
Add Nimiser.ABI.Semantics, a machine-checked semantic proof that the
Nim->C code generator preserves source signatures: same name, same
arity, and every argument/return type lowered by the canonical injective
nimToC mapping. An arity or type mismatch is unrepresentable as a
SigPreserved witness.

Contents:
- Faithful model: NimT / CT type universes, NimSig / CSig signatures,
  total nimToC lowering, genBinding code generator.
- Headline property SigPreserved with no constructor for any mismatch.
- genBindingPreserves: the generator ALWAYS preserves (soundness).
- nimToCInjective: the lowering is injective (non-vacuity engine).
- decSigPreserved: sound + complete Dec decision procedure.
- certifyBinding + certifyBindingSound tied to the project Result type;
  generatedAlwaysCertifies corollary.
- Positive control samplePreserved (explicit witness) and three
  negative controls (wrong return type, wrong arity, wrong arg type),
  all machine-checked.

Build: idris2 --build nimiser-abi.ipkg exits 0, zero warnings.
Adversarial false proof (claiming a type-mismatched binding is
preserved) is rejected by the type-checker, confirming non-vacuity.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Adds Nimiser.ABI.Invariants over the existing Semantics codegen model
(NimT/CT/nimToC/NimSig/CSig/genBinding/ArgsLower), proving two facts
deeper than and distinct from the Layer-2 signature-preservation theorem:

1. Composition/distributivity: lowering is a homomorphism over argument-
   list concatenation (lowerAppendDistrib), lifted relationally
   (argsLowerAppend) and to signature extension (genBindingExtendComposes,
   extendedArgsLower) — codegen of a grown proc is the grown codegen.
2. Whole-signature injectivity: genBindingInjective shows distinct Nim
   signatures lower to distinct C bindings (no symbol/ABI aliasing),
   strictly stronger than the Layer-2 per-type nimToCInjective lemma.

Includes a sound+complete DecEq NimSig, a positive control (composed
ArgsLower witness on concrete data) and negative/non-vacuity controls
(distinctSigsDistinctBindings, extensionChangesBinding, decEqDistinctIsNo).
Builds clean (exit 0, zero warnings); adversarial false-equality proof via
genBindingInjective is rejected. No believe_me/postulate/assert_total/etc.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Seals the ABI<->FFI seam on the proof side: proves the Result result-code
encoding is sound, complementing the structural abi-ffi-gate.py check.

- intToResult: total Bits32 -> Maybe Result decoder
- resultRoundTrip: faithful/lossless encoding (decode . encode = Just)
- resultToIntInjective: distinct outcomes never collide on the wire,
  derived from the round-trip via justInjective . cong
- positive controls (decode 0/7/8) and a non-vacuity negative control
  (Not (resultToInt Ok = resultToInt Error)), all machine-checked

No ProofStatus/statusToInt or other FFI enum encoder exists in this ABI,
so Result is the sole seam. Genuine total proof: no believe_me, postulate,
assert_total, idris_crash, or %hint hacks. Builds clean with zero warnings.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Assemble the four prior proof layers into one inhabited certificate:
Nimiser.ABI.Capstone defines record ABISound and the single value
abiContractDischarged, reusing the exported witnesses:
  - Semantics.samplePreserved      (Layer-2 flagship positive control)
  - Invariants.composedArgsWitness (Layer-3 composition invariant)
  - Invariants.genBindingInjective (Layer-3 whole-signature injectivity)
  - FfiSeam.resultToIntInjective   (Layer-4 FFI-seam injectivity)

The value typechecks iff every prior layer remains sound. Adversarial
check (a false SigPreserved flagship field) is rejected by the
typechecker. %default total, SPDX header, zero warnings.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
…ble fix); port ABI-FFI gate Python->Bash (Python is estate-banned); add SPDX+permissions to k9-svc-validation.yml (workflow-lint)

Resolves the standing baseline CI reds (rust-ci toolchain error, governance
Language/anti-pattern, governance workflow-lint) without altering the proven
ABI. The Bash gate reproduces the former Python gate's verdict verbatim
(validated across all -iser repos) and catches the same drift classes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
@hyperpolymath hyperpolymath marked this pull request as ready for review June 28, 2026 09:23
@hyperpolymath hyperpolymath merged commit 35c90de into main Jun 28, 2026
4 checks passed
@hyperpolymath hyperpolymath deleted the claude/new-session-znxgm7 branch June 28, 2026 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants